Reporting Security Incidents - Questions and Answers

FAQs

  • What is a security incident?

    Security incidents are acts or events that affect, or have the potential to affect, the department, its assets and/ or its employees. Consequences/impacts of security incidents can affect the department in many ways: the loss or compromise of data, damage to reputation of the department or privacy breaches, to name a few.

  • What should I do if I see a security incident?

    Reporting an incident is as easy as 1..2..3..Contain, Advise, Report.

    1. Contain the situation. Take measures to protect individuals, information and assets. Call 911 if there is an immediate danger.
    2. Advise your Manager of the incident as soon as possible and once the incident is contained.
    3. Manager reports security incident to the Regional Security Office (RSO) immediately
  • Can I call Emergency Services/911?

    In cases of imminent danger, threats of violence or a serious threat of suicide or actual violence, take necessary measures to contain the situation and ensure your own safety and security, contact Emergency Services/911 and advise your Manager*.  

    Only managers with delegated authority can disclose personal information to Emergency Services/911, or to any other stakeholder

  • How do I know if what I saw was a security incident or a health and safety issue?

    Know how to differentiate security incidents from health and safety incidents!

    • There are various types of security incidents that can occur making it difficult to determine if it should be reported or not. Review the breakdown of the various types of incidents involving assets and public goods, information, buildings, scams and violence.
    • A health and safety issue can generally be characterized as work-related hazard or condition that is likely to cause damage to the workplace, an injury, occupational illness, or adverse health effect to an employee.  A hazard or condition is considered to be "work-related" if it exists in the workplace and/or an employee's exposure to the hazard or condition occurs in the course of employment. As an employee you may encounter work-related hazards and conditions, or may be involved in an accident or near miss while working.  Under the Canada Labour Code, you have an obligation to report these hazards, conditions, accidents, and near misses to your supervisor or manager.
    • Visit the Departmental Occupational Health and Safety Program on iService for more information.
  • What is my role and responsibilities with regards to reporting security incidents?

    As an ESDC employee, you have a responsibility to understand your security roles and responsibilities and to report real and suspected security incidents to your Manager. Visit the Security Code of Practice to understand your role and responsibilities in keeping your work environment safe and secure.

  • Is the process changing for Employees on how to report a security incident?

    No, the current process for reporting incidents remains the same. Employees are to continue reporting all security incidents to their managers as quickly as possible. For more information, see the Security Incident Reporting Protocol (PDF, 113 KB).

  • Is the process for Managers changing for reporting security incidents?

    The process itself remains the same however, Managers will now be reporting incidents using the new Webform. The new online form is replacing the ADM 3061 pdf file. The security incident case management system has been updated to a centralized system (MS Dynamics) that allows us to report incidents in "real time" collect data/stats on security incidents and allows for greater reporting and analysis capability to management as well as provides corrective measures.

  • Can a Manager still use the ADM 3061?

    Managers are strongly encouraged to use the new online form to report all security incidents as the ADM3061 form will no longer be available in the near future. However, if an ADM 3061 form is used, it will still be accepted during a transition period.

  • Do employees need to report security incidents that occur while working remotely or on travel status?

    Employees play a major role in safeguarding departmental information, assets and valuables and as such, must report security incidents wherever they are working from home or are on travel status.

  • What resources exist for reporting attempted fraud?
    • If you are contacted by a client who has been the victim of a fraudulent call, you may report the incident here (you do not need to fill out an additional incident report).
    • If you personally receive a fraudulent call on your ESDC-issued mobile device, you can report it here (you do not need to fill out an additional incident report).
    • Use the “phishing” button in Outlook to report email phishing.
    • If you have been a victim of fraud in your personal life, it is recommended that you report it to the Canadian Anti-Fraud Centre.
    • To report other security incidents related to ESDC personnel or assets, use the Security Incident Report form online.