To ensure that those who have access to government information, assets and services are deemed trustworthy, reliable and loyal through an appropriate security screening program
To ensure that security threats, risks and incidents are assessed and managed to help protect individuals, and CSC’s critical assets and information, as well as to ensure the continued delivery of services
To ensure that all CSC employees effectively manage departmental security activities within their areas of responsibility and contribute to an effective CSC-wide security management program
Applies to all CSC employees and individuals who have access to government information, property and assets under CSC’s jurisdiction
The Assistant Commissioner, Correctional Operations and Programs, is responsible for the development and approval of guidelines to support all departmental security directives.
The Chief Information Officer will:
consult with the Departmental Security Officer prior to issuing any Information Technology (IT) security policies and procedures
appoint an Information Technology Security Coordinator with a functional reporting relationship to both the Departmental Security Officer and Departmental Chief Information Officer.
The Director General, Security, will:
ensure that departmental security activities are carried out under the overall coordination of the Departmental Security Officer
ensure that the Policy on Government Security responsibilities are integrated into CSC’s Corporate Business Plan to assist Executive Committee decision-making
ensure that departmental security policies are developed and maintained in accordance with legislation and the Treasury Board policy
act as a liaison between members of EXCOM and members of the SAC.
The Departmental Security Officer (DSO) designated by the Commissioner will:
coordinate policy-related activities such as directives, procedures and guidelines that comply with the Treasury Board policy requirements
ensure consistency among local, regional and national practices by providing advice and guidance on security matters related to the Policy on Government Security and its associated standards
ensure departmental security breaches and incidents are reported
ensure the execution of the mandate set out in the Treasury Board policy by representing the Commissioner at the Treasury Board Secretariat for all departmental activities related to security and identity management and the Policy on Government Security.
The Regional Deputy Commissioners will:
designate individuals having responsibilities for departmental security activities to ensure that trained individuals implement the Departmental Security Program in their respective regions.
The regional designated individuals having responsibilities for departmental security activities will:
coordinate departmental security activities at the regional level
implement the program objectives
conduct departmental security threat and risk assessments
ensure that corrective measures are taken
maintain a functional reporting relationship with the Departmental Security Officer and liaise with the National Headquarters Departmental Security Division.
Each facility under Regional Headquarters’ jurisdiction will designate a Unit Security Officer who will:
maintain a functional relationship with the regional designated individuals having responsibilities for the departmental security activities
support the regional designated individuals having responsibilities for departmental security activities in the coordination or the delivery of security awareness sessions to all CSC employees and persons having access to government information, property and assets under CSC’s jurisdiction
ensure the completion of a Threat and Risk Assessment (TRA) when necessary, and contribute to the effective maintenance of the departmental security plan, as required
ensure the safety of individuals, the security of information and the protection of property and valuable assets for which they are responsible
ensure that security requirements are integrated into the business planning, programs, services and other management activities
assess security risks, formally accept or recommend acceptance of residual risks, reassess risks in light of changes to programs, activities or services, and take corrective action to address identified deficiencies
monitor the implementation and effectiveness of security controls and report accordingly to the Departmental Security Officer or regional designated individuals having responsibilities for departmental security activities, as appropriate
ensure all individuals apply effective security practices in day-to-day operations
identify contract security requirements and other safeguards for the protection of information and assets
ensure that all individuals having access to government information, property and assets under CSC’s jurisdiction participate in a security awareness session and/or receive appropriate training pursuant to departmental security policies
ensure that departmental security practitioners and other individuals with specific departmental security responsibilities receive appropriate and up-to-date training to ensure they have the necessary knowledge and competencies to effectively perform their security responsibilities and do not inadvertently compromise security.
All employees will:
safeguard CSC information and assets under their control, whether working on or off-site
ensure that situations likely to compromise site security are reported immediately
on an ongoing basis, apply security controls related to their areas of responsibility (this includes, but is not limited to, administrative and corporate practices)
refer to and apply the guidelines attached to the Commissioner’s Directives on departmental security, as needed.
The departmental security program and activities will adhere to the Treasury Board Policy on Government Security and the following Commissioner’s Directives:
CD 564-2 – Departmental Physical Security: to establish baseline physical security requirements to counter threats to CSC employees, assets and service delivery and to provide consistent safeguarding for the Government of Canada.
Assets: tangible or intangible resources of the Government of Canada. Assets include but are not limited to: information in all forms and media, networks, systems, material, real property, financial resources, employee trust, public confidence and international reputation.
Information: any data, published material or records in any form, which is collected, created or received, and which is maintained as evidence in pursuance of legal obligations or in the transaction of business.
Reliability status: the minimum standard of security screening for positions requiring unsupervised access to Government of Canada protected information, assets, facilities or information technology systems. Security screening for reliability status appraises an individual’s honesty and whether he/she can be trusted to protect CSC's interests. Security screening for reliability status can include enhanced inquiries, verifications and assessments when duties involve or directly support security and intelligence functions.
Security Advisory Committee (SAC): the governance body for the effective implementation and maintenance of a security program, management of security controls and the achievement of control objectives.
Security clearance: the standard of security screening for all positions requiring access to Government of Canada classified information, assets, facilities or information technology systems. Security screening for a security clearance appraises an individual’s loyalty to Canada and his/her reliability as it relates to that loyalty. Security screening for security clearance can include enhanced inquiries, verifications and assessments when duties involve or directly support security and intelligence functions.