Technical Committee Review CAN/CIOSC 100-8:202X (D3)

Data governance - Part 8: Framework for Geo-Residency and Sovereignty

This Standard aims to specify the minimum requirements for organizations to protect data assets in their custody from jurisdictional risks, while taking advantage of the global technology ecosystem.

The Standard is not intended to prescribe how an organization should implement specific security controls. Instead, the standard will guide organizations using jurisdictional and technology-agnostic approaches that can be adapted to address specific business requirements.
Considerations are given to:
 Identification and categorization of data assets;
 Development of an appropriate threat model;
 Identification of potential risks, including from laws in foreign jurisdictions;
 Options to mitigate associated risks.

This Standard applies to all sectors, including public and private companies, government entities, and not-for-profit organizations.

This Standard assumes that the organization implementing the following requirements has existing risk management policies and procedures.

Note: For those applying the standard, where personally identifiable information (PII) is used in the standard, local jurisdictional, legal and/or regulatory definitions shall apply.

DATE POSTED: January 6th, 2023

DEADLINE FOR COMMENTS: January 30th, 2023

Scroll to Top

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy