Core Policy and Procedures Manual - Amendment Summary
April 2012

Policy

12.0 Information
and
Technology Management

12.3.3 Information Management - New subsection documenting the key elements of the Working Outside the Workplace Policy.

12.3.6 Information and Technology Security - New subsection documenting the key elements of the Information Incident Management Process.

15.0 Security

15.2 General - Expands the responsibilities of the Chief Security Officer, Government Security Office and clarifies the role of the Government Chief Information Officer in relation to information incidents and other Security responsibilities.

15.3 Policy - Clarifies organizational roles in Security policy.

20.0 Loss Management

20.2 General – Restatement of annual loss reporting requirement (L.7) to Risk Management Branch; Comptroller General role and activities updated to reflect organization changes.

Provides a description of information incidents as loss incidents and broadens "illegal activities" loss incident category to include breach of Cabinet confidentiality.

Roles and Responsibilities - Documents the responsibility of the Government Chief Informaiton Officer referencing the information Incident Management Process.

20.4 Fraud Risk Management Policy – New subsection – using existing information from other areas in CPPM and central agencies to provide comprehensive fraud policy which establishes clear roles and responsibilities for government employees at all levels in managing fraud risk. 

Procedures
D. Payment Processing D.13  Block Suppliers – New procedures have been prepared to provide ministries with direction on the appropriate use of block suppliers. 
L. Loss Reporting

L.1 General - Wording changed to provide clarity when to report a loss.

L.2 Information and information technology incidents - Defines procedures to directly link information incidents to the Information Incident Management Process. Also clarifies procedure for incidents involving Cabinet confidentiality.

L.3 Illegal Activities – Direction provided regarding responsibility to report illegal activity (regardless of amount).  

Clarifies the loss reporting procedure for losses involving Cabinet confidentiality.


Thank you for visiting our web site.
If you have any comments or questions, please email us.