The Guideline on Acceptable Network and Device Use (the Guideline) provides guidance to departmental managers and functional specialists responsible for implementing the Policy on Acceptable Network and Device Use (the Policy). This guideline is intended for departments to which the Policy applies (see Section 2 of the Policy). Other Government of Canada institutions are encouraged to follow the advice in this guideline, as appropriate.
This guideline was prepared by the Chief Information Officer Branch of the Treasury Board of Canada Secretariat in consultation with departments and agencies. It replaces those sections of the Guideline for External Use of Web 2.0 that relate to the use of social media for professional and limited personal use.
The widespread adoption of the Internet and the rapid evolution of networks and devices have changed the way public servants work, and have improved the ability to communicate, collaborate, and share information and expertise. For many public servants this advancement has inspired innovative ways of working, including:
The Policy requires departments to ensure acceptable and efficient use of Government of Canada electronic networks and devices and to provide open access to Web 2.0 tools and services, in accordance with the Policy on Government Security. This guideline defines professional and personal use of Government of Canada electronic networks, devices and Web 2.0 tools and services. This guideline also provides practical advice and tools that relate to the implementation of the Policy requirements.
Departments are encouraged to consider these best practices when developing their implementation plans.
In an interactive and mobile work environment, it is important that employees are aware of the expectations of acceptable use when using Government of Canada electronic networks and devices, and Web 2.0 tools and services. This is particularly pertinent given that the networks, devices and social media platforms used for professional purposes are sometimes the same as those used for personal activities, thus potentially blurring the boundaries between the professional and personal use by public servants.
This guideline applies to professional and personal use of Government of Canada electronic networks and devices, and Web 2.0 tools and services by authorized individuals, irrespective of location of access. This includes using government-issued devices on government and public networks, as well as using personal devices, if permitted, on Government of Canada networks (e.g., use of a Virtual Private Network on a personal computer).
Social media and other Web 2.0 tools and services are providing new opportunities for networking and collaborating. There are three key types of use:
"Professional use", which refers to the use of a personal social media account for purposes related to professional activities, such as communicating with professional associations, professional networking (e.g., participating in an online conference), gathering and sharing knowledge (e.g., using Twitter to stay up-to-date on trends or visiting government Facebook pages) and career development (i.e., maintaining a LinkedIn profile).
"Personal use", which refers to the use of a personal social media account for purposes unrelated to professional development or employment (e.g., blogging about gardening tips, checking the weather or bus schedules, or sharing personal or family photos). This type of use is limited and must be conducted on personal time.
A third category is "official use". Only those individuals who have been authorized to represent the Government of Canada can use official social media accounts. Advice on the official use of social media is provided in the Guideline on Official Use of Social Media.
Appendix F provides sample learning tools related to employee use of social media.
Note: Adherence to the behaviours outlined in the Values and Ethics Code of the Public Sector and departmental codes of conduct is expected for all types of use of electronic networks, devices and Web 2.0 tools and services, including social media. It is important to apply the same judgement to online activities as would apply to similar activities offline. Examples of acceptable and unacceptable use are provided in Appendix B of the Policy and Appendix C of the Policy.
The expected results of the Policy are that authorized individuals use Government of Canada electronic networks and devices in an acceptable manner and that they have open access to Web 2.0 tools and services on the appropriate Government of Canada network domains and associated devices. Formulating a course of action to implement the Policy requirements in a timely and effective manner is critical to achieving these outcomes.
A department's approach to planning for implementation will be affected by a number of variables that depend on the department's current state of open access. Departments are encouraged to adapt these recommendations to their own needs.
As a best practice, departments are encouraged to conduct the following activities as part of the planning process:
Implementation is the process of turning policy into practice. Executive support can increase the potential for success in implementing the Policy. An effective champion can provide strategic direction to inform the development of an implementation plan and assist in securing the resources needed for implementation. The champion can also be an agent of change.
The Policy requires open access to Internet tools and services, which for some departments will require a culture shift. The presence of an influential leader can help form a new shared value by encouraging others to work differently by promoting the acceptable use of Government of Canada electronic networks and devices, and Web 2.0 tools and services and open access to Internet tools, and by demonstrating change through positive results.
A gap analysis involves determining what steps need to be taken to move from a current state to a target state. Knowledge of expected practices in the target state can help identify actions to close any potential gaps. Departments may wish to frame their gap analyses by using the requirements of the Policy as the future state and determining what gaps exist between the current and future states. Departments can then propose actions to fill the gaps. Highlighting deficiencies will help create the basis of an implementation plan, within which departments can include the resources needed to meet the objectives.
Engaging the right people through existing departmental networks or through the creation of a team of experts can support the Policy's implementation goals. It can also demonstrate a more coherent approach to the champion and other executives. It is recommended that departmental representatives be consulted throughout the life cycle of implementation, to ensure that relevant policy and legal considerations are met. Appendix B suggests the departmental experts that could be involved and the value they can add.
Developing a formal implementation plan can build a common understanding about what is to be achieved, and the roles and responsibilities of those involved in implementing the Policy. It is a good practice to create an implementation plan in consultation with the members of the team of experts. It is suggested that the plan include the following:
An example of an Implementation Plan Template is provided in Appendix C.
The objective of the Policy is to ensure acceptable and efficient use of Government of Canada electronic networks and devices, and Web 2.0 tools and services to support enhanced communication and collaboration, thereby improving productivity and program and service delivery to individuals and businesses.
Section 6 of the Policy states that deputy heads are responsible for ensuring that:
Effective management involves planning, coordinating and monitoring to accomplish desired goals and objectives while using available resources efficiently. Sound operational practices can aid departments in adequately protecting departmental and informational assets and allowing authorized individuals to use networks and devices effectively, efficiently and securely.
As a best practice, departments may want to review existing operational management practices for opportunities to optimize and to validate that the appropriate resources and tools supporting the implementation of the Policy are well coordinated. Finally, ensuring effectiveness of these operating practices through periodic reviews can help ensure ongoing compliance with the Policy.
Examples of best practices are:
Communication plays a pivotal role in the successful implementation and application of a policy. Key messages can be developed and communicated using different channels of delivery, ensuring that managers are informed of their responsibilities and that employees are briefed on what is expected of them.
Authorized individuals who use Government of Canada electronic networks and devices, and Web 2.0 tools and services must be informed of expectations for acceptable use, departmental monitoring practices and consequences of unacceptable use. Sample statements for consideration are available in Appendix E.
There are several options, both formal and informal, to consider when disseminating required information (Appendix F provides sample learning tools directed to authorized individuals), such as:
Whether the Policy requirements are being communicated upon the introduction of the new Policy, as part of ongoing awareness, or during periods of amendments to the Policy, it is recommended that departments develop a multi-faceted approach, using as many channels as possible to reach the intended audience.
A best practice is to ensure that relevant information about the Policy is available at all times on the departmental intranet or wiki. By keeping information up to date, departments can adapt messaging to include changes brought about by the introduction of new technologies and Web 2.0 tools and services.
Open access to Government of Canada electronic networks and devices, including internal and external Web 2.0 tools and services, is essential in transforming the way public servants work and serve Canadians. Open access to an array of Internet-based tools and services (e.g., GCpedia wiki, GCconnex and social networking platforms such as Twitter, YouTube and Facebook) can enhance collaboration and communication.
The information gathered in the gap analysis, outlined in Section 3.2 of this Guideline, may have identified the need to provide more open access within the department to meet the Policy requirements. If a strategy is needed to enhance access, the following components could be considered:
Note: See Appendix E of the Policy for additional mitigation measures.
As a baseline, departments could begin by providing default access to social media platforms for which the department has an official account registered, and by limiting access to functionality on those sites that support the objectives of the Policy (e.g., prohibiting access to Facebook games or applications). Departments are also encouraged to document their plans for the incremental expansion of open access once a baseline is established.
In the rare case where business requirements or operational circumstances may dictate the need for restricted access due to security issues, options are available to departments to meet requirements of the Policy. Some options include:
Note: The implementation of an environment supporting open access does not extend to access from classified domains. Connectivity of the classified domains continues to be regulated under existing policy and standards on government security, as well as lead security agency and departmental direction.
It is suggested that departments provide a process for authorized individuals to request access to new websites or online tools, which can be considered in future plans to expand access, given security considerations.
Departments are encouraged to review their open access practices on an annual basis to assess progress and to address issues that arise regarding changes in policy or emerging technologies. This will also ensure that open access is being provided in accordance with the Policy on Government Security. Appendix E of the Policy provides guidance on security measures to support the implementation of the Policy and to protect Government of Canada networks, devices and information.
In general, risks associated with unacceptable use, security incidents, and privacy breaches can be minimized through the provision of effective learning opportunities supported by an effective monitoring capability. Learning activities can reinforce the role of managers and authorized individuals in ensuring good practices and compliance with policy requirements.
When generating awareness about the Policy, departments may want to inform managers and supervisors of the implications of the new Policy in advance. Their role can help ensure compliance with the Policy, thereby assuring the operational effectiveness and integrity of the department. This can also better equip management and supervisors to respond to questions from employees.
Consideration may also be given to linking key messages about expected behaviours when using Government of Canada networks, devices and Web 2.0 tools to the Values and Ethics Code for the Public Sector and the departmental code of conduct. It may be important to reinforce that the same rules regarding upholding the values of the public sector apply both online and offline.
Learning opportunities may include, but are not limited to:
Ongoing learning opportunities allow departments to update information as Internet-based tools continue to evolve, and can be supplemented with examples that represent the department's individual circumstances. It is recommended that the definitions (in Appendix A) and the lists of non-exhaustive examples of acceptable and unacceptable use, as described in Appendix B of the Policy and Appendix C of the Policy, be considered when developing learning materials. Appendix F provides sample learning tools.
Having the appropriate tools and processes in place to identify and investigate suspected cases of unacceptable use can support the accountability of deputy heads to address Policy non-compliance in an effective and organized manner.
Data from network monitoring tools supply some of the evidence needed to recognize and confirm incidents of unacceptable use. The Policy requires that regular monthly, and as required, reports be provided based on this data to assist departments in the identification, investigation, and implementation of corrective action pertaining to unacceptable use. Where network services are supplied by Shared Services Canada, the responsibility for providing these reports lies with the deputy head of Shared Services Canada. For those departments not served by Shared Services Canada, the responsibility to meet this requirement resides with the individual department.
Following the validation of the initial implementation of the Policy requirement regarding monitoring and reporting, departments may consider liaising regularly with Shared Services Canada or the departmental equivalent to ensure that monitoring tools are configured to generate the data needed to assess the acceptable use of networks and devices.
Unacceptable use can range from minor to very serious issues. Developing a Corrective Action Plan in advance to address incidents of unacceptable use can assist the deputy head in resolving matters of non-compliance efficiently and consistently. Appendix D provides a list of key elements and suggested options for remedial action that could be included in a Corrective Action Plan.
For questions on this guideline, please contact TBS Public Enquiries.
Permitted use of Government of Canada electronic networks and devices by authorized individuals:
All use of Government of Canada electronic networks and devices must be in compliance with the Values and Ethics Code for the Public Sector and all other related Treasury Board policies and departmental codes of conduct and policies. Use of Government of Canada electronic networks and devices must not give rise to a real, potential or apparent conflict of interest or in any way undermine the integrity of the department. (See also Appendix B of the Policy)
Gaining entry to an electronic network that the federal government has provided to Government of Canada authorized individuals. Access to such electronic networks may be from inside or outside government premises. Access may support telework and remote access situations, or situations where authorized individuals are using electronic networks provided by the federal government on their own time for limited personal use.
Individuals working with the Government of Canada, including employees of the federal government as well as casuals, contractors, students and other persons who have been authorized by the deputy head to access Government of Canada electronic networks and devices.
Groups of computers and computer systems that can communicate with each other, including without limitation, the Internet, Government of Canada electronic data networks, voice and video network infrastructure, and public and private networks external to a department. The network includes both wired and wireless components.
A global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to serve users worldwide.
Diverse learning methods or tools, formal or informal, to generate awareness or acquire knowledge about the acceptable use of Government of Canada electronic networks and devices and Government of Canada and external Web 2.0 tools and services. These approaches can include, but are not limited to, information or orientation sessions, YouTube video, information provided on departmental intranet sites, manager debriefs, account sign-on notifications and electronic newsletters.
Use of a software system that monitors an electronic network for slow or failing components, and notifies the network administrator in cases of outages, and that can monitor the network activity of specific individuals for which there is suspicion of unacceptable network usage. Recording and analysis of the use of electronic networks are used for operational purposes and for assessing compliance with government policy.
Includes practices conducted in the course of operations within a department. These practices can include operational analysis of logs indicating the Internet sites visited by authorized individuals, the files downloaded or uploaded, and the key-word searches of files on Government of Canada network servers or user devices accessing the network.
May be used when unacceptable use is suspected because of anomalies found in network usage patterns; logged attempts to access restricted areas on the network or sites that are unacceptable or deemed a legitimate IT security threat to the network; or reports of possible unacceptable use.
Refers to the provision of Internet access, in accordance with the Policy on Government Security, to authorized individuals via Government of Canada electronic networks and devices that, from the perspective of firewall settings, is substantively equivalent irrespective of department or access medium. Internet sites that enhance productivity, communication and collaboration are not blocked with the exception of those that present a legitimate IT security threat and where content substantively falls into the category of unacceptable use.
Any activity that violates Treasury Board or departmental policy instruments or other published requirements, including, but not limited to, activity or behavior that:
Physical devices found or brought into the work environment that are used by authorized individuals to access Government of Canada electronic networks and databases. The physical devices can include, but are not limited to, the following: desktop workstations, laptops, notebooks, tablets, smartphones, cellphones, peripherals such as printers and scanners, memory devices such as USB flash drives, CD drives and DVD drives, webcams and any other computer hardware used to obtain, store or send information.
Includes Internet-based tools and services that allow for participatory multi-way information sharing, dialogue, syndication, and user-generated content. This can include social media and collaborative technologies.
The following is a list of departmental subject matter experts to engage when implementing the Policy on Acceptable Network and Device Use (the Policy) and developing Corrective Action Plans. Consultations with these specialists can confirm a sound management approach to implementation and ensure that related legislation and policy requirements are being respected.
Subject Matter Experts | Reasons To Consult |
---|---|
Access to Information and Privacy |
|
Communications |
|
Human Resources |
|
Information Management |
|
Security |
|
Legal Services |
|
Values and Ethics |
|
A continuing liaison with subject matter experts during implementation and beyond is considered a best practice to support monitoring of policy compliance. In addition to consulting internally, gathering best practices and lessons learned from colleagues external to the department may also yield concrete benefits. Engaging horizontally can identify solutions to implementation challenges, identify efficiencies by avoiding duplication of effort and encourage a more consistent implementation approach across the Government of Canada. This can be accomplished by consulting established networks and by leveraging the knowledge and expertise of active interdepartmental corporate service communities on GCpedia and GCforums (e.g., ATIP, Human Resources, Information Management, Internal Services, IT Security and the Security Awareness Working Group).
This appendix provides a sample implementation plan template for the Policy on Acceptable Network and Device Use (the Policy). It is recommended that departments adapt this tool and others in this Guideline for their own needs based on their current state of open access. A good practice is to include all subject matter experts in the creation of the implementation plan to ensure that other policy considerations will be addressed in the plan.
[Department Name] Plan to Implement the Policy on Acceptable Network and Device Use.
This section states the goal(s) and objectives of the plan (i.e., what is to be achieved).
This section provides an overview of the work to be done as well as appropriate information about the requirements and the approach to implement the Policy.
This section identifies subject matter experts who have been consulted during the creation of the implementation plan and outlines the rationale for including them in the process.
This section identifies the name of the responsible individual or functional team leading and coordinating the implementation, and the departmental areas that will be responsible for key functions. It also outlines the roles and responsibilities of those who will be involved in completing the tasks needed to implement the Policy.
This section lists the tasks to be implemented chronologically, the individual or group responsible and the timeline for completion. It is recommended to include beginning and end dates for each task.
This section proposes the various resources needed to implement the plan (e.g., human, financial, and software). It may also include the training necessary for personnel implementing the plan.
This section describes the options and actions to reduce the risks that may pose a threat to the implementation of the plan. The risks and mitigation strategies may be identified through a separate risk management process (i.e., Harmonized Threat and Risk Assessment and Security Assessment and Authorizations).
