6.1 Security Education and Awareness training should be enhanced, and the briefing on the Protection of Information made mandatory for all staff working in the Minister's office.
Security Education and Awareness training has been enhanced:
6.2 Security briefings provided to Ministers' Staff should emphasize the need to protect all classified–protected information. Ministers' Staff should be made aware of the need to use security equipment such as locked containers to ensure its integrity while in transit. The use of secure telephones and faxes should be emphasized, not just for Cabinet and “Top Secret” Documents as now appears to be the case.
Enhancements have been made to the security briefings provided to Ministers' and Secretary of State's staff. These include:
6.3 Implementation of security policies and procedures needs to be better monitored in the Office of the Minister of Foreign Affairs.
The implementation of security policies and procedures will be better monitored in the Ministers' and Secretary of State's offices.
The Senior Departmental Assistants and Chiefs of Staff will be advised in writing of their respective responsibilities for monitoring departmental and ministerial staff to ensure that security policies and procedures are being properly implemented. They will receive a memorandum upon arrival, and annually thereafter, from the Departmental Security Officer advising them of their responsibility to ensure that procedures are in place and that effective monitoring of operations is conducted to ensure staff compliance with security requirements. This would include the preparation and transmission of information, the classification of documents, the safeguarding of government information in–transit, and the use of appropriate media or disposal methods in the storage or disposal of information. The memorandum will be issued by early September 2008.
Furthermore, the Senior Departmental Assistants and the Chiefs of Staff will be asked to attest, semi–annually, to the fact that these responsibilities have been carried out.
Significant examples of actions to monitor compliance will include verifying logs on disposal of briefing books, conducting random checks on staff to confirm that security procedures are being adhered to, carrying out periodic checks of communications links to confirm functionality, and ensuring that security is a regular item in staff meetings and providing an opportunity for discussion of security–related questions or concerns.
6.4 DFAIT should provide more training to all employees on procedures and responsibilities for the classification of information, and the handling, control and safeguarding of sensitive material. All employees should be reminded on a regular basis of the sensitivity of classified documents and the need to protect them accordingly.
The Department is undertaking a number of measures to provide more security training and to remind all employees of individual responsibilities to protect information. These include:
6.5 Appropriate control measures should be implemented so that a strict accounting is maintained at all times for all copies of all versions of Briefing Books. An employee should be assigned the responsibility for maintaining a log of the distribution and return or destruction of each copy of the document. Each copy should be numbered, and a record maintained of the official to whom it was issued, against a signed receipt. As recommended and noted by the investigation team, a system of numbering and tracking of Briefing Books has been put into place by the Executive Briefing Services which has issued guidelines to this effect.
Appropriate control measures have been put in place.
The departmental office responsible for the centralized preparation of briefing books has issued new guidelines for controls governing the issuance and tracking of books. Salient features of the new tracking system include: