```html

Digital Identity and IAM Vendors: Winning Federal Government Contracts through TBIPS, SBIPS, and ProServices on CanadaBuys

Government contracts represent a substantial revenue opportunity for digital identity and identity and access management (IAM) vendors operating in Canada, yet successfully navigating this complex procurement landscape demands deep understanding of federal procurement mechanisms, compliance requirements, and strategic positioning. The Canadian federal government spends approximately $20 to $22 billion CAD annually on goods and services through Public Services and Procurement Canada (PSPC), with information technology and professional services comprising significant portions of this expenditure. For vendors specializing in digital identity solutions, IAM platforms, and authentication technologies, the federal procurement process offers reliable pathways to substantial contracts, but only for those organizations that master the intricacies of government RFPs, procurement best practices, and the specific requirements of the three mandatory federal procurement vehicles: Task-Based Informatics Professional Services (TBIPS), Solutions-Based Informatics Professional Services (SBIPS), and ProServices. This comprehensive guide explores how digital identity and IAM vendors can strategically position themselves to win government contracts Canada through federal procurement mechanisms, leverage AI government procurement software and RFP automation capabilities to streamline response processes, avoid missing government RFPs through systematic opportunity identification, and ultimately simplify the government bidding process to achieve repeatable federal wins that support sustainable business growth. Understanding how to qualify for government contracts, what information is needed for government RFPs, and how to find relevant government contracts represents essential knowledge for any organization seeking to participate in Canada's $200 billion annual government contracting ecosystem.

The Canadian Federal Procurement Landscape and Opportunities for Technology Vendors

The federal government procurement process in Canada operates through a highly structured framework designed to ensure fairness, openness, and transparency while delivering value for taxpayers. Public Services and Procurement Canada (PSPC), formally known as Public Works and Government Services Canada, functions as the central purchasing agent for the Government of Canada, managing approximately $52 billion in procurement activities annually on behalf of federal departments and agencies. This substantial spending volume creates significant opportunities for vendors offering technology solutions, professional services, and specialized expertise required to support government operations and digital transformation initiatives. However, the federal procurement process differs markedly from private sector purchasing in its emphasis on regulatory compliance, transparent evaluation processes, and adherence to trade agreements including the Canada-Korea Free Trade Agreement (CKFTA) and the Comprehensive Economic and Trade Agreement (CETA).

Digital identity and IAM vendors seeking to participate in federal procurement must first understand the regulatory framework governing federal contracting. The Government Contracts Regulations, established under the Financial Administration Act, establish baseline requirements for competitive bidding, transparency, and fairness in all federal procurement activities. Treasury Board of Canada Secretariat policies further establish expectations regarding procurement practices, requiring that departments and agencies acquire goods and services in a manner that enhances access, competition, and fairness while achieving best value or optimal balance of overall benefits to the Crown and Canadian people. These regulatory requirements create a foundation of transparency that benefits qualified suppliers by ensuring consistent evaluation criteria, documented processes, and opportunities to challenge unfair procurement decisions through the Office of the Procurement Ombud.

Understanding TBIPS: Task-Based Informatics Professional Services

Task-Based Informatics Professional Services (TBIPS) represents the federal government's mandatory procurement vehicle for time-based or task-based information technology professional services valued at or above the Canada-Korea Free Trade Agreement threshold. For digital identity and IAM vendors, TBIPS supply arrangements establish pre-qualified supplier pools from which federal departments can issue task authorizations for specific, bounded IT services with defined deliverables, timelines, and resource requirements. The TBIPS framework covers seven core areas of informatics expertise commonly deployed across federal departments, including requirements analysis and system design, software development and implementation, system maintenance and support, technical training delivery, and related professional services supporting IT infrastructure and operations. Digital identity vendors can qualify within TBIPS to provide specialized services including identity verification system design, authentication platform implementation, access control architecture development, and identity governance consulting services that federal departments require to modernize their identity and access management capabilities.

TBIPS supply arrangements operate on two distinct tiers based on contract value thresholds. Tier 1 requirements include contracts valued from the CKFTA threshold (currently $100,000) up to and including $3.75 million, which can be managed by individual client departments or PSPC depending on departmental contracting authority. Tier 2 requirements exceed the $3.75 million threshold and must be managed by PSPC and other departments that have received specific delegation to manage contracts at this value level. For digital identity vendors offering smaller-scale consulting services, integration support, or implementation assistance, TBIPS Tier 1 can provide reliable, repeatable contract opportunities with relatively shorter sales cycles compared to larger federal procurements. The qualification process for TBIPS requires vendors to respond to Request for Supply Arrangement (RFSA) solicitations demonstrating compliance with all mandatory criteria, including financial stability, relevant experience delivering similar services, personnel qualifications, insurance coverage (minimum $2 million for Tier 2), and compliance with federal security requirements. Once pre-qualified, vendors can compete for individual task authorization opportunities as federal departments issue solicitations through the CanadaBuys platform and related procurement systems.

SBIPS: Solutions-Based Informatics Professional Services for Complex Digital Identity Initiatives

Solutions-Based Informatics Professional Services (SBIPS) represents the federal government's mandatory procurement vehicle for IT professional services where the supplier bears responsibility for defining solutions, managing overall project delivery, and accepting accountability for specified outcomes. Unlike TBIPS arrangements focused on time-based resource deployment, SBIPS procurement emphasizes deliverables, performance expectations, and results measurement, making this vehicle particularly appropriate for digital identity transformation initiatives, enterprise IAM platform implementations, and comprehensive access control modernization programs where federal departments require vendors to provide solution architecture, integration services, change management support, and ongoing optimization throughout the engagement lifecycle. The distinction between TBIPS and SBIPS carries profound implications for digital identity vendors; under SBIPS arrangements, vendors must demonstrate not only technical capability to staff project teams with qualified security and identity professionals but also organizational capacity to design comprehensive solutions, manage complex implementation risks, govern vendor accountability for business outcomes, and guarantee delivery of specified results within agreed timelines and budgets.

SBIPS procurement also attracts significantly higher valuation capacity than TBIPS arrangements. Like TBIPS, SBIPS operates through tiered structures with Tier 1 covering requirements up to $3.75 million and Tier 2 covering requirements exceeding this threshold, enabling federal departments to contract for enterprise-scale IT solutions valued substantially higher than what smaller TBIPS arrangements could accommodate. For mature digital identity vendors with demonstrated delivery track records, successful case studies documenting authentication platform implementations or enterprise access control deployments, and established relationships with federal security communities, SBIPS supply arrangement qualification can unlock access to higher-value federal contracts than TBIPS alternatives permit. However, SBIPS procurement typically involves longer evaluation cycles and more rigorous technical assessment due to the complexity and financial magnitude of proposed solutions. Government evaluation teams conduct extensive due diligence on SBIPS proposals to ensure bidders possess realistic understanding of requirements, feasible implementation approaches, genuine capacity to deliver promised outcomes, and appropriate risk management strategies addressing potential technical, organizational, and operational challenges inherent in large-scale identity management transformation initiatives.

ProServices: Professional Services Below Trade Agreement Thresholds

ProServices operates as the federal government's mandatory procurement vehicle for professional services valued below Canada-Korea Free Trade Agreement thresholds, currently set at $100,000 for both goods and services. ProServices encompasses a broader range of professional services than strictly IT-focused TBIPS and SBIPS arrangements, including management consulting, training and development services, audit support, health services, and specialized professional expertise across numerous domains. For digital identity vendors offering smaller-scale identity consulting services, authentication training delivery, feasibility assessment studies for IAM platform selection, or implementation support engagements valued below ProServices thresholds, this procurement vehicle can provide reliable, repeatable contract opportunities with shorter sales cycles than larger federal procurements. ProServices operates through a pre-qualification model whereby suppliers compete to become registered providers in specified service streams and categories. Once pre-qualified on the ProServices supply arrangement, suppliers can respond to individual service requests issued through the Centralized Professional Services System (CPSS) portal, a dedicated online platform where government departments search for pre-qualified suppliers matching their specific requirements and issue direct invitations to bid on services.

The ProServices framework includes fifteen distinct streams covering information technology professional services, non-IT business services, alternative dispute resolution, health services, and learning services for government-owned training programs. Digital identity vendors can qualify within streams focused on information technology professional services, positioning themselves to receive service requests from federal departments requiring identity consulting, IAM strategy development, authentication system assessments, or access control training and awareness programs. The relatively straightforward evaluation process for ProServices and lower valuation caps make this procurement vehicle appropriate for specific professional services engagements rather than comprehensive multi-year transformation initiatives. However, for digital identity vendors offering smaller-scale consulting services or training delivery, ProServices can provide valuable entry points into federal procurement, helping establish working relationships with government departments, demonstrate successful delivery of identity-related services, and build case studies supporting future qualification on larger TBIPS and SBIPS supply arrangements as the vendor's federal presence expands.

CanadaBuys: The Central Platform for Federal Procurement Opportunities

CanadaBuys has emerged as the designated public platform for federal bids, tenders, and procurement opportunities in Canada, consolidating what previously existed across multiple legacy systems into a unified portal where all federal procurement solicitations valued at $25,000 and above must be published. This centralization represents a significant modernization of federal procurement, as prior to CanadaBuys' launch, federal departments posted opportunities across fragmented systems including BuyandSell.gc.ca, creating substantial barriers to opportunity discovery for suppliers required to monitor multiple platforms simultaneously. CanadaBuys integrates SAP Ariba as its underlying electronic procurement solution, enabling end-to-end procurement lifecycle management from solicitation publication through bid submission, evaluation, award notification, and contract amendment tracking. For digital identity and IAM vendors, CanadaBuys serves as both the primary discovery mechanism for identifying relevant government contract opportunities and the technical platform for submitting bid responses to federal procurement solicitations, making registration and platform familiarity essential prerequisites for federal contracting success.

Registration on CanadaBuys requires vendors to establish SAP Ariba accounts and complete comprehensive business profile information, including organizational details, financial capacity documentation, relevant experience summaries, and certifications demonstrating capability to deliver specialized services. Digital identity vendors must ensure their registrations clearly articulate their expertise in identity verification, authentication platforms, access control systems, and related IAM services, positioning their organizations appropriately for opportunity matching when federal departments search the supplier database seeking vendors with specific security and identity credentials. The CanadaBuys platform enables suppliers to monitor solicitations through keyword searches, NAICS code filtering, and customized alerts, allowing vendors to stay informed about opportunities aligned with their service offerings. Beyond opportunity discovery, CanadaBuys facilitates the complete procurement process, enabling vendors to download RFP documents, submit bids within specified timeframes, receive evaluation feedback and award notifications, and manage post-award contract administration activities. Understanding how to navigate CanadaBuys efficiently—including keyword search strategies, NAICS code classification for identity and access management services, and platform functionality for bid submission and compliance documentation—represents essential knowledge for digital identity vendors seeking to identify and pursue federal procurement opportunities.

Strategic Positioning for Digital Identity Vendors

Digital identity and IAM vendors seeking federal contract success must develop comprehensive strategies addressing opportunity identification, qualification assessment, proposal development, and post-award performance management. The first strategic priority involves establishing credibility within federal procurement systems through appropriate registrations, certifications demonstrating security and identity expertise, and documented success delivering similar services to government or enterprise customers. For digital identity vendors, this credibility foundation should include security certifications such as SOC 2 Type II attestations, ISO 27001 certifications, or specialized identity and access management credentials demonstrating technical expertise and operational maturity. Additionally, vendors should pursue pre-qualification on all appropriate federal procurement vehicles—TBIPS, SBIPS, and ProServices—ensuring maximum visibility to federal departments searching for identity and access management capabilities across all valuation tiers and service categories.

The second strategic priority involves systematic monitoring of federal procurement opportunities through CanadaBuys and related platforms, combined with targeted outreach to federal departments and agencies most likely to require digital identity and IAM services. Federal departments responsible for national security, border management, immigration processing, and citizen authentication services—including departments such as Shared Services Canada (SSC), Immigration, Refugees and Citizenship Canada (IRCC), and the Royal Canadian Mounted Police (RCMP)—represent particularly strong targets for digital identity vendors given their substantial investment requirements in identity verification, biometric authentication, and access control modernization. Digital identity vendors should develop relationships with procurement officers, security teams, and IT leadership within these departments, positioning themselves as trusted advisors for identity and access management challenges and staying informed about emerging requirements through industry conferences, government procurement forums, and direct engagement with departmental stakeholders.

Compliance, Security, and Regulatory Requirements

Digital identity and IAM vendors pursuing federal contracts must navigate complex compliance and security requirements established by federal policy and regulatory frameworks. The Policy on Service and Digital, established by Treasury Board of Canada Secretariat, establishes integrated rules governing how Government of Canada organizations manage services, information, data, information technology, and cybersecurity. For digital identity vendors, compliance with this policy requires demonstrating that identity and access management solutions meet federal standards for information security, data protection, privacy compliance, and cybersecurity controls aligned with Treasury Board expectations and the broader Canadian federal cybersecurity strategy. Additionally, vendors providing services to federal departments with access to classified or sensitive government information must obtain security clearances and comply with the Contract Security Program's requirements, including personnel security screening, information protection procedures, and facility security measures appropriate to the sensitivity level of information their solutions will handle.

Identity verification requirements established by federal authorities create additional compliance obligations for digital identity vendors. The Privacy Implementation Notice 2022-02 requires federal institutions to verify requester identity to prevent privacy breaches, with standards rising in accordance with information sensitivity. For digital identity vendors, this creates requirements to demonstrate that their identity verification solutions meet federal standards for authenticating individuals accessing sensitive information, maintaining audit trails of identity verification activities, and protecting personal information collected during identity verification processes in compliance with Canadian privacy laws including the Privacy Act and the Personal Information Protection and Electronic Documents Act. Additionally, federal procurement increasingly emphasizes accessibility compliance, requiring that digital identity and IAM solutions meet accessibility standards enabling individuals with disabilities to verify their identities and access government services without unnecessary barriers. The Accessible Canada Act requires federal organizations to consider accessibility when procuring goods and services, creating procurement advantage for digital identity vendors demonstrating accessible authentication interfaces, alternative verification methods for individuals with disabilities, and commitment to universal design principles in identity solution architecture.

Leveraging AI and Automation in Government Procurement Response

Modern artificial intelligence and automation technologies are fundamentally transforming how vendors approach federal government procurement, enabling more efficient opportunity discovery, intelligent qualification assessment, and streamlined proposal development. For digital identity vendors managing multiple RFP responses across federal, provincial, and municipal government procurement opportunities, AI-powered procurement software offers substantial advantages through automated aggregation of opportunities from multiple government sources, natural language processing to extract mandatory requirements and evaluation criteria, and proposal generation capabilities that auto-populate approximately 60 percent of standard RFP responses using organizational knowledge bases containing previous successful proposals, case studies, certifications, and compliance documentation. These technologies address fundamental challenges in government contracting, including opportunity discovery across fragmented procurement platforms, manual RFP analysis consuming 15-40 hours per tender according to industry estimates, and proposal development requiring 32 or more hours per response—all areas where digital identity vendors operating with limited business development resources face competitive disadvantages against larger organizations with dedicated government contracts teams.

Automated opportunity qualification represents another critical application of modern procurement technology. Digital identity vendors receive numerous RFP solicitations from federal, provincial, and municipal government sources, yet not all opportunities represent appropriate strategic fit given organizational capabilities, geographic service delivery limitations, or financial thresholds making opportunities insufficiently valuable to justify pursuit. Advanced software solutions can process hundreds of pages of procurement documents in minutes to identify mandatory certifications required for proposal eligibility, security clearance levels necessary for personnel delivering services, minimum experience requirements for qualified vendors, and accessibility compliance obligations increasingly incorporated into federal solicitations. These systems can predict qualification probabilities based on vendor profiles and historical award data, reducing wasted effort on low-probability opportunities and enabling more strategic allocation of business development resources toward opportunities where digital identity vendors possess genuine competitive advantages and higher probability of contract award.

Building Sustainable Revenue Streams from Federal Contracts

For digital identity vendors seeking to build sustainable revenue streams from federal government contracts, success depends on establishing repeatable processes for opportunity identification, qualification assessment, proposal development, and post-award contract management. Organizations that establish systematic approaches to federal procurement—including dedicated resources monitoring CanadaBuys and related procurement platforms, templates and process documentation for RFP response development, compliance checklists ensuring all mandatory requirements are addressed in proposals, and debriefing procedures to learn from both successful awards and competitive losses—can transform federal government contracts from sporadic opportunities into predictable revenue streams supporting organizational growth and market positioning. The federal procurement landscape, while complex and demanding, remains fundamentally accessible to professional services firms that invest time in understanding mandatory procurement methods, compliance requirements, and evaluation criteria governing TBIPS, SBIPS, and ProServices procurement vehicles operating through CanadaBuys and related platforms.

Emerging Trends in Federal Identity and Access Management Procurement

Federal government procurement of identity and access management solutions is evolving in response to emerging cybersecurity threats, digital transformation imperatives, and policy innovations emphasizing responsible artificial intelligence deployment. The National Cyber Threat Assessment 2025-2026 identifies cybersecurity threats to Canada's critical infrastructure as expanding and complex, with state-sponsored cyber threat actors and cybercriminals increasingly targeting federal government networks and systems. This threat environment is driving substantial federal investment in identity and access management capabilities, including multi-factor authentication deployment, privileged access management systems, and zero-trust security architectures that authenticate and authorize all network access requests regardless of location or connection method. Digital identity vendors with expertise deploying advanced authentication technologies, designing zero-trust access control architectures, and implementing continuous identity verification systems are well-positioned to capture significant federal procurement opportunities as departments modernize identity and access management infrastructure in response to evolving cyber threats.

Additionally, federal government digital transformation initiatives are creating procurement opportunities for identity vendors supporting citizen authentication, service personalization, and identity-verified digital service delivery. The Government of Canada's Digital Ambition establishes strategic objectives for modernizing service delivery through user-centric, data-driven approaches enabling Canadians to access government services more conveniently and efficiently. Achieving these ambitions requires robust digital identity capabilities enabling government to authenticate individuals securely, verify eligibility for programs and services through authenticated identity information, and deliver personalized service experiences based on verified citizen identities. Federal departments pursuing digital service modernization must procure identity and access management solutions supporting these capabilities, creating opportunities for digital identity vendors who can demonstrate success modernizing authentication systems, implementing identity platforms supporting simplified citizen authentication processes, and integrating identity solutions with government service delivery platforms.

Conclusion: Pathways to Federal Contract Success

Digital identity and IAM vendors operating in Canada possess substantial opportunities to build successful revenue streams from federal government contracts through systematic engagement with TBIPS, SBIPS, and ProServices procurement vehicles, strategic positioning on CanadaBuys, and consistent focus on federal compliance requirements and evaluation criteria. The federal procurement landscape, though complex, operates transparently according to documented rules, established processes, and published evaluation criteria creating level competitive playing fields where qualified vendors with appropriate expertise, relevant experience, and compliant proposals can successfully compete for contracts regardless of organizational size. By establishing clear understanding of how to qualify for government contracts, what information is needed for government RFPs, and how to find relevant government contract opportunities, digital identity vendors can overcome traditional barriers to federal procurement participation, develop repeatable processes for opportunity identification and response, and capture substantial contract value supporting organizational growth and market expansion. The convergence of federal cybersecurity imperatives, digital transformation imperatives, and policy innovations emphasizing responsible technology adoption creates favorable conditions for digital identity vendors willing to invest in understanding federal procurement mechanisms and developing capabilities aligned with government priorities and compliance requirements. For organizations committed to systematic engagement with federal procurement, the opportunities to deliver mission-critical identity and access management services to Canadian government departments, support federal digital transformation initiatives, and build sustainable revenue streams from federal contracts remain substantial and growing.

Sources

• https://www.tpsgc-pwgsc.gc.ca/app-acq/sptb-tbps/am-sa-eng.html

• https://publicus.ai/glossary/request-for-standing-offer

• https://ised-isde.canada.ca/site/corporations-canada/en/about-us/identity-management

• https://www.tpsgc-pwgsc.gc.ca/app-acq/spc-cps/spics-sbips-eng.html

• https://www.deltek.com/en/government-contracting/guide/canadian-government-contracts

• https://diacc.ca

• https://www.tpsgc-pwgsc.gc.ca/app-acq/sp-ps/index-eng.html

• https://www.tpsgc-pwgsc.gc.ca/app-acq/sp-ps/amapmf-hpsaw-eng.html

• https://publicus.ai/newsletter/government-contracts-winning-with-ai-standing-offers

• https://www.canada.ca/en/public-services-procurement/services/acquisitions/professional.html

• https://www.canada.ca/en/public-services-procurement/services/acquisitions/support-for-businesses/searching-opportunities/supplying-services.html

• https://www.novascotia.ca/sites/default/files/documents/1-2980/canadian-collaborative-procurement-initiative-how-access-standing-offers-and-supply-arrangements-en.pdf

• https://diacc.ca/tag/digital-id/

• https://www.canada.ca/en/public-services-procurement/services/industrial-security/security-requirements-contracting/personnel-security-screening/overview/about-identity-verification-requirements.html

• https://publicus.ai/newsletter/government-procurement-canada-ai-rfp-automation

• https://diacc.ca

• https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/access-information-privacy-notices/2022-02-identity-verification.html

• https://procurementsciences.com

• https://publicus.ai/newsletter/rpa-implementers-in-canada-navigating-canadabuys-to-turn-tbips-sbips-and-proservices-access-into-repeatable-federal-wins

• https://www.canada.ca/en/shared-services/corporate/about-us/transparency/briefing-documents/ministerial-transition-may-2025.html

• https://www.canada.ca/en/public-services-procurement/corporate/transparency/departmental-results-report/2024-25.html

• https://publicus.ai/newsletter/rpa-vendors-from-rfsq-to-award-winning-federal-it-services-via-tbips-sbips-proservices-on-canadabuys

• https://www.publicsectornetwork.com/insight/the-case-for-real-change-reimagining-digital-government-in-a-canada-strong-era

• https://opo-boa.gc.ca/rapports-reports/2024-2025/index-eng.html

• https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32603

• https://www.canada.ca/en/public-services-procurement/corporate/transparency/departmental-results-report/2024-25.html

• https://chamber.ca/policy-matters-how-to-streamline-federal-procurement-for-canadian-business/

• https://digitalgovernmenthub.org/examples/government-of-canada-digital-standards/

• https://opo-boa.gc.ca/rapports-reports/2024-2025/index-eng.html

• https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/responsible-use-ai/gc-ai-strategy-overview.html

• https://publicus.ai/newsletter/rpa-vendors-from-rfsq-to-award-winning-federal-it-services-via-tbips-sbips-proservices-on-canadabuys

• https://publicus.ai/newsletter/government-contracts-canada-vor-success

• https://www.blakes.com/insights/digital-identity-verification-best-practices-for-canadian-financial-services/

• https://www.tpsgc-pwgsc.gc.ca/app-acq/sptb-tbps/am-sa-eng.html

• https://opo-boa.gc.ca/cinqprincipaux-topfive-eng.html

• https://fintrac-canafe.canada.ca/guidance-directives/client-clientele/guide11/11-eng

• https://www.canada.ca/en/government/system/digital-government/canada-digital-ambition/canada-digital-ambition-2024-25.html

• https://opo-boa.gc.ca/lrpa-rarp-eng.html

• https://www.cyber.gc.ca/en/guidance/recommended-contract-clauses-security-operations-centre-procurement-itsm00500

• https://www.cbsa-asfc.gc.ca/agency-agence/reports-rapports/fs-ef/2025/it-ti-proj-eng.html

• https://laws-lois.justice.gc.ca/eng/regulations/sor-87-402/fulltext.html

• https://www.canada.ca/en/public-services-procurement/services/industrial-security/security-requirements-contracting.html

• https://www.canada.ca/en/public-services-procurement/services/acquisitions/better-buying/simplifying-procurement-process/vendor-performance/policy.html

• https://www.tpsgc-pwgsc.gc.ca/app-acq/spc-cps/spicsaa-sbipssa-eng.html

• https://www.tpsgc-pwgsc.gc.ca/app-acq/spc-cps/spics-sbips-eng.html?wbdisable=true

• https://opo-boa.gc.ca/praapp-prorev/2009-2010/chptr-6-eng.html

• https://www.tpsgc-pwgsc.gc.ca/app-acq/spc-cps/spics-sbips-eng.html

• https://www.sap.com/products/spend-management/ariba-login.html

• https://diacc.ca

• https://www.biddetail.com/blogdetail/request-for-proposal-government-of-canada-a-complete-guide/1037

• https://www.canada.ca/en/public-services-procurement/services/acquisitions/better-buying/reducing-barriers/improving-accessibility.html

• https://diacc.ca/trust-framework/

• https://publications.gc.ca/collections/collection_2021/sac-isc/R2-197-2002-eng.pdf

• https://opo-boa.gc.ca/autresrapports-otherreports/pepas-pprpu-2024-eng.html

• https://www.oag-bvg.gc.ca/internet/English/att__e_44348.html

• https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/cloud-services/government-canada-cloud-adoption-strategy.html

• https://industrialcyber.co/control-device-security/canada-flags-urgent-threat-from-nation-state-and-criminal-groups-to-critical-infrastructure/

• https://www.canada.ca/en/government/system/digital-government.html

• https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/cloud-services.html

• https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2025-2026

```