Reporting a security breach involving controlled goods
A security breach is the unauthorized examination, possession or transfer of controlled goods. All breaches, suspected or confirmed, must be reported to the Controlled Goods Program within three days upon discovery.
Examples of security breaches
- Loss of controlled goods, such as by theft or disappearance, including a breach of controlled technical data as a result of computer hacking or cyber attack
- Unauthorized examination, possession or transfer of controlled goods, including its technical data, by anyone, including unauthorized employees
- Appearance of willful damage or tampering to controlled goods
How to report a confirmed or suspected security breach
Registered persons must report confirmed or suspected security breaches to the Controlled Goods Program within three days upon discovery of a potential security breach in relation to controlled goods and/or controlled technology.
Download the security breach report form
Submit the security breach report form
Why you need to report
As per paragraph 10(h) of the Controlled Goods Regulations registered persons in the Controlled Goods Program are required to report all confirmed or suspected security breaches.
Failure to report a breach may result in your registration being suspended or revoked. You may also be prosecuted under the Defence Production Act.
- Report confirmed and potential security breaches: Guideline on Controlled Goods Program registration
- Date modified: