Management Response and Action Plan - Audit of Physical Security at Health Canada and the Public Health Agency of Canada - September 2016

Management Response and Action Plan
September 2016
Recommendations Management Response and Planned Management Action Deliverables Expected Completion Date Responsibility
Recommendation 1

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, ensure that there be oversight of the department-wide management of the physical security function that would include, at a minimum:
  • Follow-up on the implementation of the action plan outlined in the Integrated Departmental Security Plan;
  • Annual briefings on the state of physical security for the Deputy Heads at Health Canada and the Public Health Agency of Canada, together with their senior management; and
  • The Regional Security Managers communicating significant risks and vulnerabilities related to physical security to the Departmental Security Officer in a systematic and timely manner.
Management agrees with this recommendation.
CSB will strengthen governance to ensure that the Departmental Security Officer (DSO) provides effective and comprehensive oversight and management of the physical security function. 1.1 Implementation Plan for the Departmental Security Plan.
  1. Establishment of a formal governance structure for security.
  2. Development and approval of an Integrated Security Policy.
  3. Establishment of an annual regional security workshop.
March 2017 Departmental Security Officer (DSO)
1.2 Annual briefing to Deputy Heads through the Executive Committees.
  1. Final status report to be presented to Deputy Heads and their senior officials on the state of security.
March 2017 DSO
1.3 Incident Reporting Procedures.
  1. Development of common incident reporting procedures through consultations (i.e. Security Operations Centre, FNHIB, Regional Security Managers) to ensure that DSO is informed of incidents in a timely manner.
October 2016 DSO
1.4 Intradepartmental Security Forum.
  1. Intradepartmental Security Forum established and inaugural meeting held.
February 2016
(Completed)
DSO
Recommendation 2

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, in collaboration with branch heads, ensure that:
  • A complete central registry be maintained for threat and risk assessments pertaining to  all facilities including the results of recommendations stemming from all the threat and risk assessments; and
  • Threat and risk assessments for facilities be updated where significant changes in the threat environment have occurred and where changes in current or new legislation (e.g., the Human Pathogens and Toxins Act) impacting security have taken place.
Management agrees with this recommendation.
CSB will ensure that a centralized registry/repository is developed to track threat and risk assessments (TRA) and results. CSB will also ensure that, during the first year of operation of the central registry, the TRAs have been updated after significant changes in the threat environment have occurred. 2.1 National electronic registry/ repository for TRAs.
  1. Creation of registry/repository completed.
  2. DSO approval of registry/repository.
November 2016 DSO
2.2 National TRA Strategy Framework.
  1. Consultation with key stakeholders; presentation of Framework to Intradepartmental Security Forum for endorsement.
  2. Completion of the Framework.
  3. ADM approval of the Framework.
March 2017 Assistant Deputy Minister (ADM), Corporate Services Branch (CSB)
ADM, First Nations and Inuit Health Branch (FNIHB)
2.3 Evidence that the TRAs have been updated after significant changes in threat environment.
  1. Establishment of a schedule for the collection of data from regions and the NCR on a quarterly basis completed (June, September, December and March).
  2. Provide the Interdepartmental Security Forum with annual results.
November 2017 ADM, CSB
Recommendation 3

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, complete and approve the Integrated Security Policy suite supporting the physical security function and ensure that the First Nations and Inuit Health Branch complimentary security policy be aligned with the policy suite.
Management agrees with this recommendation.
CSB will complete and approve the Integrated Security Policy suite and ensure that FNIHB's security program is aligned. 3.1 Renewed Security Policy Suite.
  1. Consultation with key stakeholders.
  2. Completion of frameworks to align with the new TBS Policy on Government Security.
  3. Obtain ADM approval on the frameworks.
Note: Dates are based on the expected release date of the TBS Policy on Government Security in October 2016.
March 2017 ADM, CSB, in consultation with ADM, FNIHB
Recommendation 4

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, in collaboration with the Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch:
  • Develop and implement a process to ensure that health facilities funded by FNIHB are systematically assessed as to their condition and that vulnerabilities affecting the personnel security and information holdings are tracked and corrected in a timely manner; and
  • Review the effectiveness of the implementation after one year and make implementation corrections as necessary.
Management agrees with this recommendation.
FNIHB will assess the condition of health facilities and report on the effectiveness of action plans. 4.1 Action Plan in place to ensure that health facility conditions are assessed and vulnerabilities are corrected in a timely manner. September 2016 ADM, Regional Operations (RO), FNIHB
- 4.2 Report on effectiveness of action plan, including recommendations on further corrections, if needed. December 2017 ADM, RO, FNIHB
Recommendation 5

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, complete the training and awareness framework, to support consistent, comprehensive training, and develop tools to monitor its effectiveness.
Management agrees with this recommendation.
CSB will develop a security training and awareness framework. 5.1 Security Training and Awareness Framework.
  1. Consultation with key stakeholders.
  2. Completion of the Framework.
  3. Obtain ADM approval.
March 2017 ADM, CSB
Recommendation 6

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, in collaboration with the Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch, align and integrate the reporting systems so that there is a comprehensive overview of physical security activities and incidents, including performance measures, in order to assess the overall effectiveness of the physical security function.
Management agrees with this recommendation.
CSB will improve and align the monitoring and reporting systems and practices for physical security activities and incidents. 6.1 Draft Performance Measurement Framework.
  1. Consultation with key stakeholders.
  2. Completion of the Framework.
  3. Obtain ADM approval.
Note: Dates are based on the release of a government-wide Security Management Framework in March 2017.
July 2017 ADM, CSB

Download the alternative format
(PDF format, 83 KB, 9 pages)

Organization: Health Canada and Public Health Agency of Canada

Date published: 2016-12-16

Page details

Date modified: