IRCC Minister Transition Binder 2025-05

Departmental and Information Security at IRCC

Chief Information Officer
Departmental Security
May 2025

Overview

Ministerial staff have a variety of responsibilities and obligations related to physical, information and cyber security.

The purpose of this presentation is to provide an overview of the process and responsibilities in the following areas:

• Module 1: Access Controls
• Module 2: Personnel Security Screening
• Module 3: Accessing Information
• Module 4: Cyber Security Best Practices
• Module 5: Physical Security

Module 1: Access Control

To protect the safety and security of personnel and government facilities, access control measures are used to identify and verify employees who require regular access to Immigration, Refugees and Citizenship Canada (IRCC) buildings.

Your ID/Access card must be visibly displayed while on IRCC premises and removed once off IRCC grounds.

Remember:

• All IDs and access cards are property of IRCC
• ID/Access card must be visible at all times while in the workspace
• You must not lend your ID/Access card to anyone
• You are responsible for your ID/Access cards at all times
• You must surrender your ID/Access cards to security personnel, when requested
• You must ensure that unauthorized persons do not enter restricted areas behind you

If you lose or misplace your ID/Access card, you must fill out an Online Security Incident Report (OSIRS).
The reporting system is electronic and available on Connexion under the security and emergencies tab.

Access Control: Guests

• As part of regular business, the Minister or the Minister’s office may host external guests at IRCC offices. All guests must be signed in at security with a valid government-issued photo identification (ID) card.
• The Minister’s office can work with the Departmental Liaison Unit to inform security about expected guests in advance of their arrival to ensure smooth reception and ID exchange.
• To do this, please provide the following information:
  • the name of the employee who is expecting the visitor(s); the tower, floor and specific location of the meeting; the date and time of the visit; the name(s) of the visitor(s) and the organization they represent; and the name and telephone number of a contact person who can be notified of guest arrival.
• Guests must be escorted by an IRCC employee at all times while on the premises and must return their visitor pass at the reception desk upon departure, where they may then collect their own ID card.
• The reception desk is open Monday to Friday, from 7:00 a.m. to 6:00 p.m. Visitors after hours will have to call the Security Operations Centre (613-941-2110).

Access Control: House of Commons

House of Commons

• House of Commons (HOC) security access cards for ministerial staff are coordinated through the Deputy Minister’s Office Corporate Team.
• HOC passes for ministers and parliamentary secretaries are coordinated by the Privy Council Office.
• To receive a new HOC access card, ministerial staff will be required to complete an “Application for Identification Card for the House of Commons Form.”
• For an HOC access card transfer from other government departments, the “HOC Ministerial Transfer Form” must be completed.
• Once the HOC access card is ready for pick up, ministerial staff will be notified and must personally pick up the card at the Parliamentary ID office (photo will be taken for new cards).
• Security equipment (secure containers, secure communication devices, briefcases, etc.) for the Minister’s parliamentary office, constituency office and residence will be provided as needed by IRCC.

Module 2: Personnel Security Screening

The security screening level for a position is established in accordance with guidance issued by the Treasury Board Secretariat (TBS) and is based on the duties to be performed; the sensitivity of the information, assets, or facilities associated with the role; the position’s level of authority; and the injury that could result from the compromise of sensitive information.

As per TBS’ Policies for Ministers’ Offices and the Privy Council Office’s Guide for Ministers and Ministers of State, all staff working in the Minister’s Office must obtain a valid Secret clearance prior to employment.

Requests for security clearances for ministerial staff are coordinated through the Deputy Minister’s Corporate Team. Clearances for ministers and parliamentary secretaries are coordinated by the Privy Council Office.
Security screening involves the collection of personal information from individuals, with their informed consent, and information from law enforcement and intelligence sources and other sources and methods to assess an individual's reliability and loyalty to Canada.

Secret clearance

10 Year background check
Reliability Status
CSIS Loyalty Assessment
Valid for 10 Years

Personnel Security Screening Levels

Reliability

5 Year background check
Verification of ID
Verification of employment, education, and references
Credit check
Criminal record check
Valid for 10 Years

Enhanced Reliability

Reliability Status
Law Enforcement Records Check (LERC)
Security Questionnaire and/or Security Interview
Open-source inquiry
Valid for 10 Years

Secret

10 Year background check
Reliability Status
CSIS Loyalty Assessment
Valid for 10 Years

Top Secret

10 Year background check
Reliability Status
CSIS Loyalty Assessment
Valid for 5 Years

Enhanced Top Secret

10 Year background check
Reliability Status
CSIS Loyalty Assessment
Security Questionnaire
Open-source inquiry
Polygraph Test
Valid for 5 Years

Depending on the requirements of the position, ministerial staff may require Top Secret clearance.

Module 3: Accessing Information

Protected Information

• In the Minister’s Office, you may be required to handle protected information, which is defined as information for which unauthorized disclosure, destruction, interruption, removal or modification could reasonably be expected to cause injury to an individual, organization or government which lies outside the national interest.

Types of Protected information include:

Protected A

Low-sensitive, designated information. Information that could reasonable be expected to cause injury outside the national interest, if compromised.

Protected B

Particularly sensitive, designated information. Information that could cause serious injury outside the national interest, if compromised.

Protected C

Extremely sensitive, designated information. Information that could reasonably be expected to cause extremely grave injury or loss of life, if compromised.

Classified Information

• In the Minister’s Office, you may be required to handle classified information, which is defined as information for which unauthorized disclosure, destruction, interruption, removal or modification could reasonably be expected to cause injury to the national interest of Canada.

Types of Classified information include:

Confidential

Applies to information when its compromise could reasonable be expected to cause injury to the national interest of Canada

Secret

Applies to information when its compromise could reasonably be expected to cause serious injury to the national interest of Canda

Top Secret

Applies to information when its compromise could reasonable be expected to cause exceptionally grave injury to the national interest of Canada.

Module 3: Accessing Information

In some cases, ministerial staff may require access to Secret or Top Secret information to support the Minister in their role overseeing IRCC’s policies, security, and operations. Some examples may include: Cabinet confidences, classified reporting on immigration cases that require the Minister’s awareness/decision, classified intelligence reporting from partner agencies impacting IRCC, or accessing classified legislation or policies impacting IRCC.

Accessing Secret Information

The Government of Canada Secret Infrastructure (GCSI) has been developed as an enterprise capability to enable necessary classified (Secret) information exchange internally within the Government of Canada and with external entities, as necessary. The GCSI infrastructure is compliant with Communication Security Establishment (CSE) requirements.

GCSI terminal locations available for the Minister’s office:

• [Redacted]
• [Redacted]

Follow the link to obtain a GCSI user account: GCSI user registration guide (ci.gc.ca)

Secret information can only be accessed and stored on GCSI networks, not GCDocs.

Module 3: Accessing Information

[Redacted]

[Redacted]

[Redacted]

[Redacted]

[Redacted]

Module 3: Accessing Information

Best Practices for Protecting Information

Wi-Fi and networks:

• Avoid public Wi-Fi whenever possible.
• No data higher than Protected B is permitted to be accessed remotely (e.g. from home).
• Secret information is NOT to be accessed off GCSI networks, over remote access or VPN, including GC Wi-Fi.
• Wireless and cellular phones are for up to Protected A discussions.

Email and Instant Messages:

• When e-mailing Protected B data or information to a trusted external partner, it must be encrypted with Entrust software (Email encryption is supported on IRCC smartphones).
• Do not email IRCC property or data to your personal email account—regardless of classification.
• Internally to IRCC, MS Teams is for up to Protected B use only.
• SMS messaging and all other conferencing services (such as Zoom) are for unclassified information only.

Storing and Securing Information:

• Be aware of your surroundings and screen exposure if accessing your IRCC device in public (e.g. cellphones).
• Storing Protected C or Secret information on laptops is not permitted.
• All staff, equipment, and documents are subject to Access to Information and Privacy requests, wherever IRCC business is discussed or captured.

Additional information is available in the Managing Information in the Minister’s Office deck.

Module 4: Cyber Security

Working from Home

• When using IRCC devices, only connect personal devices that have no storage capability (i.e.: monitor, keyboard, mouse).
• Personal printers are not permitted to be connected to IRCC devices, and remote printing is not permitted.
• When you are in a meeting, turn off Siri, Alexa, Google Home, etc. Remember these devices are always listening.

Using Bluetooth

• Bluetooth headphones, microphones, and speakerphones are now permitted to be used with IRCC devices.
• Communication over Bluetooth is not to exceed Protected A.
• At this time, Bluetooth mouse or keyboards are not permitted to be connect to IRCC devices, however; wireless non-Bluetooth radio frequency (R/F) devices are permitted to be connected.

Module 4: Cyber Security

Appropriate Use Of IRCC-Issued Devices (Laptops/Phones)

• IRCC devices can be used for limited personal use during personal time, provided: they are not used for financial gain; personal use does not incur any additional costs for the Department; and it does not interfere with the conduct of business.
• Note that the following streaming sites are blocked and cannot be used on IRCC devices: Netflix, Prime, Disney+, Hulu, Crave, AppleTV.

Travelling with IRCC technology

• The Chief Information Officer determines if you can bring your IRCC-issued work devices (laptop, smart phone, tablet, etc.) with you outside of Canada. Permission must be sought prior to travelling. Taking a device out of the country without permission could significantly increase the risk to the Department, as the information contained within may be accessed and used for malicious purposes.
• If the cyber security risk level is medium or high, you will not be allowed to bring these devices on your trip and will need to request a travel device from the IRCC IT Service Desk. This process can take time to complete, so be sure to initiate it as early as you can (a minimum of two weeks before your planned departure). 
• To initiate the travel security risk assessment process, please work with the Corporate Team in the Deputy Minister’s Office.

Module 5: Physical Security

Security at IRCC’s National Headquarters is achieved through various security measures:

• Access control (security passes, turnstile installations, visitor escorts, etc.)—see Module 1
• Closed-circuit cameras installed throughout the facility are monitored 24/7 in the Security Operations Centre.
• Designated restricted floors are monitored by intrusion detection systems.
• Security personnel patrols the inside and the outside of the building regularly.
• Mail is scanned offsite through a contract with Canada Post prior to delivery to IRCC.

Minister’s Floor at IRCC

The Minister’s floor is designated as a secure zone. Access to the secure zone is restricted to authorized personnel only and is managed by the Deputy Minister’s office. Access to the floor is remotely monitored 24/7 by Closed Circuit Video Monitoring in the Security Operations Center.

Reminder: Departmental ID/Access cards should be worn at all times when in the building.

Physical Security: at IRCC

Departmental Security

IRCC Departmental Security has established emergency plans/procedures to manage IRCC building and staff-related safety and security issues (e.g., demonstrations, evacuations, lockdown).

The Emergency Protocols Placemat (see Annex) outlines the appropriate protocols for different emergency situations that the Minister, and/or the Minister’s staff, may face when on-site at an IRCC building.

When notified of a threat, Departmental Security can deploy enhanced security measures, including but not limited to:

• additional security patrols;
• increased security presence on the Minister’s floor;
• preparations for a facility lockdown;
• extra vigilance of incoming traffic in the building (visitors/guests); and
• overall increased security vigilance.

Physical Security: RCMP & Ministerial Security

Royal Canadian Mounted Police (RCMP) Protective Policing

If the Minister or staff are in receipt of a threat (whether by phone, email, letter or social media posting), or if specific concerns are identified regarding personal security, please contact the RCMP’s Protective Policing Coordination Centre (POCC) at [Redacted]. Both are monitored on a 24 hour/7-day basis.

IRCC Departmental Security and Ministerial Security must also be informed of the threat. Please copy IRCC.MINOSecurity-SecuriteMINO.IRCC@cic.gc.ca on all correspondence with RCMP Protective Policing or report when a call to RCMP POCC has been made.

For departmental events/travel (domestic and international), the RCMP may provide protective services for the Minister, as deemed warranted based on an intelligence-informed assessment of threat and risk.

• Timely and complete information is required for the RCMP to conduct meaningful assessments towards the identification of security requirements.
• The IRCC Ministerial Security team (IRCC.MINOSecurity-SecuriteMINO.IRCC@cic.gc.ca) works as a liaison with the RCMP to help ensure that all necessary information is gathered/shared (e.g. media presence; public exposure; event importance/sensitivity; perceived threats) for the assessment.

Physical Security: Parliament & Privy Council Office

House of Commons Sergeant-at-Arms (SAA)

When the Minister is at Parliament Hill office, protective services are provided by the House of Commons SAA, who maintains a comprehensive security operation to ensure that the Minister and all parliamentarians can carry out their duties in a safe and secure environment. This includes, but is not limited to, security matters involving Parliament Hill or constituency offices, personal residences, and parliamentary/personal social media and email accounts. For questions about the Minister’s security at Parliament Hill office, the Minister’s Office can contact the SAA at [Redacted]

Privy Council Office (PCO)

The following issues must be reported^{Footnote *} to the Office of the Chief Security Officer, PCO at [Redacted]

• National security concerns, including those related to terrorism or controlled goods;
• Security incidents and other security events that will have, or are likely to have, a significant impact on federal departments or agencies, or that require an immediate or coordinated government-wide response;
• Departmental decisions to activate higher levels of readiness and to return to lower levels of readiness; and
• All security incidents and other security events of significance involving Cabinet confidences.

PCO also offers security support to ministers on a cost-recovery basis, including unarmed security guards or enhanced security features at the Minister’s residences, private guards for ministerial events, defensive training for drivers, and de-escalation training for the Minister or their staff.

Key Contacts

Chief Information Officer

[Redacted]

Chief Security Officer

[Redacted]

Departmental Security

[Redacted]
[Redacted]

Sergeant-at-Arms

[Redacted]

RCMP Protective Policing

[Redacted]

Office of the Chief Security Officer, Privy Council Office

[Redacted]

Cyber Security Team

ircc.itsec-secti.ircc@cic.gc.ca

To report an incident:
Emergency: Call 911
Non-emergency: Call 613-941-2110 (Security Operations Centre)