Archived - Audit of Security - Follow-up Report Status Update as of September 30, 2011
Archived information
This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
PDF Version (39 Kb, 7 Pages)
Action Plan Implementation Status Update Report to the Audit Committee - As of September 30, 2011
Human Resources and Workplace Services - Security and Occupational Health and Safety Division (SOHSD)
Audit of Security (Project 09/79)
AEC Approval Date: May 14, 2010
Project Recommendations |
Action Plan | Expected Completion Date |
Program Response |
---|---|---|---|
1. The DSO should update the departmental security policy to more clearly communicate the existing security related roles, responsibilities and accountabilities of the Departmental Security Officer, ADMs, RDGs, security practitioners, contracting staff, line managers and employees. | SOHSD will:
|
2010-DEC | Status: Underway Update/Rationale: As of 30/09/2011: The Departmental Security Plan determined the need for a comparative study to ensure AANDC has the proper structure and resources in place. This study is to be completed by January 2012. The results of this study are required to complete the Statement of Roles and Responsibilities. AES: Implementation on-going. The recommendation will be closed upon finalization and implementation of the Statement of Roles and Responsibilities. |
|
2010-DEC | ||
|
2011-JUN | ||
2. The DSO should further develop and communicate procedures and guidance to support implementation of the departmental security program in regions and sectors (e.g., procedures for lock-up at end of day, guidance on what to look for when conducting a security sweep, trainer's materials for delivering security awareness activities and guidance on how to establish and maintain physical security zones). | SOHSD will:
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: To date SOSHD has developed and revised the following:
|
|
2012-MAR | ||
|
2012-MAR | ||
3. The ADMs responsible for regional staff and operations should work with the DSO to ensure that sufficient attention and resources are devoted to security in regions, including ensuring that RSOs have sufficient time to perform their security-related duties. | Following recommendation no 1, DSO to obtain buy-in from ADMs responsible for regional staff and operations:
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: During the week of December 6, 2010: The DSO visited the Quebec region to make a presentation on the security program and the results of the audit to the Senior Managers to ensure their continuous engagement towards the security program. The DSO also discussed with the ADM's responsible for the Southern and Northern regions the regional engagement towards the security program. This was also discussed during the presentation to the HRWSMC on Departmental Security Plan. This will be assessed as part of the 3 year strategy of the Departmental Security Plan. During the week of March 7 to 11, 2011, the annual training session for RSO and SSC was held in the NCR region. A total of 25 participants attended from across the Department. The DSO is in contact with the RSOs to provide statistical data in regards to inspections, awareness sessions and incident. AES: Fully implemented. The recommendation has been closed. |
4. INAC should consider appointing Sector Security Officers in all sectors to support implementation of the security program, similar to the Regional Security Officer role. The responsibilities attached to this role and associated level of effort should be presented to INAC Senior Management when the departmental security policy is next updated. | Define role and responsibilities for Sector Security Officer as per Recommendation # 1, and determine the associated level of effort the position will require. | 2010-DEC | Status: Update/Rationale: As of 31/03/2011: The roles and responsibilities for Sector Security Coordinators (SSC) were defined and presented to all sector representatives on January 19, 2011. Comments were received and another session was held on February 9, 2011 to review amendments. Following request from DSO to seek support from Senior Management (presented in 12 sectors) for the introduction of the Sector Security coordinator role, several SSCs have been appointed. The Sector Security Coordinator Handbook will be distributed to all sector managers, sector security coordinators and their supervisors. This new role will be officially introduced in one sector as a pilot project starting April 1, 2011. This sector will be asked to come back to the SSC table within 6 to 8 months to provide feedback on the advantages and issues noticed during that period. AES: Fully implemented. The recommendation has been closed. |
DSO to seek approval from Senior Management for the introduction of the Sector Security Officer role. | 2011-MAR | ||
5. The DSO should develop a strategically focused departmental security plan that outlines departmental security objectives and priorities, resource requirements, timelines for meeting baseline government security requirements, and plans for updating all required Threat and Risk Assessments (TRAs) over a five-year cycle. |
DSO will develop a 3 year Departmental Security plan as per the Policy on Government Security:
|
2010-AUG | Status: Underway Update/Rationale: As of 30/09/2011: Item a) has been completed Item a) - The DM and ADM approved and signed the Annual Security Plan in June 2011 Item b) - SOHSD is coordinating with all regions the five year TRA cycle for each facility. Currently developing a condensed TRA template. AES: Substantially implemented. The recommendation will be closed once the nationwide TRA cycle has been finalized and incorporated into the Departmental Security Plan. |
6. The DSO should improve monitoring of the effectiveness of the security program in regions and sectors to support its continuous improvement (e.g. tracking implementation of recommendations from TRAs, performing random spot checks of security in contracting controls, tracking issues raised in security sweeps to ensure their timely resolution, and performing annual on-site visits to support security practitioners in regions and sectors). | Implementation of recommendation no 3 will include specific reporting requirements. | 2011-APR | Status: Request to be closed (Completed) Update/Rationale: As of 30/09/2011: DSO visited Yukon region in June 2011. AES: Fully implemented. The recommendation has been closed. |
DSO to request regional input to extend beyond NCR the collection of additional statistical data. | 2011-MAY | ||
|
2011-MAR | ||
RSOs to address known risks and to report to DSO. DSO to conduct trend analysis from information obtained nationwide. DSO to conduct annual regional and sector visits. DSO to report performance data to HRWSMC |
2011-JUN | ||
7. The DSO should further develop the security awareness program to extend its reach to regional staff and improve coverage of information safeguarding and security in contracting requirements. |
SOHSD:
|
2011-MAR | Status: Update/Rationale: As of 31/03/2011: The security training and awareness position will be staffed on April 4, 2011. One of the priorities will be to review existing awareness material and identify gaps with the existing awareness program. SOHSD developed and implemented the Guideline on Protecting and Handling Information. A prepared training package was also delivered to RSOs. AES: Fully implemented. The recommendation has been closed. |
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-JUN | ||
|
2011-DEC | ||
|
2011-DEC | ||
8. The DSO should increase focus on monitoring the effectiveness of security in contracting processes and reduce its direct involvement in the review of Security Requirements Checklists and contract clauses. To accomplish this, an organizational and functional review of the security in contracting function is required to ensure that sufficiently trained and competent contracting officers review and approve security requirements and security clauses. Furthermore, a comprehensive and effective security in contracting compliance monitoring and reporting program is required to ensure compliance is achieved and maintained across the department. |
DSO to consult with the CFO to:
|
2010-SEP | Status: Request to be closed (Completed) Update/Rationale: As of 30/09/2011: Completed as of March 2011 AES: Fully implemented. The recommendation will be closed. |
|
2011-MAR |