Summary of DFAIT Progress in Responding to Recommendations

Final Report on the Administrative Review Into the Security Incident Reported by Maxime Bernier – Classified Documents Left at a Private Residence

RecommendationAction

6.1 Security Education and Awareness training should be enhanced, and the briefing on the Protection of Information made mandatory for all staff working in the Minister's office.

Security Education and Awareness training has been enhanced:

  1. security briefings provided to Ministers' and the Secretary of State's staff have been revised to place greater emphasis on protection of information issues.
  2. the security briefing provided to all Ministers' and Secretary of State's staff is now mandatory.
  3. the departmental office responsible for security training is maintaining records of briefings, and is ensuring there is individual follow–up with employees to ensure attendance.
  4. 85% of the staff currently in the Ministers' and Secretary of State's offices have received a recent briefing, and we intend to have 100% of staff briefed by early August 2008.

6.2 Security briefings provided to Ministers' Staff should emphasize the need to protect all classified–protected information. Ministers' Staff should be made aware of the need to use security equipment such as locked containers to ensure its integrity while in transit. The use of secure telephones and faxes should be emphasized, not just for Cabinet and “Top Secret” Documents as now appears to be the case.

Enhancements have been made to the security briefings provided to Ministers' and Secretary of State's staff. These include:

  1. briefings have been modified and enhanced to more effectively emphasize protection of information issues.
  2. briefings have been expanded to include specific information on individual responsibilities for security of classified information and procedures with respect to the classification of information, appropriate use of electronic networks for transmitting classified information, safeguarding documents in transit, equipment to be used to securely store classified information, and proper disposal methods.
  3. easy–reference charts and hand–out materials have been made part of the presentation to Ministers' staff to facilitate retention of the guidance presented in the briefings.
  4. the “Security and Safety Practices At DFAIT” security booklet, provided to all new staff during briefings, is being supplemented by a new booklet, customized for ministerial staff, “Security Procedures, Guidelines for Ministerial Offices.” The new booklet will be ready in September 2008.

6.3 Implementation of security policies and procedures needs to be better monitored in the Office of the Minister of Foreign Affairs.

The implementation of security policies and procedures will be better monitored in the Ministers' and Secretary of State's offices.

The Senior Departmental Assistants and Chiefs of Staff will be advised in writing of their respective responsibilities for monitoring departmental and ministerial staff to ensure that security policies and procedures are being properly implemented. They will receive a memorandum upon arrival, and annually thereafter, from the Departmental Security Officer advising them of their responsibility to ensure that procedures are in place and that effective monitoring of operations is conducted to ensure staff compliance with security requirements. This would include the preparation and transmission of information, the classification of documents, the safeguarding of government information in–transit, and the use of appropriate media or disposal methods in the storage or disposal of information. The memorandum will be issued by early September 2008.

Furthermore, the Senior Departmental Assistants and the Chiefs of Staff will be asked to attest, semi–annually, to the fact that these responsibilities have been carried out.

Significant examples of actions to monitor compliance will include verifying logs on disposal of briefing books, conducting random checks on staff to confirm that security procedures are being adhered to, carrying out periodic checks of communications links to confirm functionality, and ensuring that security is a regular item in staff meetings and providing an opportunity for discussion of security–related questions or concerns.

6.4 DFAIT should provide more training to all employees on procedures and responsibilities for the classification of information, and the handling, control and safeguarding of sensitive material. All employees should be reminded on a regular basis of the sensitivity of classified documents and the need to protect them accordingly.

The Department is undertaking a number of measures to provide more security training and to remind all employees of individual responsibilities to protect information. These include:

  1. the Introduction to Security course, covering classification and protection issues, has been enhanced and, going forward, made mandatory for all new employees.
  2. in addition, a mandatory online security course has been developed which will specifically address protection of information issues.
  3. completion of this new online course will be required before any employees can obtain their computer account. All current employees will be required to take this course by summer 2009 and every third year as a refresher thereafter.
  4. a circular was sent in April 2008 by the Deputy Ministers to all staff reminding them of the necessity and procedures for safeguarding classified and sensitive information.
  5. the Classification and Protection Guide has been revised to provide employees with information on classifying and safeguarding information.
  6. regular bulletins on security issues will continue to be disseminated to all staff to instruct and remind employees on security policy.
  7. an internal communications initiative designed to raise security awareness and to highlight individual responsibility for the protection of classified information will be developed and initiated by the fall of this year.

6.5 Appropriate control measures should be implemented so that a strict accounting is maintained at all times for all copies of all versions of Briefing Books. An employee should be assigned the responsibility for maintaining a log of the distribution and return or destruction of each copy of the document. Each copy should be numbered, and a record maintained of the official to whom it was issued, against a signed receipt. As recommended and noted by the investigation team, a system of numbering and tracking of Briefing Books has been put into place by the Executive Briefing Services which has issued guidelines to this effect.

Appropriate control measures have been put in place.

The departmental office responsible for the centralized preparation of briefing books has issued new guidelines for controls governing the issuance and tracking of books. Salient features of the new tracking system include:

  1. following printing, each copy of the briefing books is numbered.
  2. the office receiving the briefing books will sign for all books received.
  3. the briefing books will be distributed within the office to individuals. Each recipient will sign for his/her copy.
  4. the office will follow–up to ensure that each of the briefing books has been returned or destroyed within a specified time period.