Reporting a security breach involving controlled goods
A security breach is the unauthorized examination, possession or transfer of controlled goods. All breaches, suspected or confirmed, must be reported to the Controlled Goods Program within 3 days upon discovery.
Examples of security breaches
- Loss of controlled goods, such as by theft or disappearance, including a breach of controlled technical data as a result of computer hacking or cyber attack
- Unauthorized examination, possession or transfer of controlled goods, including its technical data, by anyone, including unauthorized employees
- Appearance of willful damage or tampering to controlled goods
How to report a confirmed or suspected security breach
Registered persons must report confirmed or suspected security breaches to the Controlled Goods Program within 3 days upon discovery of a potential security breach in relation to controlled goods and/or controlled technology.
Download the security breach report form
Security breach report form (PDF 202 KB)
Submit the security breach report form
Contact the Controlled Goods Program
Why you need to report
As per paragraph 10(h) of the Controlled Goods Regulations registered persons in the Controlled Goods Program are required to report all confirmed or suspected security breaches.
Failure to report a breach may result in your registration being suspended or revoked. You may also be prosecuted under the Defence Production Act.
More information
Report confirmed and potential security breaches: Guideline on Controlled Goods Program registration