Policy on Government Security

The Policy on Government Security has been renewed as part of the Policy Suite Renewal Initiative and the government's management agenda. It establishes management expectations that are consistent with Government of Canada objectives for improved risk management and maintaining a modern public service that can deliver on the service and security priorities of Canadians. The renewed policy describes responsibilities and accountabilities of deputy heads for the effective management of security and identity within their departments and government-wide. It also clarifies the roles of lead security agencies for providing government-wide leadership and services. This policy came into effect on July 1, 2009.

Why is this policy important?

The Policy on Government Security is an essential component of Canada's national security framework. It establishes responsibilities of deputy heads to help ensure that government information, assets and services are protected against compromise and individuals are protected against workplace violence. While the requirements have not changed substantially, the policy has been aligned with government's strategic priorities and addresses issues raised through analysis, consultations, and audit findings. There is an increased emphasis on improved management practices, governance, and decision making that will make expected outcomes more easily measureable. The roles and responsibilities of lead security agencies have also been clarified to eliminate overlap and duplication. Additional measures were also taken to ensure that roles and responsibilities are aligned with legislated mandates and that operational responsibilities related to the management of incidents and emergencies are clearly described.

What are the requirements for all deputy heads in this renewed policy?

Policy application – The policy applies to all departments found on Schedules I, I.1, II, IV and V of the Financial Administration Act. Deputy Head responsibilities – Deputy heads are responsible for the effective implementation and governance of security and identity management within their departments. This includes the security of departmental personnel, including those working in or for offices of Ministers or Ministers of State, in addition to departmental information, assets, and services.

Departmental security planning – Deputy heads are required to approve the departmental security plan that details decisions for managing security risks and outlines strategies, goals, objectives, priorities and timelines for improving departmental security. A three-year transition period is planned for full implementation of specific activities related to the departmental security planning and performance measurement. Security screening as a condition of employment – The policy requires that all individuals who will have access to government information and assets, including those who work in or for offices of Ministers and Ministers of State, be security screened at the appropriate level before the commencement of their duties. Exercise of authority – The renewed policy re-confirms that the authority of a deputy head for denying, revoking or suspending security clearances not be delegated.

What is a Lead Security Agency? – Lead security agencies are mandated to provide advice, guidance and services to other departments to support their day-to-day security operations. Provision of support services to departments – Deputy heads of Lead Security Agencies are responsible for ensuring the provision of security support services to help government departments maintain an acceptable state of security and readiness and achieve government-wide priorities related to government security. This policy replaces: The 2002 Government Security Policy.

The 2004 Policy for Public Key Infrastructure Management in the Government of Canada – The Treasury Board Secretariat will provide guidance material to support departments in managing the security of their electronic business. This policy is related to: Directive on Departmental Security Management. Directive on Identity Management.