Management Action Plan - Information Management Privacy and Compliance Audit | Office of the Public Sector Integrity Commissioner

Skip to main content
Skip to "About this site"

Search form

Language selection

Français

How to resize textAAA

Help: Change text size

To change text size, use the browser commands.

Safari

In the toolbar, select View > Zoom > Zoom In, Reset or Zoom Out. On the keyboard, press COMMAND + to zoom in, COMMAND - to zoom out or COMMAND 0 to reset.

Chrome

In the toolbar, select View > Zoom In, Actual Size or Zoom Out. On the keyboard, press COMMAND + (Mac) or CTRL + (Windows) to zoom in, COMMAND - (Mac) or CTRL - (Windows) to zoom out or COMMAND 0 (Mac) or CTRL 0 (Windows) to view actual size

Firefox

In the toolbar, select View > Zoom > Zoom In, Reset or Zoom Out. On the keyboard, press COMMAND + (Mac) or CTRL + (Windows) to zoom in, COMMAND - (Mac) or CTRL - (Windows) to zoom out or COMMAND 0 (Mac) or CTRL 0 (Windows) to view actual size

Internet Explorer

In the toolbar, select Options > Zoom > Zoom In, Custom or Zoom Out. On the keyboard, press CTRL + to zoom in, CTRL - to zoom out or CTRL 0 to reset.

Internal Audit of Information Management Privacy and Compliance

Management Action Plan - April 2014

(back to audit)

Observations	Actions	Office of Primary Interest and Estimated Timeframe
Recommendation A (Medium Impact): PSIC should develop and administer ongoing training on information management and privacy risks and best practices.	Develop a training package and deliver training at least once a year. Content to be integrated into PSIC standard procedures, which will then become part of the Operations Manual.	May 2014 - Executive Director and Director of Operations September 2014 - Director of Operations
Recommendation B (Low impact): PSIC should update its policy suite by: Formalizing and documenting the PSIC Department Security Officer; and Developing disposal procedures and practices.	Hold discussion with CHRC to agree on roles & responsibilities and amend the MOU with CHRC to reflect the changes. Develop disposal procedures and practices	Complete - Executive Director September 2014 - Chief Financial Officer
Recommendation C (Medium impact): PSIC should strengthen the design and effectiveness of information management and privacy controls with a focus on: Defining and strengthening controls in the areas of receipt of information, password protection and T-Drive structure and access controls; and Implementing quality assurance measures to help ensure established processes and controls are being adhered to.	New recording machines with password protection to be purchased Reviewing the procedures regarding the receipt of information Documenting the access controls process Implement the assurance quality process	Complete - Director of Operations Complete - Director of Operations September 2014 - Director of Operations September 2014 - Director of Operations
Recommendation D (Medium impact): PSIC should consider: Updating the MOU with CHRC to reflect expected roles and responsibilities captured in the internal policies and directives; and Establishing general monitoring procedures as well as develop controls to help prevent the risk of internal threats.	Hold discussion with CHRC and amend the MOU Discuss with CHRC and establish the procedures and controls	Complete - Executive Director September 2014 - Executive Director

Date modified:: 2019-08-20