![](/web/20071122084104im_/http://www.pwgsc.gc.ca/clf02/images/spacer.gif)
|
2007 Banking Colloquium
Workshop No. 1 Government – Industry
Security Program Equivalency
Presentation Security Program Equivalency
- General Presentation on the Industrial Security Program
- Pilot Project:
- Government of Canada provision of security program equivalency to the
Government Security Policy (GSP) in the Private Sector at the Reliability
Status level
Industrial Security
- Created in 1941 – 65th anniversary this year
- Mandates: North Atlantic Treaty Organisation (NATO) – International
agreements – Defence Production Act (DPA) and GSP
- Lead Agency under the GSP and DSA under NATO
- Protection of Canadian and foreign Government sensitive assets/information/
in industry
- In PWGSC because contractual clauses are used to ensure compliance (for
Classified/Protected assets)
Industrial Security Sector
One stop shopping for:
- “security clearances/approvals” to bid on/participate in classified/Protected
government contracts in Canada and abroad
- Access to “controlled goods” under the Controlled Goods Regime
of the DPA
Industrial Security Program (ISP)
- Facility Security Clearances
- Personnel Security Clearances
- Visit clearances
- Related services
Industrial Security Program: Primary Services
- Security clearances – companies/ personnel
- Processing of Visits/Transmission of Classified assets
- Maintain Security databases and certify automated systems
- Contract security (e.g.: proper clauses)
- International Security (Memorandums of understanding/Agreements/Arrangements
Primary Services (cont’d)
- Outreach
- Training and awareness
- Policy Development
- Compliance monitoring (inspections)
- Enforcement (investigations)
- Advice, consultation and assistance to industry
Industrial Security Services are Vital to:
- Maintaining the trust & confidence of NATO and other allies
- Protecting $Billions in annual trade with the United States
- Ensuring the continued sharing of United States and other sensitive technologies
with Canadian industry
- Maintaining Canada’s International Traffic in Arms Regulations (ITAR)
exemption
Statistics
- 5,800 + Companies registered
- 80,000+ Personnel Security Clearances/yr
- 300,000 screened people in data base
- 2,700+ Visits Clearances Requests / Verification of personnel security
clearances of approx. 23,000 visitors
ISP Workload Drivers
- 9/11 - war in Iraq - anti-terrorism contracting and consulting
- 2002 Government Security Policy
- 2004 National Security Policy
- Increase in Government contracts containing security requirements (Canadian
and foreign)
- United States pressure on Canada to tighten up perceived security weaknesses
Pilot Project: Equivalency Policy
- Objective:
- Determine whether the Government of Canada can provide, based on the
GSP as applied by the ISP of PWGSC, an equivalency at the Reliability
Status level, to the security program of the ScotiaBank Group.
Principles
- Establish baseline requirements for providing a Reliability Status equivalency
between the security programs of the ScotiaBank Group and that of the Government
of Canada.
- Reflect the 2002 revised GSP as well as its applicable operational standards
as stipulated in the Industrial Security Manual;
- Support the National Security Policy;
- Reflect the changes in the security environment since the incidents of
9/11;
- Enhance consistency between the Government of Canada and the private industry
with respect to industrial security;
- Reflect the need to apply a standard in the exchange of protected/sensitive
information outside the control of the Government of Canada;
- Promote training and awareness in the private sector regarding the requirements
of security in the application of the GSP and the industrial security program;
- Examine the actions to be taken in the event of non-compliance with the
equivalency policy;
- Create an audit requirement to review compliance with this requirement;
and
- Provide a matrix for application to other interested Canadian Chartered
Banks
Matrix for Equivalency
- The primary means by which an equivalency policy will be developed will
be through the mapping of the security program of the ScotiaBank Group and
that of the Government of Canada.
- A Table of Requirements will then be populated to provide the means to compare
the requirements of the Government of Canada versus those offered by the ScotiaBank
Group.
Policy Requirements
- Security Program (or equivalent)
- Information Technology Security
- Security Screening
- Physical Security
- Business Continuity Planning
- Investigation of Security Incidents
- Training and Awareness
Policy Components
- Governance Structure composed of Government and Industry Representatives
- Risk Management and Consequences
- Audit
- Accountability
Conclusion
- Final Objectives:
- Granting by the Government of Canada of an equivalency with respect
to security to the Scotia Bank Group
- Presentation of the result of the Pilot Project before an Association
such as the Canadian Bankers Association (CBA) for wider dissemination
|
|