Cyber and Information Technology (IT) Security


Shared Services Canada’s (SSC) role in achieving cyber and information technology (IT) security integrity across government is to strengthen the security of federal information and information systems.

SSC is mandated to protect the infrastructure and associated data in transit, storage, and use. SSC cyber and IT security activities are aligned to a framework composed of prevention, detection, response and recovery functions that are executed using a combination of people, process, services and information.

The framework is aligned to Government of Canada’s Cyber Security Strategy and incorporates a security-by-design approach, in collaboration with the Communications Security Establishment (CSE) and the Treasury Board Secretariat. SSC’s government-wide, IT-security services apply “safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information.”

SSC also oversees the operation of identification, authentication and authorization services.

As part of SSC’s contribution to Canada’s Cyber Security Strategy, SSC has established 24/7 Security Operations Centre and a supply- chain integrity program that contributes directly to incorporating security in all our procurements.  SSC’s Security Operations Centre has also taken over former responsibilities of CSE for the Government of Canada, such as the GC Computer Incident Response Team (GC-CIRT).


The following planning activities are underway:

Security software procurement: Standardization and consolidation will bring efficiencies and cost savings, as well as greater security for information technology across partner organizations.

Network and device security: The objective of this program is to protect the Government of Canada’s network and devices through the use of various IT safeguards (including Virtual Private Network (VPN), intrusion detection and prevention, application whitelisting and more).

Government of Canada’s Secret infrastructure: SSC is responsible for the Secret infrastructure consolidation and procurement of its key components. Work on the secret infrastructure is incorporated with our transformation strategies for email, data centres and networks and with the emerging plans for end-user devices.

Security and privacy by design: SSC is implementing a security and privacy by design model that will incorporate security as part of enterprise service design to provide risk-managed (and cost-effective) security assurance to the authorization authority, our partners and to meet compliance objectives.

Security and privacy by design is the process of including the appropriate security controls into the service design and service management artifacts and verifying that they are appropriately implemented and meet the intended objectives.


With the consolidation and standardization of Government of Canada information technology infrastructure, SSC is achieving a more consistent approach to cyber security.

Report a problem or mistake on this page
Please select all that apply:

Privacy statement

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: