The government holds a special position of
trust and accountability for the information it holds – whether that information is
provided by Canadian businesses, other governments or individual citizens. To safeguard
the government's information holdings and related assets, the Government Security Policy, approved in 1986,
addresses the various aspects of security - personnel, physical, administrative and
information technology - in an integrated fashion. The Policy brought coherence to the
previously disparate policy directions emanating from a number of security agencies.
Through the Policy framework, TBS provides leadership and co-ordination within and between
lead security agencies and departments on common security requirements.
The Government Security Policy is based on risk management and the
principle that safeguards for information and assets should reflect their sensitivity and
value. The sensitivity of information is based on the exemptions outlined in the
Access to
Information Act and Privacy Act.
The Policy addresses the management of information technology assets, the integrity of
information and related processes, the availability of information, systems and services,
and confidentiality.
Deputy Ministers and Heads of Agencies, assisted by their
departmental security officer and organization, are accountable for safeguarding sensitive
information and assets under their control. Departments are aided in the implementation of
security measures by lead security agencies which include the RCMP (physical and
information technology security), the Communications Security Establishment
(communications security) and PWGSC (contract security) with policy guidance and
interpretation provided by TBS. The Policy applies equally to the contracting process
(vendors/partners).
|