Appropriate Use Policy

Appropriate Use Policy To participate in this service, your organization must accept the terms outlined below. Acceptance of these terms will legally bind your organization and its employees and ensure compliance with the Appropriate Use Policy.

CANARIE offers Eligible Organizations (EOs) the opportunity to participate in the National Cybersecurity Assessment (NCA). Eligible Organizations contribute cybersecurity self-assessment data which is collected and held by CANARIE. Each Eligible Organization has access to their own data from the NCA. Organizational data and results will be confidential and restricted to the National Service Team, who are all bound by confidentiality agreements. Anonymized, aggregate data will be shared with regional NREN partners and CANARIE to help make data-driven decisions that support the critical needs of Canada’s research and education sector.

Access to the NCA service is conditional on the users’ (both the individuals and the organizations they represent) acceptance of the Terms and Conditions of Use of this content. By accessing the NCA, users will be deemed to have agreed to these terms and conditions. Any user who violates these terms and conditions may, at the discretion of CANARIE, be subject to restrictions in their participation in the NCA.


Data contributed to the National Cybersecurity Assessment by an EO remain the property of that organization. CANARIE otherwise owns the copyright to the contents of the National Cybersecurity Assessment database. To protect data confidentiality on behalf of contributors, users may only use the contents of the National Cybersecurity Assessment as set forth in this Appropriate Use Policy.

Terms and Conditions of Use

1. The Questionnaire Owner specified in this application has been authorized to use the National Cybersecurity Assessment by my organization and they are responsible for the security of their unique login.

2. We will not:

2.1. disclose, publish, or otherwise distribute (‘disseminate’) any National Cybersecurity Assessment data (including aggregated data) with any person who is not a member, officeholder, employee, or consultant of the organization in which we are employed; or

2.2. use or disseminate any National Cybersecurity Assessment data for any purpose other than that of contributing to the administration and development of the organization in which we are employed.

3. We will not include National Cybersecurity Assessment data that identifies the organization to which it relates in any report, spreadsheet, email message, electronic presentation, or any other medium except when:

3.1 such medium is to be used in a meeting of a planning committee or similar body regularly established and recognized within the internal administrative structure of our organization, and

3.2 that meeting is to be closed to any person not both a member of the committee or body and a member, officeholder, employee, or consultant of our organization.

4. We will ensure that when we disseminate National Cybersecurity Assessment data, recipients of the data are made aware of this Appropriate Use Policy and are required to conform to it.

5. We will store data and provide data access, as appropriate, in a secure manner.

6. As an exception, for the purposes of reaccreditation, peer review, or similar studies being conducted on behalf of my organization, we are permitted to provide data from the National Cybersecurity Assessment to reviewers not affiliated with our organization, so long as a copy of this Policy accompanies the data provision and is understood to govern the use made of the data.

Please note: The use of the Alyne app is governed under the Terms and Conditions and the End User Terms of Service (“EULA”) that CANARIE has signed with Alyne. The Questionnaire Owner must click to accept the EULA to create an account, but only CANARIE is bound by the EULA.