The objective of this policy is to develop and define Correctional Service of Canada (CSC) standards in compliance with the Policy on Government Security (PGS) and related directives and standards
Applies to all CSC employees and individuals who have access to government information, property and assets under CSC’s jurisdiction
The Assistant Commissioner, Correctional Operations and Programs, is responsible for the development and approval of guidelines to support all departmental security directives.
The Director General, Security, will act as a liaison between the members of the Executive Committee and members of the Security Advisory Committee. He/she will also chair the Security Advisory Committee, which oversees departmental security directions within CSC.
The Departmental Security Officer (DSO) will:
ensure a standardized approach to departmental security within the organization
serve as a subject matter expert on the Treasury Board physical security standards applicable to all CSC facilities.
The Director General, Technical Services and Facilities, will:
serve as the subject matter expert on the CSC technical security requirements in institutions, Community Correctional Centres (CCCs) and parole offices
liaise closely with the Departmental Security Division on departmental security matters
approve and oversee construction, renovations and refits in CSC facilities.
The Regional Deputy Commissioners will ensure that this directive is implemented at all CSC facilities.
The regional designated individuals having responsibilities for departmental security activities will:
ensure that a Threat and Risk Assessment (TRA) is completed and security measures are in place for the safety and security of individuals, information and CSC assets
ensure that identified deficiencies are addressed and corrective measures are applied
The standards for CSC office/administrative facilities (e.g. National and Regional Headquarters, including administrative facilities within the institutions), warehouses or other unspecified facilities are governed by CSC’s obligations under the Policy on Government Security and its related standards and the CSC Technical Criteria for Correctional Institutions.
Where CSC is the tenant of a facility, CSC must inform the custodian department of its security requirements for the location and make arrangements to fulfil these requirements.
Where CSC is the custodian of a facility and shares the facility with other organizations, CSC must apply the appropriate measures identified in a TRA in order to preserve the safety and security of the building and its occupants, based on the risks generated by all tenants.
Where a CSC office is located in a multi-tenant facility, the demising walls will be built in accordance with the RCMP Guide G13-02 Secure Demising Wall.
Protected A and B information on paper must be destroyed to the maximum shred sizes, in accordance with the RCMP Guide G1-001 Security Equipment Guide, Destruction Equipment Selection Guide
Protected C and all levels of classified information on paper must be destroyed in a shredder approved for the classification level, in accordance with the RCMP Guide G1 001 Security Equipment Guide, Destruction Equipment Selection Guide.
The person assigned to destroy protected or classified waste must hold a valid reliability status or security clearance consistent with the classification level of information and/or asset being destroyed.
Suppliers of destruction services approved by the Canadian Industrial Security Directorate of Public Works and Government Services Canada through a contract or standing offer have the ability to destroy Protected A and B information only without the presence of a CSC employee, provided all other secure destruction requirements pursuant to section 4 of the RCMP Guide G1 001 Security Equipment Guide, Destruction Equipment Selection Guide are met. For classified and Protected C information, all aspects of the destruction process, from pick-up, to transport, to final destruction, must be under the continuous supervision of an appropriately security-screened departmental employee.
The following definitions were established for the purpose of developing this directive (as defined in Treasury Board policy):
Assets: tangible or intangible things of the Government of Canada. Assets include but are not limited to information in all forms and media, networks, systems, materiel, real property, financial resources, employee trust, public confidence and international reputation.
Classified assets: assets whose compromise would reasonably be expected to cause injury to the national interest.
Classified information: information related to the national interest that may qualify for an exemption or exclusion under the Access to Information Act or Privacy Act, and the compromise of which would reasonably be expected to cause injury to the national interest.
Custodian department: a department having administration of federal real property.
Facility: a physical setting used to serve a specific purpose. A facility may be part of a building, a whole building, or a building plus its site; or it may be a construction that is not a building. The term encompasses both the physical object and its use (e.g. weapons ranges, agriculture fields).
*High Security Zone: an area to which access is limited to authorized, appropriately-screened personnel and authorized and properly-escorted visitors; it must be indicated by a perimeter built to the specifications recommended in the TRA, monitored continuously (e.g. 24 hours a day and 7 days a week) and be an area to which details of access are recorded and audited. Example: an area where high-value assets are handled by selected personnel.
Information: any data, published material or records in any form, which is collected, created or received, and which is maintained as evidence in pursuance of legal obligations or in the transaction of business.
Inmate/Offender Access Zone: areas where offenders have unescorted access inside and outside correctional facilities. Examples: the grounds inside the fence surrounding a federal correctional facility, areas inside federal correctional institutions, Community Correctional Centres and Parole Offices.
Material: any tangible object with the exclusion of those embodying information.
*Operations Zone: an area where access is limited to personnel who work there and to properly-escorted visitors; it must be indicated by a recognizable perimeter and monitored periodically. Examples: typical open office space, areas where Protected A and B information is processed and/or safeguarded, or typical electrical, telecom and LAN rooms.
Physical Security: the use of physical safeguards to prevent or delay unauthorized access to assets, to detect attempted and actual unauthorized access and to activate appropriate responses.
Protected asset or information: an asset or information that may qualify for an exemption or exclusion under the Access to Information Actor the Privacy Act because its disclosure would reasonably be expected to compromise the non-national interest.t.
Protection: for physical security, protection means the use of physical, procedural and psychological barriers to delay or deter unauthorized access, including visual and acoustic barriers.
Public Zone: where the public has unimpeded access and generally surrounds or forms part of a government facility. Examples: the grounds surrounding a building, or public corridors and elevator lobbies in multiple occupancy buildings. At CSC medium and maximum security facilities, the Public Zone is outside the fence surrounding the facility.
Reception Zone: where the transition from a Public Zone to a restricted-access area is demarcated and controlled. It is typically located at the entry to the facility where initial contact between visitors and the department occurs; this can include such spaces as places where services are provided and information is exchanged. Access by visitors may be limited to specific times of the day or for specific reasons.
Risk: the chance of a vulnerability being exploited.
*Security Zone: an area to which access is limited to authorized personnel and to authorized and properly-escorted visitors; it must be indicated by a recognizable perimeter and monitored continuously (e.g. 24 hours a day and 7 days a week). Example: an area where Protected C and Secret information is processed and/or stored.
Threat: any potential event or act, deliberate or accidental, that could cause injury to employees or assets.
Zones: a series of clearly discernible spaces to progressively control access.