Corporate Audit of Security
Final Summary Report
2.1 The Departmental Security Context
Security is frequently described as the protection of sensitive information, material assets and staff from threats by utilizing safeguards designed to ensure their confidentiality, integrity, availability and well-being.
Security in CIC’s domestic operations is a shared responsibility between headquarters and the regions. The departmental security officer (DSO) provides national functional direction for general security. This role is also shared with other organizational units, such as Human Resources for employee screenings, and Information Management and Technologies for information and computer systems security. DFAIT handles security in overseas locations under a Memorandum of Understanding between the two departments.
The 1996 Government Security Policy (GSP) outlines the policies and the operational standards governing the implementation of a security program within federal government departments. Determining security requirements is delegated to the departments. The department can establish the sensitivity of the information being used in the conduct of its business lines. As a consequence, all CIC managers and staff are jointly responsible for the identification and safeguarding of information and other sensitive assets within the scope of their authority. In order to meet the conditions of the GSP, safeguards are selected and implemented based on an assessment of the sensitivity of, and the threats and risks to, the assets.
The GSP requires that CIC conduct an internal audit of its compliance with the policy every five years. The purpose of this audit is to draw conclusions on the efficiency and effectiveness of the implementation of the departmental security program.
- Date Modified:
