Correctional Service Canada
www.csc-scc.gc.ca
Common menu bar links
Commissioner's Directive
Date:
1987-01-01
Number - Numéro:
225
ELECTRONIC DATA PROCESSING SECURITY
Issued under the authority of the Commissioner of the Correctional Service of Canada
1. To ensure the protection of systems, data and services from accidental and deliberate threats to confidentiality, integrity, or availability thereof, thereby meeting the standards set by the Government of Canada.
2. The National Headquarters unit responsible for electronic data processing security shall ensure:
- the development of security procedures relating to systems, data and services; and
- the monitoring and evaluation of electronic data processing systems and their surrounding environment in relation to the threat of compromise or unauthorized release of information.
3. The National Headquarters unit responsible for electronic data processing services shall ensure the implementation, coordination and supervision of the security policies, standards and procedures that affect electronic data processing within the Service.
4. Branch Heads, Deputy Commissioner, and any other persons who have electronic data processing systems under their control shall ensure that:
- data is compartmentalized for access purposes and authorized users are identified as required; and
- an individual is identified to maintain a liaison with the National Headquarters unit responsible for electronic data processing security, to identify potential security concerns and ensure training of branch and regional personnel in electronic data processing security matters.
5. The security classification or designation assigned to electronic data processing documentation, data, and programs shall be determined by the user in accordance with the procedures outlined for security of information.
6. In order to gain access to the Service's electronic data processing systems, users shall require authentication codes or passwords. These codes and passwords shall be obtained in accordance with instructions issued by the unit responsible.
7. No one individual user shall perform all aspects of a critical process independently. For example, the user programming a modification shall not be responsible for updating the production library to incorporate that modification.
8. When developing electronic data processing contracts, all security concerns shall be weighed and appropriate clauses inserted in the contract to reflect these concerns. This shall be done in conjunction with the National Headquarters unit responsible for electronic data processing security.
9. Inmates shall be denied access to any electronic data processing systems or equipment:
- capable of retrieving information on either members of the Service or inmates;
- required to support the infrastructure of a particular institution; or
- capable of communicating with another terminal or computer outside the institution, except for those terminals on approved computer-assisted learning systems.
10. Plans shall be developed by those individuals responsible for data processing systems which provide for the re-establishment of the data processing service following a disaster. These plans shall identify essential services, data resources and minimum personnel resources required to maintain the service concerned. These plans shall be tested on an annual basis.
11. All suspected security violations and incidents occurring in the electronic data processing environment shall be investigated by the National Headquarters unit responsible for electronic data processing security. A written report shall be prepared on each incident.
12. The following audits shall be scheduled at a minimum:
- an audit to be carried out by the Royal Canadian Mounted Police Security Evaluation and Inspection Team, in accordance with the Treasury Board Administrative Policy Manual; and
- an annual audit of electronic data processing security operations conducted by the National Headquarters unit responsbible for electronic data processing security.
Original signed by
Rhéal J. LeBlanc, Commissioner