This section describes the approach to measuring the success of the implementation. It states how success will be defined and what data will be used to report on implementation results.
This section lists remedial solutions and suggests that remedial action is taken on a case-by-case basis. A Corrective Action Plan is a series of steps that are undertaken to address non-compliance and prevent its reoccurrence. Remedial action does not always have to be reactive; preplanning can potentially reduce the response time and increase the ability to handle issues in a timely manner.
It is conceivable that options for addressing different cases of unacceptable use may be available, depending on the severity of the situation. Incidents of unacceptable use may be easily identified, contained or eliminated through immediate corrective action, while others may require a longer period of review to confirm the non-compliance, and to propose and implement a resolution. In either situation, it is recommended that departments be proactive in developing a Corrective Action Plan with options for remedial action to ensure that instances of unacceptable use are handled effectively and efficiently.
The details of a Corrective Action Plan will depend on departmental needs; however, the plan does not have to be overly complex to be practical. Some elements of a Corrective Action Plan could include, but are not limited to, the following:
Corrective Action Plan for Incidents of Non-Compliance With the "Policy on Acceptable Network and Device Use".
This section states the goal(s) and objectives of the plan (i.e., what is to be achieved).
This section provides an overview of the corrective action process as well as high-level information about the requirements and the approach to implementing corrective action in suspected cases of non-compliance with the Policy.
This section outlines all actions needed to identify, investigate and resolve any deficiencies in meeting Policy requirements.
This section maps the activities to a schedule, including target completion timelines for actions to alleviate immediate risks and in some cases, for preventive measures to curtail the threat of reoccurrence.
This section proposes the various resources needed to implement the plan (e.g., human, financial, and software). This section highlights:
This section identifies any special training needed to execute the plan for:
It also identifies any new materials needed for management or authorized users of the network to reduce the risk of reoccurrence.
This section lists types of non-compliance and outlines corresponding remedial solutions. It also provides information about the resources and timelines associated with the corrective action, including, but not limited to:
Note: This approach could also be used for reporting to the champion and other executives on the status of issues related to non-compliance.
This section describes who needs to be notified of non-compliance and the work being undertaken to rectify the problem. It also defines from whom the approval is required and how it will be obtained (only if approvals are required) to proceed with certain corrective action measures.
This section summarizes how the department will monitor the effectiveness of the plan throughout implementation to determine whether the plan achieves the intended goals. It will also validate the corrective action process and determine whether improvements are required.
This section outlines the information to be included in the management report and the frequency with which the Champion and other executives will be informed of issues of non-compliance with the Policy, including any incidents and corresponding resolutions to mitigate future risks.
Triggers initiating a corrective action process can be determined by analyzing network performance reports linked to data about unacceptable use or by investigating a complaint of unacceptable use received by a manager or another employee. This can lead to informal and more formal remedial action to address issues of non-compliance, depending on the seriousness of the problem.
In less severe cases, departments may want to consider a more informal approach to address non-compliance. For example, excessive bandwidth use could trigger a system-generated message to confirm whether Policy non-compliance is linked to a legitimate work-related activity or to address a minor non-malicious breach of the Policy without formal action being taken. The preliminary notification can also be used as an awareness opportunity to restate departmental bandwidth usage limits.
Processes for repeated unacceptable use may include secondary or subsequent e-mail warnings to the authorized user, his or her immediate supervisor, the branch executive and human resources to rectify the issue. As a best practice a progressive approach is recommended, such as the following:
More formal methods of corrective action could be applied upon repeated minor abuses of Government of Canada networks and devices by those who have been previously warned of their unacceptable use or when serious cases of unacceptable use have been confirmed. These corrective actions can include an oral or a written reprimand, revocation or limitation of network access, or suspension or termination of employment. It may be required that each case of unacceptable use be assessed on an individual basis and reviewed by the relevant departmental subject matter experts noted in Appendix B. These actions would be independent of any criminal or civil proceeding against an authorized individual.
Note: It is good practice to conduct a review of the proposed Corrective Action Plan with appropriate departmental experts (refer to Appendix B) to ensure that privacy, security and information management requirements are considered.
This appendix provides sample statements that can be used to communicate the expectations of acceptable use, departmental monitoring practices and consequences of unacceptable use to authorized individuals who use Government of Canada electronic networks and devices, and Web 2.0 tools and services.
These sample statements can be adapted and tailored by departments as needed. Before using these statements, it is recommended that they be reviewed by the departmental subject matter experts identified in Appendix B of this guideline, to ensure consistency with other policies (e.g., human resources, privacy and security) and other departmental requirements.
Note: Examples of acceptable and unacceptable use in Appendix B of the Policy and Appendix C of the Policy can also support an understanding of expectations.
Note: It is recommended that regular monitoring practices be communicated in a privacy notice, as outlined in Appendix D of the Policy on Acceptable Network and Device Use.
Note: Further information and guidance regarding disciplinary measures can be found in the Framework for the Management of Compliance and the Guidelines for Discipline.
Various tools may be used to support the development of materials to generate awareness of the requirements of the Policy on Acceptable Network and Device Use (the Policy) for authorized individuals using Government of Canada networks and devices. The topics of communication include:
Using an official social media account for Government of Canada purposes such as communication, service delivery, collaboration and other purposes within the scope of a department's mandate, including as a designated spokesperson for the department.
Using a personal social media account for purposes related to professional activities, including professional associations and networking (e.g., participating in an online conference), knowledge gathering or sharing (e.g., using Twitter to stay up-to-date on trends; visiting government Facebook pages), and career development (e.g., maintaining a LinkedIn profile).
Using a personal social media account for purposes unrelated to professional development or employment (e.g., blogging about gardening tips; sharing family photos).
Social media and other Web 2.0 tools and services are rapidly changing the personal and professional lives of public servants. Opportunities that now exist for networking and collaborating on a global scale were unthinkable a generation ago. The majority of Canadians now use social media on a regular basis and employees of the Government of Canada are no exception.
As the citizens, communities and clients served by government increase their use of Web 2.0 tools and services to organize, share, and interact, government employees are becoming more active in these online spaces in their roles as public servants. Whether using a wiki to develop a new policy instrument collaboratively, following and engaging with experts and thought-leaders on Twitter, or managing an official departmental Facebook page to answer questions from citizens, Web 2.0 tools and services are becoming a larger part of our professional lives. These same Web 2.0 tools and services are often used in our personal lives, blurring the boundaries between online interactions as public servants and as private citizens. As the Prime Minister's Advisory Committee on the Public Service noted, "These tools are transformative and unstoppable and the Public Service must take full advantage of these new ways of working."
"Web 2.0" is a broad term that refers to Internet-based tools and services that allow for participatory, multi-way information sharing, as opposed to earlier uses of the web that were primarily characterized by one-directional publishing of information. The term "Web 2.0" is often used interchangeably with "social media," and includes popular platforms such as Twitter, Facebook, and YouTube, or blogging platforms like Tumblr. These platforms allow participants to have a distinct user profile which they use to create and share user-generated content such as text, pictures or videos, and to facilitate community interaction. "Web 2.0" can also include technologies such as wikis or Google Docs, which allow multiple users to create and edit content collaboratively.
These new online collaboration tools offer tremendous benefits. However, in an era of instant global communications, it is important to consider the special responsibilities that we have as employees of the Government of Canada, including for the use of Government of Canada networks and devices. The public service has a long and proud tradition of providing impartial advice to the government of the day. This is derived from the importance and necessity of an impartial and effective public service to achieve its mission of helping the duly elected government, under law, to serve the public interest.
The Policy on Acceptable Network and Device Use applies whenever using a Government of Canada network or a Government of Canada-issued device, including a work computer while at the office, a work device (e.g., a Government of Canada laptop or smartphone) on a home network, or a work or personal device to remotely access a government network. When using the Internet, social media and other Web 2.0 tools and services, it is important that Government of Canada employees consider the context of online activities and apply the same judgement that they would to a similar activity in the offline world.
For an engaging overview of important points to keep in mind as an employee using social media, take a look at the online video “Social Media at Work”, developed by Transport Canada and the Treasury Board of Canada Secretariat.
Do | Don’t |
---|---|
Use good judgment and common sense in all you do; your obligations as a public servant apply at all times. | Assume that a post is private, even when using a pseudonym; treat online posts as if they will be permanently and publicly available and attributable. |
State clearly in your social media profile (used for professional purposes) that your views are your own, not those of your employer. Remember: This statement does not absolve you of your obligations as a public servant or the expected behaviours described in the Values and Ethics Code for the Public Sector and your departmental codes of conduct. | Disclose any classified, confidential, sensitive, or third-party information, or personal information about others. |
Move work-related conversations to official channels (e.g., e-mail) so that there is a record of any guidance provided or decisions taken. | Use GC corporate symbols or signatures inappropriately. They are only for official use and their use is subject to the Federal Identity Program Policy and related standards. For more information, visit the Federal Identity Program website. |
Maintain the impartiality and objectivity of the public service by not expressing opinions that could impair your ability to be seen as performing your duties in an objective or impartial manner. | Respond to requests for media statements or interviews related to your work (including from online media-like blogs) unless you are an authorized spokesperson. Send all media requests to your departmental media relations advisor. |
Speak with your manager or Values and Ethics advisor if you are uncertain or have questions about any of your online activities. | Register or associate a GC e-mail address to a social media account unless it will be used explicitly for official or professional purposes. |
The following are examples of quick reference material that could be published on departmental intranets and wikis clarifying Policy requirements for authorized users of Government of Canada networks and devices, and Web 2.0 tools and services.
Yes! The use of, and open access to, the Internet through Government of Canada electronic networks and devices is essential to transforming the way public servants work and serve Canadians. Open access to the Internet, including Government of Canada and external Web 2.0 tools and services, enhances communication, collaboration and productivity, and encourages the sharing of knowledge and expertise to support innovation. Open access to the Internet, including Government of Canada and external Web 2.0 tools and services, will be provided by departments by April 1, 2014, through a phased implementation of the new Policy on Acceptable Network and Device Use (the Policy).
Appendix B of the Policy provides examples of acceptable use of Government of Canada networks and devices. Permitted use of Government of Canada electronic networks and devices by authorized individuals includes:
All use of Government of Canada electronic networks and devices must be in compliance with the Values and Ethics Code for the Public Sector and all other related Treasury Board policies and departmental codes of conduct and policies. Use of Government of Canada electronic networks and devices must not give rise to a real, potential or apparent conflict of interest or in any way undermine the integrity of the department.
Appendix C of the Policy provides examples of unacceptable use of Government of Canada networks and devices. Unacceptable use refers to any activity that violates Treasury Board or organizational policy instruments or other published requirements, including, but not limited to, an activity or behaviour that:
Electronic networks are groups of computers and computer systems that can communicate with each other, including but not limited to, the Internet, Government of Canada electronic data networks, voice and video network infrastructures, and public and private networks external to a department. Networks include both wired and wireless components. Devices include anything approved for use to access these networks or network resources, such as a desktop, laptop or tablet computer, memory devices such as USB flash drives, or a smartphone.
It is important to remember that the Values and Ethics Code for the Public Sector and your departmental code of conduct apply to online activities at all times, just as they do to your offline activities, irrespective of whether they happen at work or at home, or via a government or personally provided network or device.
Respecting the Values and Ethics Code for the Public Sector and your departmental code of conduct is a condition of employment in the public service. Violating them, including through inappropriate online activities, can have consequences for employment up to, and including, termination.
The following are examples of how the values and expected behaviours in the Values and Ethics Code for the Public Sector can be applied to public servants’ use of electronic networks, electronic devices and social media, both officially and outside the office. These examples are not exhaustive. Public servants must also consult their departmental code of conduct and policy requirements.
Public servants uphold Canadian parliamentary democracy and its institutions by ensuring that their online communications are non-partisan and impartial at all times, and do not engage in public discussion of departmental policies or elected officials that call into question their objectivity in carrying out their official duties.
Public servants demonstrate their respect for human dignity and the value of every person by ensuring their online communications are respectful of all individuals and groups of people, including colleagues, managers and members of the public.
Public servants serve the public interest by ensuring, for example, that their official communications activities are not used for any inappropriate personal advantage and that government systems and equipment are not used to support personal businesses owned by them, their family or their friends.
Public servants demonstrate good stewardship by using electronic networks to share knowledge and information that will contribute to more effective program delivery, and by using network resources efficiently and effectively.
Public servants demonstrate professionalism and excellence in the workplace by ensuring official communications respect Canada's official languages and by using social or other electronic media for team work, learning and innovation.
The use of external storage devices can increase efficiency and data mobility, as well as reduce the amount of physical space needed to store information. However, these devices also present a risk for information and IT security, privacy breaches and theft. It is important that departments communicate to authorized individuals about the proper use of external storage devices to minimize the risk involved.
An external storage device can include all USB storage devices (e.g., USB drives, flash drives, thumb drives, jump drives, and memory sticks), portable hard drives and any other device with storage capacity connecting through a departmental corporate asset as well as other non-USB based portable devices (e.g., CD/DVDs and SD cards). Note: It may be beneficial to provide examples of things that might not be top of mind but connect through USB-based and have storage capacity (e.g., cell and smartphones, and cameras).
When developing departmental guidance or direction on the use of external storage devices, information provided may include:
Note: The Treasury Board of Canada Secretariat Information Technology Policy Implementation Notice (ITPIN) outlines the mandatory requirements for departmental use of external storage devices.
The following is an example of reminder material that departments could send to authorized individuals in order to meet the requirements of Section 6.1.2 of the Policy. This reminder can also serve to offer learning opportunities for authorized individuals.
A departmental BlackBerry device comes with many responsibilities for its protection and the data that it contains. If you have been issued a departmental BlackBerry device, please keep the following in mind:
Security: It's everyone's responsibility!
The use of smartphones is prevalent in a mobile workplace. Although smartphones can enable greater connectedness with colleagues and support increased productivity, they can also be disruptive. Expecting a common sense approach to using these devices is not a guarantee. To ensure that they are used in the manner for which they were intended, Shared Services Canada (SSC) has developed an Interim Operating Standard on the Acceptable Use of Cellular Devices, which departments not receiving their network services from SSC may find useful. Departments may also find it worthwhile to promote awareness of smartphone etiquette. The following table of key messages could be used to communicate information about this subject:
Work-related Device | Personal Device |
---|---|
|
|
This appendix provides examples of different types of notifications that could be used to inform authorized individuals of the requirements of the Policy on Acceptable Network and Device Use (the Policy).
The notifications include alerts about monitoring practices or user acknowledgement of the terms and conditions of the use of Government of Canada networks and devices, including the use of Web 2.0 tools and services. Some of the examples below could be displayed daily upon initial account sign-in or at scheduled intervals, or presented to new employees during orientation, depending on departmental circumstances and needs.
[This notification can be displayed on a regular basis when employees sign on to the network. A best practice is to display the notification on a daily basis.]
Access to this system is restricted to authorized individuals only.
[Department name] reserves the right to monitor all electronic resources and subsequently record all forms of communication and transmission for work-related purposes to ensure proper network performance and security, protection of government assets, optimal use of network resources and compliance with relevant legislation and policies. Monitoring to gather information to investigate and resolve suspected cases of unacceptable use may occur at any time without further notification.
All blocking and monitoring will be done in compliance with the Privacy Act and the Canadian Charter of Rights and Freedoms.
The Policy on Acceptable Network and Device Use is available on the Treasury Board of Canada Secretariat website.
[This notification requires authorized individuals to acknowledge and accept that they have read and understood the Policy. Notification and acknowledgement could be monthly or quarterly to ensure that the expectations of acceptable use, the monitoring practices of the department, and the consequences of unacceptable use are communicated and acknowledged. The notification may be used in its entirety or in part, depending on departmental needs and strategy.]
I have read the Policy and acknowledge that:
[Another form of acknowledgement and understanding of the Policy is through a form that could be included as part of a new employee orientation package or when granting the use of Government of Canada networks and devices.
This form may be useful to managers to help generate awareness about the acceptable use of electronic networks, devices and Web 2.0 tools and services to authorized individuals who are new to the department. Presenting the form during orientation sessions can confirm that the authorized individual has received, read and understood the Policy. It is another potential measure to ensure that the individual is aware of the expectations of acceptable use, the departmental monitoring practices and the consequences of unacceptable use.]
I [insert name] acknowledge that:
Name: | Date: |
Supervisor: | Date: |
Witness: | Date: |