Department of Justice Guide on Security for Legal Agents
7. Physical Security Requirements
Physical security pertains to the location and design of a legal agent’s premises and measures to prevent, detect and respond to unauthorized access. The legal agent must implement specific measures to maintain effective control and safeguarding. This includes progressively restricted security zones, access control systems and procedures, secure storage cabinets, approved destruction equipment, and handling and safeguarding procedures as described below.
7.1. Security Zones
Legal agents are expected to control access Government of Canada information and assets as would be required in a Government of Canada organization’s Operation ZoneFootnote 1 and in line with the jurisdictional law society (or professional regulatory body) requirements. The legal agent must establish an Operation Zone on their premises and limit access to those individuals having the appropriate authorization or security screening and a need to knowFootnote 2.
7.2. Access Control Systems
The legal agent must maintain an access control system to record all external visitors accessing the Operation Zone during normal working hours and ensure that such visitors are properly escorted when accessing the legal agent’s Operation Zone. The legal agent must also ensure that individuals accessing the Operation Zone outside of normal working hours (such as night-time cleaning staff) are properly escorted and that a record of all after-hours access is maintained.
7.3. Lock-up Procedures
The legal agent must maintain systematic control over all locks, keys, combination settings and access cards that are used on the premises to safeguard Government of Canada information and assets. The legal agent must ensure that all perimeter doors, and doors to Operation Zone(s), are locked at the end of the workday.
7.4. Storage Cabinets
All Government of Canada information and assets must be secured in a locked cabinet when not in use, as well as after normal working hours. All storage cabinets used to store Government of Canada information and assets, must have an integrated dial locking mechanism and must be located within the Operation Zone.
7.5. Destruction of Information and Assets
Legal agents should refer to the Terms and Conditions, for additional details on returning information or destroying records. As general guidance, Government of Canada information and assets, must only be destroyed further to written permission or instruction received from the Department, and must be destroyed in such a way that the contents are not retrievable. This also includes removable media (for example: USB sticks, CDs, and etcetera) containing Government of Canada information.
All destruction equipment must be located within the firm’s Operation Zone or be completed by a document shredding company authorized or approved by the Department.
7.6. Safeguarding of Information and Assets
In line with law society (or professional regulatory body) requirements, the Department expects legal agents to establish and implement procedures and methods that ensure the appropriate handling and safeguarding of all Government of Canada information and assets accessed in relation to their legal agent appointment.
7.7. Identification of Document Security
Document security levels will be indicated in the upper-right corner of documents shared with legal agents. When creating new documents, the legal agent should ensure the document is marked accordingly in the upper right corner of the document.
7.8. Transportation and Transmittal
The legal agent must ensure that all Government of Canada information and assets are secured when being transported or transmitted within or outside an Operation Zone. The Government of Canada’s minimum safeguards for transporting or transmitting information or assets are outlined in Annex B.
8. Information Technology (IT) Security Requirements
The Department may conduct an assessment or inspection of the legal agent’s IT system if it will be used to process, transmit and store government information. This will be completed to ensure that appropriate safeguarding measures have been established, in line with law society (or professional regulatory body) requirements. See Annex C for additional details.
9. Security, Breaches and Compromises
The Department reserves the right to inspect, at reasonable intervals, the legal agent’s security controls and safeguards, methods, and facilities for compliance with the security requirements. The legal agent is expected to cooperate with the Department and provide full access to their premises and to any information required in the context of an inspection.
Should the Department determine that the legal agent is not in compliance it will advise the legal agent in writing of the deficiencies. The Department may suspend or revoke the legal agent’s JCLSA, or may take other measures to manage any security risks, until the deficiencies are rectified to the satisfaction of the Department.
Department of Justice Chief Security Officer representative is:
The Justice Canada Personnel Security Office
Email: Personnel.SecurityOffice@justice.gc.ca
Where security issues are of a criminal or national security nature, all parties agree to report to authorities as per the Treasury Board Secretariat Directive on Security Management: Appendix I: Standard on Security Event Reporting.
10. Contacts
The LASO, ALASO(s) and/or the Managing Partner shall communicate all security-related matters to the Department by contacting:
The Personnel Security Office
Safety, Security and Emergency Management Division
Department of Justice
284 Wellington St. Ottawa
Ottawa, ON K1A 0H8
E-Mail: Personnel.SecurityOffice@justice.gc.ca
- Date modified: