Security incident report for company security officers and alternate company security officers

Following a security incident or breach, the company security officer (CSO) or alternate company security officer (ASCO) must provide the information requested in accordance with Annex A: Guidelines on company security officer and alternate company security officer responsibilities – section VI. Security violations, breaches and compromises of the Contract Security Manual.

Do not submit protected and/or classified information with this report

When submitting this report, clearly indicate in your email message whether you must submit sensitive information as part of the incident reporting or investigation. The investigator assigned to the file will then contact you to make the necessary arrangements to obtain these documents.

Organization name (required)

Organization number (this number can be found on your organization clearance letter) (required)

Date of the incident (yyyy-mm-dd) (required)

Local time of the incident (between 00:00 and 23:59) (required)

First and last name of company security officer or alternate company security officer (required)

Email address (required)

Office phone number (required)

Cellular phone number

Location of the incident (required)

1. What, where and when did the incident occur? (required)

2. Who reported it, to whom, and when? (required)

3. What information or asset was involved (in detail)? (required)

4. What was the security marking and description of the information or asset involved? (required)

5. Who originated the information or asset? (required)

6. When, for how long, and under what circumstances was the asset vulnerable to unauthorized disclosure, and to whom? (required)

7. What actions were taken to secure the information or asset and limit the damage? (required)

8. Is any information or asset lost or unaccounted for? (required)

Reminder

Annex A: Guidelines on company security officer and alternate company security officer responsibilities – section VII. Reporting of the Contract Security Manual states:

Upon receiving an incident report, the CSO must immediately conduct a preliminary inquiry to determine all of the circumstances and report the incident to Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP) within 24 hours. When the results of a preliminary inquiry indicate a suspected or actual breach or compromise of information and assets, the CSO must immediately notify PSPC’s CSP.

Print this page for your records

Before you select "Submit", print this page for your records.

Organizations must keep records of incidents and investigation reports for a period of 2 years following the incident. These records are subject to inspection and investigation by the program.

Report a problem on this page

Date modified:: 2022-01-19