Spearhead Management Canada Limited

Our world has changed significantly since September 11, 2001. The Government of Canada, in response to growing cyber dependencies and global threats, has recognized the urgent and critical need to address rapidly developing IT security threats and vulnerabilities. The Information Technology Security Program provides the Government of Canada with timely, credible, unbiased insight and the technical leadership required to guide critical IT security decisions. (Excerpt from the Canadian Communications Security Establishment website) The IT Security Program is committed to ensuring that our Government of Canada clients’ cyber networks and critical infrastructures are trustworthy and secure.

The Government of Canada has initiated the following acts regarding privacy and security:

Emergency Preparedness Act
Government Security Policy
Management of Government Information Holdings Policy
Risk Management Policy
Management of Information Technology Policy

In response to pent-up demand regarding IT security, emergency planning and risk management over the last several years, Spearhead Management Canada has conducted numerous reviews, audits, assessments and planning studies for provincial and federal government agencies including:

Privacy Impact Assessment (PIA)
Threat and Risk Assessment (TRA)
Statement of Sensitivity (SoS)
Emergency Preparedness
Business Continuity Planning (DRP/BRP) (for more information, please refer to the Treasury Board of Canada web site: http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TB_J2/brp1_e.asp#_Toc447076166

Security Audits/Reviews

Includes the security of data, equipment, human resources, and physical (buildings)
PIA - Privacy Impact Assessment – provides a framework that ensures privacy is addressed in the design of programs and services
TRA - Threat and Risk Assessments – consists of determining what is to be protected, why it is being protected, what to protect against and whether existing or proposed security measures are acceptable and suitable.

PWGSC – Three year SO to conduct base building security TRAs for approximately 300 buildings in the NCR. The approach is centered on a computer application designed specifically to provide screening-level assessment in government buildings to provide baseline security requirements including business continuity planning and continuous risk management
SoS – Statement of Sensitivity – If your project involves electronic service delivery, you may need to consider an SOS to determine the sensitivity of any vulnerabilities to personal information, along with mitigating risks from unauthorized access to this information

Business Continuity Planning (or DRP/BRP) – plan to effectively respond to a disruption in normal business functions