ESDC Portable Storage Devices

1. Effective Date and Annual Review

This Directive took effect on its approval by the Employment and Social Development Canada (ESDC) Corporate Management Committee (CMC) on February 4, 2015, and was modified on November 25, 2019. It will be reviewed annually by the Innovation, Information and Technology Branch (IITB).

2. Audience

This Directive applies to anyone (including employees, casuals, and contractors) who has been granted access to the ESDC electronic network.

ESDC includes Service Canada and the Labour Program, and is collectively referred to as “the Department” or “departmental".

3. Purpose

3.1 This Directive identifies which portable storage devices are approved to be connected to the departmental electronic network. It refers to devices that can be plugged into a USB port as well as optical media (CDs and DVDs).

3.2 This Directive should be read in conjunction with the ESDC Storage of Electronic Information Directive, as well as policies and directives related to IT security and information management (see References).

3.3 This Directive responds to requirements of Treasury Board (TB) policies which direct that proper use of portable storage devices is essential for safeguarding departmental information and protecting the departmental electronic network from outside threats such as viruses and spyware.

4. Basic Requirement

Only portable storage devices approved by the Department are permitted to be connected to the departmental electronic network.

5. Detailed Requirements

5.1 Devices which are not permitted to the network

  1. Smartphones and cellular phones (whether ESDC-issued or personal) are blocked from connecting to the departmental electronic network through, desktops, laptops, or tablets, in order to safeguard departmental information holdings. However, they may be plugged in to charge the battery.
  2. Personal Devices (other than smartphones and cellular phones) must not be connected to the departmental electronic network, desktops, laptops, or tablets, under any circumstances. This includes, but is not limited to, MP3 players, iPods, smart watches, GPS devices, gaming devices, routers, hard drives, USB keys (flash drives, memory sticks, memory keys, jump drives), SD cards, SIM cards, cameras, and tablets.
  3. Unencrypted USB keys and Portable Hard Drives are prohibited unless an exception is granted (See Exception Requests, section 5.4).
  4. Any device which has not otherwise been expressly permitted by this directive or through exception. (See Exception Requests, section 5.4).

5.2 Devices which are permitted to be connected to the electronic network

  1. Encrypted USB keys and encrypted portable hard drives issued by the Department
    • These devices are permitted, and they will work fully with the electronic network.
    • IITB is responsible for the procurement and lifecycle of all encrypted devices.
    • All approved encrypted devices will include an identification tag with a contact phone number; this tag is not to be removed from the device for any reason.
    • Assignment and use of encrypted devices is granted on an exception basis. (See Exception Requests, section 5.4)
  2. Cameras, video cameras, SD cards, and similar devices issued by the Department
    • By default, writing to these devices is blocked.
    • Reading from these devices is permitted.
  3. Other devices issued by the Department
    • USB devices used for internet connectivity, either directly to the Internet, such as Rogers Mobile Internet Stick (Rocket Stick), or for a virtual session such as the AppGate Key or G/ON device.
    • USB keys to manage licensing information on desktops. These products include StreetSweeper™ and IDEA CaseWare.

5.3 Devices which have Limited Functionality

  • Optical media (CDs and DVDs) can be played (read) by default. However, writing to optical media (creating CDs or DVDs) requires an exception. (See Exception Requests, section 5.4)

5.4 Exception Requests

  1. One-time use of a USB key for the purpose of reading its contents can be granted by submitting a ticket to the National Service Desk.
  2. All other exceptions, including procurement and assignment of the authorized encrypted media, require approval from a DG (Director General). This process can be launched by opening a ticket with the National Service Desk.
  3. Exceptions for individuals with DTA (Duty to Accommodate) requirements require medical justification as well as an exception request.

6. Monitoring and Reporting

Individuals are responsible for safeguarding both the device and the information on it as outlined in the Information Categorization Tool or by consulting the respective RSO (Regional Security Officer).

7. Monitoring and Reporting

7.1 IITB monitors and reports on the use of portable storage devices that are connected to the departmental electronic network at any time. The use of a portable storage device on a departmental laptop or tablet computer that is not connected to the network is recorded on the laptop or computer when the laptop or computer is reconnected to the network, the portable storage device that was used is identified and reported.

7.2 Unauthorized use of portable storage devices will be reported to the responsible ADM so that appropriate measures can be taken.

8. Consequences

Individuals will be held accountable for complying with this Directive. Failure to comply with this Directive may result in administrative and/or disciplinary measures being taken, up to and including termination of employment.

9. Enquires

Questions regarding appropriate use of portable storage devices or the application of this Directive should be directed to NA-ITSCOE-CEMSTI-GD.

10. References

10.1 Treasury Board

10.2 ESDC

  • ESDC Security Resources (Intranet)
  • Information Categorization Tool
  • The most recent versions of the following IM/IT policies can be found in iService References:
    • ESDC Cellular and Wireless Services Directive
    • ESDC Network Use Directive
    • ESDC Privileged Desktop Access Directive
    • ESDC Storage of Electronic Information Directive