IBM Cloud® compliance:   Protected B
Illustration showing two people standing on platforms, with one person looking at a map display and the other regarding a security shield
What is Protected B?

Protected B is one of six security levels defined by the Government of Canada (GC) for sensitive information and assets that, if compromised, could cause serious injury to an individual, organization or government. 

In 2017 the Treasury Board of Canada Secretariat (TBS), which establishes GC enterprise governance, strategy, and policy for cloud services, published the Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) that allows for Protected B data to be hosted in the public cloud as well as for third-party audits to be leveraged for control assurance, such as ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and SOC 2 Type 2). 

The Canadian Centre for Cyber Security (CCCS) assesses cloud service providers (CSPs) for Protected B security controls for information processing. Assessed services are available for use by GC agencies via a GC Cloud Services Marketplace, where CSPs with a GC Protected B framework agreement are featured.

Reports and other documentation

GC Cloud Services Marketplace: IBM Cloud Services for Government of Canada (English) (French) (links reside outside



IBM position

IBM Cloud is an approved GC cloud provider for hosting Protected B information and assets. IBM maintains Protected B/Medium Integrity/Medium Availability (PBMM) in its Toronto multizone region (MZR), as well as in its Montreal-based IBM Cloud Data Center. Services are examined by Canadian Centre for Cyber Security (CCCS) assessors on an annual basis.


Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs