Search form

Language selection

  • Help: Change text size

    To change text size, use the browser commands.

    Safari

    In the toolbar, select View > Zoom > Zoom In, Reset or Zoom Out. On the keyboard, press COMMAND + to zoom in, COMMAND - to zoom out or COMMAND 0 to reset.

    Chrome

    In the toolbar, select View > Zoom In, Actual Size or Zoom Out. On the keyboard, press COMMAND + (Mac) or CTRL + (Windows) to zoom in, COMMAND - (Mac) or CTRL - (Windows) to zoom out or COMMAND 0 (Mac) or CTRL 0 (Windows) to view actual size

    Firefox

    In the toolbar, select View > Zoom > Zoom In, Reset or Zoom Out. On the keyboard, press COMMAND + (Mac) or CTRL + (Windows) to zoom in, COMMAND - (Mac) or CTRL - (Windows) to zoom out or COMMAND 0 (Mac) or CTRL 0 (Windows) to view actual size

    Internet Explorer

    In the toolbar, select Options > Zoom > Zoom In, Custom or Zoom Out. On the keyboard, press CTRL + to zoom in, CTRL - to zoom out or CTRL 0 to reset.

Management Action Plan - Internal Audit of the Information Management Privacy and Compliance

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

(Back to the report)

April 2014

ObservationsActionsOffice of Primary Interest and Estimated Timeframe
Recommendation A (Medium Impact):
PSIC should develop and administer ongoing training on information management and privacy risks and best practices.
  • Develop a training package and deliver training at least once a year.
  • Content to be integrated into PSIC standard procedures, which will then become part of the Operations Manual.
  • May 2014 - Executive Director and Director of Operations
  • September 2014 - Director of Operations

Recommendation B (Low impact):
PSIC should update its policy suite by:

  • Formalizing and documenting the PSIC Department Security Officer; and
  • Developing disposal procedures and practices.
  • Hold discussion with CHRC to agree on roles & responsibilities and amend the MOU with CHRC to reflect the changes.
  • Develop disposal procedures and practices
  • Complete - Executive Director
  • September 2014 - Chief Financial Officer

Recommendation C (Medium impact):
PSIC should strengthen the design and effectiveness of information management and privacy controls with a focus on:

  • Defining and strengthening controls in the areas of receipt of information, password protection and T-Drive structure and access controls; and
  • Implementing quality assurance measures to help ensure established processes and controls are being adhered to.
  • New recording machines with password protection to be purchased
  • Reviewing the procedures regarding the receipt of information
  • Documenting the access controls process
  • Implement the assurance quality process
  • Complete - Director of Operations
  • Complete - Director of Operations
  • September 2014 - Director of Operations
  • September 2014 - Director of Operations

Recommendation D (Medium impact):
PSIC should consider:

  • Updating the MOU with CHRC to reflect expected roles and responsibilities captured in the internal policies and directives; and
  • Establishing general monitoring procedures as well as develop controls to help prevent the risk of internal threats.
  • Hold discussion with CHRC and amend the MOU
  • Discuss with CHRC and establish the procedures and controls
  • Complete - Executive Director
  • September 2014 - Executive Director
Date modified: