Communique on physical security 2025-008
Back to the office: Physical Security reminders
On this page
As the warm weather ends, many employees are returning from summer vacations and resuming their in-office routines in alignment with their department or agency requirement. One area that deserves particular attention is physical security. In today's world, maintaining a secure workplace isn't just the job of physical security functional specialists, it is a duty shared by all employees in the organization, requiring vigilance on the part of everyone to keep government information, assets and employees safe and secure.
This Communique on Physical Security serves as a reminder of some of the physical security best practices that help protect government information, assets and people. Following these best practices helps to ensure a safe and secure working environment for all.
Workplace security: Everyone's responsibility
Security begins with awareness. Whether you're a new employee or a seasoned veteran, staying alert and following good security practices can make a significant difference in preventing physical security breaches. One of the simplest yet most effective habits is displaying your issued ID badge/access card while in the workplace. This signals that you are authorized to be in specific areas and helps to deter or prevent unauthorized individuals from accessing restricted spaces.
Other access control best practices are to avoid "piggybacking" or "tailgating". Piggybacking occurs when an individual enters a restricted access area by following closely behind an authorized person. While it may feel polite to hold the door open, doing so without verifying the other person's credentials can compromise the security of a space. Tailgating is an action where a person follows behind an authorized person through a restricted access door without the knowledge of the authorized person. The "tailgater" waits until the door is almost closed and quickly opens it and enters, allowing the unauthorized person access to the space.
Locking your computer whenever you step away is a must. Whether you're heading to a meeting or a break, use a quick keyboard shortcut (Windows + L) or Ctrl-Alt-Del to manually lock your screen ensures that sensitive data remains protected. At the end of the day, shut down your computer and properly safeguard access cards such as a building access and PKI cards appropriately. Similarly, physical documents should be stored securely in the appropriate
Maintaining a clean desk is more than just good housekeeping; it's a good security practice. Sensitive government materials and credentials and any personal information and material should never be left unattended or exposed in open areas. Before leaving your desk, especially at the end of the day, take a moment to properly secure any sensitive items to prevent accidental exposure. This is especially important now that shared spaces are becoming the norm.
Conversations about sensitive topics should also be protected. Public areas like hallways, break rooms, and elevators may not be appropriate venues for discussing sensitive information and are inadequate for protecting highly sensitive info such as secret information. Use designated meeting rooms or private offices and appropriate physical security zones or special discussion areas that offer privacy and security to ensure that your discussions remain secure.
Training
Security threats are constantly evolving, which makes ongoing training essential. Regular sessions help employees stay informed about the latest risks and equip them with the tools to respond effectively. A well-trained workforce is one of the strongest defenses against physical security threats. The Canada School of Public Service (CSPS) offers a range of relevant courses, including Security Awareness (COR 310) and Fundamentals of Physical Security (COR 304), which provide valuable insights into the principles of physical security and its importance in the workplace. The RCMP LSA also offers a range of physical security courses to physical security functional specialists and can be found on the RCMP LSA website.
Disposal
Proper disposal of information is another key aspect of physical security. Sensitive paper documents should be destroyed appropriately and not simply disposed of as waste or placed in the recycle bin. Electronic or digital devices and drives must be securely erased or physically destroyed in accordance with ITSAP.40.006 Sanitization and disposal of electronic devices.
Information sharing
The sharing of information should always be done with caution and authorization. Employees must understand what they are permitted to disclose and verify the legitimacy of any request for sensitive data. Additionally, the person transmitting and receiving the information should have the appropriate security clearance or status and have a need-to-know and need-to-access the information. A moment of diligence can prevent a serious breach.
Building and maintaining a culture of security
Security is more than just following rules, it is about cultivating a culture of awareness and accountability. Security should not be seen as a barrier to operations, rather as a support for the protection of information, assets and employees. When everyone takes ownership of physical security, the workplace becomes a safer, more secure, and more efficient environment for everyone. Whether you're just returning from vacation or have been in the office all summer, now is the perfect time to refresh yourself on these best practices and help build a resilient, security-conscious organization.
- Date modified: