12-40 Annex A - Fortress

Ordonnances sur l'Administration et l'Instruction des Cadets (OAIC)


1. This order defines the role and use of FORTRESS as the national information management system of the Canadian Cadet Organizations (CCO). FORTRESS is an enterprise application that is used at all levels of the CCO to administer the Cadet Program.


2. The CCO, at all levels of its hierarchy, have a requirement to capture, manage, share and archive information pertaining to the training, administration and support of  local cadet units, and to use this information in the following manner:

  1. Strategic Guidance. Statistics based on corporate information will be used to guide CCO business planning, funding models, and support allocations;
  2. Operations. National and regional operations will be aided by the manipulation and use of the data for planning and preparation of training objectives; and
  3. Program Implementation. The execution of the training program will use relevant data to plan, control, complete and assess training objectives at the local level. Reports, pre-filled forms, lists and the automation of routine administrative tasks aim at reducing the burden on CCO personnel.

3. FORTRESS is a Protected A national information management system that contains cadet administrative and training files.  This information is made available to authorized users through functionalities built to deliver the correct information to the appropriate individuals in support of their mandate.

4. The concept of FORTRESS requires that authorities working at all levels of the CCO share the responsibility of populating and maintaining data pertaining to the membership. All levels of the CCO are responsible for the maintenance of the data under their purview using FORTRESS in accordance with this order. Once a corps/squadron creates a cadet’s file in FORTRESS, the file is shared with other authorized users at the corps/squadron, Cadet Summer Training Centres (CSTC) and headquarters so that they can input data specific to their mandate.

5. Once the membership data is populated it becomes available for all levels of the CCO hierarchy, and the system allows for the streamlining of administrative processes such as the application and selection for summer training.  The following examples illustrate ways this information may be used:

  1. validate the Cadet training program;
  2. provide accurate and current statistical information to assist COs and their staff officers at all levels in the efficient and effective management of the CCO;
  3. validate corps/squadron participation;
  4. produce statistics pertaining to membership participation in support of strategic planning;
  5. reduce administrative burden by the use of pre-formatted and pre-filled forms;
  6. define the clothing allocation given to corps/squadrons for the procurement of uniform items;
  7. establish various financial allocations based on the number of cadets per corps/sqns;
  8. determine the requirement for types and numbers of summer courses to be conducted;
  9. establish vacancies available for the scholarships and exchanges;
  10. determine the quantities of training support equipment required (e.g.: sailboats, sleeping bags, ammunition allocation, etc.);
  11. establish operating budgets;
  12. establish statistics on mandatory training to provide an indication regarding the effectiveness of the delivery of the programs and of the interest indicated by today’s youth;
  13. produce statistics on why cadets join and leave the CCO and the duration of their stay in order to properly define strategic plans for recruiting and retention; and
  14. determine, based on marksmanship and music training information, equipment, training, and funding support required.

6. Corps/Squadrons – COs are responsible for collecting local administrative and training information pertaining to the participation and qualification of cadets in unit activities. Units are expected to populate all the required fields and to regularly update this data as the training year progresses.  This will allow the validation of the Cadet programs and the organization of data collecting, analysis and reporting.

7. RCSUs/Detachments – COs of RCSUs/ Detachments are responsible for the population of qualifications and participation fields for which they are the specific OPI within 30 days following the end of the activity. This may include music and/or sailing levels, or other training results from Activity Centres.

8. CSTCs/RGSs – COs of CSTCs/RGSs are responsible for the population and updating of information resulting from a cadet’s participation in summer training activities, including any pertinent administrative information.

Back to top

Quality of Data

9. Quality control of the information collected is an essential function, to ensure the validity of data so that it can effectively support management decisions. It is the responsibility of every user to ensure that data entered is correct and true.

10. Units are responsible for updating their data on a regular basis.  This is paramount and cannot be overemphasized. Information in FORTRESS can be modified up to 60 days in the past at which time the data becomes read-only and the unit staff are no longer authorized to modify it. COs must contact their RCSU should a change be required for read-only data.

11. The data collected by staff members working at CSTCs/RGS must be annually updated in FORTRESS NLT 15 September.


12. Corps/Squadrons. Access will only be granted to individuals who have been identified by the CO as being responsible for populating, maintaining and consulting portions of data in FORTRESS.  Typically, Corps/squadron staff members can only access files that pertain to their corps/squadron.

13. D Cdts & JCR / RCSU / Detachment / CSTC.  Access to FORTRESS at D Cdts/ RCSU / Detachments / CSTCs and other designated centres will be provided to personnel identified by D Cdts & JCR and/or RCSUs as requiring access to a unit’s administrative and training files in the conduct of their mandate.

Collection of Information

14. Federal governmental policies on privacy warrant that a signed authorization be acquired from everyone for whom information is collected into a federal database and to manage this information on their behalf.

15. A DND-2353, Authorization for the Collection, Use and Disclosure of Personal Information, must be signed by both the cadet and their parents or legal guardians before any data pertaining to the cadet can be stored in FORTRESS.  The signed DND-2353 must be kept on file at the corps/squadron for reference.

16. The form CF-1158, Application for Membership in the CCO, constitutes the source document for personal information. 

17. Units must ensure that the personal data for each cadet is verified against official source documents such as the health insurance card, and proof of identify documents such as a birth certificate or a valid Canadian passport.  Any mistakes will have a negative impact on all processes that use the data.

Access to Information

18. Federal laws and regulations pertaining to the protection of privacy preclude authorized users from releasing the content of FORTRESS to a third party.  Any individual or third party not authorized to use FORTRESS or view its data, but wanting to consult it, must make a formal request to the Director Access to Information and Privacy.

Disclosure of Information

19. Any disclosure of cadet personal information shall be IAW the DND-2353.  This includes any information disclosed to the Leagues and/or local sponsors. Medical information shall not be disclosed.  Examples of the types of information that may be disclosed include the following:

  1. cadet contact information;
  2. parent/guardian contact information;
  3. corps/squadron contact information;
  4. cadet training information; and
  5. statistics.

Protection of Information

20. The CCO are entrusted with the protection of personal information pertaining to its membership. Users are individually responsible for taking all necessary measures to reduce the risk of unauthorized access or disclosure of information.  Safety measures must include but are not limited to the following:

  1. locking the administration office;
  2. storing the laptops in a secure location;
  3. not leaving computers unattended when logged in; and
  4. applying proper administrative procedures for the handling of protected material.


21. The Regional IT Service Desk is the first point of contact regarding technical problems with the computer, network, or access to the application.  Contact information is provided in the CCO Net Security Orders and User Manual. 

Back to top

Page details

Date modified: