What do you want to do with this information?
— Secret
— Secret
Phone
Avoid using speakerphone when discussing sensitive information; use earbuds or headsets to prevent an unauthorized disclosure of the discussion.
Ensure that any work that includes the discussion of sensitive information, over the phone, is conducted in such a way as to prevent the mention of this information within hearing distances of others and/or virtual assistant recording devices (e.g. Siri, Google Home, Amazon Alexa, etc.) as this could result in a security incident involving the national interest of Canada. Some examples include, but are not limited to, Cabinet Confidences, budgetary information (before release to the public), etc.
** Important Note: Videoconferencing Not Permitted**
Marking
Marking
Top right-hand corner of each page.
E-Mail
E-Mail
Due to its high sensibility, it cannot be shared by e-mail.
ESDC employees send and receive thousands of e-mail messages; some of them sensitive. Within the ESDC electronic network, technology is in place to help keep information safe (including occasional prompts to consider encrypting certain emails). But there are always risks, which can be mitigated by employees understanding how to manage certain information.
By Mail
By Mail
By Mail In Canada
Internal mail (ESDC Courier within local ESDC locations):
Double sealed envelope (no security markings on outer envelope) appropriately addressed. Warning on the inner envelope "To be open only by… (name or position)" with security markings and include a transmittal note and receipt.
ESDC Regions / other stakeholders (ESDC Regions and Federal Departments / Agencies, Provincial Governments or third party private sectors contracted by the department):
Double sealed envelope (no security markings on outer envelope) appropriately addressed. Warning on the inner envelope "To be opened only by … (name or position)" with security markings and include a transmittal note and receipt. The use of Priority mail, Xpresspost or messenger service is required as they are using a tracking and signature on reception process.
External mail (outside Canada):
Note: The use of the Diplomatic Mail Services is strongly recommended. Contact Global Affairs Canada Diplomatic Mail Services for procedures. The DSO must approve any transmittal of Secret information that is not sent by DFAIT Diplomatic Mail Services.
If approved by the DSO, double sealed envelope (no security markings on outer envelope) appropriately addressed. Warning " To be opened only by… (name or position)" with security markings and include a transmittal note and receipt. The use of Priority mail, Xpresspost or messenger service is required as they are using a tracking and signature on reception process.
Fax
Fax
Secure Fax is required. Any of the following installations are authorized.
Warning: In order to use the equipment listed below, you must contact the COMSEC Custodian to obtain the authorisation and the instructions at 819-956-4697 or by e-mail to nancy.courtemanche@servicecanada.gc.ca.
Viper phone, Secure Terminal Equipment (STE) phone, Sectera BDI Terminal, or Omni Secure Terminal used with Ricoh Secure Fax (COMSEC Equipment)
Transport
Transport
Transport In Canada
Transport by hand inside the department
Please note that discretion is required and the purpose of using the red folder is to emphasis the need for securing the information accordingly during silent hours.
Within restricted areas (Operation zone, Security zone, high Security zone):
- Situation1:
-
When transported by hand directly to the addressee, the Secret red folder can be deliver without envelopes. Please note that discretion is advice. (e.g. ADM to ADM, etc.).
Important: Both employees must hold a Secret clearance.
- Situation 2:
-
When transported by hand to someone (not the addressee), the Secret red folder must be inserted inside a double sealed envelope with no security marking on the outer envelope, properly addressed and with a note on the inner envelope "To be opened by addressee Only". (e.g. ADM to ADM`s assistant, etc.).
Outside restricted areas (Reception zone, Public zone):
When transported outside a restricted zone, the Secret red folder must be inserted into a double sealed envelope with no security markings on the outer envelope, properly addressed and with a note on the inner envelope: "To Be Opened by Addressee Only" The use of a secure briefcase or approved backpack is required.
Note: For the transport of several documents, it is highly recommended completing an inventory of the information being transported by the employee and providing a copy to the manager.
For the transport of several documents, it is highly recommended completing an inventory of the information being transported by the employee and providing a copy to the manager.InInInOrTransport In Canada
Transport outside department – In Canada
Note: The use of the DFAIT Diplomatic Mail Services is strongly recommended. Before transport and transmittal of Protected C, Secret and Top Secret information, the sender must obtain the approval of the Chief Security Officer (CSO)
Secret information must be transported in a double sealed envelope, no security markings on the outer envelope, security markings on the inner envelope and properly addressed. The use of a secure briefcase is required.
If traveling by personal motor vehicle, you must place Secret information in an approved carrying case and lock it in the trunk or out of sight in a locked vehicle. Placement of the approved case is temporary and must be removed at destination. Stopovers are not permitted but if you require a stopover for an urgent matter, the case cannot be left unattended in the vehicle and must be in your possession at all times.
Note 1: This applies to personal motor vehicles only; public transportation procedures (e.g. buses, planes, trains, etc.) require that the case remain in your possession at all times.
Note 2: For the transport of several documents, it is highly recommended completing an inventory of the information being transported by the employee and providing a copy to the manager.
Or- Electronic format:
-
Encrypted USB keys and encrypted portable drives issued by the department can be used if permission is granted and transported inside the same containers.
Transport Outside Canada:
Transport outside department - Outside Canada
Note: If transported to, from, or within foreign countries and particularly in non-NATO countries, there is a much higher risk of compromise by customs or other government information gathering services. The use of the Global Affairs Canada Diplomatic Mail Services is strongly recommended for non-NATO countries. Before the transport and transmittal of Protected C, Secret and Top Secret information, the sender must obtain the approval of the DSO
Secret information must be transported in a double sealed envelope. No security markings on the outer envelope and security markings on the inner envelope and properly addressed. The use of a secure briefcase is required.
If traveling by personal motor vehicle, you must place Secret information in an approved carrying case and lock it in the trunk or out of sight in a locked vehicle. Placement of the approved case is temporary and must be removed at destination. Stopovers are not permitted but if you require a stopover for an urgent matter, the case cannot be left unattended in the vehicle and must be in your possession at all times.
Note 1: This applies to personal motor vehicles only; public transportation procedures (e.g. buses, planes, trains, etc.) require that the case remain in your possession at all times.
Note 2: For the transport of several documents, it is highly recommended completing an inventory of the information being transported by the employee and providing a copy to the manager.
- Electronic format:
-
Encrypted USB keys and encrypted portable drives issued by the department can be used if permission is granted and transported inside the same containers.
Electronic Storage
Electronic Storage
Electronic copy: Secret electronic information can be stored on the Sensitive Document Collaboration Service (SDCS), also known as the Secret Sharepoint, or stored on departmental approved encrypted USB portable device and secured in an approved security cabinet or container. Electronic information cannot be stored on the Laptop’s hard drives.
Access to SDCS is managed by branch coordinators. SDCS is only accessible to employees who have:
- a Secret security clearance, and
- have been added to the access control list by their branch coordinator.
For more information, please contact the National Service Desk (NSD)
You should also know...
- New sensitive documents must be created within SDCS
- Compatible with Microsoft Office (e.g. Word, Excel, PowerPoint)
- Computer must be connected directly to the ESDC electronic network
- Only for Protected C, Confidential, and Secret documents
- For internal ESDC use only
- Do not create or save copies of sensitive documents anywhere else
- Not compatible with PDFs
- Cannot be used over AppGate or when using GC Wi-Fi or VPN outside of a secure work area
- Not for Protected A, Protected B, or Top Secret documents
- Not for external use (e.g. collaboration with other departments)
Encrypted USB portable device
Note: Must be transported, transmitted and stored in the same manner as paper information, commensurate to the level of sensitivity of the information they contain. Any of the following cabinets are approved.
integral lock
Dasco (integral lock)
Safe (integral lock)
2 or 4 drawer
Locker Safe
File Store
File Store
Secret information need to be inserted inside a red folder, properly marked and must be stored inside a Security Zone or a High Security zone.
- Filing Cabinet (with integral lock)
- Only approved filing cabinet, equipped with an integral lock, are approved for the storage of records classified up to Secret in a Security or high Security Zone (see definition below).
- Dasco cabinet
- The use of a Dasco metal cabinet is approved for the storage of records classified up to Secret in a Security or high Security Zone when the tambour door is closed and the combination lock is set.
- Electronic copy:
- Store on network drive or department-approved and issued USB storage device in locked cabinet.
Definitions
- Security Zone
- An area to which access is limited to authorized personnel and to authorized and properly escorted visitors. The zone must be monitored continuously 24 hours a day and 7 days a week. As for example: An area where secret information is processed or stored.
- High Security Zone
- An area where access is limited to authorized appropriately screened personnel, authorized, and properly escorted visitors. The zone must be monitored continuously 24 hours a day and 7 days a week and where details of access are recorded and audited. As for example: An area where high-value assets are handles by selected personnel.
These are the approved secure cabinets that can be used with their respective locking mechanisms.
File Folder
integral lock
Dasco (integral lock)
Safe (integral lock)
2 or 4 drawer
Locker Safe
- Secure Storage Room (SSR)
-
A Secure Storage Room is intended to function as an approved storage container for open-shelf storage of a large amount of classified or highly sensitive non-national (Protected) information or assets. The SSR is designed for location in a Security Zone or High Security Zone in a federal government building. The SSR is essentially a “security container” and its role is to primarily protect against surreptitious attacks but also detect and delay forced entry.
Note: As part of his oversight role, the Chief Security Officer (CSO) must assess the security measures in place to ensure they meet the minimum Security Requirements and approve the security measures in place.
Note: For any additional information, please contact your Regional Security Office.
Print, Copy & Scan
Every ESDC employee is responsible for ensuring the protection of sensitive departmental information against loss or unauthorized disclosure and must follow the measures below based on the categorization of the information.
Secret information can be printed, scanned or photocopied using the following guidelines:
- Secret documents cannot be printed, copied or scanned using a Network printer
- A stand-alone printer (Not connected to the Network) must be used for printing, copying or scanning
- The stand-alone printer must be located in a Security Zone Footnote *
- If available, a password function must be used for printing
- Secret documents cannot be left unattended on printers
Downgrading, Declassification
Declassification is the decision, recorded in writing, of the originator of the protected information or an officer authorized by the Deputy Minister to remove the categorization level of the document. Redact (hide) all sensitive information that could identify an individual or have an impact on the Department is required.
Downgrading is the decision, recorded in writing, of the originator of the protected information or an officer authorized by the Deputy Minister to lower the categorization level of the document.
Downgrading at Confidential or Protected levels: Redact (hide) the information that qualify at the Secret level and the remaining information as required to meet the requirements for Confidential or lowered levels.
Information is to be identified as protected only for the period of time it requires safeguarding. After this period, the originator or the authorized officer is to have it declassified or downgraded, appropriately marked, and to inform all recipients of this action and its effective date. Whenever possible, originators are to provide, at the time the information is created or collected, a specific date or event at which time declassification or downgrading may occur.
As a minimum, an automatic expiry date of 10 years should apply to the categorization of most information; however, the automatic expiry date would not apply to information classified as Top Secret nor to information identified as particularly sensitive Protected B, (e.g. medical records) or extremely sensitive, Protected C, (e.g. witness protection information).
Destruction
Destruction
Type II destruction equipment is defined as shredder or disintegrator approved for the secure destruction of Secret, Top Secret and Protected C information written on paper or other text based media.
- Type II (Level 6)
- A special sub-category reserved for RCMP approved and SEG listed high security shredders which meet the NSA (USA) standard 02-01 for high security paper shredders. These exceed the security and performance requirements of the RCMP Destruction Standard and are recommended for cases where a TRA recommends a higher degree of security
(e.g.: embassies, overseas deployments, smaller than 12 point font text size.Footnote 1.)
Approved Office Category Paper Shredders and Disintegrators Selection Guide Classification Type Shred Size (Maximum) Disintegrator
Screen Size Footnote 3Comments Secret
(General office use)Type II 1mm x 14.3mm 6mm Select Type II (level 6) equipment where a TRA recommends. RCMP Security Shredding Standards (Comparison relative to a 2 inch paper clip).
Type II (Level 5) is recommended.
IT Media Devices
- Optical: CD, DVD, Blu-Ray disks:
- Reduce discs to small pieces < 10 mm2 (1/8" x 1/8") or less if the destruction equipment is capable; or Grind the disc surface to remove the coloured data layer, leaving only a semi-transparent plastic disc (CDs only).
- Solid –State Drives (SSD) and USB Flash Drives
- Sanitize, then destroy to pieces < 40 mm2 in area (e.g. ¼ x¼"); or, if unable to sanitize, destroy the device or storage components to particle size < 2 mm2.
- Smartphones and Tablets
- Sanitize, then destroy to pieces < 10 mm2 in area (e.g. ¼ x¼"); or, if unable to sanitize, destroy the device or storage components to particle size < 2 mm2.
Destruction Facilities and Services
The RCMP Technical Security Branch has a Destruction Equipment Guide, which is a comprehensive and completely revised guide to the selection of destruction equipment and services. Please contact your local Regional Security Office RSO for guidance and details as Public Services and Procurement Canada (PSPC) need to be contacted for destruction service contracts or equipment purchases.
Retention
Retention