Communique on physical security 2024-001
Remote/Telework - Security guidelines
On this page
This bulletin from the RCMP LSA for Physical Security is for Remote and Telework situations as defined by Treasury Board (TBS). These highlight the requirements for departments and agencies to ensure the appropriate protection of Government of Canada (GC) information, assets, and personnel. Departments and agencies should endeavour to meet or exceed these guidelines, RCMP LSA Physical Security Guides, and the Policy on Government Security. If these requirements cannot be met, departments should conduct a risk management exercise and document all decisions using their departmental risk management authority.
This bulletin identifies physical security requirements for sensitive documents up to Protected B/Confidential in remote and telework environments. Including; authorization, transportation, possession, processing and storage of this information. This document does not include processing or storage requirements for information at the Protected C, Secret, and Top Secret level.
Recommendations/Restrictions
- Persons having access to protected or classified information must have the appropriate security screening level (clearance or reliability status) and a need-to-know / need-to-access;
- Limited amounts of Protected A, B and Confidential material may be processed and stored in remote/telework locations;
- Processing and storage of Protected C, Secret and Top Secret material at the remote/telework location is considered an unacceptably high risk and may well constitute a violation of government security policy therefore should not be permitted; and
- Departments must risk manage all authorizations for the processing and storage of sensitive GC information in remote/telework locations.
CSO, Manager/Responsibilities
- Remote or telework approval can be granted individually, to a group or department by the CSO or manager based on the departmental risk management matrix;
- Employees are responsible to take reasonable care to protect sensitive government information and assets against unauthorized disclosure, loss, theft, fire, destruction, damage or modification as per GCPSG-008 (2022) Physical Security Considerations for Remote and Telework and departmental policy;
- Original files of highly sensitive information should remain in the workplace and copies be made for transport to the remote location;
- Complete a tracking sheet for all highly sensitive information taken out of the workplace to maintain file continuity; and
- Managers and employees should sign in/out all highly sensitive information removed and record the subject and number of pages in each file.
Transportation
- Managers should make all efforts to ensure remote/telework options remain paperless;
- Protected and classified information be transported as per GCPSG-007 (2022) Transport, Transmittal and Storage of Protected and Classified Material and departmental policy;
- Employees should not make unnecessary stops when transporting Protected and Classified information; and
- Protected and Classified information should never be left unattended (i.e. in a vehicle).
Control of information during processing
- Employees should conduct work within a dedicated area which can be secured from oversight by co-habitants and windows;
- Employees should avoid discussing Protected or Classified information on the telephone or with co-habitants as per GCPSG-008 (2022) Physical Security Considerations for Remote and Telework and departmental policy;
- Connecting personal devices (printers) to Government workstations should be avoided;
- Printing in the remote/telework work location should be approved by managers or supervisors and only where a critical business processes requires it;
- All printers should be approved by departmental IT professionals;
- Only print documents up to the Protected B level;
- All Protected and Classified paper documents for destruction should be stored securely until returned to the workplace for shredding; and
- Scanning of Protected and Classified documents in the remote/telework location is not recommended.
Security/Storage requirements
- Protected and classified information and assets be stored in accordance with GCPSG- 007 (2022) Transport, Transmittal and Storage of Protected and Classified Material, GCPSG-008 (2022) Physical Security Considerations for Remote and Telework and departmental policy; and
- All information and assets should be stored out of sight and secured when not in use or when the employee leaves the remote/telework location.
Security/Storage requirements - Protected B/Confidential
- Access control measures should be put in place to limit or prevent unauthorized viewing or access to Protected B / Confidential material; and
- Protected B / Confidential information should be stored in a lockable container that would clearly shows signs of any attempted entry.
Security and Storage requirements Secret (if permitted)
- A dedicated lockable room should be used for the processing and storage of Secret information to limit or prevent unauthorized overview and access;
- Access control measures should be put in place when processing Secret information and when stored (room should be locked if left unattended);
- Secret information should be stored in an RCMP approved security container, fastened to the building structure when not in use; and
- Locations should be equipped with an alarm system and the room where the information is stored should have window and door contacts and motion detection.
Storage of Protected C and Top Secret information and assets is not recommended
Note: The terms process or processing should be understood to mean “working on or working with the identified information”.
Contact us
Contact the RCMP LSA with your Physical Security inquiries at RCMP LSA Org Email: rcmp.lsa-grc.pospm@rcmp-grc.gc.ca or visit the RCMP LSA web page.
- Date modified: