CINXE.COM

<!DOCTYPE html>   <html xmlns="http://www.w3.org/1999/xhtml" class="no-js" lang="en" dir="ltr">  <head>  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-5HHZ4ST');</script>  <meta charset="utf-8"/>  <title>Policy on Government Security- Canada.ca</title> <meta content="width=device-width,initial-scale=1" name="viewport"/>  <script type="text/javascript" src="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v5_0_2/cdts/compiled/soyutils.js"></script> <script type="text/javascript" src="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v5_0_2/cdts/compiled/wet-en.js"></script> <script type="text/javascript" src="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v5_0_2/cdts/compiled/plugins-en.js"></script> <noscript>   <link href="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/assets/favicon.ico" rel="icon" type="image/x-icon"> <link rel="stylesheet" href="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/css/theme.min.css"> <link rel="stylesheet" href="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/cdts/cdtsfixes.css">      <link rel="stylesheet" href="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/css/noscript.min.css" /> <link rel="stylesheet" href="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/cdts/cdtsnoscript.css" /> </noscript>  <script type="text/javascript"> document.write(wet.builder.refTop({"cdnEnv":"prod","isApplication":false})); </script> <meta name="WebConfigHost" content="www" /> <link rel="stylesheet" href="./css/pol.css" /> <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> <meta name="type" content="Policy" /> <meta name="typeid" content="27" /> <meta name="status" content="Approved" /> <meta name="statusid" content="1" /> <meta name="topicarea" content="Government security" /> <meta name="topicareaid" content="33" /> <meta name="topic" content="Government security" /> <meta name="topicid" content="33" /> <meta name="instrumentversion" content="Renewed" /> <meta name="instrumentversionid" content="12" /> <meta name="plannedactionid" content="266" /> <meta name="subject" content="Privacy" /> <meta name="subjectid" content="86" /> <meta name="subject" content="Safety" /> <meta name="subjectid" content="102" /> <meta name="subject" content="Management" /> <meta name="subjectid" content="176" /> <meta name="subject" content="Government services" /> <meta name="subjectid" content="1086" /> <meta name="subject" content="Security" /> <meta name="subjectid" content="1862" /> <meta name="subject" content="Crime prevention" /> <meta name="subjectid" content="2100" /> <meta name="subject" content="Prévention de la criminalité" /> <meta name="subjectid" content="2108" /> <meta name="subject" content="National security" /> <meta name="subjectid" content="2154" /> <meta name="subject" content="Public safety" /> <meta name="subjectid" content="2785" /> <meta name="subject" content="Federal government" /> <meta name="subjectid" content="3088" /> <meta name="subject" content="Gouvernement fédéral" /> <meta name="subjectid" content="3094" /> <meta name="subject" content="Government" /> <meta name="subjectid" content="3096" /> <meta name="subject" content="Gouvernement" /> <meta name="subjectid" content="3512" /> <meta name="subject" content="Services gouvernementaux" /> <meta name="subjectid" content="3538" /> <meta name="subject" content="Gestion" /> <meta name="subjectid" content="4288" /> <meta name="subject" content="Sécurité nationale" /> <meta name="subjectid" content="4560" /> <meta name="subject" content="Vie privée" /> <meta name="subjectid" content="4917" /> <meta name="subject" content="Sécurité publique" /> <meta name="subjectid" content="5006" /> <meta name="subject" content="Sécurité" /> <meta name="subjectid" content="5214" /> <meta name="subject" content="Sécurité" /> <meta name="subjectid" content="5214" /> <script src="//assets.adobedtm.com/be5dfd287373/0127575cd23a/launch-f7c3e6060667.min.js "></script> <meta name="dc.title" content="Policy on Government Security"> <meta name="dcterms.title" content="Policy on Government Security"> <meta name="gc.description.Long" content="Provides direction to manage government security in support of the trusted delivery of GC programs and services, the protection of information, individuals and assets, and provides assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management in the GC."> <meta name="dcterms.description" content="Provides direction to manage government security in support of the trusted delivery of GC programs and services, the protection of information, individuals and assets, and provides assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management in the GC."> <meta name="dc.creator" content="Treasury Board of Canada Secretariat"> <meta name="dcterms.creator" content="Treasury Board of Canada Secretariat"> <meta name="gc.institution" content="Government of Canada"> <meta name="dc.language" title="UTF-8" content="eng"> <meta name="dcterms.language" title="UTF-8" content="eng"> <meta name="dc.audience" content="public"> <meta name="dc.date.issued" title="W3CDTF" content="2009-06-24"> <meta name="dcterms.issued" title="W3CDTF" content="2009-06-24"> <meta name="dc.date.modified" title="W3CDTF" content="2019-07-01"> <meta name="dcterms.modified" title="W3CDTF" content="2019-07-01"> <meta name="dc.spatial.country" content="Canada"> <meta name="dcterms.spatial" content="Canada"> <meta name="dcterms.service" content="TBS-SCT_POL"> <meta name="dcterms.accessRights" content="2">   </head> <body vocab="http://schema.org/" typeof="WebPage"> <div id="def-top">  <ul id="wb-tphp"> <li class="wb-slc"><a class="wb-sl" href="#wb-cont">Skip to main content</a></li> <li class="wb-slc visible-sm visible-md visible-lg"><a class="wb-sl" href="#wb-info">Skip to "About this site"</a></li> </ul> <header role="banner"> <div id="wb-bnr" class="container"> <div class="row"> <div class="brand col-xs-8 col-sm-9 col-md-6"> <a href="https://www.canada.ca/en.html"><object type="image/svg+xml" tabindex="-1" data="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/assets/sig-blk-en.svg"></object><span class="wb-inv"> Government of Canada / <span lang="fr">Gouvernement du Canada</span></span></a> </div> <section class="wb-mb-links col-xs-4 col-sm-3 visible-sm visible-xs" id="wb-glb-mn"> <h2>Search and menus</h2> <ul class="list-inline text-right chvrn"> <li><a href="#mb-pnl" title="Search and menus" aria-controls="mb-pnl" class="overlay-lnk" role="button"><span class="glyphicon glyphicon-search"><span class="glyphicon glyphicon-th-list"><span class="wb-inv">Search and menus</span></span></span></a></li> </ul> <div id="mb-pnl"></div> </section> <section id="wb-srch" class="col-xs-6 text-right visible-md visible-lg"> <h2>Search</h2> <form action="https://www.canada.ca/en/sr.html" method="get" name="cse-search-box" role="search" class="form-inline"> <div class="form-group"> <label for="wb-srch-q" class="wb-inv">Search website</label> <input name="cdn" value="canada" type="hidden"> <input name="st" value="s" type="hidden"> <input name="num" value="10" type="hidden"> <input name="langs" value="en" type="hidden"> <input name="st1rt" value="1" type="hidden"> <input name="s5bm3ts21rch" value="x" type="hidden"> <input id="wb-srch-q" list="wb-srch-q-ac" class="wb-srch-q form-control" name="q" type="search" value="" size="27" maxlength="150" placeholder="Search Canada.ca"> <input type="hidden" name="_charset_" value="UTF-8"> <datalist id="wb-srch-q-ac">   </datalist> </div> <div class="form-group submit"> <button type="submit" id="wb-srch-sub" class="btn btn-primary btn-small" name="wb-srch-sub"><span class="glyphicon-search glyphicon"></span><span class="wb-inv">Search</span></button> </div> </form> </section> </div> </div> <nav role="navigation" id="wb-sm" class="wb-menu visible-md visible-lg" typeof="SiteNavigationElement"> <div class="container nvbar"> <h2>Topics menu</h2> <div class="row"> <ul class="list-inline menu"> <li><a href="https://www.canada.ca/en/services/jobs.html">Jobs</a></li> <li><a href="https://www.canada.ca/en/services/immigration-citizenship.html">Immigration</a></li> <li><a href="https://travel.gc.ca/">Travel</a></li> <li><a href="https://www.canada.ca/en/services/business.html">Business</a></li> <li><a href="https://www.canada.ca/en/services/benefits.html">Benefits</a></li> <li><a href="https://www.canada.ca/en/services/health.html">Health</a></li> <li><a href="https://www.canada.ca/en/services/taxes.html">Taxes</a></li> <li><a href="https://www.canada.ca/en/services.html">More services</a></li> </ul> </div> </div> </nav> <nav role="navigation" id="wb-bc" property="breadcrumb"> <h2>You are here:</h2> <div class="container"> <div class="row"> <ol class="breadcrumb"> <li><a href="https://www.canada.ca/en.html">Home</a></li> </ol> </div> </div> </nav> </header> </div>  <script type="text/javascript"> var defTop = document.getElementById("def-top"); defTop.outerHTML = wet.builder.top({"cdnEnv":"prod","search":true,"lngLinks":[{"href":"doc-fra.aspx?id=16578","lang":"fr","text":"Français"}],"showPreContent":true,"breadcrumbs":[{"href":"http://www.canada.ca/en/index.html","title":"Home"},{"href":"http://www.canada.ca/en/government/system/index.html","title":"How government works"},{"href":"index-eng.aspx","title":"Policies, directives, standards and guidelines"}],"topSecMenu":false,"siteMenu":true}); </script> <main role="main" property="mainContentOfPage" class="container">  <h1 id="wb-cont" property="name">Policy on Government Security</h1> <div class="row"> <div class="col-md-12"> Provides direction to manage government security in support of the trusted delivery of GC programs and services, the protection of information, individuals and assets, and provides assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management in the GC. </div> <div class="col-md-12 text-right"> Date modified: 2019-07-01 </div> </div> <div class="row"> <div class="col-md-12"> <div class="row mrgn-tp-md">  <section class="col-xs-12 col-md-4 mrgn-bttm-sm pull-right"> <details class="pol-sb"> <summary><h2 class="h3"><span class="glyphicon glyphicon-wrench pull-right"></span>Supporting tools</h2></summary> <p><strong>Directive:</strong></p> <ul class="lst-spcd margin-top-medium"> <li><a href="doc-eng.aspx?id=16577">Identity Management, Directive on</a></li> <li><a href="doc-eng.aspx?id=32611">Security Management, Directive on</a></li> <li><a href="doc-eng.aspx?id=32805">Security Screening, Directive on</a></li> </ul> </details> <details class="pol-sb"> <summary><h2 class="h3"><span class="glyphicon glyphicon-info-sign pull-right"></span>More information</h2></summary> <p><strong>Terminology:</strong></p> <ul class="lst-spcd margin-top-medium"> <li><a href="doc-eng.aspx?id=16578&section=acronyms">Abbreviations</a></li> <li><a href="doc-eng.aspx?id=16578&section=glossary">Glossary</a></li> </ul> <p><strong>Topic:</strong></p> <ul class="lst-spcd margin-top-medium"> <li><a href="http://www.tbs-sct.gc.ca/hgw-cgf/oversight-surveillance/atip-aiprp/sim-gsi/index-eng.asp">Government security</a></li> </ul> </details> <details class="pol-sb"> <summary><h2 class="h3"><span class="fa fa-sitemap pull-right"></span>Hierarchy</h2></summary> <div class="tv"> <ul class="tv-ul"> <li class="tv-li tv-first tv-last" aria-expanded="true"> <div class="tv-top"> <span class="tv-sp"></span><a href="#" class="tv-plus tv-action-expand"><img alt="Foundation Framework for Treasury Board Policies is collapsed. Click to expand." src="./img/tv/plus.png" /></a><a href="#" class="tv-minus tv-action-collapse"><img alt="Foundation Framework for Treasury Board Policies is expanded. Click to collapse." src="./img/tv/minus.png" /></a> <a href="doc-eng.aspx?id=13616" class="tv-in">Foundation Framework for Treasury Board Policies</a> </div> <ul class="tv-ul"> <li class="tv-li tv-last" aria-expanded="true"> <div class="tv-top"> <span class="tv-sp"></span><a href="#" class="tv-plus tv-action-expand"><img alt="Policy on Government Security is collapsed. Click to expand." src="./img/tv/plus.png" /></a><a href="#" class="tv-minus tv-action-collapse"><img alt="Policy on Government Security is expanded. Click to collapse." src="./img/tv/minus.png" /></a> <a href="doc-eng.aspx?id=16578" class="tv-in"><strong>Policy on Government Security</strong></a> </div> <ul class="tv-ul"> <li class="tv-li"> <div class="tv-top"> <span class="tv-sp"></span> <a href="doc-eng.aspx?id=16577" class="tv-in">Identity Management, Directive on</a> </div> </li> <li class="tv-li"> <div class="tv-mid"> <span class="tv-sp"></span> <a href="doc-eng.aspx?id=32611" class="tv-in">Security Management, Directive on</a> </div> </li> <li class="tv-li tv-last"> <div class="tv-bot"> <span class="tv-sp"></span> <a href="doc-eng.aspx?id=32805" class="tv-in">Security Screening, Directive on</a> </div> </li> </ul> </li> </ul> </li> </ul> <a class="btn btn-link" href="hierarch-eng.aspx#id16578"><span class="fa fa-sitemap"></span> View complete hierarchy</a> </div> </details> <details class="pol-sb"> <summary><h2 class="h3"><span class="fa fa-archive pull-right"></span>Archives</h2></summary> <p><strong>This policy replaces:</strong></p> <ul class="lst-spcd margin-top-medium"> <li><a href="doc-eng.aspx?id=12322">Government Security Policy [2009-07-06]</a></li> <li><a href="doc-eng.aspx?id=25572">Government Security, Policy on [2012-03-31]</a></li> <li><a href="doc-eng.aspx?id=32608">Government Security, Policy on [2019-06-28]</a></li> </ul> <a class="btn btn-link" href="arch-eng.aspx"><span class="fa fa-archive"></span> View all inactive instruments</a> </details> <a class="btn btn-default" href="doc-eng.aspx?id=16578&section=html" role="button" onclick="_gaq.push(['_trackEvent', 'policy suite', 'html', 'http://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=16578&section=html']);"><span class="glyphicon glyphicon-print"></span> Print-friendly</a> <a class="btn btn-default" href="doc-eng.aspx?id=16578&section=xml" role="button" data-gc-analytics="manualDownload" onclick="_gaq.push(['_trackEvent', 'policy suite', 'xml', 'http://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=16578&section=xml']);">XML</a> </section>  <section class="col-xs-12 col-md-8 pull-left"> <div class="btn-group mrgn-bttm-md"> <a class="btn btn-default doc-exall" href="#" onclick="_gaq.push(['_trackEvent', 'policy suite', 'expand all', 'http://www.tbs-sct.canada.ca/pol/doc.aspx?id=16578']);" >Expand all</a> <a class="btn btn-default doc-coall" href="#" onclick="_gaq.push(['_trackEvent', 'policy suite', 'collapse all', 'http://www.tbs-sct.canada.ca/pol/doc.aspx?id=16578']);" >Collapse all</a> </div> <div id="ps-doc"> <section class="alert alert-info"><h2>Note to reader</h2> <p>The Policy on Government Security took effect on July 1, 2019. It replaced the Policy on Government Security that was in effect from July 1, 2009 to June 30, 2019.</p> <p>Effective January 6, 2025, the Policy on Government Security has been amended to include a new authority, revise a requirement for deputy heads, revise references, add to the description of security screening, and include definitions.</p> <p>The following sections have been amended or added:</p> <ul> <li>Section 2.3 relating to the delegation of authority to issue standards, mandatory procedures, and other appendices. </li> <li>Subsection 4.1.3 relating to delegation of the authority to deny, revoke or suspend security clearances.</li> <li>Section 8 to include updated references to legislation and related policy instruments. </li> <li>Appendix A.1 relating to security screening for the entire life cycle. </li> </ul> <p>Appendix B to include definitions from the Standard on Security Screening into the Policy on Government Security. Some definitions have been amended and/or renamed to reflect updated concepts and for plain language.</p> </section> <div class="pol-cha"> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha1">1. Effective date</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla1.1"><span class="pol-cla-id">1.1</span>This policy takes effect on July 1, 2019. </li> <li class="pol-cla" id="cla1.2"><span class="pol-cla-id">1.2</span>This policy replaces the Policy on Government Security, dated July 1, 2009.</li> <li class="pol-cla" id="cla1.3"><span class="pol-cla-id">1.3</span>Transitional considerations: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla1.3.1"><span class="pol-cla-id">1.3.1</span>Subsection 4.1.5 of this policy will take effect on July 1, 2019, or on the scheduled date for the renewal of the department’s security plan, whichever is later. </li> </ul> </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha2">2. Authorities</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla2.1"><span class="pol-cla-id">2.1</span>This policy is issued pursuant to section 7 of the <a href="http://laws-lois.justice.gc.ca/eng/acts/f-11/">Financial Administration Act</a>. </li> <li class="pol-cla" id="cla2.2"><span class="pol-cla-id">2.2</span>The Treasury Board has delegated to the President of the Treasury Board the authority to amend and rescind directives related to this policy, including standards, mandatory procedures and other appendices. </li> <li class="pol-cla" id="cla2.3"><span class="pol-cla-id">2.3</span>The Treasury Board has delegated to the President of the Treasury Board the authority to issue standards, mandatory procedures and other appendices.</li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha3">3. Objectives and expected results</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla3.1"><span class="pol-cla-id">3.1</span>The objectives of this policy are as follows: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla3.1.1"><span class="pol-cla-id">3.1.1</span>To effectively manage government security controls in support of the trusted delivery of Government of Canada programs and services and in support of the protection of information, individuals and assets; and</li> <li class="pol-cla" id="cla3.1.2"><span class="pol-cla-id">3.1.2</span>To provide assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management in the Government of Canada.</li> </ul> </li> <li class="pol-cla" id="cla3.2"><span class="pol-cla-id">3.2</span>The expected results of this policy are as follows: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla3.2.1"><span class="pol-cla-id">3.2.1</span>Governance of government security controls within departments, with partners and across government will be effective, by fulfilling specified functions and successfully producing the intended result; </li> <li class="pol-cla" id="cla3.2.2"><span class="pol-cla-id">3.2.2</span>Access to advice, guidance and services, including secure internal enterprise services, will be enabled;</li> <li class="pol-cla" id="cla3.2.3"><span class="pol-cla-id">3.2.3</span>Deputy heads and central agencies will have and share information needed for informed decision-making on government security priorities and resources;</li> <li class="pol-cla" id="cla3.2.4"><span class="pol-cla-id">3.2.4</span>Risk-based and standardized security practices and controls will be implemented, monitored and maintained; and</li> <li class="pol-cla" id="cla3.2.5"><span class="pol-cla-id">3.2.5</span>Management of security events will be coordinated to enable adaptation to a dynamic threat environment.</li> </ul> </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha4">4. Requirements</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.1"><span class="pol-cla-id">4.1</span>Deputy heads are responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.1.1"><span class="pol-cla-id">4.1.1</span>Designating a chief security officer responsible to the deputy head or to the departmental executive committee to provide leadership, coordination and oversight for departmental security management activities; </li> <li class="pol-cla" id="cla4.1.2"><span class="pol-cla-id">4.1.2</span>Establishing the department’s security governance, including responsibilities for security controls and authorities for security risk management decisions; </li> <li class="pol-cla" id="cla4.1.3"><span class="pol-cla-id">4.1.3</span>Ensuring that their authority to deny, revoke or suspend security clearances is only delegated to the <em>Chief Security Officer</em> or <em>Individuals designated by deputy heads of internal enterprise service organizations to oversee their internal enterprise service activities</em>, should the deputy head decide to delegate.</li> <li class="pol-cla" id="cla4.1.4"><span class="pol-cla-id">4.1.4</span>Identifying security and identity management requirements for all departmental programs and services, considering potential impacts on internal and external stakeholders; </li> <li class="pol-cla" id="cla4.1.5"><span class="pol-cla-id">4.1.5</span>Approving a three-year departmental security plan that is reviewed annually, sets out strategies for meeting departmental security requirements reflective of and contributing to government-wide security priorities, and addresses the security controls described in Appendix A; </li> <li class="pol-cla" id="cla4.1.6"><span class="pol-cla-id">4.1.6</span>Reviewing any residual security risk that exceeds established authorities for security risk management decisions;</li> <li class="pol-cla" id="cla4.1.7"><span class="pol-cla-id">4.1.7</span>Ensuring that security incidents and other security events are assessed, investigated, documented, acted on and reported to the appropriate authority and to affected stakeholders; </li> <li class="pol-cla" id="cla4.1.8"><span class="pol-cla-id">4.1.8</span>Responding to direction, advice and information requests issued by the Treasury Board of Canada Secretariat and the Privy Council Office regarding security events that require an immediate or coordinated government-wide action; </li> <li class="pol-cla" id="cla4.1.9"><span class="pol-cla-id">4.1.9</span>Establishing a written agreement when the department relies on or supports another department or organization to achieve government security objectives (see subsection 6.3 of this policy for application of this requirement); and</li> <li class="pol-cla" id="cla4.1.10"><span class="pol-cla-id">4.1.10</span>Investigating and acting when significant issues regarding policy compliance arise, and ensuring that appropriate remedial action is taken to address these issues. </li> </ul> </li> <li class="pol-cla" id="cla4.2"><span class="pol-cla-id">4.2</span>Deputy heads of internal enterprise service organizations, which are departments or organizations that provide internal enterprise services to other government of Canada departments are responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.2.1"><span class="pol-cla-id">4.2.1</span>Establishing governance, including designating one or more senior officials, to oversee security considerations in the provision of internal enterprise services; </li> <li class="pol-cla" id="cla4.2.2"><span class="pol-cla-id">4.2.2</span>Liaising with client departments and the Treasury Board of Canada Secretariat when identifying security requirements for internal enterprise services;</li> <li class="pol-cla" id="cla4.2.3"><span class="pol-cla-id">4.2.3</span>Examining and acting on issues regarding fulfillment of security requirements with affected stakeholders;</li> <li class="pol-cla" id="cla4.2.4"><span class="pol-cla-id">4.2.4</span>Conducting periodic reviews (every three years at a minimum) to assess the extent to which the services provided meet government-wide security needs; and</li> <li class="pol-cla" id="cla4.2.5"><span class="pol-cla-id">4.2.5</span>Investigating and acting when significant issues regarding policy compliance arise, and ensuring that appropriate remedial action is taken to address these issues.</li> </ul> </li> <li class="pol-cla" id="cla4.3"><span class="pol-cla-id">4.3</span>Deputy heads of lead security agencies, which are described in subsection 5.2 of this policy, are responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.3.1"><span class="pol-cla-id">4.3.1</span>Designating a senior official or officials to oversee their lead security agency activities under this policy; </li> <li class="pol-cla" id="cla4.3.2"><span class="pol-cla-id">4.3.2</span>Consulting with the government-wide security policy governance when identifying priorities for their lead security agency activities; </li> <li class="pol-cla" id="cla4.3.3"><span class="pol-cla-id">4.3.3</span>Exercising leadership and providing departments with advice and guidance on government security, in accordance with section 5 of this policy and the following general responsibilities: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.3.3.1"><span class="pol-cla-id">4.3.3.1</span>Participating in government-wide security policy governance to assist in setting direction and priorities that align with national security objectives and other government priorities;</li> <li class="pol-cla" id="cla4.3.3.2"><span class="pol-cla-id">4.3.3.2</span>Providing advice to departments, and developing technical and operational guidance to support departments in policy implementation, in accordance with their mandate and in consultation with the Treasury Board of Canada Secretariat and the government-wide security policy governance; </li> <li class="pol-cla" id="cla4.3.3.3"><span class="pol-cla-id">4.3.3.3</span>Consulting with the Treasury Board of Canada Secretariat, Global Affairs Canada and other relevant lead security agencies and stakeholders when developing international agreements, treaties or other instruments that could potentially affect government-wide security management practices;</li> <li class="pol-cla" id="cla4.3.3.4"><span class="pol-cla-id">4.3.3.4</span>Participating in the analysis of threats, vulnerabilities, risks and security events; and sharing related findings with relevant stakeholders; and</li> <li class="pol-cla" id="cla4.3.3.5"><span class="pol-cla-id">4.3.3.5</span>Providing expertise and support for the development of Government of Canada security awareness and training curricula.</li> </ul> </li> </ul> </li> <li class="pol-cla" id="cla4.4"><span class="pol-cla-id">4.4</span>The Secretary of the Treasury Board is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla4.4.1"><span class="pol-cla-id">4.4.1</span>Establishing government-wide security policy governance to set strategic direction and priorities and coordinating security priorities, plans and activities government-wide; </li> <li class="pol-cla" id="cla4.4.2"><span class="pol-cla-id">4.4.2</span>Representing government-wide security needs in security governance for internal enterprise services; </li> <li class="pol-cla" id="cla4.4.3"><span class="pol-cla-id">4.4.3</span>Liaising with deputy heads and other senior officials on security issues, including security events that have potential government-wide impacts;</li> <li class="pol-cla" id="cla4.4.4"><span class="pol-cla-id">4.4.4</span>Liaising with other lead security agencies on matters of national security and emergency management; and</li> <li class="pol-cla" id="cla4.4.5"><span class="pol-cla-id">4.4.5</span>Establishing measures that support the capacity and development of the security functional community.</li> </ul> </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha5">5. Roles of other government organizations</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.1"><span class="pol-cla-id">5.1</span>This section identifies key government organizations in relation to this policy. In and of itself, this section does not confer any authority.</li> <li class="pol-cla" id="cla5.2"><span class="pol-cla-id">5.2</span>This section identifies lead security agencies and/or internal enterprise service organizations that have a leadership and support role in relation to this policy and contribute to the achievement of government security policy objectives. The responsibilities of each organization are identified, in accordance with its mandate, including the principal internal enterprise services provided. </li> <li class="pol-cla" id="cla5.3"><span class="pol-cla-id">5.3</span>The Canadian Security Intelligence Service is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.3.1"><span class="pol-cla-id">5.3.1</span>Providing government-wide services in security screening; </li> <li class="pol-cla" id="cla5.3.2"><span class="pol-cla-id">5.3.2</span>Fulfilling government-wide functions by investigating and analyzing threats to the security of Canada and by providing related reporting and advice to the Government of Canada; and </li> <li class="pol-cla" id="cla5.3.3"><span class="pol-cla-id">5.3.3</span>Maintaining a central registry for the retention of forms that designate persons permanently bound to secrecy under the Foreign Interference and Security of Information Act.</li> </ul> </li> <li class="pol-cla" id="cla5.4"><span class="pol-cla-id">5.4</span>Communications Security Establishment Canada is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.4.1"><span class="pol-cla-id">5.4.1</span>Serving as the lead technical authority for information technology (IT) security, including the provision of leadership, advice, services and guidance for technical matters related to IT security </li> <li class="pol-cla" id="cla5.4.2"><span class="pol-cla-id">5.4.2</span>Helping to ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada; </li> <li class="pol-cla" id="cla5.4.3"><span class="pol-cla-id">5.4.3</span>Fulfilling the following government-wide functions: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.4.3.1"><span class="pol-cla-id">5.4.3.1</span>Identifying emerging cyber threats; </li> <li class="pol-cla" id="cla5.4.3.2"><span class="pol-cla-id">5.4.3.2</span>Defending government networks and systems; and </li> <li class="pol-cla" id="cla5.4.3.3"><span class="pol-cla-id">5.4.3.3</span>Protecting against, and mitigating potential impacts of, cyber security events; </li> </ul> </li> <li class="pol-cla" id="cla5.4.4"><span class="pol-cla-id">5.4.4</span>Leading the development of trusted sources of supply for government and critical infrastructure, and mitigating the risk of untrusted equipment; </li> <li class="pol-cla" id="cla5.4.5"><span class="pol-cla-id">5.4.5</span>Serving as the national authority for communications security (COMSEC), including the procurement, distribution, control and use of cryptographic devices and encryption keying material for national security systems; and </li> <li class="pol-cla" id="cla5.4.6"><span class="pol-cla-id">5.4.6</span>Serving as Canada’s national authority for signals intelligence (SIGINT).</li> </ul> </li> <li class="pol-cla" id="cla5.5"><span class="pol-cla-id">5.5</span>National Defence is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.5.1"><span class="pol-cla-id">5.5.1</span>Fulfilling government-wide functions for scientific and technological security research, defence intelligence, and investigation of security threats to military systems; </li> <li class="pol-cla" id="cla5.5.2"><span class="pol-cla-id">5.5.2</span>Providing support to departments in relation to the protection of Government of Canada officials outside Canada, cyber security, and the provision of other security-related services; </li> <li class="pol-cla" id="cla5.5.3"><span class="pol-cla-id">5.5.3</span>Providing support to Public Safety Canada in relation to the continuity of constitutional government and domestic counterterrorism; </li> <li class="pol-cla" id="cla5.5.4"><span class="pol-cla-id">5.5.4</span>Serving as Canada’s National Distribution Authority for NATO (North Atlantic Treaty Organization); and </li> <li class="pol-cla" id="cla5.5.5"><span class="pol-cla-id">5.5.5</span>Serving as Canada’s national authority for Talent-Keyhole (TK) information.</li> </ul> </li> <li class="pol-cla" id="cla5.6"><span class="pol-cla-id">5.6</span>Global Affairs Canada is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.6.1"><span class="pol-cla-id">5.6.1</span>Providing leadership, advice and guidance regarding security at missions abroad, and conducting Canada’s international relations on matters related to government security;</li> <li class="pol-cla" id="cla5.6.2"><span class="pol-cla-id">5.6.2</span>Fulfilling government-wide functions related to security developments abroad, and providing services to departments abroad to ensure security at missions; and</li> <li class="pol-cla" id="cla5.6.3"><span class="pol-cla-id">5.6.3</span>Serving as Canada’s National Security Authority for NATO. </li> </ul> </li> <li class="pol-cla" id="cla5.7"><span class="pol-cla-id">5.7</span>The Privy Council Office is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.7.1"><span class="pol-cla-id">5.7.1</span>Establishing policy direction for the security of Cabinet confidences; </li> <li class="pol-cla" id="cla5.7.2"><span class="pol-cla-id">5.7.2</span>Fulfilling the following government-wide functions: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.7.2.1"><span class="pol-cla-id">5.7.2.1</span>Ensuring that national security objectives are reflected in government-wide security policy governance; </li> <li class="pol-cla" id="cla5.7.2.2"><span class="pol-cla-id">5.7.2.2</span>Providing advice and guidance on implementing security readiness levels in emergency and increased threat situations; and </li> <li class="pol-cla" id="cla5.7.2.3"><span class="pol-cla-id">5.7.2.3</span>Providing strategic leadership to coordinate responses to operational security matters facing the government that are of national, intergovernmental or international importance; and </li> </ul> </li> <li class="pol-cla" id="cla5.7.3"><span class="pol-cla-id">5.7.3</span>Providing advice on recommendations from the Security Intelligence Review Committee regarding the security clearance of individuals.</li> </ul> </li> <li class="pol-cla" id="cla5.8"><span class="pol-cla-id">5.8</span>Public Safety Canada is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.8.1"><span class="pol-cla-id">5.8.1</span>Providing leadership, technical advice and guidance for matters related to business continuity management; </li> <li class="pol-cla" id="cla5.8.2"><span class="pol-cla-id">5.8.2</span>Providing operational leadership for the coordination, information sharing and situational awareness relating to security events involving multiple Federal Departments or Agencies that may have government-wide, intergovernmental, critical infrastructure or national impacts; </li> <li class="pol-cla" id="cla5.8.3"><span class="pol-cla-id">5.8.3</span>Providing leadership in establishing the necessary arrangements for the continuity of constitutional government in the event of an emergency; and </li> <li class="pol-cla" id="cla5.8.4"><span class="pol-cla-id">5.8.4</span>Leading coordination and strategic policy-making on national security and national cyber security matters. </li> </ul> </li> <li class="pol-cla" id="cla5.9"><span class="pol-cla-id">5.9</span>Public Services and Procurement Canada is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.9.1"><span class="pol-cla-id">5.9.1</span>Providing leadership, advice and guidance for matters related to contract security; </li> <li class="pol-cla" id="cla5.9.2"><span class="pol-cla-id">5.9.2</span>Supporting and fulfilling government-wide functions for issuing personal record identifiers (PRI) to departments and agencies and individual agency numbers (IAN) to agencies outside the federal public service, and maintaining the PRI and IAN systems; </li> <li class="pol-cla" id="cla5.9.3"><span class="pol-cla-id">5.9.3</span>Providing emergency procurement and emergency accommodation, and providing security services to help ensure the protection of sensitive information entrusted to Canadian and foreign industry; </li> <li class="pol-cla" id="cla5.9.4"><span class="pol-cla-id">5.9.4</span>Providing internal enterprise services for contract security, base building security for general-purpose office facilities under its custodial responsibility, and IT security in support of providing and managing certain government-wide applications; and </li> <li class="pol-cla" id="cla5.9.5"><span class="pol-cla-id">5.9.5</span>Serving as the government’s national authority for industrial security, and in this capacity, serving as Canada’s Designated Security Authority for NATO.</li> </ul> </li> <li class="pol-cla" id="cla5.10"><span class="pol-cla-id">5.10</span>The Royal Canadian Mounted Police is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.10.1"><span class="pol-cla-id">5.10.1</span>Providing leadership, advice and guidance for matters related to physical security; </li> <li class="pol-cla" id="cla5.10.2"><span class="pol-cla-id">5.10.2</span>Fulfilling government-wide functions related to criminal threat intelligence and criminal investigations; and </li> <li class="pol-cla" id="cla5.10.3"><span class="pol-cla-id">5.10.3</span>Providing government-wide services related to security screening, technical surveillance countermeasures, and safeguarding of designated persons.</li> </ul> </li> <li class="pol-cla" id="cla5.11"><span class="pol-cla-id">5.11</span>Shared Services Canada is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.11.1"><span class="pol-cla-id">5.11.1</span>Planning, designing, building, operating and maintaining effective, efficient and responsive enterprise IT security infrastructure services to secure Government of Canada data and systems under its responsibility. </li> </ul> </li> <li class="pol-cla" id="cla5.12"><span class="pol-cla-id">5.12</span>The Treasury Board of Canada Secretariat is responsible for the following: <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla5.12.1"><span class="pol-cla-id">5.12.1</span>Establishing and overseeing a whole-of-government approach to Security management as a key component of all management activities by ensuring the conduct of periodic reviews of the effectiveness of security support services, to provide assurance that they continue to meet the needs of the government as a whole; </li> <li class="pol-cla" id="cla5.12.2"><span class="pol-cla-id">5.12.2</span>Providing policy leadership, advice and guidance for all matters related to government Security; </li> <li class="pol-cla" id="cla5.12.3"><span class="pol-cla-id">5.12.3</span>Providing strategic policy oversight and coordination for the management of security events that may affect the government as a whole.</li> </ul> </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha6">6. Application</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla6.1"><span class="pol-cla-id">6.1</span>The Policy on Government Security and its supporting instruments apply to departments as defined in section 2 and entities included in Schedules IV and V of the Financial Administration Act (FAA), unless excluded by specific acts, regulations or orders in council.</li> <li class="pol-cla" id="cla6.2"><span class="pol-cla-id">6.2</span>The heads of the following organizations are solely responsible for monitoring and ensuring compliance with this policy within their organizations: <ul> <li>Office of the Auditor General of Canada</li> <li>Office of the Chief Electoral Officer</li> <li>Office of the Commissioner of Lobbying of Canada</li> <li>Office of the Commissioner of Official Languages</li> <li>Office of the Information Commissioner of Canada</li> <li>Office of the Privacy Commissioner of Canada </li> <li>Office of the Public Sector Integrity Commissioner of Canada </li> </ul> </li> <li class="pol-cla" id="cla6.3"><span class="pol-cla-id">6.3</span>Subsection 4.1.9 of this policy applies only to interdepartmental agreements pursuant to subsection 29.2 of the <em>Financial Administration Act</em> and to arrangements with Crown corporations, other orders of government, the private sector or other entities that are not governed by this policy, where the department has the authority to enter into such an agreement or arrangement. </li> <li class="pol-cla" id="cla6.4"><span class="pol-cla-id">6.4</span>Ministers of the Crown, ministers, and Ministers of State are responsible for the security of their staff and offices and for the security of sensitive information and assets in their custody, as directed by the Prime Minister.</li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha7">7. Consequences of non-compliance</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla7.1"><span class="pol-cla-id">7.1</span>For an outline of the consequences of non‑compliance, refer to the <a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=17151">Framework for Management</a> of Compliance (Appendix C: Consequences for Institutions and Appendix D: Consequences for Individuals). </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha8">8. References</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla8.1"><span class="pol-cla-id">8.1</span>Legislation <ul> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/A-1/">Access to Information Act</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/L-2/">Canada Labour Code</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/regulations/SOR-86-304/">Canada Occupational Health and Safety Regulations</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/Const/Const_index.html">Canadian Charter of Rights and Freedoms</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/C-46/">Criminal Code</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/E-4.56/">Emergency Management Act</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/F-11/">Financial Administration Act</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/o-3.01/">Official Languages Act</a></li> <li><a href="https://laws-lois.justice.gc.ca/eng/acts/p-21/">Privacy Act</a></li> <li><a href="http://laws.justice.gc.ca/eng/acts/P-33.01/">Public Service Employment Act</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/P-33.35/">Federal Public Sector Labour Relations and Employment Board Act</a></li> <li><a href="https://laws-lois.justice.gc.ca/eng/acts/O-5/">Foreign Interference and Security of Information Act</a></li> <li><a href="http://laws-lois.justice.gc.ca/eng/acts/S-6.9/">Security of Canada Information Disclosure Act</a></li> </ul> </li> <li class="pol-cla" id="cla8.2"><span class="pol-cla-id">8.2</span>Related policy instruments <ul> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32601">Directive on Service and Digital</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32690">Directive on the Management of Materiel</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32692">Directive on the Management of Procurement</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32594">Directive on the Management of Projects and Programmes</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32691">Directive on the Management of Real Property</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=13616">Foundation Framework for Treasury Board Policies</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=17151">Framework for the Management of Compliance</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=19422">Framework for the Management of Risk</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32621">Policy on People Management</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32593">Policy on the Planning and Management of Investments</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=31300">Policy on Results</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32603">Policy on Service and Digital</a></li> <li><a href="https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=25049">Values and Ethics Code for the Public Sector</a></li> </ul> </li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="cha9">9. Enquiries</h2></summary><div class="pol-content"> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="cla9.1"><span class="pol-cla-id">9.1</span>Members of the public may contact <a href="https://www.canada.ca/en/treasury-board-secretariat/corporate/contact.html#enq">Treasury Board of Canada Secretariat Public Enquiries</a> for information about this policy. </li> <li class="pol-cla" id="cla9.2"><span class="pol-cla-id">9.2</span>Individuals from departments should contact their departmental security management group for information about this policy. </li> <li class="pol-cla" id="cla9.3"><span class="pol-cla-id">9.3</span>Individuals from the departmental security group may contact the Security Policy Division at the Treasury Board of Canada Secretariat by email at <a href="mailto:SEC@tbs-sct.gc.ca">SEC@tbs-sct.gc.ca</a> for interpretation of any aspect of this policy.</li> </ul> </div></details> </div> <hr /><div class="pol-app mrgn-tp-md"> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="appA">Appendix A: Security Controls</h2></summary><div class="pol-content"> <p>This appendix describes the security controls that are mentioned in subsection 4.1.5 of this policy.</p> <ul class="pol-cla list-unstyled"> <li class="pol-cla" id="claA.1"><span class="pol-cla-id">A.1</span><strong>Security screening</strong> is conducted in a way that is effective, rigorous, consistent and fair, throughout all stages of the security screening life cyle to provide reasonable assurance that individuals can be trusted to safeguard government information and assets and can reliably conduct their work duties, and to enable transferability of security screening between departments.</li> <li class="pol-cla" id="claA.2"><span class="pol-cla-id">A.2</span><strong>Information technology security</strong> requirements, practices and controls are defined, documented, implemented, assessed, monitored and maintained throughout all stages of an information system’s life cycle to provide reasonable assurance that information systems can be trusted to adequately protect information, are used in an acceptable manner, and support government programs, services and activities. </li> <li class="pol-cla" id="claA.3"><span class="pol-cla-id">A.3</span><strong>Physical security</strong> requirements, practices and controls are defined, documented, implemented, assessed, monitored and maintained throughout all stages of the real property and materiel management life cycles to provide reasonable assurance that individuals, information and assets are adequately protected, thereby supporting the delivery of government programs, services and activities.</li> <li class="pol-cla" id="claA.4"><span class="pol-cla-id">A.4</span><strong>Business continuity management</strong> is conducted systematically and comprehensively to provide reasonable assurance that in the event of a disruption, the department can maintain an acceptable level of delivery of critical services and activities, and can achieve the timely recovery of other services and activities. </li> <li class="pol-cla" id="claA.5"><span class="pol-cla-id">A.5</span><strong>Information management security </strong>requirements, practices and controls are defined, documented, implemented, assessed, monitored and maintained throughout all stages of the information life cycle to provide reasonable assurance that information is adequately protected in a manner that respects legal and other obligations and balances the risk of injury and threats with the cost of applying safeguards.</li> <li class="pol-cla" id="claA.6"><span class="pol-cla-id">A.6</span><strong>Security requirements associated with contracts and other arrangements </strong>are identified and documented, and related security controls are implemented and monitored throughout all stages of the contracting or arrangement process to provide reasonable assurance that information, individuals, assets and services associated with the contract or arrangement are adequately protected.</li> <li class="pol-cla" id="claA.7"><span class="pol-cla-id">A.7</span><strong>Security event management</strong> practices are defined, documented, implemented and maintained to monitor, respond to and report on threats, vulnerabilities, security incidents and other security events, and ensure that such activities are effectively coordinated within the department, with partners and government-wide, to manage potential impacts, support decision-making and enable the application of corrective actions.</li> <li class="pol-cla" id="claA.8"><span class="pol-cla-id">A.8</span><strong>Security awareness and training</strong> is conducted systematically and comprehensively to ensure that individuals are informed of their security responsibilities and maintain the necessary knowledge and skills to effectively carry out their functions, and to provide reasonable assurance that individuals will not knowingly compromise security and that they understand the potential consequences of not meeting their security responsibilities.</li> </ul> </div></details> <details class="pol-sec"><summary onclick="_gaq.push(['_trackEvent', 'policy suite', 'open policy', 'http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32608']);"><h2 id="appB">Appendix B: Definitions</h2></summary><div class="pol-content"> <dl> <dt><strong>administrative cancellation</strong> (<em><span lang="fr-CA">annulation pour des raisons administratives</span></em>)</dt> <dd>A decision recorded on an individual's security screening file that the security screening process has been discontinued or the reactivation period has elapsed. An administrative cancellation is not recorded as a denial or revocation.</dd> <dt><strong>associations</strong> (<em><span lang="fr-CA">associations)</span></em>)</dt> <dd>To unite with a connection or cooperative link with another or others in act, enterprise, business, partnership or collegially, in mind, imagination or person, as a partner, ally, or friend, and including but not limited to circumstances of accompaniment, attendance or presence at an event or with an entity.