Skip to main content

Canada Controlled Goods Regulations (CGR)

The Controlled Goods Program (CGP)External LinkThis link leads to an external website and will open in a new tab is administered by Public Services and Procurement Canada (PSPC) and governs the possession, examination, and transfer of goods and data considered sensitive to Canada's national security.

hese include military, aerospace, and defense-related items listed under the Controlled Goods Regulations (CGR).

Organizations registered under CGP must comply with strict handling rules, including requirements around data residency, access control, and risk management—especially when using cloud-based services.

Files.com's Role Under a Shared Responsibility Model

Files.com operates under a Shared Responsibility Model:

  • Files.com is responsible for the infrastructure, security features, and tooling we provide.
  • Customers are responsible for how they configure and use those tools to meet regulatory requirements, including CGR.

Files.com offers secure infrastructure and advanced controls, but you are ultimately responsible for configuring your Files.com site in a way that aligns with CGR compliance requirements.

Using Files.com in a CGR-Compliant Way

With proper configuration, Files.com can be part of a CGR-compliant data workflow. The following best practices outline how to align your site setup with CGR expectations.

Data Residency in Canada

Files.com offers data storage within Canada, allowing customers to store both files and metadata in Canadian regions. This supports CGR guidance requiring sensitive data to remain in Canada or in similarly regulated jurisdictions.

In addition to using Files.com’s regional storage, you may choose to:

  • Mount your own Canada-hosted cloud storage (such as Amazon S3 in Canada Central or Azure Canada regions) via Remote Server Mounts
  • Use Files.com as a governance and access layer over infrastructure you control

These configurations ensure data residency compliance while benefiting from Files.com's access controls, automation, and interface.

Folder and Site Configuration

We recommend configuring your account so that sensitive data is never stored long-term on Files.com, unless Canadian-region storage is explicitly selected. Use Remote Server Mounts or Child Site storage overrides to keep your regulated data in compliant storage under your control.

Additional Configuration Recommendations

SIEM Integration

Enable Files.com’s SIEM integration and export log data to your own compliant storage. This provides an auditable trail of access to all data passing through Files.com, satisfying traceability requirements.

Restrict to Canadian Access Only

Use the “Allowed/Disallowed Countries” feature to block all access from outside Canada based on IP geolocation. This is a helpful security layer, though not foolproof due to potential circumvention via VPNs or proxy services.

Disable Full-Access Support Tickets

Do not use Files.com’s "Full Access" support feature. Files.com personnel are U.S.-based and not screened under Canada’s CGP. Therefore, customers should never allow personnel to have access to data subject to CGR.

Final Note: You Own the Configuration

As with any compliance framework, CGR compliance with Files.com is possible—but only if you configure your environment correctly.

We provide the tools. You are responsible for using them in accordance with CGR and other applicable regulations.

This article is not legal advice. Organizations handling CGR-controlled data are solely responsible for ensuring that their use of Files.com complies with CGR and all applicable regulations.

We strongly recommend consulting with legal and compliance professionals when handling CGR-regulated data.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.