Archived – Audit of Physical Security of Census Data Operations Centre (DOC)

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please "contact us" to request a format other than those available.

Audit Report

Statistics Canada
March 31, 2011
Project Number: 80590-63
( Document (PDF, 319.08 KB))

Executive Summary

The Census Data Operations Centre (Census DOC) located in Gatineau, Quebec, is one of fourteen projects which make up the 2011 Census Program. The Census DOC project is responsible for implementing the systems and procedures required to process the Census data at a centralized processing site. This includes the set-up and infrastructure of the building itself, as well as the recruitment and hiring of temporary staff to carry out the activities and operations. Physical Security procedures were developed for implementation by Census DOC Management Services and took into consideration the Census DOC objectives, equipment to be installed, and the number of staff who will work at the Census DOC.

The objectives of this assurance engagement were to provide the Chief Statistician (CS) and the Departmental Audit Committee (DAC) with reasonable assurance that the governance related to security for the Census DOC is adequate and effective; and the Census DOC complies with the relevant physical security policies and guidelines prescribed by the Treasury Board Secretariat (TBS).

The audit was conducted by Internal Audit Services in accordance with the Government of Canada's Policy on Internal Audit.

Key Findings

The audit found that oversight exists to ensure the coordination and integration of security activities for decision making and plans are in place to protect sensitive information. Physical zones at the Census DOC were well established and maintained to protect sensitive Statistics Canada information and assets. Security requirements were considered throughout the contracting process and described in documents provided to contractors. The security screening process of individuals, were in accordance with relevant personnel security policies and procedures and most of the recommendations made in the Threat Risk Assessment (TRA) conducted by a third party consultant, were accepted and implemented.

The Census program has a matrix organizational structure. Roles and responsibilities describing the relationships and assigned responsibilities between Facilities Management (FM), Departmental Security (DS) and the Census DOC with physical security responsibilities were not clearly defined, documented and communicated. Statistics Canada's Security Practices Manual is outdated and does not include reference to external sites such as the Census DOC. The responsibilities of the Business Continuity Planning (BCP) coordinator do not reflect those listed in TBS' Operational Security Standard – Business Continuity Planning Program policy. As well, emergency plans need to be finalized and posted at the Census DOC.

Overall Conclusion

The Census DOC governance related to physical security is adequate and effective and compliant with the applicable physical security requirements prescribed by TBS.

While both objectives of the audit are met, the audit results highlighted opportunities for improvement related to the Agency's Departmental Security governance. Areas to be strengthened are: 1) Updating the Security Practices Manual to reflect the current organizational structure, define roles and responsibilities for physical security at all Statistics Canada facilities, and include the processes and procedures to follow for the integration of physical security requirements at all Statistics Canada facilities 2) To ensure segregation of duties, Departmental Security should be approving the implementation of physical security requirements carried out by Agency programs. 3) The BCP coordinator's responsibilities should be expanded to reflect those listed in TBS' policy.

Introduction

Background

The Census of Population is Statistics Canada's largest survey program. Every five years, the Census obtains information from the entire population of Canada. Census is the most publicly visible and significant operations at Statistics Canada; it was ranked as high risk in the management workshops. The 2011 Census Data Operations Centre (Census DOC) is a critical component of the Census data collection and processing.

Census Day in 2011 will be May 10. A huge collection and processing effort is required to handle the 13 million census questionnaires in an efficient and timely fashion. To achieve Census objectives, the Census Program is divided into 14 projects, of which the Census DOC with a budget of $28.9 million is one. The Census DOC project team is responsible for implementing the systems and procedures required to process the Census data at a centralized processing site. This includes the set-up and infrastructure of the building itself as well as the recruitment and hiring of temporary staff to carry out the activities and operations.

Statistics Canada Census DOC personnel have been on-site since the beginning of July 2010 along with personnel from Census, Informatics Technology Services Division (ITSD), System Development Division (SDD) and Facilities Management (FM). Approximately 1,200 temporary staff will be employed over several shifts from 6:30 a.m. to 11:30 p.m., seven days per week, during the period of May to August 2011 with some follow-up activities from August to October 2011. Physical Security procedures were developed for implementation by Census DOC Management Services; taking into consideration the Census DOC objectives, equipment to be installed, and the number of staff who will work at the Census DOC.

These procedures describe physical security measures to safeguard the materials, equipment, and personnel working at the Census DOC. They also encompass personal security for:

  • temporary staff employed during the operational phase;
  • visitors to the site;
  • service personnel external and internal to Statistics Canada;
  • contractors; and
  • employees of other divisions requiring access to the Census DOC.

Objectives

The objectives of this audit were to provide the Chief Statistician (CS) and the DAC with reasonable assurance that:

  • Census DOC governance related to security is adequate and effective; and
  • Census DOC complies with the relevant physical security policies and guidelines prescribed by the Treasury Board Secretariat (TBS).

Scope and Approach

The audit engagement was conducted in conformity with the Government of Canada and the Institute of Internal Auditors (IIA) standards on internal auditing and the Treasury Board of Canada Policy on Internal Audit. All work was conducted in collaboration with key senior managers and staff. The audit approach was inspired by the Treasury Board Core Management Control Guidelines, issues by the Office of the Comptroller General.

The scope of the audit focused on the Census DOC physical security, security clearance process for temporary staff, and procurement activities relating to security to ensure compliance with the TBS requirements. The audit also examined the effectiveness and adequacy of the current security governance structure of the Census DOC. The audit work consisted of an examination of documents, interviews with key senior management and personnel, and a review for compliance with relevant policies and guidelines.

The field work was performed in two stages:

  • The first consisted of a review and assessment of the security governance structure, as well as the processes and procedures related to physical security, security clearance and procurement activities; and
  • The second stage followed with detailed testing of areas mentioned above.

Authority

The audit was conducted by IAS under the authority of Statistics Canada Multi-Year Risk-Based Audit Plan (RBAP) for the fiscal years of 2010/11-2012/13. The RBAP was approved by the Departmental Audit Committee (DAC) on April 15, 2010.

Findings, Recommendations and Management Responses

With respect to governance, an adequate and effective Census DOC governance related to physical security would establish security governance mechanisms (e.g. committees, working groups) to ensure the coordination and integration of security activities with departmental operations, plans, priorities and functions to facilitate decision making. As well, it would ensure that accountabilities, delegations, reporting relationships, and roles and responsibilities of departmental employees with security responsibilities are defined, documented and communicated to relevant persons.

The audit found that oversight exists to ensure the coordination and integration of security activities for decision making and plans are in place to protect sensitive information. Roles and responsibilities describing the relationships and assigned responsibilities between FM, DS and the Census DOC with security responsibilities were not clearly defined, documented and communicated; Statistics Canada's Security Practices Manual is outdated and it does not include reference to external sites, such as the Census DOC; responsibilities assigned to the BCP coordinator's role do not reflect those identified in TBS' Operational Security Standard – Business Continuity Planning Program policy; and Emergency plans need to be finalized and posted at the Census DOC.

With respect to physical security, compliance with the relevant physical security policies and guidelines prescribed by TBS by the Census DOC would ensure that the facility be designed and managed to create conditions that, together with specific physical security safeguards, would reduce the risk of violence to employees, protect against unauthorized access, detect attempted or actual unauthorized access and activate an effective response.

The audit found that physical security zones at the Census DOC were well established and maintained to protect sensitive Statistics Canada's information and assets. Security requirements were considered throughout the contracting process and described in documents provided to contractors and security screening process of individuals was in accordance with relevant personnel security policies and procedures. The final TRA determined that all of the physical security deficiencies and concerns identified in the initial TRA were appropriately addressed to mitigate the associated risk.

All recommendations and management response and action plans that follow in the sections below should be considered within the existing Statistics Canada's management structure.

Governance

Census DOC governance related to physical security is adequate and effective. Efficiencies can be gained through strengthening certain elements of Departmental Security's management framework.

Roles and Responsibilities, Accountability, and Processes and Procedures for Physical Security Requirements

The Census program, of which the Census DOC project is one of its 14 projects, has a matrix organizational structure. Clear delineation of responsibilities, delegated authorities and lines of communication to support effective coordination between all parts of the Census operations should exist to ensure efficient and effective operations. Processes and procedures for identifying physical security requirements compliant with applicable policies should be fully integrated and documented in the planning process for selecting and modifying the Census DOC facility. This would ensure that management identifies and responds to risks that may preclude the achievement of objectives and follow-up.

Roles and Responsibilities

Positions relevant to the Census DOC project were formally documented, and delegated authority was aligned with each position's roles and responsibilities. The organizational chart for the Census DOC was up-to-date and permitted the identification of clear and effective lines of communication and reporting, at both the Census operations and Census project level.

The audit revealed that inefficiencies existed in the early implementation stage of the project. This was due to the fact that the responsibilities of DS and the relationship and linkages between DS and FM had not been defined, documented, or communicated. Given the DOC project manager's limited knowledge and experience with security matters and requirements, significant effort was required to obtain clarity on every one's roles and responsibilities throughout the process. Through eventual discussions with DS management, the Census DOC project manager found that DS only played an 'advisory' role, and not one that provides 'direction and guidance' as was anticipated. Furthermore, specifically at the planning stage of the project, regular meetings were held with all the relevant stakeholders from corporate services; however the DS representative did not attend the meetings on a regular basis, which created further inefficiencies in obtaining security related information.

Segregation of Duties

Segregation of duties, a key internal control was not present between FM and DS. FM is responsible for taking care of the physical infrastructure such as the design, environment issues and implementation. DS is responsible for ensuring compliance to required security standards and measures. Census DOC project management identified the physical security requirements to be implemented at the Census DOC facility. FM then implemented the requirements, and subsequently approved their own work, since no one else was performing this function. Independent oversight, verification and approval to TBS and Statistics Canada security policies should have been performed by DS, since they are the delegated authority on security.

Accountability

The audit team reviewed the Security Practices Manual to determine which position within DS was directly responsible for providing direction and guidance on the physical security program for the Census project. The audit team determined that the Chief of DS is the position responsible to manage the physical security program for the Statistics Canada complex. The complex is defined to include the three buildings at Tunney's Pasture, and excludes the Census DOC. Consequently, the Chief of DS only provides advice to program managers and regional managers on security and emergency matters.

According to the Security Practices Manual, Regional Directors are designated Regional Security Officers (RSO). As such, they are responsible for administering the security programs in their regions and are responsible for physical security, including safety and security of employees and premises, access and visitor control. The manual however, is not clear as to who is responsible for providing Statistics Canada RSO, programs, and project managers with guidance and direction on required security measures and standards, especially with regards to external sites such as the Census DOC, Research Data Centres (RDCs) and Data Centres in the regions. Clarity is therefore required with regards to external sites. As well, the manual, originally written in 1986, does not reflect the current organizational structure of Statistics Canada.

Process and Procedures

Considering that Statistics Canada conducts a Census every five years, review of the Security Practices Manual and the DS function revealed that they do not contain information on the processes and procedures to follow for the integration of physical security requirements in the selection of operational accommodations outside the Statistics Canada complex, such as the Census DOC site. As well, there is no standardized baseline security documentation for use as a reference tool and for providing a framework, guidance and direction on physical security measures and standards, e.g. information on the handling of 'suspicious packages' and the requirement of having a separate room with ventilation for handling and processing mail. Such documentation would improve the efficient and effective use of corporate resources by reducing duplication of efforts every time a new operational accommodation is acquired outside the Statistics Canada complex.

Nevertheless, in the absence of documenting this type of information, DS follows TBS' Policy on Government Security (PGS)Footnote 1, RCMP guidelines and other Statistics Canada policies that mirror the PGS.

As well, the Census DOC project management identified and included the physical security requirements included in both the Census 2011 Baseline Requirements document, and in the Tenancy Requirement Plan (TRP), provided to PWGSC as a guide for identifying potential sites for a Census DOC facility in National Headquarters (NH). These requirements were based on the following:

  • a Physical Security document prepared by FM that outlines the minimum security requirements for Statistics Canada operational area accommodations, outside the NH complex, and provides guidelines for security levels which impact fit-up costs;
  • the Census 2006 Baseline Requirements;
  • past experiences of employees gained in their respective positions over many years; and
  • advice and recommendations received from DS.

Recommendation No. 1 & 2

It is recommended that the Assistant Chief Statistician of Census and Operations should ensure that:

  • The Security Practices Manual is updated to reflect the current organizational structure; define roles and responsibilities for physical security at all Statistics Canada facilities, between FM, DS, and Census Operations; and include the processes and procedures to follow for the integration of physical security requirements at all Statistics Canada facilities.
  • Departmental Security approve the implementation of physical security requirements carried out by Agency programs to ensure segregation of duties.

Management Response

Management agrees with recommendation #1. The Agency's Security Practices manual will be updated based on the direction that will be established by the Agency's Security Plan that is scheduled to be approved by Policy Committee in the spring of 2012. The revised manual will reflect the governance and provide clear guidance on required resources and standards for external sites. In addition, at the beginning of specific projects, the roles and responsibilities of Facilities Management and Departmental Security will be established as they relate to defining and implementing security requirements. These will be reviewed and approved by the Departmental Security Coordination Committee.

Deliverable

Updated Security Practices manual; and defined and approved roles and responsibilities for the implementation of security requirements.

Accountability

The Director, Corporate Support Services Directorate is responsible for ensuring that the Security Practices manual is updated as stipulated.

The Director General, Operations Branch is responsible for ensuring that defined roles and responsibilities for the implementation of security requirements are established at the beginning of each new project, and that they are reviewed and approved by the Departmental Security Coordination Committee.

Timeline

Immediately: Procedure of establishing defined roles and responsibilities for the implementation of security requirements at the beginning of new projects.

June 2012: Updated and Policy Committee approved Security Procedures manual.

Management agrees with recommendation #2. Physical Security will form an integral part of the project team and provide direction relative to the physical security requirements to ensure compliance with Departmental standards and requirements, as stated in the Security Practices manual. The Departmental Security Coordination Committee will approve the implementation of physical security requirements for each project. The approval will be reflected in the committee's minutes.

Deliverable

Physical Security will provide direction on projects relative to the physical security requirements to ensure compliance with Departmental standards and requirements.

Documented approval by the Departmental Security Committee of the implementation of physical security requirements for each project.

Accountability

The Director, Corporate Support Services Directorate will ensure that Physical Security provides direction on projects relative to the physical security requirements.

The Chair, Security Coordination Committee will ensure that the Departmental Security Committee approves the implementation of physical security requirements for each project.

Timeline

Immediately.

DOC Physical Security Oversight, Objectives, Procedures and Plans

Independent oversight should exist to monitor and ensure compliance with the Census DOC physical security objectives, priorities, procedures and all applicable government policies and standards. Plans should be in place to respond to emergency situations, and for the continuity of critical business operations.

Oversight

The audit determined that independent oversight exists at both the operational level and departmental level. At the operational level the, Census Steering Committee, Census Project Team, and Integrated Project Team (IPT) provide oversight. The IPT convened, as required, to discuss all operational requirements related to the Census DOC. The Census Manager, as the accountable authority, was debriefed on these discussions and provided regular status updates. At the departmental level, the Security Coordination Committee (SCC), which ultimately reports to the Policy Committee, was found to have formal processes in place.

Objectives, Procedures and Plans

Manuals and handbooks have been prepared by the Census DOC project management team and address, in detail, the physical security procedures to protect sensitive information, assets and employees. The 2011Census Processing Operations Management Process – Data Operations Centre covers the operational goals, objectives, roles, responsibilities, processes, tools, and governance, as well as the policies and procedures for managing Census DOC operations.

The 2011 Census DOC Physical Security Procedures document covers the requirements for physical security, health and safety procedures for the pre-operational phase, the operational phase and the closing out and defit phase. As well, section 2.8 of the 2011 Census Employee Handbook has been dedicated to 'Security' in all its aspects, as it pertains to the employees of the 2011 Census.

The audit determined that the Census project management team has developed a draft Business Continuity Plan (BCP) for the Census DOC, and they intend to finalize it and present it to the Policy Committee for approval before operations commence in April, 2011. Furthermore, the audit confirmed, by reviewing the departmental BCP document, that the Census DOC which is set to be a permanent leasehold for both the 2011 and 2016 Census is included in the BCP. Detailed procedures for the continuity of critical business operations of the Census DOC site are in the process of being developed for inclusion.

Review of the TBS' Operational Security Standard – Business Continuity Planning Program policy and discussions with management at Corporate Support Services Division (CSSD) revealed that the responsibilities assigned to the BCP coordinator's position do not reflect those identified in TBS' Operational Security Standard – Business Continuity Planning Program required by the policy.

A walk-through of the Census DOC facility by the audit team in November 2010 revealed that the Government of Canada (GoC) approved Emergency Plans, i.e. evacuation procedures and fire drills were not ready. This is a requirement and has to be provided to Statistics Canada by the Department of Public Works and Government Services Canada (PWGSC), as the leasing agent for the Census DOC facility. Currently, some emergency procedures, such as evacuation procedures, have been provided by the landlord and posted around the building. As of January 2011, the audit team was advised by the Census DOC project management team, that Emergency Plans have been submitted by PWGSC for approval to the City of Gatineau.

Recommendation No. 3

It is recommended that the Assistant Chief Statistician of Census and Operations should ensure that:

  • The responsibilities of the BCP coordinator reflect those in the TBS' Operational Security Standard – Business Continuity Planning (BCP) Program policy.

Management Response

Management agrees with recommendation # 3. The Departmental Security Coordination Committee will ensure that the Agency's BCP coordinator's role and responsibilities align with the TBS' Operational Security Standard – Business Continuity Planning (BCP) Program policy, in the Departmental Security Plan. A BCP coordinator will be nominated.

Deliverable

An approved Agency Security Plan which defines the role and responsibilities of the BCP coordinator, in alignment with the TBS' Operational Security Standard – Business Continuity Planning (BCP) Program policy.

The nomination of an Agency BCP coordinator.

Accountability

The Chair, Security Coordination Committee is responsible for ensuring that the Agency has an approved Agency Security Plan which defines the role and responsibilities of the BCP coordinator, in alignment with the TBS' Operational Security Standard – Business Continuity Planning (BCP) Program policy. The Chair is also responsible for ensuring that an Agency BCP coordinator is nominated.

Timeline

Summer 2011: Agency BCP coordinator is nominated.

November 2011: An approved Agency Security Plan which defines the role and responsibilities of the BCP coordinator, in alignment with the TBS' Operational Security Standard – Business Continuity Planning (BCP) Program policy.

Monitoring and Assessment

Changes and risks related to the physical security requirements of the Census DOC should be proactively monitored and reviewed, and the information gathered should be used for making informed decisions and taking corrective actions.

Monitoring

The audit revealed that documentation developed by the Census operations management i.e. the 2011 Census Processing Operations Management Process – Data Operations Centre provides sufficient guidance and direction on risk identification for monitoring actual performance against planned results.

Three different but interrelated Statistics Canada systems were utilized for recording risks and issues. One of these applications is the Outstanding Issues System (OIS), which is separate but linked to the second and third systems, known as the Risk Management System (RMS) and the Change Management System (CMS), respectively. When a risk was identified, it was posted in the RMS, and categorized with regards to its probability, impact and time frame. A report with the risk identification number, name of the Census project manager affected, description and status of the risk could be generated at either the Census program level or the Census project level for review and monitoring by the Census program management. Decision statements on each risk or issue were also posted in the OIS for continuous monitoring by the Census program management. A review of randomly selected issues revealed that the applicable Census project team addressed them for resolution.

Assessment

As a governance mechanism, a Threat Risk Assessment (TRA) performed by a third party consultant in September 2010, was used as a formal process to validate physical security requirements. As part of the assessment, the consultant performed a physical inspection, reviewed the specified safeguards, and completed a risk analysis of the physical security of the Census DOC. A follow-up or Supplementary Physical Security review was performed in December 2010, to ensure that recommendations made in the initial TRA were accepted and implemented. Following this, the TRA report was finalized in December 2010.

The audit assessed that for the 2011 Census project, select activities, such as the responsibility for monitoring and updating security measures by the Census project team were clear and communicated. Corrective actions were taken on security issues and these were appropriately documented, reported and acted upon by the required authority levels.

Physical Security

Physical security zones at the Census DOC were well established and maintained to protect sensitive Statistics Canada information and assets. Security requirements were considered throughout the contracting process and described in documents provided to contractors. Security screening process of individuals was in accordance with relevant personnel security policies and procedures. The final TRA determined that all of the physical security deficiencies and concerns identified in the initial TRA were appropriately addressed to mitigate the associated risk.

Stewardship

The second objective of this audit was to assess whether the Census DOC facility, complied with the relevant physical security policies and guidelines. To determine this, the audit examined the following:

  • Physical security zoning requirements for the Census DOC were established, and maintained with appropriate access control mechanisms, to protect sensitive information and assets as per TBS' Policy on Government Security (PGS);
  • Security requirements were considered throughout the contracting process, and were described in documents provided to contractors;
  • The security screening process of individuals was in accordance with relevant personnel security policies and procedures. Procedures existed to safeguard Statistics Canada's assets, upon the change of duties of an employee working for the Census DOC project; and
  • The final version of the TRA to ensure that the Physical Security and Security Management practices were conducted as per the relevant physical security policies and guidelines.

Zoning Requirements

Along with a review of the TRA, a walk-thru of the Census DOC site determined that physical security zones – public access, reception, operations, security and high security zones were well established and maintained as per TBS' PGS, to protect sensitive Statistics Canada's information and assets.

Contracting Process

Statistics Canada took possession of the Census DOC site in October, 2010. Until then, PWGSC as the leasing agent was responsible for all aspects of the contracting process. The audit determined that contract files and supporting documentation, as of October 2010, included security requirements and were considered in the contracting process. Security information of employees working for contractors with access to the Census DOC was examined. The security level of each employee, along with their effective and expiry clearance dates respectively were listed and confirmed to be valid.

Personnel Security Screening and Safeguarding of Assets

To assess whether the security screening process of individuals was in accordance with relevant personnel security policies and procedures, the personnel files of 15 of the total 25 (60%) Statistics Canada personnel, and all 5 (100%) of the cleaning staff working at the Census DOC were tested. Six of the 15 files belonged to corporate services employees involved in the Census DOC project, and were deemed by the audit team to be critical to the project's overall operations. The remaining files were chosen randomly. Test results and follow-up interviews found that, Statistics Canada took the necessary steps to ensure that security clearances were valid for all employees and workers affiliated with contractors. Review of documentation provided by Human Resources (HR) revealed that necessary guidance and procedures exist to safeguard Statistics Canada's assets, upon the change of duties of an employee working at the Census DOC.

Threat Risk Assessment

The final TRA determined that all of the physical security deficiencies and concerns identified in the initial TRA were appropriately addressed to mitigate the associated risk and concluded "that the Statistics Canada DOC is suitably secured for the business needs of Census 2011Footnote 2"

It should be noted that two risks and related recommendations remain, as Census Operations management assessed the likelihood of these events occurring to be low.

The first is the risk of unauthorized access to the Census DOC. The TRA recommended that a video camera be installed on the building to monitor unauthorized access to the roof. FM advised us that Census project management has decided to accept this risk due to other compensating mitigation means.

The second risk is related to the unleased part of the facility. There is no assurance that the other tenant will be a GoC Department or Agency, given that the Census DOC is a commercial lease facility. FM and Census DOC project management advised us that a tenant committee will be set-up as required by TBS policy to address security issues and concerns, if and when a new tenant is identified.

Based on the evidence gathered and our findings for the DOC physical security line of enquiry; no recommendations are necessary.

Appendices

Appendix A: Audit Criteria

Appendix A: Audit Criteria
MAF Element Criteria
Lines of Enquiry #1: Census DOC governance related to security is adequate and effective
Governance: Effective oversight bodies are established.

The Census DOC has in place operational plans and objectives aimed at achieving its strategic objectives.

Management has developed plans to protect sensitive information, assets, and employees during all types of emergencies and increased threat situations.

Plans are developed to provide for the continuity of critical business operations, services, and assets following an unplanned interruption.
Accountability: Authority, responsibility and accountability are clear and communicated.

A clear and effective organizational structure is established and documented
Risk Management: Management identifies and responds to the risks that may preclude the achievement of its objectives.
Results and Performance: Management monitors actual performance against planned results and responds to risks as it relates to Census DOC physical security.
Lines of Enquiry #2: DOC complies with the relevant physical security requirements prescribed by Treasury Board Secretariat (TBS)
Stewardship: Management has established processes to identify and manage contracts.

Assets are protected.

The procedures for personnel security at the Census DOC are adequate.

Appendix B: Policies, Standards and Guidelines

To support the physical security assessment section within the TRA report, the following GoC standards, policies, and guidelines were found to be used –

  • Government of Canada Policy on Government Security (PGS);
  • GC Operational Standard for Physical Security;
  • GC Harmonized Threat and Risk Assessment Methodology (HTRA);
  • RCMP G1-001 - Security Equipment Guide;
  • RCMP G1-004 - Construction of a Special Discussion Area;
  • RCMP G1-005 - Preparation of Physical Security Briefs;
  • RCMP G1-006 - Identification Cards / Access Badges;
  • RCMP G1-009 – Transport and Transmittal of Protected and Classified Information;
  • RCMP G1-013 - Security Control Room Space Requirements;
  • RCMP G1-024 - Control of Access;
  • RCMP G1-025 - Protection, Detection and Response; and
  • RCMP G1-026 - Application of Physical Security Zones.

Notes:

Footnote 1

Previously referred to as the TBS Government Security Policy (GSP).

Return to footnote 1 referrer

Footnote 2

Facility Threat and Risk Assessment, Supplementary Review. Final Version 1.0 Date: December 15, 2010

Return to footnote 2 referrer