6003-3 Security of Sensitive Information
Cadets and Junior Canadian Rangers Group Order (CJCR Gp O)
1. Identification
- Date of Issue: 2025-08-25
- Date of Verification: n/a
- Application: This is an order that applies to members of the Canadian Armed Forces, and a directive that applies to Civilian Instructors, Cadets and Junior Canadian Rangers Group Volunteers, and employees of the Department of National Defence employed within the Cadets and Junior Canadian Rangers Group.
- Supersession: Cadet Administration and Training Order 12-31, Access to and Security of Sensitive Information
- Approval Authority: This order is issued under the authority of the Commander Cadets and Junior Canadian Rangers Group.
- Office of Primary Interest: Deputy Chief of Staff Information Management/Information Technology
- Enquiries: Cadets and Junior Canadian Rangers Group J6
2. Abbreviations
| Abbreviation | Complete Word or Phrase |
|---|---|
| CAF | Canadian Armed Forces |
| CI | Civilian Instructor |
| CJCR Gp | Cadets and Junior Canadian Rangers Group |
| CJCR Gp O | Cadets and Junior Canadian Rangers Group Order |
| CO | Commanding Officer |
| COATS | Cadet Organizations Administration and Training Service |
| CTC | Cadet Training Centre |
| D-PKI | Designated Public Key Infrastructure Certificate |
| DND | Department of National Defence |
| HQ | Headquarters |
| NDSODs | National Defence Security Orders and Directives |
| RCSU | Regional Cadet Support Unit |
3. Definitions
- Cadet.
- See See QR (Cadets), section 1.02, Definitions.
- CJCR Gp Volunteer.
- See QR (Cadets), section 1.02 Definitions. Supplemented by the following: the term volunteer applies to a CAF member when not on paid duty, or a CI when not on paid service; a volunteer is authorized by a corps/squadron, CTC or RCSU CO; and a CJCR Gp volunteer is screened by CJCR Gp.
4. Policy
Context
- 4.1 A critical part of the DND/CAF security program is the protection of DND/CAF information. Without adequate safeguarding, the confidentiality, integrity and availability of this information could be compromised, which could impact the ability of the DND/CAF to deliver and conduct activities and operations.
- 4.2 CJCR Gp manages information designated as Unclassified, Protected A, or Protected B. For direction regarding information of a higher security designation, please contact your Unit Security Supervisor at your RCSU.
Policy
- 4.3 Information, both physical and digital, that is created, transmitted and stored by the CJCR Gp is governed by the NDSODs (You are now leaving Canada.ca. Link accessible only on the DWAN) with regards to classification and security measures. NDSODs (You are now leaving Canada.ca. Link accessible only on the DWAN) use the injury test, described in Chapter 6, to determine the classification of information. Within CJCR Gp, the CJCR Gp HQ/RCSU J6 applies the injury test in consultation with subject matter experts to determine the classification of CJCR Gp information.
Requirements
- 4.4 The security of information includes the identification and marking of information both in paper and electronic format that requires protection, the control of access to information by DND employees and CAF members who have a need-to-know, and the granting of the appropriate level of access. All DND employees and CAF members must label their information with appropriate security markings. This requirement extends to ensuring proper metadata is applied to digital information where directed.
- 4.5 Access to sensitive DND/CAF information must be limited to authorized individuals who:
- have successfully completed their security screening to the appropriate level, including certification and indoctrination in the case of special material; and
- have demonstrated the need-to-know.
- 4.6 A successful security screening will result in the granting of a reliability status or a higher security clearance.
- 4.7 Supervisors are required to ensure that all personnel have appropriate and up-to-date security screening in relation to the individual’s respective position.
5. Designation of Information
- 5.1 In accordance with NDSODs Chapter 6, information collected and handled by CAF members is considered to be controlled by the Government of Canada. This includes information about cadets collected by CAF members, CIs, and CJCR Gp Volunteers on behalf of CJCR Gp. It is the responsibility of members of the CJCR Gp to give any information they collect and store a designation based on the sensitivity of that information.
- 5.2 The sensitivity level of information held by DND/CAF is based upon the possible impact from the release of that information to an unauthorized source. It is further divided into Protected or Classified depending on whether the harm would be to the national interest, to an organization, or an individual. Designations will be determined by applying the injury test outlined in NDSODs Chapter 6.
- 5.3 Proper marking of documents, reports, messages or other information maintains the security and confidentiality of information held by DND/CAF. Within CJCR Gp the following three main designations occur:
- Unclassified;
- Protected A; and
- Protected B.
UNCLASSIFIED
- 5.4 Information is designated UNCLASSIFIED when the compromise of the information could reasonably be expected to cause no injury to national or non-national interests. Information that is Unclassified is not protected or classified. An UNCLASSIFIED categorization indicates that the Injury Test has been performed, and that no potential injury was discovered. Individuals must not presume that information with no marking or label is Unclassified and should approach the information as having not been categorized. If information is UNCLASSIFIED that does not automatically mean it can be released to the public. Normal release procedures must be followed.
PROTECTED A
- 5.5 Information is designated PROTECTED A when the compromise of the information could reasonably be expected to cause injury to interests other than the national interest, for example, the name of an individual and another piece of information associated with the individual such as date of birth, address, Personal Record Identifier (PRI) or Service Number (SN), language test results or exact rate of pay. For cadets this could include health insurance identifier or other personal information collected on behalf of CJCR Gp.
PROTECTED B
- 5.6 Information is designated PROTECTED B when the compromise of the information could reasonably be expected to cause serious injury to interests other than the national interest, including loss of reputation or competitive advantage, for example, combinations of personal information such as Social Insurance Number, name and address, or particularly sensitive personnel information, medical records, financial information or performance evaluations.
6. Handling, Storage and Transmission of Protected Information
Handling of Protected Information
- 6.1 Once information has been given a designation in accordance with NDSODs Chapter 6, when that information is reproduced, edited, viewed, processed, it must be returned to an equally secure location. Information must only be handled in physical security and electronic zones that are appropriate for the sensitivity of that information.
- 6.2 Protected and classified information should not be read, displayed or used in public, for example on a bus, train, airplane, etc.
Storage of Protected Information
- 6.3 Information must only be stored in secure containers or repositories which includes both physical and digital locations. Physical storage is approved by CJCR Gp HQ/RCSU Security Officer and digital storage is approved by the CJCR Gp HQ/RCSU J6. Digital locations are designated according to who will access them, for example some Teams chats will be accessed by cadets and CJCR Gp Volunteers and therefore are designated as Protected A and must not contain Protected B information.
- 6.4 When in use, PROTECTED A documents may be stored temporarily covered, turned down, or in a closed desk drawer. When not in use, documents must be stored in an approved, locked file cabinet, or desk drawer. Approved cabinets and locking mechanisms are to be obtained through the RCSU and the supply system. Physical files should only be used or stored in a restricted access area. Digital information must be stored on government issued devices only, or in designated online repositories. Digital information must not be downloaded to personal devices.
- 6.5 When in use, PROTECTED B documents may be stored temporarily covered, turned down, or in a closed desk drawer. When not in use, documents must be stored in an approved, locked file cabinet, or desk drawer. Approved cabinets and locking mechanisms are to be obtained through the RCSU and the supply system. Physical files should only be used or stored in a restricted access area. Digital information must be stored on government issued devices only, or in designated online repositories, it must not be processed, sent or downloaded to personal devices.
Transmission of Protected Information
- 6.6 Information designated UNCLASSIFIED can be freely transmitted by email or other electronic means, however it will be limited to those who require the information.
- 6.7 Information designated PROTECTED A may be sent by fax, Canada Post, DND/CAF mail, electronic mail or shared by approved digital repositories including Cadet365. When sent via fax the individual receiving the information should be notified in advance. When sent via Canada Post or DND/CAF mail, the information is placed in a plain envelope and no special markings will be used. For transfer within a base or unit, a messenger service envelope may be used.
- 6.8 Information designated PROTECTED B may be sent by fax, Canada Post, DND/CAF mail, electronic mail with D-PKI encryption, or by approved digital methods. When sent by fax the individual receiving the information should be notified in advance. When sent by Canada Post or by DND/CAF mail, documents must be transmitted in a single sealed envelope with no security markings. If multiple documents are sent in a single package the outer envelope should be addressed in a non-specific manner with no security markings, with each inner document enveloped and addressed to the appropriate office or individual. Document transmittal receipts should be used.
7. Publication
Frequency of Publication
- 7.1 A periodic review of CJCR Gp Os will be initiated every three years, or more frequently if necessary.
Errors/Omissions or Suggestions
- 7.2 Users of CJCR Gp Os are encouraged to identify any errors, omissions, or suggested orders to the attention of CJCRPol-PolCRJC@forces.gc.ca.
8. References
Source References
- National Defence Security Orders and Directives, Chapter 6 (You are now leaving Canada.ca. Link accessible only on the DWAN)
- G1-009 Transport and Transmittal of Protected and Classified Information
- Transport, Transmittal and Storage of Protected and Classified Material GCPSG-007 (2022)
Related References
- CJCR Gp O 5050-1, Cadet Records