Security in 2019: Launch of a renewed Policy on Government Security
By Rita Whittle, Executive Director, Treasury Board of Canada Secretariat
Security has come a long way since the Government of Canada (GC) implemented its first security requirements in 1948. Back then, security at the office meant locking up your cabinets and the door to your office.
Since then, the security environment has evolved significantly and with it, our daily lives at home and at work. These days we’re thinking about cyberattacks, or making contingency plans for floods and fires. But the bottom line is the same: we need to minimize security risks.
On July 1st, 2019, the Treasury Board of Canada Secretariat (TBS) updated the Policy on Government Security (PGS) for the first time in 10 years. The renewed policy is more aligned to today’s new operating environment—characterized by an increasingly global context, a highly mobile workforce and enterprise, shared IT and service delivery—and strengthens government security management practices.
The new PGS has been updated to:
- streamline instruments and rules
- strengthen governance
- clarify roles and responsibilities;
- strengthen security behaviour and culture
- position eight security controls at the policy level
Designation of a Chief Security Officer
One highlight of the new PGS is the requirement for deputy heads of departments to designate a Chief Security Officer (CSO). The CSO is responsible for governance, planning, monitoring and reporting, and provides strategic senior level leadership, coordination and oversight on departments’ security obligations, as they relate to trusted service and program delivery. CSOs will, above all, work with partners to ensure security is managed effectively (as set out in the Directive on Security Management).
The policy includes eight mandatory security controls. Included in these is “security event management,” which is critical to ensuring activities are well coordinated within departments and with partners. Likewise, a security control for “business continuity management” assures that CSOs enable the recovery of critical services and that delivery is maintained during a security incident. There is also a new Standard on Security Event Reporting to help manage potential impacts and support GC-wide decision making during unexpected events, like floods.
Our commitment to citizens and federal public servants is to effectively manage Government of Canada security, helping to ensure the protection of information, people and assets. The renewed Policy on Government Security is the result of deep collaboration with key partners and stakeholders, including lead security agencies and internal enterprise services organizations. The Treasury Board of Canada Secretariat looks forward to working with all departments on successfully implementing the PGS, taking the next step in security.
- Policy on Government Security
Executive Director, Security Policy Division
Ms. Whittle is responsible for the GC Security Policy Suite, including providing strategic policy direction to departments to continue to strengthen and mature security management and related performance practices. She delivers the Government of Canada vision of Security in support of service modernization and trusted program and service delivery. Rita chairs GC Security governance committees, which include the Government of Canada Security and Readiness Committee, the DG Enterprise Security Control Committee. As well, she supports the ADM Security Committee (co-chaired by TBS and PCO) and convenes an annual GC Security Summit with Public Safety Canada and PCO. Ms. Whittle joined the Treasury Board Secretariat (TBS) in December, 2011. Prior to TBS, Ms. Whittle occupied the position of Director General, Internal Integrity and Security, at Employment and Social Development Canada (ESDC). She enjoyed a career in both IT and business programs during her 19-year service with ESDC-Service Canada, holding progressively senior positions and gaining invaluable insight into client relationship management, operations, and policy and program development, having worked at both local and regional levels at ESDC.
Ms. Whittle graduated from Memorial University of Newfoundland and has acquired a strong knowledge of and significant experience in security, identity and authentication, business modelling, risk management, strategic planning, information management, information technology, program development and delivery, as well as emergency and business continuity management.