Canada Controlled Goods Regulations (CGR)
The Controlled Goods Program (CGP) is administered by Public Services and Procurement Canada (PSPC) and governs the possession, examination, and transfer of goods and data considered sensitive to Canada's national security. These include military, aerospace, and defense-related items listed under the Controlled Goods Regulations (CGR).
Organizations registered under CGP must comply with strict handling rules, including requirements around data residency, access control, and risk management when using cloud-based services.
Files.com's Role Under a Shared Responsibility Model
Files.com operates under a Shared Responsibility Model:
- Files.com is responsible for the infrastructure, security features, and tooling we provide.
- You are responsible for how you configure and use those tools to meet regulatory requirements, including CGR.
Files.com provides the secure infrastructure and the controls. You are responsible for configuring your Files.com site in a way that meets CGR compliance requirements.
Using Files.com in a CGR-Compliant Way
With the right configuration, Files.com fits into a CGR-compliant data workflow. The practices below describe how to align your site setup with CGR expectations.
Data Residency in Canada
Files.com offers data storage within Canada, letting you store both files and metadata in Canadian regions. This supports CGR guidance requiring sensitive data to remain in Canada or in similarly regulated jurisdictions.
You can also:
- Mount your own Canada-hosted cloud storage (such as Amazon S3 in Canada Central or Azure Canada regions) using Remote Server Mounts.
- Use Files.com as a governance and access layer over infrastructure you control.
These configurations keep your data resident in Canada while you continue to use Files.com's access controls, automation, and interface.
Folder and Site Configuration
We recommend configuring your account so that sensitive data is never stored long-term on Files.com unless Canadian-region storage is explicitly selected. Use Remote Server Mounts or Child Site storage overrides to keep regulated data in compliant storage under your control.
Additional Configuration Recommendations
SIEM Integration
Enable Files.com's SIEM integration and export log data to your own compliant storage. This produces an auditable trail of access to all data passing through Files.com, satisfying traceability requirements.
Restrict to Canadian Access Only
Use the Allowed/Disallowed Countries feature to block all access from outside Canada based on IP geolocation. This adds a helpful security layer, though it is not foolproof: VPNs and proxy services can circumvent IP-based geolocation.
Disable Full-Access Support Tickets
Do not use Files.com's Full Access support feature for CGR-regulated data. Files.com personnel are U.S.-based and are not screened under Canada's CGP, so they must not have access to data subject to CGR.
You Own the Configuration
CGR compliance with Files.com is achievable only if you configure your environment correctly. We provide the tools. You are responsible for using them in accordance with CGR and all other applicable regulations.
This article is not legal advice. Organizations handling CGR-controlled data are solely responsible for ensuring their use of Files.com complies with CGR and all applicable regulations. Consult legal and compliance professionals when handling CGR-regulated data.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes