DEPARTMENTAL ACTION PLAN

ON

Security in contracting

 

IN RESPONSE TO THE RECOMMENDATIONS CONTAINED IN

CHAPTER 2, “STATUS REPORT ON SECURITY IN CONTRACTING” OF THE

SPRING 2013 REPORT OF THE AUDITOR GENERAL OF CANADA

 

PRESENTED BY

THE TREASURY BOARD OF CANADA SECRETARIAT

 

  WINTER 2014

 

Office of the Auditor General Recommendation

The Secretariat’s Response

 

Actions and Timelines

 

Recommendation 2.32: 

 

The Treasury Board of Canada Secretariat, in consultation with Public Works and Government Services Canada and the lead security agencies, should address the security risks related to the absence of a specific requirement to security screen private sector firms and ensure consistency among the Policy on Government Security and associated directives, standards, and guidance.

 

Agreed. Deputy heads are responsible for the management of security within their organizations, and the Treasury Board of Canada’s current policy instruments already require that all individuals (which includes contractors) with access to government information and assets be security screened. With this understanding, the Treasury Board of Canada Secretariat, in consultation with Public Works and Government Services Canada and the lead security agencies, will address the security risks, as identified in this report, which may arise as the result of the absence of a specific requirement to security screen private sector firms. The Treasury Board of Canada Secretariat will also ensure consistency across the Policy on Government Security, including its related directives, standards, and guidelines. This will be accomplished as part of the current security policy suite renewal activities and the update to the Security and Contracting Management Standard, which is planned for summer 2013.

 

The Treasury Board of Canada Secretariat’s Chief Information Officer Branch is in the process of renewing the Policy on Government Security and revising related security Standards. A core component of these revisions is ensuring consistency across the suite of policy instruments. 

 

The revised Security and Contracting Management Standard addresses the Auditor General of Canada’s recommendations with respect to the mandatory identification of contract security requirements in contracts, and practices related to the security screening of firms and the conditions under which these are required.  Approval of this revised Standard is expected in the third quarter of fiscal year 2014-15. 

 

The Standard on Personnel Security Screening is also being revised.  It maintains requirements for how security screening is conducted for individuals and contractors. The expected date for approval of this revised Standard is the third quarter of fiscal 2014-15.  

 

Approval and implementation of both Standards is dependent on other government initiatives related to improving the efficiency and effectiveness of government operations.

 

The renewal of the Policy on Government Security will strengthen the accountability framework for Lead Security Agencies and security service providers, and clarify expectations regarding the integration of security in corporate processes, including contracting.

The Treasury Board of Canada Secretariat’s Chief Information Officer Branch plans to update the Directive on Departmental Security Management in fiscal year 2014-15 to strengthen the security controls for contracting outlined in the directive’s Appendix C on Security Control Objectives. This will be done following the Policy on Government Security renewal.

 

Responsible officer:

 

Corinne Charette, Chief Information Officer of the Government of Canada, Treasury Board of Canada Secretariat