Canada’s Auditor General, Sheila Fraser, has issued her Annual Report; her verdict on data security is dire. The government audit looked at how sensitive information is safeguarded when outside contractors are engaged. The audit found that government agencies are failing to meet basic security standards and that data is at risk for breach.

“We found serious problems in the system that is supposed to ensure the security of government information and assets entrusted to industry,” Fraser said in her report.

Concerns from the report include:

  • Failure to identify security requirements for defense contracts
  • Funding is inadequate to hire and retain qualified professionals to support the Government Security Policy (GSP) and The Industrial Security Program (ISP), which delivers on the GSP objectives
  • The GSP standard is ambiguous about responsibilities
  • Data for the ISP resides on a controlled-access network, but it has not been certified under the government standard against data breaches
  • The security policy does not include a disaster recovery plan

Public Works and Government Services Canada (PWGSC), who handle 90% of all government contracts, has responded to the concerns of the audit. They will be creating a Security Management Advisory Board and are revising security strategies. Perhaps the most important element to arise post-audit is a new training program to ensure staff follow procedures consistently.

The PWGSC will be reviewing all 3000 active contracts to ensure security requirements are being met.

Via InterGovWorld Tags: , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati