GC Notify practices continuous security
We embed security specialists on our team and treat security priorities as design constraints. We use automation and metrics to facilitate security operations.
Recognizing the role of communication in maintaining security, we:
- Simplify language so non-specialist staff can participate.
- Require you to read through our Terms of use when signing up. You must also accept a summary of the Terms each time you sign in.
- Reduce paperwork to focus on useful and specific documents.
We use a precise combination of security policies, practices, and products for GC Notify. This combination is referred to as security controls.
To identify these controls, we considered GC Notify’s need for:
- Confidentiality: Preventing unauthorized access to information.
- Integrity: Preventing changes to or removal of information.
- Availability: Maintaining operations during events such as power outages or natural disasters.
We hired an independent security assessor to build our security profile based on these needs.The assessor selected our security controls from the list for Protected B Medium Integrity/Medium Availability (PBMM). PBMM is a security profile for the Government of Canada.
With the use of these controls and other safeguards, the remaining or residual risk of operating GC Notify is acceptable. In 2022, CDS’s previous Chief Executive Officer gave GC Notify authority to operate (ATO). CDS will reassess this authority in 2025.
To request our ATO documents, contact us.
Use GC Notify to send Protected A messages
GC Notify uses encryption: we scramble information that passes between your browser and our server. This prevents unauthorized access. The information remains encrypted while within GC Notify. This, in part, is why our security profile is PBMM.
But when you send with GC Notify, personal information populates a template to create individual email and text messages. Text messages are not encrypted during transit. At some points in transit, email messages may also be unencrypted.
Other governments, organizations or people may be able to read and interfere when the message:
- Travels to the recipient.
- Reaches the recipient’s email address or phone number.
When you send messages with GC Notify, your organization is responsible for:
- Assessing context to decide what degree of injury could result from release of information in a message and,
- Based on your assessment, deciding on the sufficient level of security. If Protected A or under is not sufficient, do not use GC Notify.
We keep personal information for up to 10 days
After 7 days, we keep only non-identifying statistics, such as time of sending, sending method, and number of messages sent. To reduce retention of personal information sent by your organization to 3 days, send a request.
You can create and download a report of messages sent up to 7 days prior. You have up to 3 days to download that report as GC Notify cannot hold personal information beyond 10 days.
We also dispose of personal information following the Appendix E: Standard on Privacy in Web Analytics of the Directive on Privacy Practices. We never give the information to another service provider, whether public or private. For more information, read GC Notify’s Privacy statement.
We control access to information in GC Notify
Amazon Web Services (AWS) provides our computer power, physical storage and cloud environment. AWS resources automatically increase or decrease as appropriate for our needs. Our needs vary at any given time, based on the amount of activity or outgoing messages.
GC Notify controls access to information in the cloud. We prevent and detect unauthorized access using automated practices called guardrails.
We restrict our staff’s access to information based on role and regularly audit access and permissions. We include safeguards to onboard and offboard GC Notify staff.
We also monitor GC Notify to record activity and receive alerts about anything suspicious.
We take steps to protect your account
When you sign in, we send a one-time code to your email or phone. You’ll need to enter the code to finish signing in.
We use a process called hashing to securely store and verify your password. Hashing ensures that passwords cannot be deciphered or reconstructed, even by GC Notify staff. If you forget or lose your password, you’ll have to create a new one.
If we suspect your account is compromised, we’ll immediately suspend or downgrade your access. We’ll also make you change your password and create new access keys for your API.
We prevent, detect, address, and minimize risks
We use:
- Automated tools that scan GC Notify for flaws.
- Security updates at our earliest opportunity. For more details, refer to our patching strategy.
- Staff from other organizations as reviewers and penetration testers.
- CCCS’s cloud-based sensor to monitor for suspicious activity. We’ve installed the sensor in our cloud environment.
- The TBS Security Playbook for Information System Solutions. The playbook sets the roles and responsibilities of team members before, during and after a security incident.
For a copy of our Security assessment, contact us.
If you suspect a security breach or discover a vulnerability
Immediately inform us following the process on the CDS Security page.
If there’s a breach, CDS and GC Notify have procedures for:
- Responding to security incidents.
- Informing your organization and recipients. To check our current operations, incidents, and service interruptions, visit GC Notify’s System status page.
You have security responsibilities
Always follow these steps:
- Use a modern, secure web browser.
- Apply security patches within 30 days of release.
- Keep API keys in an encrypted file that’s only for authorized staff. Do not share by email, support tickets or put in plain text in a source code repository.
- Rotate keys whenever anyone with key access leaves your team.
- Give third-party users a unique API key.
You can enhance security
You can add a hardware-based security key, such as a YubiKey, to sign in. The key verifies your identity.
When sending messages, you may need to include sensitive information such as security codes or links to reset passwords. Before adding recipients, you can prevent GC Notify from displaying their personal information on your device’s screen. Then only the recipient can read the message and only GC Notify staff can access the hidden information.
Your organization can:
- Set different user permissions in GC Notify. This lets you control who in your team has access to certain parts of the service.
- Use JavaScript Object Notation (JSON). Then your organization can communicate with GC Notify using JSON Web Tokens (JWTs). JWTs are encrypted and valid for 15 minutes. JWTs can verify whether communication comes from your team and identify which team member used a token.
- Use a cloud service provider’s key management service to keep API keys secure.
- Request additional protections. For example, you can request that we log each time GC Notify staff accesses information in your account.
Last updated April 2, 2025