Departmental/Organizational Security Plan

What do we do?

We provide the technical security expertise and experienced professional direction into the preparation of a Departmental Security Plan (DSP), up to final draft, that is fully compliant and consistent with Government/Commercial requirements as specified in any entity’s policy on security.

A departmental/organizational security plan is a strategic document that (non-exhaustive):

  • Provides an integrated view of organizational security requirements;
  • Identifies security threats, risks and vulnerabilities to determine an appropriate set of control objectives;
  • Identifies and establishes minimum and additional controls when necessary to achieve an acceptable level of residual risk; and
  • Outlines security strategies, objectives, priorities and timelines for improving the organization's security posture.

Once a departmental/organizational security plan is in place and communicated, every leader in the organization, including the employees, should be able to understand and enunciate in succinct terms, what the organization’s major risks are and what role they play in helping to mitigate those risks in every aspect of the organization’s activities. As such a DSP helps to change the culture of the organization to one that is “security aware” and where security is never an “after thought”.

The objective is to have an up to date Departmental Security Plan that provides an integrated view of departmental/organizational security threats, risks and, requirements; and includes strategies, priorities, responsibilities and timelines for maintaining, strengthening, monitoring and continuously improving security controls.

How we do it?

RHEA has acquired the services of highly experienced and qualified Security professionals who either oversaw, guided or led working groups in the conception of a Departmental Security Plan (DSP) or created one themselves for their organization. They are familiar with the DSP concept, requirements and contents.

They will:

1. Conduct appropriate review of pertinent documents, including instructions, guidance, standards, etc., and any proposed pending revisions to related Security policies.

2. Conduct review of all pertinent documents relevant to the client and the present and further broad security responsibilities and accountabilities to support the client activities.

3. Complete the identification and assessment of the client specific security requirements and associated risks to develop a formal Security Risk Register, across the full security spectrum; physical, cyber, personnel, information management, IP, etc.

4. Complete the identification of key security controls and gap analysis, followed by the development of the approach to risk treatment strategy, based on improvement priorities, and prepare implementation plan.

5. Establish appropriate monitoring, controls and reporting, including metrics to verify continuous improvement and ongoing risk management reviews.

6. Produce working DSP draft for the client review and comments.

7. Deliver a final Draft that is clear, crisp, and concise, which is to serve as a critical reference tool for managing the dynamic threat/risk security environment.

What do we deliver?

We will deliver the following:

  • A Draft Departmental Security Plan, including a Security Risk Assessment and Analysis, a Security Risk Snapshots, a Priorities and Implementation Strategy, key performance measures, a Monitoring, Reporting and Update Plan, a Security Control Assessment, and a Security Management Maturity Assessment
  • A Final Departmental Security Plan, including a Security Risk Assessment and Analysis, a Priorities and Implementation Strategy, a Monitoring, Reporting and Update Plan, a Security Control Assessment and a Security Management Maturity Assessment.

What are our past experiences?

RHEA Inc. delivered Departmental Security Plan to many Federal Government departments and agencies, always ensuring their total satisfaction. Our list of clients includes:

  • Natural Resources Canada (NRCan)
  • Supreme Court of Canada
  • Atomic Energy of Canada Limited (AECL)