Recommendation
2.32:
The Treasury Board of Canada Secretariat, in
consultation with Public Works and Government Services Canada and the lead
security agencies, should address the security risks related to the absence
of a specific requirement to security screen private sector firms and ensure
consistency among the Policy on Government Security and associated
directives, standards, and guidance.
|
Agreed.
Deputy heads are responsible for the management of security within their
organizations, and the Treasury Board of Canada’s current policy instruments
already require that all individuals (which includes contractors) with access
to government information and assets be security screened. With this
understanding, the Treasury Board of Canada Secretariat, in consultation with
Public Works and Government Services Canada and the lead security agencies,
will address the security risks, as identified in this report, which may
arise as the result of the absence of a specific requirement to security
screen private sector firms. The Treasury Board of Canada Secretariat will
also ensure consistency across the Policy on Government Security, including
its related directives, standards, and guidelines. This will be accomplished
as part of the current security policy suite renewal activities and the
update to the Security and Contracting Management Standard, which is planned
for summer 2013.
|
The Treasury Board of Canada
Secretariat’s Chief Information Officer Branch is in the process of renewing the
Policy on Government Security and revising related security Standards. A core
component of these revisions is ensuring consistency across the suite of
policy instruments.
The revised Security and
Contracting Management Standard addresses the Auditor General of Canada’s recommendations
with respect to the mandatory identification of contract security
requirements in contracts, and practices related to the security screening of
firms and the conditions under which these are required. Approval of this revised
Standard is expected in the third quarter of fiscal year 2014-15.
The Standard on Personnel
Security Screening is also being revised. It maintains requirements for how
security screening is conducted for individuals and contractors. The expected
date for approval of this revised Standard is the third quarter of fiscal 2014-15.
Approval and implementation of
both Standards is dependent on other government initiatives related to
improving the efficiency and effectiveness of government operations.
The renewal of the Policy on
Government Security will strengthen the accountability framework for Lead
Security Agencies and security service providers, and clarify expectations
regarding the integration of security in corporate processes, including
contracting.
The Treasury Board of Canada
Secretariat’s Chief Information Officer Branch plans to update the Directive
on Departmental Security Management in fiscal year 2014-15 to strengthen the
security controls for contracting outlined in the directive’s Appendix C on
Security Control Objectives. This will be done following the Policy on
Government Security renewal.
Responsible officer:
Corinne Charette, Chief
Information Officer of the Government of Canada, Treasury Board of Canada
Secretariat
|