Security Inspections FAQs

Security Inspections provide a means for the Department to measure the extent to which departmental information and assets are properly safeguarded when employees are absent or away from the workplace. They also support a security culture by raising awareness on effective security practices. The results of the inspections may also be used to assess overall risks to the security of departmental information and assets.

All ESDC sites must be inspected at least once per year. Follow up inspections will be conducted at workstations with more serious non-compliance elements.

The inspections are conducted while an employee is absent from the workplace.

The inspections are conducted by a Location Lead, Manager, Regional Security Officer or another person designated by the Regional Security Office.

The inspections focus on whether Protected or Classified documents or files, negotiables (cheques, money orders etc.) or electronic devices and other departmental assets are properly secured while employees are absent from the workplace. Cabinets, drawers and briefcases will also be inspected to ensure they do not contain any Protected or Classified information or assets and whether security approved cabinets/containers are locked. Here are examples of non-compliant elements:

• Protected/Classified files or documents or assets left on desk, in an unlocked desk drawer, in an unlocked security container (filing cabinet, cabinet or safe), in an unlocked briefcase, in the recycling bin, or posted to a wall;
• Keys for cabinets or doors that are visible and not secured (e.g. keys left in locks);
• Visible combinations, passwords and alarm codes that specifically indicate that they open a designated computer, cabinet or door;
• Unlocked enclosed offices that contain at least one “non-compliant item”;
• Valuable assets (i.e. laptops, tablets, USBs, projectors, Blackberrys, cellphones and taxi chit booklets) that are not secured;
• Employee identification cards, access cards and USB keys that are not properly secured.

Unlocked offices will be subject to an inspection. Locked offices will not be inspected and will be considered compliant. Occupants should nonetheless adopt the same security habits as open workstations in order to protect departmental information and assets.

If the workstation is compliant, a “Good Job” notice may be left on the desk informing the employee that the workstation has met the Departmental Security Policies.

If the workstation is non-compliant, a “Security Inspection Notice” will be left on the desk to advise the employee of the non-compliant items(s) that were found.

• Managers will receive a “Security Inspections Report” and will follow-up with employees to discuss security practices and ensure that corrective measures are applied.
• Targeted group training sessions could also be provided.
• Non-compliant items may be removed from the workstation to ensure their safeguard. Employees will be responsible to recover their items by contacting the designated person indicated at the bottom of the “Security Inspection Notice”.

The Security Inspection Notice was left at your workstation to notify you that at least one element of non-compliance was found as part of a Security Inspection.

• Take a moment to review the non-compliant element(s) as well as the other elements that were verified as part of the inspection. Take action to correct the non-compliance element(s) found.
• Adopt appropriate security practices to ensure that departmental information and assets are appropriately safeguarded and to prevent recurrence.
• Discuss the notice with your Manager to ensure appropriate measures are in place to prevent recurrence of non-compliance.

No, the objective of the Security Inspections is to improve security habits and practices and raise awareness. Non-compliant elements are not formally reported as security incidents and, as such, privacy breach considerations ‎do not apply.

The non-compliant document(s) or file(s) were removed and temporarily stored to ensure their safeguard during your absence. You can contact the person at the bottom of the Security Inspection Notice to retrieve your documents.

As the document(s) or file(s) belong to the department, it can take measures to ensure the safeguard of Protected or Classified information in order to reduce the risk of compromise.

No. However, the designated inspector may leave a "Work with Us to Prevent Theft" notice to enhance security awareness and prevent thefts in the workplace. This notice reminds employees to safeguard their personal and valuable items and not leave them unattended or in plain sight.

If the drawer or filing cabinet is unlocked, the designated inspector will open and only conduct a visual inspection of the contents within. If Protected/Classified information or document(s), negotiables (cheques, money orders etc.) and/or valuable assets are found, this would be considered "non-compliant."

The results are sent to the Regional Security Office who will compile the information at the Branch or Regional level and send the summary reports to the Chief Security Officer who will assess the results.

The following contain useful information to ensure you are appropriately safeguarding ESDC information and assets:

• Information Categorization Tool
• Work with us to Prevent Thefts
• Security Videos
• Clean Desk Guidelines
• Workspace and Desktop Security
• Easy Action Toolkit for Employees and Managers

You can contact your Regional Security Office.