Protected B is one of six security levels defined by the Government of Canada (GC) for sensitive information and assets that, if compromised, could cause serious injury to an individual, organization or government.
In 2017 the Treasury Board of Canada Secretariat (TBS), which establishes GC enterprise governance, strategy, and policy for cloud services, published the Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) that allows for Protected B data to be hosted in the public cloud as well as for third-party audits to be leveraged for control assurance, such as ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and SOC 2 Type 2).
The Canadian Centre for Cyber Security (CCCS) assesses cloud service providers (CSPs) for Protected B security controls for information processing. Assessed services are available for use by GC agencies via a GC Cloud Services Marketplace, where CSPs with a GC Protected B framework agreement are featured.
Reports and other documentation
GC Cloud Framework Agreements catalogue (English) (French)
IBM Cloud is an approved GC cloud provider for hosting Protected B information and assets. IBM maintains Protected B/Medium Integrity/Medium Availability (PBMM) in its Toronto multizone region (MZR), as well as in its Montreal-based IBM Cloud Data Center. Services are examined by Canadian Centre for Cyber Security (CCCS) assessors on an annual basis.