Archived - Audit of the Security of Information

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

PDF Version - [1.76 MB]

To access a Portable Document Format (PDF) file you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet.

Executive Summary

Effective security of information contributes to the achievement of the Department of Finance Canada's (the Department) strategic goals by adequately protecting the business information of the Department, thus ensuring its confidentiality, integrity and availability. The security of information in both paper and electronic form, requires a comprehensive departmental strategy to establish the appropriate levels of awareness, training, processes and monitoring. The audit provides the Department with an opportunity to identify improvement opportunities.

The audit was approved and planned in 2007 and conducted in 2008. It concludes that overall, the Department generally follows good management practices in managing sensitive information. Four areas stood out as having documented processes and area-specific training in place:

  • The Budget and Fiscal Update processes;
  • Law Branch;
  • The ATIP group within Law Branch; and
  • The mailroom.

The audit also concluded that opportunities for improvement exist. These relate to the establishment of a structured framework to solidify current practices of Department employees. The key opportunities for improvement are:

  • Develop and implement an organization-wide training program;
  • Monitor the management of sensitive information and hold employees accountable; and
  • Facilitate access to guidelines and tools on how to manage sensitive information.