Policy Bulletin

Policy Number and Title:

Commissioner's Directive (CD) 225 – INFORMATION TECHNOLOGY SECURITY

Why was the policy changed?

This policy has been revised to bring it in line with Treasury Board policies, to update responsibilities based on the current CSC structure and to reflect the recommendations of the Policy Review Task Force.

What is new/changed?

The title of the policy has been amended from “Electronic Data Processing Security” to “Information Technology Security”.

Two new sections entitled “Application” and “Enquiries” have been added, and the order of the paragraphs in the “Responsibilities” section has been re-arranged.

The CD has been updated to reflect the following Treasury Board policies:

• Policy on Government Security;
• Framework for the Management of Risk;
• Operational Security Standard: Management of Information Technology Security.

Cross-references and definitions are now found in Annex A of the CD.

How was it developed?

The Information Management Services Branch revised the policy in cooperation with the Strategic Policy Division. A national consultation was also conducted.

Accountability

Responsibilities for the various levels of the serviced agencies are outlined in the policy.

Who will be affected by the policy?

All individuals who have been authorized to use CSC’s IT systems or electronic information.

Other impacts?

None.

Contact:

Robert P. Trottier
A/Director, IT Security
613-943-7825
Robert.Trottier@csc-scc.gc.ca