Service-Level Agreement for GC Notify

GC Notify is a:

  • Software as a Service (SaaS) system operated by the Canadian Digital Service (CDS).
  • Cloud-hosted system using Amazon Web Services (AWS). AWS hosts GC Notify on their cloud services.
  • Medium integrity, and medium availability service. We cannot support urgent and emergency use cases requiring higher levels of integrity or availability. 

A client is:

  • Any department or agency using GC Notify.
  • Staff of these departments and agencies who use GC Notify’s interface or API.
  • Services on GC Notify that are created by these departments, agencies and staff.

This agreement covers the GC Notify system. It does not cover:

  • Devices such as computers or mobile phones.
  • Other services or infrastructure,  such as internet or email service providers.
  • Services that recipients need to receive an email or text, such as mobile phone carriers, internet or email service providers. 

We’re responsible for:

Providing, operating and supporting GC Notify 

  1. Allowing you to sign in and use GC Notify’s features.
  2. Sending emails and text messages to recipients, using contact information entered by clients.
  3. Displaying a dashboard that shows delivery status of emails and domestic text messages.
  4. Restoring the system to operation if there’s unplanned downtime. Downtime is an interruption in which clients experience a reduction in the existing quality of service or an event that will impact the existing service. Unplanned downtime triggers automated alarms to GC Notify staff.
  5. Responding quickly to incidents, following the TBS Directive on Security Management. We use an Incident Response process to resolve issues in a timely manner. 
  6. Supporting your use of GC Notify, including requests submitted through our contact us page:
    (a) Non-urgent requests: We respond within 1 business day, between 9am-5pm Eastern Time.
    (b) Urgent requests: We provide 24/7 support and respond within 1 hour if you include the phrase “this is urgent” in the request.

Ensuring timely operations

  1. Ensuring GC Notify’s websites are available for use, We aim for a minimum of 99.9%  uptime, excluding any downtime experienced by AWS. AWS promises 99.9% uptime.
  2. Maintaining page load time at less than 3 seconds in Canada on high-speed Internet.
  3. Meeting our Service Level Objectives (SLOs) .

Informing you of service interruptions or discontinuation

  1. GC Notify uses a continuous delivery approach, sometimes patching multiple times a day without downtime. If we plan downtime, we’ll contact you one week in advance and try to schedule to avoid interference  with use of GC Notify. Whenever possible, we schedule planned downtime on weekends between 8:00pm and 11:59pm EST. 
  2. As soon as we learn that GC Notify will be shut down or inaccessible for any reason, we alert you. We also update you on AWS downtime.
  3. If we’re no longer able to operate and support GC Notify, we’ll notify you 3 months in advance by email to the address used to create your GC Notify account. GC Notify is open source so you can create your own version based on the open source code.

Maintaining GC Notify’s security, including

  1. Following the AWS Shared Responsibility model. We’re responsible for securing  areas assigned to the customer in the model.
  2. Patching security vulnerabilities in a timely manner, based on our  determination of the level of threat. We patch major vulnerabilities as soon as possible but no more than a month after we find the root cause. To learn more, read  CDS Patch Management Guide.

Ensuring GC Notify can accept Protected A information 

To learn about our security profile, read Security.

We’re not responsible for issues with AWS including: 

  • AWS failing to deliver messages. 
  • Problems or failure of AWS cloud service infrastructure that impact our uptime and availability.
  • AWS enforcing its terms of service.

We have  sending limits

Services have default daily limits of 10,000 email messages and 1,000 text message fragments. 

If a text message is long, it travels in fragments. The fragments assemble into 1 message for the recipient. Each fragment counts towards your daily limit. To request an increase to these limits,  contact us.

GC Notify does not support large information blasts by text, such as sending an identical message to 1,000+ recipients at the same time. Carriers may flag and block these messages as spam.

We may suspend or downgrade your service at any time if you:

  • Cause security issues.
  • Reach a 10 percent bounce rate by sending to email addresses to which we cannot deliver messages. 
  • Create a risk that GC Notify will not be able to send messages reliably.
  • Break Terms of Use of AWS, GC Notify or applicable laws.     

As a client, you’re responsible for:

Ensuring you have all necessary permissions to send, including

  1. Any permissions your department requires to send messages to recipients.
  2. Permission of every email or phone number owner to send messages to their address or number. 
  3. Avoiding sending unsolicited emails as these could get flagged as spam.  
  4. Checking that recipient phone numbers can receive text messages at no cost or that the owner understands that they may be charged. 

Following security requirements, including

  1. Using the GC Notify web application with a modern, secure web browser that is up to date. Security patches must not be more than a month out of date.
  2. Signing up with a valid government email address and supplying a device for two-factor authentication. 
  3. Uploading virus-free files to GC Notify. 
  4. Avoiding anything that we deem a threat such as sending spam, scams, viruses, or anything that violates AWS Simple Notification Service section 11.
  5. Safeguarding your API key. For example, keeping the API key in an encrypted  file that only authorized staff can access. Do not share it via emails, support tickets or put it in plain text in a source code repository.

Reading and following our Terms of Use, including 

  1. Avoiding any misuse of GC Notify, including using it for a purpose not previously disclosed to  us.  Do not create duplicate services for the same purpose.
  2. Following applicable laws.
  3. Responding to requests under the Access to Information Act and Privacy Act about information you enter in GC Notify. To receive our support with such requests, contact us.
  4. Ensuring your API calls do not cause spam, resending messages, or loops that could result in an AWS service suspension. 

Preventing sending errors when possible, including

  1. Ensuring recipient phone numbers and email addresses are valid. Only send messages to accurate, in-use, mobile phone numbers. Do not send to landlines.
  2. Throttling the  number of requests per minute you send to GC Notify’s API.  Do not send more than the rate limit in your service settings.
  3. Checking the status of any HTTP requests you send to the API.  You’re responsible to repair and resend your message if you receive:
    (a)  4** class errors indicating your request was invalid.  
    (b)  5** class errors indicating the server failed.
    GC Notify treats these errors as unprocessed requests.  In order for GC Notify to retry until sending is done, requests must receive  2** class success.

Writing your messages and ensuring all information is Protected A and under

  1. You must provide equivalent messages in the official languages of your jurisdiction.
  2. Text messages are not secure and are unencrypted.  For more information, read Security

Preparing alternative and backup plans to communicate your messages

As discussed below, text sending is not reliable.

  • Delivery error:  Text message delivery and receipt at the carrier or recipient level can sometimes be unreliable. Text message infrastructure is not maintained by one entity, so quality varies across  different networks. 
  • Delay: We rely on our cloud infrastructure provider and downstream email servers and mobile carriers to deliver messages. Factors beyond our control can cause delays in delivery. 
  • Reliability issues: Text messages do not guarantee deliverability nor a delivery response. You need to account for this risk when relying on this technology, for example to resend security codes through text for 2 factor authentication.
  • Security risk: Someone else may be able to impersonate your service. 
  • International issues: Sending to international phone numbers is much less reliable due to the intricate nature of text message technology and how providers interact at an international level.  GC Notify’s dashboard cannot show delivery status for international text messages. By sending international text messages, you accept the risk of non-delivery and inaccurate delivery status. 

Last updated: 2022-10-27