Skip Ribbon Commands
Skip to main content
Attachments
  
  
  
Comments
  
  

​1. Effective date

1.1 This policy takes effect on July 1, 2009.
1.2 This version of the policy incorporates updates effective April 1, 2012.

2. Application

2.1 This policy applies to:
  • All departments within the meaning of Schedules I, I.1, II, IV and V of the Financial Administration Act (FAA), unless excluded by specific acts, regulations or Orders in Council.

3. Context

3.1 Government security is the assurance that information, assets and services are protected against compromise and individuals are protected against workplace violence. The extent to which government can ensure its own security directly affects its ability to ensure the continued delivery of services that contribute to the health, safety, economic well-being and security of Canadians.

 

Policy on Government Security
  

1. Effective date

1.1 This directive takes effect on July 1, 2009. 
1.2 The transition period for full implementation of requirements related to the departmental security plan as specified in sections 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.8, 6.1.11, 6.1.12, 6.1.21 and 6.1.23 will begin July 1, 2009, and end June 31, 2012.

2. Application

2.1 This directive applies to:
  1. All departments within the meaning of Schedules I, I.1, II, IV and V of the Financial Administration Act (FAA),unless excluded by specific acts, regulations or Orders in Council.

3. Context

3.1 The management of security is an essential component of the effective management of a department and the government as a whole. Departmental security activities must be centrally coordinated and systematically woven into day-to-day operations to ensure that individuals, information, assets and services are safeguarded, departments do not increase risks to other departments or the government as a whole, and critical services and operations continue in the event of an emergency.

 

1.1 Directive on Departmental Security Management
  

​No information available at this time.

  

Part I - Introduction

1. Purpose

This standard defines baseline security requirements that federal departments must fulfill to ensure the security of information and information technology (IT) assets under their control. 

2. Scope and Application

The Government Security Policy states requirements for protecting government assets, including information, and directs the federal departments and agencies to which it applies to have an IT security strategy. The Policy on the Management of Government Information requires that departments protect information throughout its life cycle. This standard expands upon the requirements of both these policies. It also replaces the Information Technology Security Standard (1995), Chapter 2-3 of the Treasury Board Information and Administrative Management Security Manual.
The Government Security Policy defines IT security as the "safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information." For the purposes of this standard, the term 'IT security' will also include the safeguards applied to the assets used to gather, process, receive, display, transmit, reconfigure, scan, store or destroy information electronically.

 

Standard on the Management of IT Security MITS
  

1. Effective date

1.1 This directive takes effect on July 1, 2009.

2. Application

2.1 This directive applies to:
  • All departments within the meaning of Schedules I, I.1, II, IV and V of the Financial Administration Act (FAA),unless excluded by specific acts, regulations or Orders in Council; and
  • Only those departments using the Public Works and Government Services Canada (PWGSC) pay system for responsibilities outlined in Section 6.2.

3. Context

3.1 Identity management is the determination by a government institution that the identity of an individual or institution with whom it is transacting is legitimate. Identity management is at the heart of the public administration and most government business processes. Once an identity is established, all subsequent government activities, ranging from safeguarding assets to delivering services, benefits and entitlements to responding to disasters and emergencies, rely upon this identity.

 

1.2 Directive on Identity Management
  

​The Framework for the Management of Risk (the Framework) is effective as of August 27, 2010.

The Framework will be supported by learning resources, which will replace the Treasury Board Integrated Risk Management Framework (2001) and the Integrated Risk Management Implementation Guide (2004).

 

Framework for Management of Risk