</dd> <dt><strong>authoritative source</strong> (<em><span lang="fr-CA">source autorisée</span></em>)</dt> <dd>A collection or registry of records maintained by an authority that meets established criteria.</dd> <dt><strong>base building security</strong>(<em><span lang="fr-CA">sécurité de l’immeuble de baseé</span></em>)</dt> <dd>Security safeguards provided by a building custodian to protect the building’s structure and supporting infrastructure. </dd> <dt><strong>compartmented information</strong> (<em><span lang="fr-CA">information cloisonnée</span></em>)</dt> <dd>Information derived from sensitive sources and methods. Access to compartmented information is limited to Top Secret and/or Enhanced Top Secret cleared Canadian citizens who are authorized to access the information after receiving a formal indoctrination. Compartments are implemented by controlling access to information using frameworks known as control systems. Control systems define who may access the information, and under what conditions.</dd> <dt><strong>compromise </strong>(<span lang="fr-CA"><em>compromission</em></span>) </dt> <dd>A breach of government security. Includes but is not limited to: <ul> <li>unauthorized access to, disclosure, modification, use, interruption, removal, or destruction of sensitive information or assets, causing a loss of confidentiality, integrity, availability or value;</li> <li>any action, conduct, threat or gesture of a person toward an employee in the workplace or an individual within federal facilities that caused harm or injury to that employee or individual; and </li> <li>an event causing a loss of integrity or availability of government services or activities.</li> </ul> </dd> <dt><strong>criminal conviction</strong> (<span lang="fr-CA"><em>condamnation au criminel</em></span>) </dt> <dd>The outcome of a criminal prosecution which concludes that an individual is guilty of an offence and has: <ol class="lst-lwr-alph"> <li>been convicted in Canada of an offence under an Act of Parliament punishable by way of an indictable offence or summary conviction, or</li> <li>been convicted of an offence outside Canada that, if committed in Canada, would constitute an offence punishable by way of an indictable offence or summary conviction under an Act of Parliament.</li> </ol> </dd> <dt><strong>criminal record</strong> (<span lang="fr-CA"><em>casier judiciaire</em></span>) </dt> <dd>A record of criminal convictions and their dispositions, discharges, and outstanding entries including: <ol class="lst-lwr-alph"> <li>Criminal convictions contained in the Identification Databank of the Canadian Police Information Centre, RCMP National Repository of Criminal Records and/or police of jurisdiction databases; or</li> <li>Foreign criminal convictions for offences which would have been an offence punishable by way of an indictable offence or summary conviction under Canadian law had it been committed in Canadian jurisdiction; or</li> <li>Outstanding entries, such as charges, warrants, judicial orders, peace bonds, probation and prohibition orders; or</li> <li>Absolute and conditional discharges as set out in section 730 of the Criminal Code.</li> </ol> <p>Note: The release of criminal record information is governed by sections 4 to 6.4 of the Criminal Records Act, the Youth Criminal Justice Act, the Privacy Act, the Criminal Code, and directives from the Minister of Public Safety on the release of criminal record information.</p> </dd> <dt><strong>critical service or activity </strong>(<span lang="fr-CA"><em>service ou activité critique</em></span>) </dt> <dd>A service or activity whose disruption would result in a high or very high degree of injury to the health, safety, security or economic well-being of Canadians or to the effective functioning of the Government of Canada.</dd> <dt><strong>evidence of identity</strong> ( <span lang="fr-CA"><em>preuve de l’identité</em></span>)</dt> <dd>A record from an authoritative source indicating an individual’s identity. There are two categories of evidence of identity: foundational and supporting.</dd> <dt><strong>foundational evidence of identity </strong>(<span lang="fr-CA"><em>preuve de l’identité essentielle</em></span>) </dt> <dd><em>Evidence of identity that establishes core identity information such as given name(s), surname, date of birth, and place of birth. Examples are records of birth, immigration or citizenship from an authority with the necessary jurisdiction.</em></dd> <dt><strong>government security </strong>(<span lang="fr-CA"><em>sécurité du gouvernement</em></span>) </dt> <dd> The assurance that: <ul> <li>information and assets that support government programs are protected throughout their life cycle against threats to their confidentiality, integrity, availability or value;</li> <li>employees in the workplace and individuals within federal facilities are protected against actions, conduct, threats or gestures of persons that could cause them harm or injury; </li> <li>continuity of government operations can be maintained during situations that may disrupt normal operations; and</li> <li>the Government of Canada can maintain the delivery of programs and services in the presence of threats to their integrity or availability.</li> </ul> </dd> <dt><strong>internal enterprise services</strong> (<span lang="fr-CA"><em>services internes intégrés</em></span>)</dt> <dd>A service provided by a Government of Canada department to other Government of Canada departments intended on a government-wide basis.</dd> <dt><strong>internal enterprise service organization</strong> (<span lang="fr-CA"><em>organisation de services internes intégrés</em></span>) </dt> <dd>A department or organization that provides internal enterprise services to other Government of Canada departments. This includes lead security agencies that deliver government-wide security services.</dd> <dt><strong>identity</strong> (<span lang="fr-CA"><em>identité</em></span>)</dt> <dd>A reference or designation used to distinguish a unique individual, organization or device.</dd> <dt><strong>loyalty to Canada</strong> (<span lang="fr-CA"><em>loyauté envers le Canada</em></span>)</dt> <dd>A determination that an individual has not engaged, is not engaged, nor is likely to engage in activities that constitute a "threat to the security of Canada" as defined in section 2 of the Canadian Security Intelligence Service Act.</dd> <dt><strong>Need-to-know</strong> (<span lang="fr-CA"><em>besoin de connaître</em></span>)</dt> <dd>A criterion used by the custodian(s) of sensitive information, assets or facilities to establish, prior to disclosure or providing access, that the intended recipient must have access to perform their official duties.</dd> <dt><strong>other individuals</strong> (<span lang="fr-CA"><em>autres particuliers</em></span>)</dt> <dd>Any persons who is not an employee to whom the government may need to provide access to sensitive information or assets, or access to facilities.</dd> <dt><strong>residual risk</strong> (<span lang="fr-CA"><em>risque résiduel</em></span>)</dt> <dd>In the context of the Policy on Government Security, the level of security risk remaining after the application of security controls and other risk mitigation actions. </dd> <dt><strong>security and intelligence functions</strong> (<span lang="fr-CA"><em>activités de sécurité et de renseignement de sécurité</em></span>)</dt> <dd>Functions that contribute to the safety of Canadians and the national security of Canada, including taking the appropriate measures to prevent and protect against threats while enforcing Canadian statues and supporting Canada's national interests.</dd> <dt><strong>security assessment </strong>(<span lang="fr-CA"><em>évaluation de sécurité</em></span>) </dt> <dd>The ongoing process of evaluating security practices and controls to establish the extent to which they are implemented correctly, operating as intended, and achieving the desired outcome with respect to meeting defined security requirements.</dd> <dt><strong>security authorization</strong>(<span lang="fr-CA"><em>autorisation de sécurité</em></span>) </dt> <dd>The ongoing process of obtaining and maintaining a security risk management decision and to explicitly accept the related residual risk, based on the results of security assessment.</dd> <dt><strong>security categorization </strong>(<span lang="fr-CA"><em>categorisation de sécurité</em></span>)</dt> <dd>The process of assigning a security category to information resources, assets or services based on the degree of injury that could reasonably be expected to result from their compromise. </dd> <dt><strong>security clearance</strong> (<span lang="fr-CA"><em>autorisation de sécurité</em></span>)</dt> <dd>The standard of security screening for all positions requiring access to Government of Canada classified information, assets, facilities or information technology systems. Security screening for a security clearance appraises an individual's loyalty to Canada and their reliability as it relates to that loyalty. Security screening for security clearance can include enhanced inquiries, verifications and assessments when duties involve or directly support security and intelligence functions.</dd> <dt><strong>security conditions</strong> (<span lang="fr-CA"><em>conditions de sécurité</em></span>)</dt> <dd>A condition(s) attached to the granting of a security status or clearance that details an individual's eligibility to access to sensitive information or assets, and facilities. Security conditions may be used when, despite concerns encountered in the security screening of an individual, a risk management decision is made to engage the individual on the basis that the duties cannot be performed by another.</dd> <dt><strong>security control</strong> (<span lang="fr-CA"><em>mesure de sécurité</em></span>)</dt> <dd>A legal, administrative, operational or technical measure for satisfying security requirements. This term is synonymous with “safeguard.” </dd> <dt><strong>security event</strong> (<span lang="fr-CA"><em>événement lié à la sécurité</em></span>) </dt> <dd>Any event, act, omission or situation that may be detrimental to government security, including threats, vulnerabilities and security incidents.</dd> <dt><strong>security function</strong>(<span lang="fr-CA"><em>fonction de sécurité</em></span>) </dt> <dd>Activity that directly supports the achievement of government security objectives, including security screening, information technology security, physical security, business continuity management, information management security, security in contracts and other arrangements, security event management, security awareness and training, and the overall management of security (including governance, planning, monitoring and reporting). </dd> <dt><strong>security incident </strong>(<span lang="fr-CA"><em>incident de sécurité</em></span>) </dt> <dd>Any event (or collection of events), act, omission or situation that has resulted in a compromise.</dd> <dt><strong>security practices</strong> (<span lang="fr-CA"><em>pratiques de sécurité</em></span>)</dt> <dd>Processes, procedures and standards that govern the implementation, monitoring and maintenance of security controls. </dd> <dt><strong>security requirement </strong>(<span lang="fr-CA"><em>exigence en matière de sécurité</em></span>) </dt> <dd>A requirement that must be satisfied in order to reduce security risks to an acceptable level and/or to meet statutory, regulatory, policy, contractual and other security obligations.</dd> <dt><strong>security screening</strong> (<span lang="fr-CA"><em>filtrage de sécurité</em></span>)</dt> <dd>The process of conducting a security screening activity and evaluating an individual's reliability and/or loyalty to Canada in support of a decision to grant, grant with conditions, deny, or revoke a security status, security clearance or site access status or site access clearance.</dd> <dt><strong>security status</strong> (<span lang="fr-CA"><em>cote de sécurité</em></span>)</dt> <dd>The minimum level of security screening for positions requiring unsupervised access to Government of Canada information, assets, facilities or information technology systems. Security screening for reliability status appraises an individual's honesty and whether they can be trusted to protect the employer's interests. Reliability status may also be referred to herein as a security status.</dd> <dt><strong>senior official </strong>(<span lang="fr-CA"><em>haut fonctionnaire</em></span>) </dt> <dd>For the purposes of the Policy on Government Security, individuals designated by the deputy head in the departmental security governance as having overall responsibility for the security aspects of a program, service or activity area or for a security function. Senior officials may include program officials, chief financial officers, chief audit executives, chief information officers, chief privacy officers and other officials designated pursuant to a statutory requirement, Treasury Board policy or other requirement. Senior officials also include individuals designated by the deputy heads of internal enterprise service organizations to oversee their internal enterprise service activities under the Policy on Government Security.</dd> <dt><strong>sensitive information or asset</strong>(<span lang="fr-CA"><em>renseignement ou bien de nature délicate</em></span>) </dt> <dd>Information or asset that if compromised would reasonably be expected to cause an injury. This includes all information that falls within the exemption or exclusion criteria under the Access to Information Act and the Privacy Act. This also includes controlled goods as well as other information and assets that have regulatory or statutory prohibitions and controls. </dd> <dt> <strong>supporting evidence of identity</strong> (<span lang="fr-CA"><em>preuve à l’appui de l’identité</em></span>) </dt> <dd>Evidence of identity that corroborates the foundational evidence of identity and assists in linking the identity information to an individual. It may also provide additional information such as a photo, signature or address.</dd> <dt><strong>threat</strong> (<span lang="fr-CA"><em>menace</em></span>) </dt> <dd> Any potential event or act, deliberate or unintentional, or natural hazard that could result in a compromise. </dd> <dt><strong>trusted digital identity </strong>(<span lang="fr-CA"><em>identité numérique de confiance</em></span>)</dt> <dd>An electronic representation of a person, used exclusively by that same person, to receive valued services and to carry out transactions with trust and confidence.</dd> <dt><strong>trust framework</strong> (<span lang="fr-CA"><em>cadre de fiabilité</em></span>) </dt> <dd>In the context of the Directive on Identity Management, a set of agreed on definitions, principles, conformance criteria, assessment approach, standards, and specifications.</dd> <dt><strong>vulnerability </strong>(<span lang="fr-CA"><em>vulnérabilité</em></span>) </dt> <dd>A factor that could increase susceptibility to compromise. </dd> </dl> </div></details> </div> </div> <div class="clearfix"></div> <section> <p class="mrgn-tp-lg text-center small"> © His Majesty the King in Right of Canada, represented by the President of the Treasury Board, 2017,<br />ISBN: 978-0-660-09914-9 </p> </section> <div class="btn-group mrgn-tp-md"> <a class="btn btn-default doc-exall" href="#" onclick="_gaq.push(['_trackEvent', 'policy suite', 'expand all', 'http://www.tbs-sct.canada.ca/pol/doc.aspx?id=16578']);" >Expand all</a> <a class="btn btn-default doc-coall" href="#" onclick="_gaq.push(['_trackEvent', 'policy suite', 'collapse all', 'http://www.tbs-sct.canada.ca/pol/doc.aspx?id=16578']);" >Collapse all</a> </div> </section> </div> <div class="clearfix"></div> </div> </div>  <div id="def-preFooter">  <div class="row pagedetails"> <div class="col-sm-6 col-lg-4 mrgn-tp-sm"> <a href="https://www.canada.ca/en/report-problem.html" class="btn btn-default btn-block">Report a problem or mistake on this page</a> </div> <div class="datemod col-xs-12 mrgn-tp-lg"> <dl id="wb-dtmd"> <dt>Date modified: </dt> <dd><time property="dateModified">2017-08-24</time></dd> </dl> </div> </div> </div>  <script type="text/javascript"> var defPreFooter = document.getElementById("def-preFooter"); defPreFooter.outerHTML = wet.builder.preFooter( {"cdnEnv":"prod","dateModified":"2019-07-01","showPostContent":true,"showFeedback":false,"showShare":false}); </script> </main> <div id="def-footer">  <aside class="gc-nttvs container"> <h2>Government of Canada activities and initiatives</h2> <div id="gcwb_prts" class="wb-eqht row"> <p class="mrgn-lft-md"><a href="https://www.canada.ca/activities.html">Access Government of Canada activities and initiatives</a></p> </div> </aside> <footer role="contentinfo" id="wb-info"> <nav role="navigation" class="container wb-navcurr"> <h2 class="wb-inv">About government</h2> <ul class="list-unstyled colcount-sm-2 colcount-md-3"> <li><a href="https://www.canada.ca/en/contact.html">Contact us</a></li> <li><a href="https://www.canada.ca/en/government/dept.html">Departments and agencies</a></li> <li><a href="https://www.canada.ca/en/government/publicservice.html">Public service and military</a></li> <li><a href="https://www.canada.ca/en/news.html">News</a></li> <li><a href="https://www.canada.ca/en/government/system/laws.html">Treaties, laws and regulations</a></li> <li><a href="https://www.canada.ca/en/transparency/reporting.html">Government-wide reporting</a></li> <li><a href="http://pm.gc.ca/eng">Prime Minister</a></li> <li><a href="https://www.canada.ca/en/government/system.html">How government works</a></li> <li><a href="http://open.canada.ca/en/">Open government</a></li> </ul> </nav> <div class="brand"> <div class="container"> <div class="row"> <nav class="col-md-10 ftr-urlt-lnk"> <h2 class="wb-inv">About this site</h2> <ul> <li><a href="https://www.canada.ca/en/social.html">Social media</a></li> <li><a href="https://www.canada.ca/en/mobile.html">Mobile applications</a></li> <li><a href="https://www1.canada.ca/en/newsite.html">About Canada.ca</a></li> <li><a href="https://www.canada.ca/en/transparency/terms.html">Terms and conditions</a></li> <li><a href="https://www.canada.ca/en/transparency/privacy.html">Privacy</a></li> </ul> </nav> <div class="col-xs-6 visible-sm visible-xs tofpg"> <a href="#wb-cont">Top of Page <span class="glyphicon glyphicon-chevron-up"></span></a> </div> <div class="col-xs-6 col-md-2 text-right"> <object type="image/svg+xml" tabindex="-1" role="img" data="https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_27/assets/wmms-blk.svg" aria-label="Symbol of the Government of Canada"></object> </div> </div> </div> </div> </footer> </div>  <script type="text/javascript"> var defFooter = document.getElementById("def-footer"); defFooter.outerHTML = wet.builder.footer( {"cdnEnv":"prod","showFooter":true,"showFeatures":true}); </script>  <script type="text/javascript"> document.write(wet.builder.refFooter({"cdnEnv":"prod","exitScript":false,"displayModal":false})); </script> <script src="scripts/ps-1.0.0.js"></script> <script>if (!!PS) { PS.Root="/pol"; }</script> <script src="scripts/PagePreferences.js"></script> <script>PS.InstrumentId=16578;</script> <script src="scripts/lh-1.0.0.js"></script> <script src="scripts/tv-1.0.3.js"></script> <script src="scripts/bootstrap.tooltip-3.3.6.js"></script> <script src="scripts/bootstrap.popover-3.3.6.js"></script> <script src="scripts/bootstrap.accessibility-plugin.js"></script> <script src="scripts/gls-0.0.1.js"></script> <script>GLOSSARY.Terms = [{"id":10808,"definition":"Technical information or intelligence derived from the collection, processing and analysis of foreign instrumentation signals by other than the intended recipient.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"foreign instrumentation signals intelligence (FISINT)","nameTranslation":""},{"id":10806,"definition":"Technical information or intelligence derived from the exploitation of communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those systems or networks by other than the intended recipient.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"communications intelligence (COMINT)","nameTranslation":""},{"id":10810,"definition":"An event, usually initiated by sophisticated threat actors, that is complicated to detect and recover from, causes harm to \u003cabbr title=\"Government of Canada\"\u003eGC\u003c/abbr\u003e networks and systems, and affects the confidentiality, integrity and availability of information.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"sophisticated IT security incident","nameTranslation":"incident complexe de sécurité des TI"},{"id":10786,"definition":"The application of cryptographic security, transmission and emission security, physical security measures, operational practices and controls to deny unauthorized access to information derived from telecommunications and that ensure the authenticity of such telecommunications.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"Communications Security (COMSEC)","nameTranslation":"sécurité des communications (COMSEC)"},{"id":10811,"definition":"An entity or entities that make use of advanced technologies and tradecraft to penetrate or bypass protective systems and security technologies without being detected.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"sophisticated IT security threat","nameTranslation":"menace complexe à la sécurité des TI"},{"id":10807,"definition":"Technical information or intelligence derived from the collection, processing and analysis of electromagnetic non-communications emissions.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"electronic intelligence (ELINT)","nameTranslation":""},{"id":10785,"definition":"The development and timely execution of plans, measures, procedures and arrangements to ensure minimal or no interruption to the availability of critical services and assets.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"business continuity planning","nameTranslation":"planification de la continuité des opérations"},{"id":10809,"definition":"Having insight into one\u0027s environment and circumstances to understand how events and actions will affect business objectives, both now and in the near future. Having complete, accurate, and current SA is essential in any domain where technological complexity, decision making, and the well-being of the public interact. Because incident management involves predictions and forecasts, SA in the area of \u003cabbr title=\"Information Technology\"\u003eIT\u003c/abbr\u003e requires an understanding of the interrelationships between critical services and information, safeguards supporting \u003cabbr title=\"Information Technology\"\u003eIT\u003c/abbr\u003e infrastructure and processes, and evolving threats.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"situational awareness","nameTranslation":"connaissance de la situation"},{"id":10793,"definition":"The prevention and mitigation of, preparedness for, response to and recovery from emergencies.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"emergency management","nameTranslation":"gestion des urgences"},{"id":10796,"definition":"The set of principles, practices, processes and procedures used to realize an organization\u0027s mandate and its objectives related to identity.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"identity management","nameTranslation":"gestion de l\u0027identité"},{"id":10799,"definition":"Indicates the successful completion of reliability checks; allows regular access to government assets and with a need to know to PROTECTED information.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"reliability status","nameTranslation":"cote de fiabilité"},{"id":10801,"definition":"indicates successful completion of a security assessment; with a need to know, allows access to classified information. There are three Security Clearance levels: Confidential, Secret and Top Secret.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"security clearance","nameTranslation":"cote de sécurité"},{"id":10804,"definition":"Any measure resulting in a high level of assurance that an individual can be granted specific access privileges within the context of the federal government.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"security screening","nameTranslation":"filtrage de sécurité"},{"id":10814,"definition":"An action, conduct, threat or gesture that can reasonably be expected to cause harm, injury or illness to an employee in the workplace.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"workplace violence","nameTranslation":"violence dans le lieu de travail"},{"id":10798,"definition":"The security and the social, political and economic stability of Canada.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"national interest","nameTranslation":"intérêt national"},{"id":10803,"definition":"Any workplace violence toward an employee or any act, event or omission that could result in the compromise of information, assets or services.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"security incident","nameTranslation":"incident de sécurité"},{"id":10789,"definition":"A service whose compromise in terms of availability or integrity would result in a high degree of injury to the health, safety, security or economic well-being of Canadians or to the effective functioning of the Government of Canada (\u003cabbr title=\"Government of Canada\"\u003eGC\u003c/abbr\u003e).","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"critical service","nameTranslation":"service critique"},{"id":10797,"definition":"The ability of federal government departments to operate synergistically through consistent security and identity management practices.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"interoperability","nameTranslation":"interopérabilité"},{"id":10802,"definition":"An administrative, operational, technical, physical or legal measure for managing security risk. This term is synonymous with safeguard.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"security control","nameTranslation":"mesure de sécurité"},{"id":10788,"definition":"A characteristic applied to information to signify that it can only be disclosed to authorized individuals to prevent injury to national or other interests.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"confidentiality","nameTranslation":"confidentialité"},{"id":10813,"definition":"An inadequacy related to security that could increase susceptibility to compromise or injury.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"vulnerability","nameTranslation":"vulnérabilité"},{"id":10784,"definition":"The state of being accessible and usable in a timely and reliable manner.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"availability","nameTranslation":"disponibilité"},{"id":10791,"definition":"Deputy Head as defined in section 11 of the \u003cem\u003eFinancial Administrtion Act\u003c/em\u003e, and in the case of the Canadian Forces the Chief of the Defence Staff.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"Deputy Head","nameTranslation":"Administrateur général"},{"id":10787,"definition":"The unauthorized access to, disclosure, destruction, removal, modification, use or interruption of assets or information.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"compromise","nameTranslation":"compromission"},{"id":10790,"definition":"All departments named in Schedule I, divisions or branches of the federal public administration set out in column I of Schedule I.1, corporations named in Schedule II, and portions of the federal public administration named in schedules IV and V of the Financial Administration Act (\u003cabbr title=\"Financial Administration Act\"\u003eFAA\u003c/abbr\u003e), unless excluded by specific acts, regulations or Orders in Council.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"department","nameTranslation":"ministère"},{"id":10792,"definition":"A present or imminent event, including \u003cabbr title=\"Information Technology\"\u003eIT\u003c/abbr\u003e incidents, that requires prompt coordination of actions to protect the health, safety or welfare of people, or to limit damage to assets or the environment.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"emergency","nameTranslation":"urgence"},{"id":10794,"definition":"An employee appointed to the executive group (EX-01 to EX-05 levels), i.e., director, director general, assistant deputy minister or equivalent.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"executive","nameTranslation":"cadre supérieure"},{"id":10795,"definition":"A reference or designation used to distinguish a unique and particular individual, organization or device.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"identity","nameTranslation":"identité"},{"id":10812,"definition":"An event or act, deliberate or accidental, that could cause injury to people, information, assets or services.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"threat","nameTranslation":"menace"},{"id":10800,"definition":"The uncertainty that can create exposure to undesired future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to impede the achievement of an organization\u0027s objectives.","instrumentId":16578,"instrumentTitle":"Government Security, Policy on","name":"risk","nameTranslation":"risque"}]</script> <script type="text/javascript" src="./scripts/ga/googleanalytics.js"></script> <noscript><iframe title="Google Tag Manager Canada" src="//www.googletagmanager.com/ns.html?id=GTM-MG4LMJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-MG4LMJ');</script> <script type="text/javascript">_satellite.pageBottom();</script> </body> </html>