Hey,
I don't have any experience with this audit scheme, but spent a long time in the IT industry. Maybe some of these approaches might be useful to you.
1.) The provider (Go Canvas) will have a disaster recovery (DR) plan in place. You should be able to point to that for the 2.2.2.3 section. Most of these "cloud" providers use Amazon Web Services (or Microsoft's Azure) so they would just likely point to that, but you can just ask them who they are hosted on/by and probably get some documentation on that entity's DR efforts via google. It's a fairly common question for someone like GoCanvas to answer (They may have info about it online).
2.) For electronic storage in house, typically in manufacturing only a few people have PCs and those are password protected, so you can say that the access is both limited and secured. If you have your own data backed up off-site somehow (and you should) then you can point to that as well.
3.) PDF's themselves are generally considered secure, although it is possible to break them, but since you would have data stored via Go Canvas and locally, you would bypass any concerns for that. And that's being darn nit-picky.
4.) Because you are relying on online forms, document control becomes a non-issue. If you make a change to the underlying design, it is immediately reflected in any subsequent submissions.
I wouldn't stress out too much about the security given how you have described how it works. I cannot see a Food Safety auditor being that IT savvy as to try and nit-pick you around hypothetical risk in this area.
"We use this online provider. They use this hosting service who has these disaster recovery capabilities and services. We also store copies locally with our own off-site storage/DR plan. Our local document storage is controlled this way. The documentation itself is in PDF format and cannot be changed after submission. Finally, the forms themselves (being online) automatically provide document control."
Anyway, maybe something of value is buried in here. Hope the transition goes well.
Good luck,
Todd