Archived - Audit of Security - Follow-up Report Status Update as of March 31, 2012
Archived information
This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
PDF Version (45 Kb, 8 Pages)
Action Plan Implementation Status Update Report to the Audit Committee - As of March 31, 2012
Human Resources and Workplace Services - Security and Occupational Health and Safety Division (SOHSD)
Audit of Security (Project 09/79)
Approval Date: May 14, 2010
Project Recommendations |
Action Plan | Expected Completion Date |
Program Response |
---|---|---|---|
1. The DSO should update the departmental security policy to more clearly communicate the existing security related roles, responsibilities and accountabilities of the Departmental Security Officer, ADMs, RDGs, security practitioners, contracting staff, line managers and employees. |
|
2010-DEC | Status: Underway Update/rationale: As of 31/03/2012: The Departmental Security Plan determined the need for a comparative study to ensure AANDC has the proper structure and resources in place. This study is to be completed by March 31, 2012. The results of this study are required to complete the Statement of Roles and Responsibilities. AES: Recommendation is closed. |
|
2010-DEC | ||
|
2011-JUN | ||
2. The DSO should further develop and communicate procedures and guidance to support implementation of the departmental security program in regions and sectors (e.g., procedures for lock-up at end of day, guidance on what to look for when conducting a security sweep, trainers materials for delivering security awareness activities and guidance on how to establish and maintain physical security zones). |
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: To date SOHSD has developed and revised the following: 1) Development and implementation of the Guideline on Protecting and Handling Information 2) Development and implementation of a new procedure for Security in Contracting 3) Development of a guideline on security of information when temporarily working outside the workplace or in transit 4) Development and implementation of new security screening procedures for managers 5) Development of security sweep procedures and tools 6) Development and implementation of roles and responsibilities for Sector Security Coordinators entitled Sector Security Coordinator Handbook. AES: Fully implemented. The recommendation has been closed. |
|
2012-MAR | ||
|
2012-MAR | ||
3. The ADMs responsible for regional staff and operations should work with the DSO to ensure that sufficient attention and resources are devoted to security in regions, including ensuring that RSOs have sufficient time to perform their security-related duties. |
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: During the week of December 6, 2010: The DSO visited the Quebec region to make a presentation on the security program and the results of the audit to the Senior Managers to ensure their continuous engagement towards the security program. The DSO also discussed with the ADMs responsible for the Southern and Northern regions the regional engagement towards the security program. This was also discussed during the presentation to the HRWSMC on Departmental Security Plan. This will be assessed as part of the 3 year strategy of the Departmental Security Plan. During the week of March 7 to 11, 2011, the annual training session for RSO and SSC was held in the NCR region. A total of 25 participants attended from across the Department. The DSO is in contact with the RSOs to provide statistical data in regards to inspections, awareness sessions and incident. AES: Fully implemented. The recommendation has been closed. |
4. AANDC should consider appointing Sector Security Officers in all sectors to support implementation of the security program, similar to the Regional Security Officer role. The responsibilities attached to this role and associated level of effort should be presented to AANDC Senior Management when the departmental security policy is next updated. |
|
2010-DEC | Status: Update/Rationale: As of 31/03/2011: The roles and responsibilities for Sector Security Coordinators (SSC) were defined and presented to all sector representatives on January 19, 2011. Comments were received and another session was held on February 9, 2011 to review amendments. Following request from DSO to seek support from Senior Management (presented in 12 sectors) for the introduction of the Sector Security coordinator role, several SSCs have been appointed. The Sector Security Coordinator Handbook will be distributed to all sector managers, sector security coordinators and their supervisors. This new role will be officially introduced in one sector as a pilot project starting April 1, 2011. This sector will be asked to come back to the SSC table within 6 to 8 months to provide feedback on the advantages and issues noticed during that period. AES: Fully implemented. The recommendation has been closed. |
|
2011-MAR | ||
5. The DSO should develop a strategically focused departmental security plan that outlines departmental security objectives and priorities, resource requirements, timelines for meeting baseline government security requirements, and plans for updating all required Threat and Risk Assessments (TRAs) over a five-year cycle. |
|
2010-AUG | Status: Underway Update/Rationale: As of 30/09/2011: Item a) has been completed Item a) - The DM and ADM approved and signed the Annual Security Plan in June 2011 Item b) - SOHSD is coordinating with all regions the five year TRA cycle for each facility. Currently developing a condensed TRA template. AES: Substantially implemented. The recommendation will be closed once the nationwide TRA cycle has been finalized and incorporated into the Departmental Security Plan. |
6. The DSO should improve monitoring of the effectiveness of the security program in regions and sectors to support its continuous improvement (e.g. tracking implementation of recommendations from TRAs, performing random spot checks of security in contracting controls, tracking issues raised in security sweeps to ensure their timely resolution, and performing annual on-site visits to support security practitioners in regions and sectors). |
|
2011-APR | Status: Request to be closed (Completed)
Update/Rationale: As of 30/09/2011: DSO visited Yukon region in June 2011. AES: Fully implemented. The recommendation has been closed. |
|
2011-MAY | ||
|
2011-MAR | ||
|
2011-JUN | ||
7. The DSO should further develop the security awareness program to extend its reach to regional staff and improve coverage of information safeguarding and security in contracting requirements. |
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: The security training and awareness position will be staffed on April 4, 2011. One of the priorities will be to review existing awareness material and identify gaps with the existing awareness program. SOHSD developed and implemented the Guideline on Protecting and Handling Information. A prepared training package was also delivered to RSOs. AES: Fully implemented. The recommendation has been closed. |
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-DEC | ||
|
2011-DEC | ||
8. The DSO should increase focus on monitoring the effectiveness of security in contracting processes and reduce its direct involvement in the review of Security Requirements Checklists and contract clauses. To accomplish this, an organizational and functional review of the security in contracting function is required to ensure that sufficiently trained and competent contracting officers review and approve security requirements and security clauses. Furthermore, a comprehensive and effective security in contracting compliance monitoring and reporting program is required to ensure compliance is achieved and maintained across the department. |
|
2010-SEP | Status: Request to be closed (Completed) Update/Rationale: As of 30/09/2011: Completed as of March 2011 AES: Fully implemented. The recommendation will be closed. |
|
2011-MAR |