Archived - Audit of the Security of Information

PDF Version - [1.76 MB]

Executive Summary

Effective security of information contributes to the achievement of the Department of Finance Canada's (the Department) strategic goals by adequately protecting the business information of the Department, thus ensuring its confidentiality, integrity and availability. The security of information in both paper and electronic form, requires a comprehensive departmental strategy to establish the appropriate levels of awareness, training, processes and monitoring. The audit provides the Department with an opportunity to identify improvement opportunities.

The audit was approved and planned in 2007 and conducted in 2008. It concludes that overall, the Department generally follows good management practices in managing sensitive information. Four areas stood out as having documented processes and area-specific training in place:

• The Budget and Fiscal Update processes;
• Law Branch;
• The ATIP group within Law Branch; and
• The mailroom.

The audit also concluded that opportunities for improvement exist. These relate to the establishment of a structured framework to solidify current practices of Department employees. The key opportunities for improvement are:

• Develop and implement an organization-wide training program;
• Monitor the management of sensitive information and hold employees accountable; and
• Facilitate access to guidelines and tools on how to manage sensitive information.