Directive on Security Management

Aims to achieve efficient, effective and accountable management of security within departments and agencies.
Date modified: 2019-07-01

Supporting tools

Mandatory procedures:

More information


Print-friendly XML
The Directive on Security Management and its Mandatory Procedures took effect on July 1, 2019. It replaced the Directive on Departmental Security Management, as well as the Operational Security Standard - Business Continuity Planning (BCP) Program, the Operational Security Standard on Physical Security, the Operational Security Standard - Readiness Levels for Federal Government Facilities, and the Operational Security Standard: Management of Information Technology Security (MITS).

Appendix H: Mandatory Procedures for Security Awareness and Training Control

H.1 Effective date

  • H.1.1These procedures take effect on July 1, 2019.

H.2 Procedures

  • H.2.1These procedures provide details on the requirements to support the deputy head accountability.
  • H.2.2Mandatory procedures are as follows:
    • H.2.2.1Security awareness requirements and practices: Define, document and maintain departmental security awareness and training requirements and practices, in accordance with government-wide policy requirements.
    • H.2.2.2Security awareness: Develop, deliver, document and maintain security awareness activities and products to inform and remind individuals of security threats and risks and of their security responsibilities, in accordance with departmental security awareness requirements.
    • H.2.2.3Security training: Provide, or arrange and document the provision of, security training to all employees, including specialized security training for those individuals who have specific security responsibilities or who could affect the achievement of security objectives as part of their duties, in accordance with departmental security training requirements.
    • H.2.2.4Monitoring and corrective actions: Assess the effectiveness of security awareness and training activities, and implement changes, as required, to ensure that these activities continue to meet the needs of the department.
Date modified: