Recommendation A (Medium Impact):
PSIC should develop and administer ongoing training on information management and privacy risks and best practices. |
- Develop a training package and deliver training at least once a year.
- Content to be integrated into PSIC standard procedures, which will then become part of the Operations Manual.
|
- May 2014 - Executive Director and Director of Operations
- September 2014 - Director of Operations
|
Recommendation B (Low impact):
PSIC should update its policy suite by:
- Formalizing and documenting the PSIC Department Security Officer; and
- Developing disposal procedures and practices.
|
- Hold discussion with CHRC to agree on roles & responsibilities and amend the MOU with CHRC to reflect the changes.
- Develop disposal procedures and practices
|
- Complete - Executive Director
- September 2014 - Chief Financial Officer
|
Recommendation C (Medium impact):
PSIC should strengthen the design and effectiveness of information management and privacy controls with a focus on:
- Defining and strengthening controls in the areas of receipt of information, password protection and T-Drive structure and access controls; and
- Implementing quality assurance measures to help ensure established processes and controls are being adhered to.
|
- New recording machines with password protection to be purchased
- Reviewing the procedures regarding the receipt of information
- Documenting the access controls process
- Implement the assurance quality process
|
- Complete - Director of Operations
- Complete - Director of Operations
- September 2014 - Director of Operations
- September 2014 - Director of Operations
|
Recommendation D (Medium impact):
PSIC should consider:
- Updating the MOU with CHRC to reflect expected roles and responsibilities captured in the internal policies and directives; and
- Establishing general monitoring procedures as well as develop controls to help prevent the risk of internal threats.
|
- Hold discussion with CHRC and amend the MOU
- Discuss with CHRC and establish the procedures and controls
|
- Complete - Executive Director
- September 2014 - Executive Director
|