By Rita Whittle, Executive Director, Treasury Board of Canada Secretariat
Security has come a long way since the Government of Canada (GC) implemented its first security requirements in 1948. Back then, security at the office meant locking up your cabinets and the door to your office.
Since then, the security environment has evolved significantly and with it, our daily lives at home and at work. These days we’re thinking about cyberattacks, or making contingency plans for floods and fires. But the bottom line is the same: we need to minimize security risks.
On July 1st, 2019, the Treasury Board of Canada Secretariat (TBS) updated the Policy on Government Security (PGS) for the first time in 10 years. The renewed policy is more aligned to today’s new operating environment—characterized by an increasingly global context, a highly mobile workforce and enterprise, shared IT and service delivery—and strengthens government security management practices.
The new PGS has been updated to:
- streamline instruments and rules
- strengthen governance
- clarify roles and responsibilities;
- strengthen security behaviour and culture
- position eight security controls at the policy level
Designation of a Chief Security Officer
One highlight of the new PGS is the requirement for deputy heads of departments to designate a Chief Security Officer (CSO). The CSO is responsible for governance, planning, monitoring and reporting, and provides strategic senior level leadership, coordination and oversight on departments’ security obligations, as they relate to trusted service and program delivery. CSOs will, above all, work with partners to ensure security is managed effectively (as set out in the Directive on Security Management).
The policy includes eight mandatory security controls. Included in these is “security event management,” which is critical to ensuring activities are well coordinated within departments and with partners. Likewise, a security control for “business continuity management” assures that CSOs enable the recovery of critical services and that delivery is maintained during a security incident. There is also a new Standard on Security Event Reporting to help manage potential impacts and support GC-wide decision making during unexpected events, like floods.
Our commitment to citizens and federal public servants is to effectively manage Government of Canada security, helping to ensure the protection of information, people and assets. The renewed Policy on Government Security is the result of deep collaboration with key partners and stakeholders, including lead security agencies and internal enterprise services organizations. The Treasury Board of Canada Secretariat looks forward to working with all departments on successfully implementing the PGS, taking the next step in security.