Transporting Information

Description: An encrypted USB key (or flash drive) is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface, and encryption applied by both hardware and software. Requires a password to access data stored on the device.

Purpose: Can be used to move information within a team or group, from Branch to Branch, or from ESDC to other government departments, other levels of government, non-government organizations, or third parties where real-time collaboration is not required.

Access: Pools of shared ‘keys’ have been established in Branches/Regions and are managed by Password Pool Custodians. Manager approval is required.

Self-serve tools available on iService.

Do's and Don'ts for this Device

information categorization for this Device:

Protected A

Yes

Protected B

Yes

Protected C

See Appendix 3: Handling of Information and Required Safeguards for more information

Description: An encrypted USB key (or flash drive) is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface, and encryption applied by both hardware and software. Requires a fingerprint to access data stored on the device.

Purpose: Can be used to move information within a team or group, from Branch to Branch, or from ESDC to other government departments, other levels of government, non-government organizations, or third parties where real-time collaboration is not required.

Access: Each device is assigned to an individual employee, who is the custodian responsible for the security of the device, as well as information placed on the device. Manager and ADM/Regional ADM approval required.

Self-serve tools available on iService.

Do's and Don'ts for this Device

information categorization for this Device:

Protected A

Yes

Protected B

Yes

Protected C

See Appendix 3: Handling of Information and Required Safeguards for more information

Description: An external hard drive is a portable device designed with a high storage capacity. It connects to a computer with a USB cable.

Purpose: Made available only if technical or business rationale precludes the use of the network. Can be used to store large amounts of data or documents.

Access: Access to hard drives is strictly controlled as these devices are able to retain large quantities of data and pose inherent risk to the Department. ADM/Regional ADM, the Department Security Officer (DSO) and the Chief Information Officer (CIO) approval and signatures required.

Self-serve tools available on iService.

Do's and Don'ts for this Device

information categorization for this Device:

Protected A

Yes

Protected B

Yes

Protected C

See Appendix 3: Handling of Information and Required Safeguards for more information

Description: An USB key (or flash drive) is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface.

Purpose: For the transport of work-related materials, and for departing employee requirements to remove their ‘personal’ information, i.e. résumé, performance agreements, etc.

Access: Exception Requests are approved on a case-by-case basis, and may include a time-limit to use the function.
Each device is assigned to an individual employee, who is the custodian responsible for the security of the device, as well as information placed on the device.
Includes Secure Digital (SD) Cards and unencrypted USB keys.
Manager and ADM/Regional ADM approval required.

Self-serve tools available on iService.

Do's and Don'ts for this Device

information categorization for this Device:

Protected A

Yes

Protected B

Some exceptions. See Purpose.

Protected C

Never

Description: Optical media (including CDs and DVDs) are storage media that hold information in digital form, and are written and read by a laser.

Purpose: For the transport of work-related materials, and for departing employee requirements to remove their ‘personal’ information, i.e. résumé, performance agreements, etc.

Access: Write-Access Exception Requests are approved on a case-by-case basis, and may include a time-limit to use the function. Manager and/or ADM/Regional ADM approval required.

Self-serve tools available on iService.

information categorization for this Device:

Protected A

Yes

Protected B

Yes

Protected C

Never

Description: All departmental laptops contain encrypted hard drives and further software encryption.

Purpose: Working online, connected via VPN (Virtual Private Network). Working offline, data files must be stored appropriately on the device.

Access: Assigned to individual employees.

Self-serve tools available on iService.

Do's and Don'ts for this Device

information categorization for this Device:

Protected A

Yes

Protected B

Yes

Protected C

Never

Description: A device that accepts text and graphic output from a computer and transfers the information to paper.

Purpose: For creating a paper or ‘hard’ copy. Paper copies must be transported using prescribed secure methods.

Access: All employees.

Self-serve tools available on iService.

information categorization for this Device:

Protected A

Yes

Protected B

Must use Secure Print (Print-to-PIN).

Protected C

Follow guidelines for Information Categorization Tool.

Description: A device that captures images from photographic or text sources, such as prints, posters, magazine pages, and similar records, for computer editing and display.

Purpose: Commonly used to create an electronic version of a hard copy document (ex. travel receipts, ROEs). To reduce space and retain copy quality

Access: Various photocopiers have a scan function. Available by location.

information categorization for this Device:

Protected A

Yes

Protected B

Must use Secure Print (Print-to-PIN).

Protected C

Follow guidelines for Information Categorization Tool.

Description: Transporting hard copies of materials.

Purpose: For safely transporting ‘hard’ copies of materials.

Access: N/A

• 1. Is there a safe way to transport sensitive information?

  Yes, by using an encrypted, department-issued USB key.

• 2. Why aren’t encrypted USB keys a standard piece of IT equipment?

  Not all jobs deal with highly sensitive levels of data within the department. For employees who do require a USB key to fulfill their work obligations, processes are in place to get such as device. Visit the Portable Storage Devices site for more information.

• 3. What is the difference between an encrypted password Pool USB key and an encrypted biometric USB key?

  Both the password Pool USB key and the biometric USB key are encrypted and authorized for use within the department.

  The password Pool eUSB key is managed by your Branch Password Pool Custodian. These devices are for temporary use only and can be shared amongst the team members. Password protected eUSB keys are also used for data transit, to another third party or GC department, and the data can be of varying sensitivity.

  The biometric eUSB key uses the finger print for identification and its serial number is assigned to the individual employee who requires it for long term usage. Once assigned, the biometric eUSB key cannot be shared amongst employees.

• 4. How do I obtain a Password Encrypted USB (eUSB) Device?

  There are separate processes for requesting Password encrypted USB keys, Biometric encrypted USB keys and encrypted External Hard Drives (eEHD).

• 5. Can I transfer my biometric encrypted USB key to my co-worker?

  No. Encrypted biometric USB keys cannot be transferred to a co-worker as the device’s serial number has been assigned to you alone. You are responsible for the eUSB key and the data stored on the device. If you no longer require the eUSB key, then you can return it.

• 6. Can my Manager give or transfer my biometric eUSB key to another member of my team?

  No. Your Manager cannot give or transfer your biometric eUSB key to another member of the team as your biometric encrypted USB key is assigned to you alone. If your team requires temporary usage of encrypted USB keys for sharing, contact your Branch Password Pool Custodian for a password encrypted USB key.

• 7. I have received my biometric eUSB key. Can I use it right away?

  No. Encrypted biometric keys are configured differently than unencrypted USB keys. do not attempt to configure the assigned biometric eUSB key on your own as this can cause the device to become unusable. Submit a service request to the National Service Desk for instructions.

• 8. I am giving a presentation to an external partner. How can I take my presentation with me?

  Your Branch Password Pool Custodian can assign you a password encrypted USB key, if you require a USB key for a short period. Other alternatives include emailing your presentation to the meeting chair or secretary.

• 9. How do I read documents that have been given to me by an external partner or client on a non-encrypted USB key?

  Do not plug in any unencrypted USB key to a departmental desktop or laptop, or connect it to any ESDC equipment without approval. To request read-only access to the key, visit iService self-serve: Approved unencrypted devices.

• 10. I am retiring and want to take my personal files with me. How do I do this?

  Information about how to move personal files from the ESDC network when departing or retiring is available on iService.