Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022: Backgrounder
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022
Backgrounder
Backgrounder
ISSN: 2817-7525
This report presents findings and recommendations made in NSIRA’s annual review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA). It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on November 1st, 2023.
The SCIDA provides an explicit, stand-alone authority to disclose information between Government of Canada institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.
This report provides an overview of the SCIDA’s use in 2022. In doing so, it:
documents the volume and nature of information disclosures made under the SCIDA;
assesses compliance with the SCIDA; and
highlights patterns in the SCIDA’s use across Government of Canada institutions and over time.
The report contains six recommendations designed to increase standardization across the Government of Canada in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.
National Security and Intelligence Review Agency, Accessibility Plan – Second Progress Report, December 2024
Titre en Anglais : National Security and Intelligence Review Agency, Accessibility Plan – Second Progress Report, December 2024
Title in French: Office de surveillance des activités en matière de sécurité nationale et de renseignement, Plan sur l’accessibilité – Deuxième rapport d’étape, Décembre 2024
In accordance with the Accessible Canada Act, I am pleased to publish the National Security and Intelligence Review Agency Secretariat (NSIRA Secretariat)’s second progress report for its Accessibility Plan 2022 – 2025. This progress report describes the work that has been done to implement activities over the course of 2024.
Our commitment to creating an inclusive environment is reflected in our ongoing work to remove barriers and respond proactively to feedback. This dedication is also embedded in our institutional Vision, Mission, and Values statement adopted in 2024, which underscores inclusiveness as a core value. This year, we have made a number of improvements towards integrating accessibility as a core component of our operations.
Key changes include the incorporation of accessibility principles into the Rules of Procedure, explicitly providing for participants in investigations to request accommodations and receive procedural support through the Registrar. We also updated our branding to meet accessibility standards, including our website, promotional materials and recruitment resources.
Ensuring that the organization is accessible by design requires continued attention. In 2025 we will not only continue our efforts, but also prepare for a new accessibility plan. The goal is to complete what we started in 2022 and seek opportunities to build on our success. I look forward to continuing our progress together.
Charles Fugère
Executive Director, NSIRA Secretariat
General
The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat is responsible for monitoring feedback to evaluate progress and establishing its future accessibility plans.
In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this progress report is available on NSIRA’s website, which is used to communicate with the public.
To request a copy of this or our previous progress report, the accessibility plan, or a description of the feedback process in an alternate format or to provide feedback about our progress report(s), the accessibility plan and any barriers encountered in dealing with NSIRA, please contact the NSIRA Secretariat by mail, telephone, or email at:
National Security and Intelligence Review Agency Secretariat P.O. Box 2430, Station “B” Ottawa, Ontario, K1P 5W5
The National Security and Intelligence Review Agency published its Accessibility Plan 2022 – 2025 in December 2022 and its first progress report in December 2023. This second progress report describes the work that has been done to implement activities between January 1 and December 31, 2024.
The Accessibility Plan 2022 – 2025 set out three priority areas to improve accessibility:
Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
Ensuring Canadians have access to NSIRA’s publications and services.
Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.
Through the efforts of the Senior Advisor, Wellness Initiatives, the NSIRA Secretariat can monitor progress, identify areas for improvement, and ensure overall coherence across the activities outlined in the accessibility plan.
Progress with respect to the priority areas and the accessibility plan is set out on the following pages. It is organized according to the seven key areas outlined in the ACA namely: employment; built environment; information and communication technologies (ICT); communication other than ICT; procurement of goods, services, and facilities; design and delivery of programs and services; and transportation.
The NSIRA Secretariat does not have ultimate control over certain fundamental aspects related to the built environment, technology or security and must, therefore, adjust its pace to align with the direction given by the responsible policy centres. Despite these constraints, the NSIRA Secretariat was able to make advances on several fronts.
Progress vis-à-vis accessibility plan
Employment
While developing the accessibility plan in 2022, the NSIRA Secretariat identified gaps with respect to employment. There was no written accommodation process for persons with disabilities employed in the NSIRA Secretariat. Furthermore, there was limited material available about accessibility requirements, resources, and information.
Status: On track
The NSIRA Secretariat was able to make advances in relation to many of the priorities with respect to employment in the last year. The Director, Human Resources Services, and the Senior Advisor, Wellness Initiatives, worked together on 14 specific cases in 2024, to ensure that employees received accommodations to enable them to participate fully in all aspects of their work experience. Additionally, progress was made in the following areas;
Training and Capacity Building on Accessibility
Human resources (HR) employees responsible for accessibility attended training on the Government of Canada Workplace Accessibility Passport (the Passport); a tool that helps federal public service employees with disabilities access the supports they need to excel at work. This training improved their foundational skills in accessibility, enabling them to offer higher-quality advice and guidance to managers and employees. To further promote accessible and inclusive communication, all HR staff completed “Accessible Documents” training, enhancing their ability to communicate effectively with candidates and employees regarding staffing and other HR matters. Additionally, a training video on “Making Documents Accessible” was added to the new mandatory training guides.
Resources and Support Initiatives
An Accessibility Resource Centre was launched and published on the NSIRA Secretariat’s intranet. This centre offers “How to” guides, training, and information on the Passport, accessible communications and technology, making key resources easily accessible to all staff. To promote the Passport, all newly hired employees were introduced to it during their onboarding and orientation sessions, ensuring awareness of this important accessibility tool. Managers and employees were regularly encouraged to make use of the Passport.
Accessibility in Recruitment and Staffing
The NSIRA Secretariat continued to take steps to ensure accessibility in its recruitment process. All recruitment and staffing materials, including communications with candidates at all hiring stages, included information about accommodations and accessibility. For example, interview invitations and written exam notices clearly stated that accommodations are available upon request. A centralized accommodation process, managed by the Senior Advisor, Wellness Initiatives, was developed to protect the candidates’ privacy consistent with the “need to know” principle for handling personal information. Additionally, a “Fact Sheet on Inclusive Recruitment” was provided to managers to support bias-free hiring. A feedback questionnaire was also developed and distributed to candidates requesting accommodations during the selection processes, helping the HR team to assess the effectiveness of these measures.
Promoting Accessibility Awareness
The NSIRA Secretariat promoted accessibility awareness among staff and managers. Accessibility-related training, tools and events were regularly shared with subject-matter experts and staff as appropriate. For example, a session on “Understanding Digital Accessibility and Disability Inclusion” was shared with information technology experts, while a session on accessible procurement was shared with procurement specialists. A “Quick Guide on Accessible Documents” was also developed and shared with managers, and tailored sessions were made available to entire teams. National AccessAbility Week was promoted for the second consecutive year, highlighted by an internal session entitled “Accommodations at NSIRA”.
Collaboration and Consultation
To ensure accessible internal digital training, the NSIRA Secretariat consulted Shared Services Canada (SSC)’s Accessibility, Accommodation, and Adaptive Computer Technology (AAACT) program for feedback on accessible tools. This step supported the ongoing development of a fully accessible digital training program within the Secretariat.
Representation Data and Self-ID Initiatives
As noted in its previous progress report, the NSIRA Secretariat launched a new Self-ID Questionnaire in 2023, which is completed by all new hired term and indeterminate employees. Data for 2024 indicated that 17.5% of the NSIRA Secretariat’s workforce identified as persons with disabilities. Additionally, the data revealed that 16% of newly hired employees self-identified as having a disability. The NSIRA Secretariat continues to make progress in increasing the overall representation of persons with disabilities within the organization in keeping with the Vision, Mission and Values statement adopted during the reporting period, and in particular the Value of Inclusiveness.
Built Environment
The accessibility plan identified barriers in the built environment including heavy doors without automatic door openers; airlocks between doors; tripping hazards; narrow corridors; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights but does not emit an audible alarm; lack of control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers were tied to physical security requirements of the Treasury Board Policy on Government Security and other policies that apply to the NSIRA Secretariat.
Status: Ongoing
The NSIRA Secretariat made some progress incorporating accessibility requirements in the built environment. An ongoing challenge is that the NSIRA Secretariat’s built environment is subject to standards established by Public Services and Procurement Canada (PSPC) and the Communications Security Establishment (CSE). The following provides additional detail about progress in respect of the built environment:
Accessibility in Construction and Design
The NSIRA Secretariat engaged with CSE to gather information on accessibility considerations for the construction of the NSIRA Secretariat’s new office, ensuring that accessibility was a key component of infrastructure planning and design.
Several adjustments were made to the new office location to enhance accessibility, despite the design being completed before the ACA came into force. These included ergonomic adjustments and adaptive equipment setup supported by the Senior Advisor, Wellness Initiatives, which was well-received by employees and will continue as an ongoing initiative.
Addressing Physical and Mobility Barriers
Heavy doors, identified as a barrier for persons with mobility challenges, were repaired to ensure the proper functioning of automatic door openers, significantly improving accessibility and ease of use.
Accessible Communication and Signage
As noted above, in some areas the NSIRA Secretariat does not operate on its own. Considerable work was undertaken to establish a process for ordering Braille signage before the Treasury Board of Canada Secretariat (TBS) advised that it would be providing guidance on the use of signage for the public service once Accessible Standards Canada finalizes its standards. It is anticipated that Accessible Standards Canada will finalize the standards on accessible signage and wayfinding sometime in 2025.
Enhanced Visual and Cognitive Accessibility
In response to barriers caused by the existing alarm lighting system for individuals with visual and cognitive impairments, the NSIRA Secretariat opted to replace continuous flashing lights with LED alternatives, providing a more inclusive and manageable alert system.
Supportive Security Processes for Assistive Devices
Recognizing the need to streamline security processes for assistive devices, the Security Team developed a list of pre-approved electronics, such as hearing aids and heart monitors, expediting their approval for workplace entry and enhancing employee support.
Information and Communication Technologies
The accessibility plan identified barriers with respect to information and communication technologies (ICT), notably that neither the intranet website, nor the internet website were fully accessible. Documents on both websites were not designed with accessibility in mind. Individuals bringing a complaint did not have the option to bring a complaint through any means other than by completing a templated form and persons with a hearing impairment had limited options for engaging with the Registrar.
Status: Ongoing
Much of the NSIRA Secretariat’s Information Management (IM) and Information Technology (IT) teams’ work in 2024 was focused on the launch of a new institutional electronic document and records management system. Despite operating with slightly reduced staff levels, progress was made in the following areas:
Document Accessibility and WCAG Compliance
The NSIRA Secretariat reviewed and modified previously published documents, including fillable forms, to ensure compliance with Web Content Accessibility Guidelines (WCAG) 2.1 standards. This served to enhance digital accessibility across all published materials.
IT Accessibility Partnerships and Interim Solutions
The NSIRA Secretariat leverages IT services provided by other government institutions, which operate under distinct service models managed through formal, non-binding agreements. While these service models present inherent challenges in adapting to specific accessibility needs due to their structure and limitations, the NSIRA Secretariat engaged both providers informally to address accessibility gaps. As a result, some interim accessibility solutions were successfully implemented (such as expediting equipment and technology requests for adaptive tools), while efforts continue to identify and implement further measures, reflecting a commitment to improving IT accessibility within the current constraints.
Accessibility Resource Centre
As previously mentioned, the NSIRA Secretariat launched an online Accessibility Resource Centre, creating a dedicated space for Accessible Technology. This centre provides employees with access to adaptive tools and programs available, promoting awareness and use of supportive technology to foster inclusivity in the workplace.
Accessibility-Focused Training for IM and IT Teams
Training guides for IM and IT teams were reviewed and updated to include several accessibility-related courses. These additions, including sessions developed by Government of Canada programs specializing in digital accessibility (such as the AAACT program), reinforce the NSIRA Secretariat’s commitment to building digital accessibility expertise within its workforce.
Assessment of Digital Complaints Portal Feasibility
In the past year, a feasibility study was undertaken to evaluate the development of a web-based complaints portal aimed at digitizing the complaints process and enhancing accessibility. However, the study identified several significant constraints early on, including financial limitations, technical challenges associated with the organization’s current IT infrastructure, and privacy and security concerns. As a result, the initiative was postponed indefinitely. The NSIRA Secretariat remains committed to exploring alternative approaches to improve accessibility and enhance user experiences within the complaints process while addressing these challenges.
Communication other than ICT
The accessibility plan aimed to address several barriers with respect to communication for staff and members of the public, including the absence of a process to provide alternate formats and communication support upon request. Other barriers included technical or sector-specific language in public facing documents and reports, as well as the lack of guidance or established procedures for use of closed captioning, sign language interpretation or teletypewriters for persons with a hearing disability.
Status: Ongoing
The NSIRA Secretariat finalized its recruitment process to hire a Communications Writer/Editor and a Senior Communications Advisor in November 2024. Both employees are expected to be on board in early 2025. Their responsibilities will include implementing a communications strategy and continuing to implement the communications activities identified in the Accessibility Plan 2022-2025. In addition, progress was made in the following areas in 2024:
Accessible Review Reports
Review reports are a critical mechanism through which the Review Agency fulfills its mission to serve Canadians by independently reviewing national security or intelligence activities. Significant effort was undertaken to update the NSIRA Secretariat’s style guide and template for drafting review reports, to incorporate comprehensive accessibility guidelines and ensure all reports produced on behalf of the Review Agency meet high accessibility standards. These updates are expected to be available for internal consultation by the end of 2024, with final approval anticipated in 2025. In the interim, other internal review policies have been revised to reflect accessibility guidelines. These resources have been shared internally and are already in use.
Accessible Publication Formats and Online Presence
Reports published on behalf of the Review Agency by the NSIRA Secretariat in 2024 were made available in both HTML and PDF format, with alt text included for all graphics and images to improve accessibility. Alt text was also integrated into posts on X and LinkedIn, ensuring inclusive and accessible online engagement. Additionally, and as previously mentioned, the NSIRA Secretariat’s Webmaster worked to ensure all previously published materials, including publications and reports, met WCAG 2.1 compliance. To further accessibility, a statement was added to the Accessibility Notice on our public website, inviting users to contact us to report any barriers encountered while using our website or to request information in an alternative format.
Accessibility Guidelines for Events
Administrative staff received detailed guidelines for planning and hosting accessible events, both virtual and in-person. The guidelines emphasize making accessibility a default consideration and include a requirement for all event and meeting invitations to identify a dedicated Accessibility Contact for individuals to communicate specific needs, fostering a more inclusive experience.
Accessible Communications Support
The NSIRA Secretariat established processes to access accessible communications resources as needed. This includes, among other things, leveraging PSPC’s Translation Bureau for sign language interpretation and arranging for Braille printing, ensuring that both internal and external communications can be tailored to meet diverse accessibility needs.
Accessible Branding and Promotional Materials
Efforts to improve accessibility in branding have led to several changes, including a new color scheme for better readability and an updated standardized email signature that aligns with accessibility standards. Additionally, HR-related promotional materials used at job fairs – such as business cards, banners and other items – were redesigned to increase accessibility, demonstrating a commitment to engaging with a broad cross-section of individuals and recruiting a diverse workforce.
Procurement of Goods, Services and Facilities
Although no barriers were identified with respect to the procurement of goods, services and facilities, the accessibility plan nevertheless noted that improvements could be made to ensure “accessibility by design” in procurement practices.
Status: Ongoing
In July 2024, the NSIRA Secretariat’s Finance & Procurement team welcomed a new Procurement Team Leader, who introduced a structured approach with a dedicated focus on accessibility in procurement. Progress was made in the following areas:
Training and Capacity Building
Training resources were provided to cost centre managers to support the integration of accessibility considerations into procurement processes and practices. This training ensured that managers are equipped with the necessary knowledge to incorporate accessibility into all stages of procurement, promoting inclusivity in the acquisition of goods and services.
Enhanced Accessibility Training for Leadership
The procurement management team attended specialized training focused on accessibility in procurement. This training enhanced their understanding of accessible procurement requirements and strengthened their capacity to lead inclusive procurement practices within the NSIRA Secretariat.
Accessibility-Driven Procurement Practices
Accessibility remains a central focus in all ongoing procurement activities. Work began to review practices to ensure compliance with accessibility principles and incorporate standard accessibility requirements into procurement practices.
Design and Delivery of Programs and Services
An important part of the Review Agency’s mandate is to investigate complaints related to activities carried out by the Canadian Security Intelligence Service, the CSE, and the Royal Canadian Mounted Police (RCMP) if the complaint is closely related to national security, as well as complaints related to the denial or revocation of security clearances, and other matters under its purview. Ensuring that Canadians with disabilities can participate fully in these processes is integral to the investigations, however when the NSIRA Secretariat’s Accessibility Plan 2022 – 2025 was published, Rules of Procedure did not clarify accessibility options to accommodate the needs of persons with disabilities, while also complying with the necessary security requirements.
Status: Ongoing
As the work began to address the barriers identified with respect to the Review Agency’s investigation mandate, it became clear that accessibility is contingent primarily on the built environment. The accessibility plan reported barriers such as heavy doors without automatic door openers. This included the hearing room where investigative proceedings are held. Tripping hazards and restrictions with respect to assistive devices were also noted, among other concerns.
Similarly, progress around programs and services is inextricably linked to the barriers with respect to ICT. For the complaint investigation process, this included the internet website, which was not fully accessible, and lack of clarity for persons with a hearing impairment to engage with the Registrar.
The new internet website includes a more user-friendly interface that meets WCAG standards. Complainants can more easily navigate to the information and forms they need to bring a complaint. The complaint forms themselves have been redesigned to be more accessible. Additionally, the following activities were underway in 2024:
Commitment to Accessibility in NSIRA’s Rules of Procedure
A new section was drafted for the Rules of Procedure to reflect a commitment to ensuring accessibility. This progress aligns with continuing efforts to incorporate accessibility requirements within the built environment, demonstrating a comprehensive approach to creating an inclusive and accessible operational framework.
Case-by-Case Accessibility Arrangements
Amendments to the Rules of Procedure now clarify that investigation participants may request and access alternate arrangements tailored to their specific accessibility needs. This flexible approach ensures that participants can fully engage in investigative proceedings with the necessary accommodations, enhancing inclusivity and equitable participation.
Notification of Accessibility Needs
The revised Rules of Procedure specify that the Registrar must be notified of any barriers encountered by, or accessibility requirements of, participants. This provision ensures that accessibility needs are proactively addressed, fostering a supportive environment for all individuals engaging with the Review Agency and in turn promoting access to justice.
Procedural Assistance for Complainants
The revised Rules of Procedure now clarify that individuals wishing to bring forward a complaint are entitled to procedural assistance from the Registrar if they encounter barriers. This includes support for individuals with cognitive disabilities who may require assistance in articulating their complaints or allegations, promoting access for a diverse range of disabilities.
Transportation
The NSIRA Secretariat did not identify any barriers or develop an action plan with respect to this element.
Although specific actions were not identified, it is worth noting that the NSIRA Secretariat’s offices are in Ottawa, where employees and members of the public may use various modes of transportation to reach the work sites. Accessible transportation services are provided by OC Transpo in Ottawa and by the Société de Transport de l’Outaouais in Gatineau. Individuals who use their personal vehicles may park in designated spots available at nearby lots. Information is provided to new hires about designated parking spaces.
Consultations
The ACA requires consultations with persons with disabilities in preparing progress reports. The activities outlined in the accessibility plan for completion or launch in the second year aimed to improve accessibility for the workforce and in the workplace.
Thanks to the introduction of a Self-Identification Questionnaire, employees who identified as a person with a disability were specifically invited to provide insight. Additionally, all staff were offered an opportunity to share their feedback on the implementation of the Accessibility Plan, regardless of self-identification. Members of the Equity, Diversity & Inclusion Committee were also invited to share their perspectives on progress, barriers and potential solutions. This approach enabled the NSIRA Secretariat to gather diverse insights and first-hand experiences, fostering a better understanding of the steps taken and actions still needed to create a more inclusive and accessible organization.
Feedback
General feedback from employees
A key highlight from the feedback was the significant reduction of accessibility barriers for employees with cognitive needs through improvements in IM and IT – a meaningful step forward in fostering an inclusive and accessible work environment.
The feedback also underscored a need to update existing PowerPoint templates, which were based on an outdated website and not fully accessible. The issue has since been resolved, as detailed in the “Communication other than ICT” section of this report, with the NSIRA Secretariat’s branding now fully aligned with accessibility standards. Additionally, concerns were raised regarding the lack of adequate sound equipment in collaborative spaces used for large informal gatherings, which previously made it difficult for some to hear speakers. This barrier has been addressed through the purchase of a portable microphone and speaker combination, enhancing the accessibility of these spaces and ensuring inclusive participation in future gatherings.
Feedback from employees and external applicants about accommodations
Feedback on the accommodations process and its integration into the staffing process indicated that employees feel their accommodations are provided within a reasonable timeframe and that the solutions effectively meet their needs. Notably, no recommendations for improvement were suggested.
Feedback from the public
No feedback was received from members of the public about the accessibility plan during the year under review.
The NSIRA Secretariat will continue to welcome feedback in the coming year. The NSIRA Secretariat will continue to welcome feedback in the coming year.
In accordance with the Accessible Canada Act, I am pleased to table the National Security and Intelligence Review Agency’s (NSIRA) first progress report to its Accessibility Plan 2022 – 2025. This progress report describes the work that has been done to implement activities over the course of 2023.
As noted in our inaugural plan, accessibility is a work in progress. The Review Agency and the NSIRA Secretariat have made advances on several fronts, however there is more work to be done. Despite the best of intentions, it is apparent that some of the timelines were optimistic given the organization’s small size and the need to wait for work to be completed by other departments or agencies.
Most of the activities identified for completion in the first year were focused on increasing awareness and improving accessibility for the workforce and in the workplace. Consequently, for this first progress report consultations were limited to engaging with members of the NSIRA Secretariat’s workforce who offered their insights as persons with disabilities. The information provided by employees reinforced the importance of seeking input from persons with disabilities to identify and resolve barriers.
Through the combined efforts of growing internal capacity and new service level agreements with other public service organizations, NSIRA hopes to be better positioned to address areas that fell behind in 2023. We are optimistic that the coming year will provide an opportunity to double down on efforts to ensure that accessibility is integrated in an effective and sustainable manner in all aspects of the Review Agency’s and the NSIRA Secretariat’s work.
John Davies
Executive Director, NSIRA Secretariat
General
The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat is responsible for monitoring feedback to evaluate progress and to determine its future accessibility plans.
In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this progress report is available on NSIRA’s website, which is used to communicate with the public.
To request a copy of this report, the accessibility plan, or a description of the feedback process in an alternate format or to provide feedback about NSIRA’s progress report, the accessibility plan and any barriers encountered in dealing with NSIRA, please contact the undersigned by mail, telephone, or email.
Chief of Staff, Executive Director’s Office National Security and Intelligence Review Agency Secretariat P.O. Box 2430, Station “B” Ottawa, Ontario, K1P 5W5
The National Security and Intelligence Review Agency published its Accessibility Plan 2022 – 2025 in December 2022. This first progress report describes the work that has been done to implement activities between January 1 and December 31, 2023.
The Accessibility Plan 2022 – 2025 set out three priority areas to improve accessibility:
Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
Ensuring Canadians have access to NSIRA’s publications and services.
Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.
Through the efforts of the Senior Advisor, Wellness Initiatives, the NSIRA Secretariat can monitor progress, identify areas for improvement, and ensure overall coherence across the activities outlined in the accessibility plan.
Progress with respect to the priority areas and the accessibility plan is set out on the following pages. It is organized according to the seven key areas outlined in the Accessible Canada Act namely: employment; built environment; information and communication technologies (ICT); communication other than ICT; procurement of goods, services, and facilities; design and delivery of programs and services; and transportation.
The Review Agency and the NSIRA Secretariat were able to make advances on several fronts, however delays in staffing, stringent security requirements, and the organization’s small size meant activities did not progress as quickly as initially anticipated. The NSIRA Secretariat does not have ultimate control over certain fundamental aspects related to the built environment, technology, or security and must, therefore, adjust its pace to align with the direction given by the responsible policy centres.
Progress vis-à-vis accessibility plan
Employment
While developing the accessibility plan, the NSIRA Secretariat identified gaps with respect to employment. There was no written accommodation process for persons with disabilities employed in the NSIRA Secretariat. Furthermore, there was limited information available about accessibility requirements, resources, and information.
Status: On track
The NSIRA Secretariat was able to make advances in relation to many of the priorities with respect to employment. The Manager, Human Resources Services was joined by the Senior Advisor, Wellness Initiatives, midway through the year. Together they worked on 14 specific cases in 2023 to ensure that employees received the accommodations they requested to enable them to participate fully in all aspects of their work experience. Additionally, the following progress was made:
Duty to accommodate training was developed and delivered to all human resources staff and managers in February 2023.
Work is underway to make available a series of “how to” guides and a calendar of events for HR advisors, managers, and employees early in 2024.
The NSIRA Secretariat launched a new SelfID questionnaire in 2023, which was completed by all term and indeterminate employees. The data shows that the representation of persons with disabilities currently stands at 19.5%.
Performance measures and indicators relative to employment are under development, which will enable the NSIRA Secretariat to review selection practices to identify and prevent or mitigate barriers.
All recruitment and staffing material and communications with candidates at all stages of hiring processes include information about accommodations and accessibility. For example, invitations to interviews or to written exams clearly indicate that accommodations are available upon request.
A new feedback questionnaire was developed and launched in November 2023, to systematically seek feedback from candidates about the effectiveness of accommodation measures in selection processes.
A second feedback questionnaire was developed and launched in October 2023 to seek feedback from NSIRA Secretariat employees about barriers, gaps, appropriateness, and timeliness of workplace accommodations. (See the section entitled “Feedback” for more information.)
Employees and managers received training on the Government of Canada Workplace Accessibility Passport (GCWAP) in February and May 2023. Managers and employees are routinely encouraged to use GCWAP.
The Senior Advisor, Wellness Initiatives, introduced a standard operating practice to consult with other organizations to increase awareness of accessibility and to develop accommodation strategies for NSIRA Secretariat employees. Additionally, the Senior Advisor coordinates with the Communication Security Establishment (CSE), Privy Council Office (PCO), RCMP, and ergonomic firms as needed to develop individualized approaches.
Electronics must undergo specialized screening before they can be brought into the workplace. This type of security screening falls outside the control of the NSIRA Secretariat, which has requested expedited screening of electronics intended as an accommodation measure. The NSIRA Secretariat has set up a small inventory of screened equipment to further accelerate the process.
A new workshop entitled Accommodations at NSIRA was developed and delivered in May 2023. It will continue to be offered at least annually during National Accessibility Week. Accessibility awareness is routinely discussed at various occupational health and safety committee meetings.
Accessibility awareness and accommodation measures are now featured in training offered to HR staff and managers, as well as new employee orientation and on-boarding. Every letter of offer includes a point of contact with whom employees may confidentially discuss their accommodation needs.
Built Environment
The accessibility plan reported barriers in the built environment including heavy doors without automatic door openers; airlocks between doors; tripping hazards; narrow corridors; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights but does not emit an audible alarm; lack of control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers were tied to requirements of the Treasury Board Policy on Government Security and other policies that apply to the NSIRA Secretariat, but for which it is not the author.
Status: Ongoing
The NSIRA Secretariat made some inroads incorporating accessibility requirements into the built environment, but progress was slow. Delays can be attributed to two main reasons. First, NSIRA’s built environment is subject to standards established by Public Services and Procurement Canada (PSPC) and the CSE. Second, there was a lot of staff movement, which was compounded by delays in staffing. The following provides additional detail about progress in respect of the built environment:
The NSIRA Secretariat identified the need for updated standards to PSPC and CSE and will continue to emphasize the importance of accessibility assessments in the built environment in its ongoing discussions with PSPC and CSE.
Efforts to develop an action plan to remove and/or mitigate barriers, such as text to voice platforms, audible and visual alerts, signage, etc., have advanced slowly because of delays staffing.
In partnership with CSE and PCO, work is underway to develop and document a process to procure and enable the use of medical/assistive devices and adaptive technology in the workplace. This work is being done in consultation with the Senior Advisor, Wellness Initiatives.
Alternate arrangements were established on a case-by-case basis to address accessibility issues prior to individuals attending a site or office. This involved working in partnership with managers and corporate services. Delays in staffing may affect the extent to which alternative arrangements are delivered on a consistent and timely basis.
The NSIRA Secretariat created a process to identify employees who need assistance in a building emergency and evacuation, which was deployed for a drill in the fall 2023. The NSIRA Secretariat is continuing to work with the building senior managers of the Courts Administration Service and the Department of Natural Resources Canada, who are responsible for establishing the Building Emergency Procedures at NSIRA’s two worksites.
The security component of new employee on-boarding has been reviewed to identify barriers or gaps for persons with disabilities. Revisions are underway and the updated content will be launched early in 2024.
Information and Communication Technologies
The accessibility plan identified barriers with respect to information and communication technologies (ICT), notably that neither the intranet website, nor the internet website were fully accessible. Documents on both websites were not designed with accessibility in mind. Individuals bringing a complaint did not have the option to bring a complaint through any means other than by completing a templated form and persons with a hearing impairment had limited options for engaging with the Registrar.
Status: Ongoing
The NSIRA Secretariat’s Information Management (IM) and Information Technology (IT) team had several important priorities to tackle in 2023, one of which was a well-functioning internet website that adheres to accessibility standards and is compliant to Web Content Accessibility Guidelines (WCAG). This was accomplished in November 2023. The IM and IT team is understaffed and therefore has not been able to undertake all the activities identified in the accessibility plan. The team has still made some small progress in the following areas:
Work planning to review and modify accessibility of previously published documents, including fillable forms to ensure they are WCAG 2.0 compliant has been initiated and will continue.
Preliminary and informal discussions have been initiated drawing on the experiences of NSIRA’s existing workforce to better understand the types of barriers encountered as persons with disabilities and the challenges associated with accommodating their needs.
The NSIRA IT providers are the PCO and the CSE and both deliver their IT services with their own service model. There is a Memorandum of Understanding (MOU) between the CSE and the NSIRA as well as a MOU between the PCO and the NSIRA for the respective IT services. The NSIRA relies on these two different IT providers, which own their respective IT network and which the NSIRA Secretariat uses to communicate and collaborate; these IT providers control, monitor, manage and maintain the IT equipment on their respective networks. The NSIRA has no control over the hardware or the software that can be used on any of the networks to which it has access. Both service models are perceived not to be designed to be flexible and adaptable to meet the specific accessibility requirements of the NSIRA. In this context, the NSIRA Secretariat has already informally engaged these two partners to address accessibility in the interim. The NSIRA Secretariat will formally engage both partners to discuss tangible and sustainable solutions or means regarding accessibility in IT service delivery going forward.
Training for all staff about creating accessible documents and using other accessibility features available through ICT has been delayed due to a lack of resources. The Corporate Services team will inform NSIRA Secretariat employees early in the new year about training, information sessions, and online tools offered by other Government of Canada departments.
The NSIRA Secretariat’s Webmaster completed some training in which some concepts of WCAG 2.1 were taught. Training for other employees who draft reports, publications, and other publicly available material will begin in the second year of the Accessibility Plan 2022–2025. In the interim, the Webmaster will continue to ensure that material posted online is WCAG 2.0 compliant.
The work to incorporate digital tools to enhance accessibility with respect to the complaints process is delayed. As opposed to simply adapting existing forms, the NSIRA Secretariat has determined that a new complaints portal must be developed. Accessibility will be incorporated into the design and development of the new portal.
Communication other than ICT
The accessibility plan aimed to address several barriers with respect to communication for staff and members of the public including the absence of a process to provide alternate formats and communication support upon request. Other barriers included technical or sector-specific language in public facing documents and reports, as well as lack of guidance or established procedures for use of closed captioning, sign language interpretation, or TTY for persons with a hearing disability.
Status: Ongoing
In 2023 the NSIRA Secretariat engaged the services of a communications expert, a partner of the Five Eyes Intelligence Oversight and Review Council (FIORC), to develop a new communication strategy, which reviewed internal and external communications, as well as stakeholder engagement practices. The strategy identified key priorities for improving NSIRA’s output, engagement, and reputation, including recommendations for a new public-facing website. The NSIRA Secretariat is in the process of recruiting a Communications Manager, whose responsibilities will include implementing the communication strategy and leading on the communications activities identified in the Accessibility Plan 2022 – 2025. Progress was achieved on the following in 2023:
The NSIRA Secretariat’s Review Report Style Guide ensures that all review reports are written in accordance with accessibility guidelines published by Employment and Social Development Canada.
The Review Report Style Guide is an evergreen document. Additional changes are underway, which will be more explicit about what to include/consider from an accessibility perspective.
The NSIRA reports published in 2023 were available in HTML and PDF and included alt text for all graphics and images. Alt text was also included for posts on X (formerly known as Twitter).
Procurement of Goods, Services and Facilities
Although no barriers were identified with respect to the procurement of goods, services and facilities, the accessibility plan nevertheless noted that improvements could be made to ensure “accessibility by design” in procurement practices.
Status: Delayed
Due to a lack of staff, the NSIRA Secretariat was unable to carry out its planned activities for incorporating accessibility by design in its procurement practices. The NSIRA Secretariat recently negotiated a service level agreement with another public service organization and will explore integrating accessibility into the services offered in the new year.
Design and Delivery of Programs and Services
An important part of NSIRA’s mandate is to investigate complaints related to activities carried out by the Canadian Security Intelligence Service and the CSE, as well as complaints related to the denial or revocation of security clearances, and other matters under its purview. Ensuring that Canadians with disabilities can participate in these processes is integral to the investigations, however the Rules of Procedure do not provide accessibility options to accommodate the needs of persons with disabilities, while also complying with the necessary security requirements.
Status: Ongoing
As the work began to address the barriers identified with respect to NSIRA’s investigative function, it became clear that accessibility is contingent primarily on the built environment. The accessibility plan reported barriers such as heavy doors without automatic door openers. This includes the hearing room where investigative proceedings are held. Tripping hazards and restrictions with respect to assistive devices were also noted, among other concerns.
Similarly, progress around programs and services is inextricably linked to the barriers with respect to information and communication technologies. For the complaint investigation process, this included the internet website, which was not fully accessible, and limited options for persons with a hearing impairment to engage with the Registrar.
The new internet website includes a more user-friendly interface that meets WCAG standards. Complainants can more easily navigate to the information and forms they need to bring a complaint. The complaint forms themselves have been redesigned to be more accessible. Additionally, the following activities are underway:
A new section of the Rules of Procedure is being drafted to reflect the Review Agency’s commitment to ensuring accessibility. Progress is significantly dependent on the NSIRA Secretariat’s progress in incorporating accessibility requirements into the built environment.
In addition, the amendments to the Rules of Procedure will reflect an investigation participant’s ability to access alternate arrangements on a case-by-case basis to address their accessibility needs prior to their attendance on the premises for investigative proceedings.
The Rules of Procedure will also provide that the Registrar is to be notified of barriers and/or accessibility requirements for the Review Agency to accommodate those needs.
Finally, the Rules will provide that an individual wishing to bring a complaint must be provided procedural assistance by the Registrar in the event assistance is needed to address any barriers. This will enable access to persons with a variety of disabilities, including an individual with a cognitive disability who may require assistance articulating their complaint or allegations.
Transportation
The NSIRA Secretariat did not identify any barriers or develop an action plan with respect to this element.
Status: On track
Although specific actions were not identified, it is worth noting that NSIRA’s offices are in Ottawa, where employees and members of the public may use various modes of transportation to reach the work sites. Accessible transportation services are provided by OC Transpo in Ottawa and by the Société de Transport de l’Outaouais in Gatineau. Individuals who use their personal vehicles may park in designated spots available at nearby lots. Information is provided to new hires about designated parking spaces.
Consultations
The Accessible Canada Act requires consultations with persons with disabilities in preparing progress reports. The activities outlined in the accessibility plan for completion or launch in the first year aimed to improve accessibility for the workforce and in the workplace. This, combined with NSIRA’s specific mandate, greatly influenced the focus of consultations for this first progress report.
Thanks to the introduction of a self-identification (SelfID) questionnaire, employees who identified as a person with a disability were specifically invited to provide insight into barriers in the workplace and how to resolve, remove or mitigate them. Additionally, all staff were offered an opportunity to participate in the consultation process whether they had self-identified as a person with a disability or not. In this manner the NSIRA Secretariat benefited from a range of perspectives and first-hand experiences about barriers and the actions needed to become a more inclusive and accessible organization.
Feedback
Feedback from the NSIRA Secretariat’s employees included suggestions to improve security scanning of assistive devices and other required technology. Suggestions were also made with respect to knowledge transfer among staff responsible for facilities (i.e., the built environment) to ensure a smooth transition and avoid potential delays for employees who await assistive or adaptive devices or equipment.
Other employees identified barriers with respect to wheelchair accessibility at one location, which had not been previously noted. Concerns also included the height of some equipment, which was out of reach for a person using a wheelchair.
Since the pandemic, meetings often include employees working on-site and from home. The feedback from employees revealed that the sound system does not pick up voices consistently from all areas of the boardrooms. Consequently, parts of presentations or discussions in the boardroom are not being captured and employees participating from home cannot hear what is being said. It was therefore recommended that this be addressed in the context of the built environment.
No feedback was received from members of the public about the accessibility plan during the year under review. The NSIRA Secretariat will continue to welcome feedback in the coming year.
Department of National Defence/Canadian Armed Forces
FINTRAC
Financial Transactions and Reports Analysis Centre of Canada
GAC
Global Affairs Canada
GC
Government of Canada
IRCC
Immigration, Refugees and Citizenship Canada
NSIRA
National Security and Intelligence Review Agency
PHAC
Public Health Agency of Canada
PS
Public Safety Canada
RCMP
Royal Canadian Mounted Police
SCIDA
Security of Canada Information Disclosure Act
TC
Transport Canada
Glossary of Terms
Contribution test
The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test
The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).
Executive summary
This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it documents the volume and nature of information disclosures made under the SCIDA; assesses compliance with the SCIDA; and highlights patterns in the SCIDA’s use across Government of Canada (GC) institutions and over time.
In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions. The National Security and Intelligence Review Agency (NSIRA) found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of these disclosures. Instances of non-compliance related to subsection 9(3), regarding the timeliness of records copied to NSIRA; subsection 5.1(1), regarding the timeliness of destruction or return of personal information; and subsection 5(2), regarding the provision of a statement on accuracy and reliability. The observed non-compliance did not point to any systemic failures in GC institutions’ implementation of the SCIDA.
NSIRA also made findings in relation to practices that, although compliant with the SCIDA, left room for improvement. These findings related to:
the use of information sharing arrangements;
the format of records prepared by institutions and copied to NSIRA, including the characteristics of effective records;
the nature of information provided under paragraph 9(1)(e) and relied upon in the conduct of assessments under subsection 5(1);
the provision of statements regarding accuracy and reliability prepared under subsection 5(2); and
the timeliness of administrative processes supporting information disclosure.
NSIRA made six recommendations designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.
Overall, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. These improvements include corrective actions taken by reviewees in response to NSIRA’s requests for information in support of this review.
1. Introduction
Authority
This review was conducted pursuant to paragraph 8(1)(b) and subsection 39(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).
Scope of the Review
This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it:
Documents the volume and nature of information disclosures made under the SCIDA;
Assesses Government of Canada (GC) institutions’ compliance with the SCIDA’s requirements for record keeping;
Assesses GC institutions’ compliance with the SCIDA’s requirements for disclosure, including the destruction or return of personal information, as appropriate; and
Highlights patterns in the SCIDA’s use across GC institutions and over time.
The review’s scope was defined by records provided to NSIRA under the SCIDA, subsection 9(3) (see Annex A for a copy of institutions’ section 9 obligations under the Act). As such, the review’s assessment of compliance was limited to the seven GC institutions identified within these records as either disclosers or recipients (Canada Border Services Agency [CBSA], Communications Security Establishment [CSE], Canadian Security Intelligence Service [CSIS], Department of National Defence/Canadian Armed Forces [DND/CAF], Global Affairs Canada [GAC], Immigration, Refugees and Citizenship Canada [IRCC], and the Royal Canadian Mounted Police [RCMP]); and to instances of information disclosure where the SCIDA was identified by these institutions as an authority for disclosure. The review also included Public Safety Canada (PS) in its capacity as manager of the Strategic Coordination Centre on Information Sharing, which provides SCIDA-related policy guidance and training across the GC.
The review satisfies the NSIRA Act’s section 39 requirement for NSIRA to report to the Minister of Public Safety on disclosures made under the SCIDA during the previous calendar year.
Methodology
The review’s primary source of information was records provided to NSIRA by disclosing and recipient institutions under the SCIDA, subsection 9(3). NSIRA also identified a targeted sample of disclosures for which it requested and assessed all associated documents provided by both the disclosing and recipient institution. This information was supplemented by a document review of institutions’ SCIDA policies and procedures, and related explanations.
NSIRA assessed administrative compliance with the SCIDA’s record-keeping obligations in relation to all disclosures identified in the records provided to NSIRA under subsection 9(3) (N=173). Where these records were incomplete, NSIRA provided an opportunity for institutions to supply the missing records. NSIRA accounted for such late submissions in its assessment of compliance with subsections 9(1) and 9(2).
NSIRA assessed substantive compliance with the SCIDA’s disclosure requirements in relation to the sample of disclosures (n=19). The sample was designed to reflect a non-representative cross-section of the SCIDA’s use, with particular attention to areas at higher risk of non-compliance. Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to defined parameters (see Annex B, Sample of Disclosures).
Review Statements
NSIRA found that, overall, its expectations for responsiveness by CSE, CSIS, DND/CAF, GAC, IRCC, PS, and RCMP during this review were met. Its expectations for responsiveness by CBSA were partially met, as CBSA required repeated follow-up to provide the requested information.
NSIRA was able to verify information for this review in a manner that met NSIRA’s expectations.
2. Backgrounder
The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.
Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who (1) disclose or (2) receive information under the Act. Each paragraph under subsections 9(1) and 9(2) identifies particular elements that must be set out in the records prepared and kept by each institution (see Annex A). Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.
Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information – subject to any prohibitions or restrictions in other legislation or regulations – to designated recipient institutions, if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).
Subsection 5(2) requires institutions that disclose information under subsection (1) to, at the time of the disclosure, also provide information regarding its accuracy and the reliability of the manner in which it was obtained.
When a GC institution receives information under the Act, subsection 5.1(1) requires that the institution destroy or return any unnecessary personal information as soon as feasible after receiving it.
The Act’s guiding principles underscore the importance of effectiveness and responsibility across disclosure activities. Of note, subsection 4(c) sets out that information sharing arrangements are appropriate in particular circumstances.
3. Findings, Analysis, and recommendations
Volume and Nature of Disclosures
In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions (see Table 1). 79% (n=136) of these disclosures were requested by the recipient institution. The other 21% of disclosures (n=37) were sent proactively by the disclosing institution.
Table 1: Number of SCIDA disclosures made in 2022, by disclosing and recipient institution [all disclosures (proactive disclosures)]
Designated Recipient Institutions
Disclosing Institution
CBSA
CFIA
CNSC
CRA
CSE
CSIS
DND/CAF
Finance
FINTRAC
GAC
Health
IRCC
PHAC
PSC
RCMP
TC
TOTAL (proactive)
CBSA
–
–
–
–
–
–
–
–
–
–
–
–
–
–
4
(3)
–
4
(3)
GAC
–
–
–
–
–
39
(18)
2
(2)
–
–
–
–
–
–
–
12
(12)
–
53
(32)
IRCC
–
–
–
–
59
(0)
56
(2)
–
–
–
–
–
–
–
–
–
–
115
(2)
RCMP
–
–
–
–
–
–
–
–
–
–
–
1
(0)
–
–
–
–
1
(0)
TOTAL (proactive)
–
–
–
–
59
(0)
95
(20)
2
(2)
–
–
–
–
1
(0)
–
–
16
(15)
–
173
(37)
The total number of disclosures made under the SCIDA since its implementation reflects a slight downward trend, with a generally constant proportion of requested versus proactive disclosures for the years in which this data was collected (see Figure 1).
Figure 1: Number of SCIDA disclosures over time
In 2022, these disclosures were made and received by institutions that had each disclosed or received information, as the case may be, in at least two prior review years (see Annex C, Overview of SCIDA Disclosures in Prior Years).
Finding 1:NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.
CSE, CSIS, GAC, and IRCC were the most frequent users of the SCIDA in 2022. The number of disclosures between these institutions was comparable to those observed by NSIRA in prior years (see Annex C), indicating the occurrence of regular exchange over time.
NSIRA also observed regular patterns in the purpose and nature of the information exchanged between these institutions in 2022, as described in Table 2. These information exchanges were not governed by up-to-date information sharing arrangements.
Table 2: Nature of disclosures between the SCIDA’s most frequent users
GAC-to-CSIS (N=39)
IRCC-to-CSIS (N=56)
IRCC-to-CSE (N=59)
GAC information holdings relevant to threats to the security of Canada
Often (85%) made in direct response, or as a follow-up, to CSIS requests
IRCC information holdings relevant to threats to the security of Canada
Almost always (96%) made in response to CSIS requests
IRCC confirmation of Canadian status of named individuals of interest, required to ensure lawfulness of CSE operational activities
All (100%) made in response to CSE requests
NSIRA has previously recommended that information sharing arrangements be updated (for GAC and CSIS) or created (for IRCC and CSE) to govern certain information exchanges made under the SCIDA.
Recommendation 1: NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.
Record Keeping
Copy to NSIRA: Subsection 9(3)
Finding 2: NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.
Requests for information from NSIRA during the course of this review prompted the late production of additional records relating to paragraphs under subsections 9(1) or 9(2) from each of CBSA, DND/CAF, and IRCC (see Table 3).
Table 3: Number [and associated subsection 9(1) or 9(2) paragraph] of late records leading to non-compliance with subsection 9(3), by cause
Administrative Error
Delayed Preparation of Records
CBSA
2 [paragraph 9(1)(e)]
–
DND/CAF
–
2 [paragraphs 9(2)(e-g)]
IRCC
6 [paragraph 9(1)(e)]
1 [paragraphs 9(2)(e-g)]
CBSA and IRCC were non-compliant with subsection 9(3) due to administrative error; the records they eventually supplied had existed at the time of the reporting deadline, but were not copied to NSIRA as required.
NSIRA expected that all records would be prepared within 30 days after the end of the calendar year, in order to meet the subsection 9(3) requirement to provide a copy of those records to NSIRA within that timeframe.
DND/CAF and IRCC were non-compliant with subsection 9(3) on account of delayed preparation of records; they did not prepare the records referred to in Table 3 within 30 days after the end of the calendar year, and therefore did not provide a copy of them to NSIRA within the legislated timeframe.
NSIRA underscores the importance of administrative precision and timeliness in preparing records and copying them to NSIRA.
Format of Records
Finding 3: NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:
a row for each disclosure made or received;
columns explicitly tied to each individual paragraph under section 9; and
additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.
The SCIDA does not specify a format for records prepared under section 9. Accordingly, in 2022, GC institutions fulfilled their record-keeping obligations in different ways.
Most institutions provided NSIRA with an overview of each disclosure made or received. These overviews were submitted to NSIRA as spreadsheets that generally captured the information required in records under subsections 9(1) and 9(2).
Most institutions also provided NSIRA with a copy of the disclosure itself and a selection of related documents. These documents often included email consultations with legal services, disclosure request letters, and other correspondence between disclosing and recipient institutions. The scope of requests for information in the course of the review was minimized in cases where institutions provided such documents.
DND/CAF and IRCC (for its one disclosure receipt) were the only institutions that originally provided NSIRA with a copy of the raw disclosure, including transmittal details, in the absence of a record overview or other related documents.
NSIRA observed that DND/CAF and IRCC’s choice in records format for these disclosures contributed to their non-compliance with subsection 9(3), described in Table 3. The information elicited under paragraphs 9(2)(e-g) cannot by definition be found within a copy of the disclosure itself, as it relates to action taken by recipient institutions following the disclosure’s receipt. A copy of the disclosure on its own is therefore insufficient to comply with all requirements under subsection 9(2).
Both DND/CAF and IRCC were infrequent recipients of disclosures under the SCIDA in 2022, accounting for only two and one disclosures, respectively. Each of the more frequent recipients of information (CSE, CSIS, and RCMP) included express columns in their record overview spreadsheets to capture whether and, if applicable, when personal information was destroyed or returned, per the requirements of paragraphs 9(2)(e-g).
NSIRA also observed that CBSA and IRCC’s choice in records format contributed to their non-compliance with subsection 9(3) due to administrative error. These institutions did not account for the full scope of information required under paragraph 9(1)(e) in their record overview spreadsheets.
The information relied upon to satisfy the disclosing institution that a disclosure is authorized under the Act is not required to be conveyed within the disclosure itself. Completing an appropriately-specified record overview spreadsheet is therefore an effective way to ensure that the corresponding information is documented and conveyed to NSIRA ahead of the legislated deadline.
The RCMP’s record overview spreadsheet was particularly effective in demonstrating compliance with the Act. The spreadsheet included columns that were explicitly tied to individual paragraphs under section 9, with additional fields limited to RCMP administrative information such as file and database reference numbers.
Spreadsheets designed in this way enable institutions’ efficient self-assessment against the requirements of the Act. They also facilitate the task of review by clearly matching the information provided with its corresponding requirement under the SCIDA, and by organizing disclosures and receipts of information in a manner that supports cross-verification.
Recommendation 2: NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.
Preparing and Keeping Records: Subsections 9(1) and 9(2)
Finding 4: NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.
Finding 5: NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.
Although NSIRA expected an express statement describing the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under the SCIDA, in this review, NSIRA considered any records that demonstrated the corresponding assessment had been conducted.
IRCC n’a pas fait de déclaration expresse précisant que les communications demandées par le SCRS, qui représentent 57 % (n=54) de l’ensemble de ses communications, lui semblaient satisfaisantes du point de vue du critère de proportionnalité. En revanche, IRCC a fourni des copies des lettres de demande et de l’information communiquée en guise de réponse, ce qui confirme que la communication était manifestement conforme aux besoins précis de la demande (et donc témoigne d’une évaluation de la proportionnalité).
L’ASFC n’a pas fourni de déclaration expresse concernant sa satisfaction au regard du critère de proportionnalité pour 75 % (n=3) de ses communications. Elle a plutôt démontré qu’elle tenait compte du principe de proportionnalité en fournissant divers documents justificatifs, y compris de la correspondance interne.
La feuille de calcul utilisée par AMC pour donner une vue d’ensemble de ses documents a été particulièrement efficace pour répondre aux exigences de l’alinéa 9(1)e). L’analyse détaillée qu’elle a consignée en ce qui concerne les critères de contribution et de proportionnalité lui a permis de remplir ses obligations en matière de conservation des dossiers et de démontrer qu’elle respectait en substance le paragraphe 5(1).
Recommendation 3: NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
Disclosure of Information
Contribution and Proportionality Tests: Paragraphs 5(1)(a) and 5(1)(b)
Finding 6: NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.
Finding 7: NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.
The threshold for compliance with subsection 5(1) is that the disclosing institution has satisfied itself of the contribution and proportionality tests, and that it has done so prior to having made the disclosure.
In relation to the two disclosures that it made proactively to DND/CAF, GAC provided a rationale for the information’s contribution to DND/CAF’s mandate in respect of national security. Upon receipt of the information, however, DND/CAF did not agree with GAC’s assessment and therefore assessed that the SCIDA was not an appropriate disclosure mechanism in the circumstances.
Informal communication between the two institutions may have allowed DND/CAF and GAC to resolve this issue prior to the disclosure. When such communications occur, it is important that they be limited to the information necessary to confirm that the information contributes to the recipient’s mandate in respect of activities that undermine the security of Canada.
Recommendation 4: NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).
Statement Regarding Accuracy and Reliability: Subsection 5(2)
Finding 8: NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.
Finding 9: NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.
Providing the statement on accuracy and reliability in a cover letter for the disclosure satisfies the Act’s requirement to provide the statement at the time of disclosure. However, separating the statement from the information disclosed increases the risk that the information may be subsequently used without awareness of relevant qualifiers. The location of the statement on accuracy and reliability – and not just its contemporaneous provision to the recipient – is therefore relevant to its value added.
Recommendation 5: NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.
Requirement to Destroy or Return Personal Information: Subsection 5.1(1)
Finding 10: NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”
DND/CAF determined, upon receipt of the two disclosures it received from GAC, that the personal information contained within the disclosures should not be retained. The information, however, was not destroyed until April 2023 – 12 days following a request for information from NSIRA to provide a copy of records that set out whether and when the information had been destroyed or returned. The date of destruction was 299 and 336 days following DND/CAF’s receipt of each disclosure.
Taking into consideration the elapsed time between receipt of the information and its destruction, as well as DND/CAF’s timely conclusion that the information should not be retained, DND/CAF’s ultimate destruction of the information was non-compliant with the requirement to destroy the information “as soon as feasible after receiving it.” Its delay in this respect was also inconsistent with the responsible use and management of the information.
DND/CAF was the only institution to identify any disclosures as containing information that was destroyed or returned under subsection 5.1(1) in 2022. NSIRA did not identify any other disclosures within the sample for which personal information disclosed should have been destroyed or returned.
Purpose and Principles: Effective and responsible disclosure of information
Finding 11: NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.
These 34 disclosures include 29 for which there was a delay between the dates provided by disclosing and recipient institutions in their section 9 records, as well as an additional five for which CSIS reported both the date of administrative receipt within the institution and the subsequent date of receipt by the person designated by the head to receive it (i.e., the relevant operational unit).
NSIRA attributes most of these delays to expected dynamics in classified information sharing: the individual authorizing the disclosure is not always the same individual who administratively sends it to the recipient, and the person who administratively receives the disclosure is not always the same person who is designated by the head to receive it.
In the majority of cases, the observed delays were shorter than one week. In nine cases, however, the delay ranged from 30 to 233 days.
Such delays mean that information is not processed and actioned within the recipient institution until long after it was sent – or intended to be sent – by the individual authorizing the disclosure. While these delays do not amount to non-compliance with the SCIDA, they are inconsistent with the Act’s purpose and guiding principles.
Recommendation 6: NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.
4. Conclusion
The SCIDA’s requirements for disclosure and record keeping apply to both disclosing and recipient institutions in all cases where the SCIDA is invoked as a mechanism for disclosure. This review assessed GC institutions’ compliance with requirements for record keeping in respect of all 173 disclosures that were made and received in 2022. It assessed their compliance with requirements for disclosure in relation to a targeted sample of 19 disclosures.
NSIRA found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of disclosures. GC institutions’ non-compliance with subsection 9(3) was driven by irregularities in the reporting of 11 disclosures. Observed non-compliance with substantive requirements under subsection 5(2) related to three disclosures; and non-compliance with subsection 5.1(1) related to two disclosures. These instances of non-compliance do not point to any systemic failures in GC institutions’ implementation of the SCIDA.
Within this context, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. Of note, NSIRA’s requests for information in support of this review prompted corrective action by CBSA, DND/CAF, and IRCC that would have otherwise amounted to non-compliance with requirements under section 9.
NSIRA also observed several practices that, although compliant with the SCIDA, leave room for improvement. NSIRA’s recommendations in this review are designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.
Annex A. Record Keeping Obligations for Disclosing and Recipient Institutions
Obligation – disclosing institution
Obligation — recipient institution
9 (1) Every Government of Canada institution that discloses information under this Act must prepare and keep records that set out
(2) Every Government of Canada institution that receives information under this Act must prepare and keep records that set out
(a) a description of the information;
(a) a description of the information;
(b) the name of the individual who authorized its disclosure;
(b) the name of the institution that disclosed it;
(c) the name of the recipient Government of Canada institution;
(c) the name or position of the head of the recipient institution — or of the person designated by the head — who received the information;
(d) the date on which it was disclosed;
(d) the date on which it was received by the recipient institution;
(e) a description of the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under this Act; and
(e) whether the information has been destroyed or returned under subsection 5.1(1);
(f) if the information has been destroyed under subsection 5.1(1), the date on which it was destroyed;
(g) if the information was returned under subsection 5.1(1) to the institution that disclosed it, the date on which it was returned; and
(f) any other information specified by the regulations.
(h) any other information specified by the regulations.
Copy to National Security and Intelligence Review Agency
Within 30 days after the end of each calendar year, every Government of Canada institution that disclosed information under section 5 during the year and every Government of Canada institution that received such information must provide the National Security and Intelligence Review Agency with a copy of every record it prepared under subsection (1) or (2), as the case may be, with respect to the information.
Annex B. Sample of Disclosures
Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to the following parameters:
At least two disclosures per discloser-recipient pair, if available;
At least one proactive disclosure per discloser, if available;
At least one requested disclosure per recipient, if available;
All disclosures identified by recipient institutions as including personal information that was destroyed or returned under the SCIDA, subsection 5.1(1);
All disclosures for which there is a high-level discrepancy in the discloser and recipient records (i.e., a record of receipt, but no record of disclosure; a substantive misalignment in the description of the information; greater than seven days’ discrepancy in the date sent and received; date of receipt earlier than the date of sending);
All disclosures made by an institution that is not listed in Schedule 3 of the SCIDA; and
All disclosures received by institutions added to Schedule 3 in the preceding year.
Annex C. Overview of SCIDA Disclosures in Prior Years
Drawing on information published in previous NSIRA reports, Table 5 summarizes the number and distribution of disclosures made under the SCIDA in prior years.
Table 5: Number of SCIDA disclosures, by disclosing and recipient institution, 2019-2021
Designated Recipient Institutions
Disclosing Institution
CBSA
CFIA
CNSC
CRA
CSE
CSIS
DND/CAF
Finance
FINTRAC
GAC
Health
IRCC
PHAC
PSC
RCMP
TC
TOTAL (proactive)
2021
DND/CAF
–
–
–
–
–
2
–
–
–
–
–
–
–
–
–
–
2
GAC
–
–
–
–
–
41
–
–
–
–
–
1
–
–
2
–
44
IRCC
–
–
–
–
68
79
–
–
–
2
–
–
–
–
–
–
149
TOTAL
–
–
–
–
68
122
–
–
–
2
–
1
–
–
2
–
195
2020
CBSA
–
–
–
–
–
1
–
–
–
–
–
–
–
–
3
–
4
GAC
–
–
–
–
1
25
–
–
–
–
–
1
–
–
13
–
40
IRCC
–
–
–
–
60
61
–
–
–
–
–
–
–
–
37
1
159
RCMP
–
–
–
–
–
–
1
–
–
3
–
5
–
–
–
–
9
TC
–
–
–
–
–
–
–
–
–
–
–
–
–
–
2
–
2
Other
–
–
–
–
–
1
–
–
–
–
–
–
–
–
–
–
1
TOTAL
–
–
–
–
61
88
1
–
–
3
–
6
–
–
55
1
215
2019
CBSA
–
–
–
–
–
1
–
–
–
–
–
–
–
–
2
–
3
GAC
–
–
–
–
–
23
–
–
–
–
–
3
–
1
15
–
42
IRCC
–
–
–
–
5
17
1
–
–
–
–
–
–
–
36
–
59
RCMP
–
–
–
4
–
–
–
–
1
3
–
1
–
–
–
–
9
TC
–
–
–
–
–
–
–
–
–
–
–
–
–
–
1
–
1
TOTAL
–
–
–
4
5
41
1
–
1
3
–
4
–
1
54
–
114
Annex D. Findings and Recommendations
Findings
NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.
NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.
NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:
a row for each disclosure made or received;
columns explicitly tied to each individual paragraph under section 9; and
additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.
NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.
NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.
NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.
NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.
NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.
NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.
NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”
NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.
Recommendations
NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.
NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.
NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).
NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.
NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.
I am pleased to share the National Security and Intelligence Review Agency Accessibility Plan 2022 – 2025. This plan outlines the activities that are necessary to address barriers in priority areas identified in accordance with the Accessible Canada Act.
The National Security and Intelligence Review Agency (NSIRA) is committed to ensuring it is accessible to Canadians. Our objective is to identify and remove, as well as prevent, barriers to accessibility to the greatest extent possible. Accessibility is a work in progress and where barriers cannot be removed, we will take action to mitigate them. This inaugural accessibility plan outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years.
This plan was developed in consultation with NSIRA Secretariat managers, subject matter experts, and employees who volunteered to share their experience as persons with a disability. Consultations also included an external panel of resources whose lived experience as persons with a disability provided an invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies.
It is slightly more than three years since NSIRA came into existence. Much has been accomplished in that time, however, there is still much to do to ensure accessibility in all aspects of the Agency’s work. This plan is an essential first step towards achieving this objective.
John Davies Executive Director
General
The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat will monitor feedback to evaluate progress and to determine its future accessibility plans.
To request a copy of the accessibility plan or a description of the feedback process in an alternate format, or to provide feedback about NSIRA’s accessibility plan and any barriers encountered in dealing with NSIRA, please contact the undersigned by mail, telephone, or e-mail.
Chief of Staff, Executive Director’s Office National Security and Intelligence Review Agency Secretariat P.O. Box 2430, Station “B” Ottawa, Ontario, K1P 5W5
The National Security and Intelligence Review Agency (NSIRA) is committed to ensuring it is accessible to Canadians. Our objective is to identify and remove, as well as prevent, barriers to accessibility to the greatest extent possible. Accessibility is a work in progress and where barriers cannot be removed, we will take action to mitigate them. This inaugural accessibility plan outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years.
As a micro-organization of fewer than 100 full-time equivalents and not having in-house expertise, the NSIRA Secretariat engaged the services of an external consultant to conduct an accessibility assessment. The consultant was charged with examining NSIRA’s policies, programs, practices and services in relation to the identification and removal of barriers, and the prevention of new barriers in the areas described in section 5 of the ACA, i.e., employment; the built environment; information and communication technologies (ICT); communication other than ICT; the procurement of goods, services and facilities; the design and delivery of programs and services; and transportation.
The consultant gathered relevant information by reviewing documents, examining NSIRA’s public-facing website, and engaging with a variety of stakeholders by means of interviews and focus group discussions. Consultations also included an external panel of resources whose lived experience as persons with a disability provided an invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies.
Several issues surfaced through the consultant’s research and consultations. The issues included the need to:
improve education and awareness about accessibility among NSIRA’s workforce;
integrate accessibility in respect of information, communication, employment, the built environment, and programs and services; and
work collectively to become “inclusive by design and accessible by default”.
The following pages provide some insight into NSIRA’s context and describe the actions that NSIRA will take with respect to the seven areas identified in the ACA.
Context
The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body that reports to Parliament. NSIRA reviews Government of Canada national security or intelligence activities to assess whether they are lawful, reasonable, and necessary and reports accordingly. NSIRA investigates complaints from members of the public regarding activities of the Canadian Security Intelligence Service and the Communications Security Establishment, as well as the national security activities of the Royal Canadian Mounted Police and decisions by deputy heads to deny or revoke a security clearance. In addition, NSIRA investigates complaints that are closely related to national security referred by the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC), matters referred by the Canadian Human Rights Commission (CHRC) and certain reports made to NSIRA under the Citizenship Act. This independent scrutiny contributes to strengthening the framework of accountability for national security or intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.
The National Security and Intelligence Review Agency Secretariat is a separate agency identified in Schedule V of the Financial Administration Act (FAA) and is not a part of the core public administration. Treasury Board of Canada policies with respect to financial management, procurement, communications, information management and technology, amongst others, apply to the NSIRA Secretariat. With respect to human resources, the Executive Director is the employer, whose authorities are derived from the National Security and Intelligence Review Agency Act (sections 42 through 47) and subsection 12(2) of the FAA.
Under the ACA and the Accessible Canada Regulations, federally regulated entities must report to the public on their policies and practices in relation to the identification and removal of barriers by publishing their accessibility plans, feedback processes and progress reports. Each department, agency and federally regulated employer is also required to develop an accessibility plan and report on progress made against this plan annually starting in December 2023.
Priority areas and action plan
The following describes NSIRA’s plan to improve accessibility by acting on three fronts:
Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
Ensuring Canadians have access to NSIRA’s publications and services.
Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.
A table summarizing the priority areas and action plan can be found at Appendix A.
1. Employment
The National Security and Intelligence Review Agency comprises up to seven members appointed by Order-in-Council. The Executive Director, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate. The NSIRA Secretariat is identified in Schedule V, Separate Agencies, of the Financial Administration Act. It is not subject to the Public Service Employment Act, with the exception of Part 7 dealing with political activities. It has fewer than 100 employees who work primarily out of two locations in the National Capital Region. At the present time, staff work on-site and/or telework.
NSIRA is committed to removing and preventing barriers to recruitment, retention, and the promotion of persons with disabilities. Accessibility accommodations are established in accordance with the duty to accommodate under the Canadian Human Rights Act (CHRA). Additionally, they are fulfilled in accordance with Treasury Board policies on financial management, government security, procurement, etc.
Through the accessibility assessment, gaps were identified with respect to employment, notably that there is no written accommodation process for employees with disabilities, and that staff at all levels have limited access to and familiarity with accessibility requirements, resources and information.
Actions
Ensure that recruitment and selection processes are accessible.
Provide Human Resources (HR) staff and hiring managers with training in accessibility best practices.
Review past recruitment and selection practices to identify and prevent future barriers.
Ensure that all recruitment and staffing material, and communications with candidates clearly identify accessibility/accommodation options.
Seek feedback from candidates about the effectiveness of accommodation measures in selection processes.
Formalize and communicate an accommodation process for employees with disabilities.
Consult employees to identify barriers and gaps in workplace accommodations.
Consult other organizations to increase awareness of accessibility and to seek individualized accommodation strategies for employees.
Identify mechanisms to reduce wait times for workplace accommodations.
Increase awareness for staff at all levels on accessibility issues.
Provide all staff with training on accessibility awareness and sensitivity.
Provide enhanced training to executives, managers, and subject matter experts relative to their role, e.g., training on Web Content Accessibility Guidelines (WCAG) for IT staff.
Incorporate accessibility awareness generally and information about accommodation measures specifically in new employee orientation and on-boarding.
Review the NSIRA Secretariat’s Human Rights, Accessibility, Employment Equity, Diversity, and Inclusion Plan, Human Resources Management Policy, and Terms and Conditions of Employment Policy and revise as necessary to ensure overall coherence.
2. Built Environment
The National Security and Intelligence Review Agency occupies several locations in the National Capital Region. At the present time, staff work on-site and/or telework. Hearings/investigative interviews and inter-organizational meetings are held on-site.
NSIRA recognizes the importance of an accessible built environment. As such, NSIRA will continue to work with employees, building owners, and key partners to achieve the highest level of accessibility within the current location(s).
Through the accessibility assessment barriers were identified in the built environment including heavy doors without automatic door openers; air-locks between doors; tripping hazards; narrow corridors that limit access; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights for various safety and security reasons, but does not emit an audible alarm; no control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers are tied to the requirements of the Treasury Board Policy on Government Security and other policies, which apply to the NSIRA Secretariat, but for which it is not the author.
Actions
Identify, remove, prevent and/or mitigate barriers in the built environment.
Conduct a full assessment of accessibility barriers in the built environment(s) in conjunction with Public Services and Procurement Canada (PSPC), the Communications Security Establishment (CSE), and persons with disabilities.
Develop an action plan to remove and/or mitigate barriers, e.g., text to voice platforms, audible and visual alerts, signage, etc.
Establish in consultation with partners an accessibility/duty to accommodate process for medical/assistive devices within the on-site workspace.
Ensure alternative arrangements are available to anyone needing accessibility accommodations prior to attending a site or office.
Review, revise and document building emergency evacuation procedures and training with an accessibility lens, in collaboration with the building senior officer’s security team.
Contribute to making security program information and facilities accessible by default.
Review forms, tools and services to identify barriers for persons with disabilities.
Collaborate with policy centers (including CSE, TBS, DND) to develop and implement accessible alternatives.
Establish an inclusive and nimble on-boarding and off-boarding process, including in-person training for operating within the on-site workspace.
Revise training and awareness to ensure accessibility.
3. Information and Communication Technologies (ICT)
The NSIRA websites, both intranet and internet, are the main vehicles for sharing information internally and with the public. The internet is also the main option for members of the public to access the complaints process, including information about the process and the required forms to file complaints.
Staff use a variety of software and tools to carry out their daily responsibilities, both while working on-site and while teleworking.
Several barriers were identified with respect to information and communication technologies (ICT). First and foremost is that neither the intranet, nor the internet are fully accessible. None of the documents shared via the intranet or the internet were designed with accessibility in mind, although features exist within the available software. There is no option for a person to bring a complaint through any means other than by completing a templated form and there is no TTY or similar alternative for a person with a hearing impairment to engage with the Registrar.
Actions
Ensure NSIRA’s public-facing website and internal ICT platforms (e.g., Sharepoint libraries) adhere to all accessibility standards and are compliant to WCAG 2.0 AA at a minimum.
Review and revise current publications.
Develop a lifecycle review plan to modify accessibility of document previously published by NSIRA.
Ensure major corporate ICT inventory (i.e., systems, hardware and software) is accessible.
Review existing inventory to identify accessibility barriers and gaps.
Develop plans to resolve, mitigate and prevent accessibility barriers in consultation with key partners, including increasing awareness of accessibility requirements.
Ensure that future ICT systems, hardware and software meet the leading accessibility standards and function with adaptive technologies.
Build awareness among all NSIRA staff about accessibility requirements, tools and options.
Provide training for staff at all levels about creating accessible documents and using other accessibility features available through ICT (e.g., text to voice options, tools for virtual meetings, etc.)
Provide enhanced accessibility training to those responsible for publications, reports and web content.
Ensure that persons with disabilities can participate fully in the complaints process.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Incorporate digital tools to enhance accessibility.
4. Communications other than ICT
The purpose of NSIRA’s review function is to ascertain facts after careful examination to develop findings and recommendations that inform accountability. NSIRA’s findings and recommendations are communicated to the implicated departments and agencies, as well as the responsible minister. NSIRA’s Annual Report, summarizing and contextualizing its review work from the previous year is provided to the Prime Minister and tabled in Parliament. Unclassified versions of each review report and the Annual Report are published on NSIRA’s website. In this way, review by NSIRA informs the broader deliberation – fundamental in a free and democratic society – about the means, lengths and laws by which national security or intelligence activities are carried out.
Several barriers were noted with respect to communication for staff and members of the public including no existing process to provide alternate formats and communication supports upon request; technical or sector-specific language in public-facing documents and reports; lack of guidance or established procedures for use of closed captioning, sign language interpretation, or TTY for persons with a hearing disability.
Actions
Ensure that all communications are accessible for staff, stakeholders and members of the public.
Review existing practices, tools, and systems to remove, resolve, mitigate and prevent barriers.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Put in place arrangements for services to support communications such as sign language interpretation, Braille printing, etc.
Build awareness among all NSIRA staff about accessible communication requirements, tools and options.
Provide training for staff at all levels about accessible communication and using accessibility features such as closed captioning for meetings and events, alternate formats such as large print, Braille, audio or electronic formats.
Provide enhanced accessibility training to those responsible for publications, reports, meetings and events.
5. Procurement of Goods, Services and Facilities
The NSIRA Secretariat procures goods, services and facilities in accordance with the policies and processes established by Public Services and Procurement Canada, Treasury Board of Canada, and other key partners.
No barriers were identified with respect to the procurement of goods, services and facilities. Nonetheless the NSIRA Secretariat has noted that improvements are needed to ensure “accessibility by design” in procurement practices.
Actions
Ensure that procurement practices, processes and outcomes support an accessible workplace and accessible programs, and services.
Provide training for cost centre managers and staff about integrating accessibility considerations into procurement processes and practices.
Provide enhanced accessibility training to those responsible for procurement.
Review practices and processes and revise as appropriate to ensure compliance with Accessible Procurement principles, e.g., accessibility requirements incorporated in contracts, documentation, etc.
Assess the feasibility of incorporating standard requirements for procurement practices and processes, e.g., templates for scope-of-work documentations, evaluation criteria, contracts etc.
6. Design and Delivery of Programs and Services
An important part of NSIRA’s mandate is to investigate public complaints related to any activity carried out by the Canadian Security Intelligence Service (CSIS) and the Communication Security Establishment (CSE), as well as complaints relating to the denial or revocation of security clearances. In addition, NSIRA investigates complaints that are closely related to national security referred by the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC), matters referred by the Canadian Human Rights Commission (CHRC) and certain reports made to NSIRA under the Citizenship Act. By law, every investigation is conducted in private.
Ensuring that Canadians with disabilities can participate in these processes fully is integral to NSIRA’s investigations. NSIRA’s Rules of Procedure do not provide accessibility options to accommodate the needs of persons with disabilities at all stages of the complaint process, while also complying with the necessary security requirements.
Actions
Ensure that NSIRA’s programs and services are inclusive and accessible, while protecting privacy, meeting necessary security requirements and safeguarding sensitive information.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Ensure that accessibility is integrated in the approval process for new programs, activities or services.
7. Transportation
This priority area does not apply to the National Security and Intelligence Review Agency. As such no barriers or actions were identified.
Consultations
One of the guiding principles of the Government of Canada’s accessibility strategy is the statement “Nothing without us” which affirms that persons with disabilities must be involved in the design and implementation of this plan. Persons with disabilities offer a unique and valuable perspective and our goal is to ensure that we do not have any barriers that prevent their full participation in the workplace and that of those whom we serve.
All staff were invited to participate in the consultation process with a focus on engaging persons with a disability, regardless of whether they had previously identified as such. Subject matter experts, managers and employees with a disability were consulted in facilitated focus groups or individual interviews, which were conducted in either or both official languages.
Internal stakeholders with knowledge of employment practices, procurement, facilities, digital resources, communications, and the design and delivery of goods and services, were consulted. Questions regarding accessibility barriers, current accommodation practices, and priorities for remediation were discussed and responses have been used to inform this plan.
The input provided by subject matter experts, managers and employees was essential to identifying the barriers and gaps described in this plan and to developing actions to enable NSIRA to become a more inclusive and accessible organization.
In addition, the draft accessibility plan was reviewed by the consultant’s standing Accessible Canada Act Review Committee. Review Committee members are individuals with a variety of lived experience with disabilities, and knowledge of a range of accessibility issues. The five-member committee consists of members who self-identify with a disability including mobility, vision, learning disability, mental health disability, and hearing loss.
Committee members were provided an overview of the functions at NSIRA and an advance copy of the draft accessibility plan. Members provided comments on the plan format and readability, accessibility actions as outlined in the plan, suggested timelines for actions, and specific barriers that could be encountered. Committee feedback has been incorporated into this approved plan.
Implementation, monitoring and reporting
To ensure that accessibility remains a priority, the Accessible Canada Act and the Accessible Canada Regulations require that regulated entities prepare and publish annual progress reports on the implementation of their accessibility plans. Like the accessibility plan, progress reports must be prepared in consultation with persons with disabilities and describe the manner of the consultations. The progress reports must also include any feedback that NSIRA receives and describe how that feedback was taken into consideration. NSIRA’s first progress report will be published 12 months after the publication of this first accessibility plan, in December 2023. It will include updates with respect to the actions that NSIRA has taken.
In accordance with the regulations, NSIRA will publish an updated plan every three (3) years, starting in December 2025.
Glossary
Barrier: means anything—including anything physical, architectural, technological or attitudinal, anything that is based on information or communications or anything that is the result of a policy or a practice—that hinders the full and equal participation in society of persons with an impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment or a functional limitation.
Disability: means any impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment—or a functional limitation—whether permanent, temporary or episodic in nature, or evident or not, that, in interaction with a barrier, hinders a person’s full and equal participation in society.
Information and Communication Technology (ICT): is an extensional term for information technology (IT) that stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals) and computers, as well as necessary enterprise software, middleware, storage and audiovisual, that enable users to access, store, transmit, understand and manipulate information.
Web Content Accessibility Guideline (WCAG): the Web Content Accessibility Guidelines (WCAG) are part of a series of web accessibility guidelines published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C), the main international standards organization for the Internet. They are a set of recommendations for making Web content more accessible, primarily for people with disabilities.
APPENDIX A – SUMMARY OF PRIORITY AREAS AND ACTION PLAN
PRIORITY AREAS AND ACTIONS
LEAD BRANCH
TARGET FOR COMPLETION
1. EMPLOYMENT
a) Ensure that recruitment and selection processes are accessible.
Provide Human Resources (HR) staff and hiring managers with training in accessibility best practices.
Review past recruitment and selection practices to identify and prevent future barriers.
Ensure that all recruitment and staffing material and communications with candidates clearly identify accessibility/accommodation options.
Seek feedback from candidates about the effectiveness of accommodation measures in selection processes
Corporate Services Branch
2023-24 and ongoing
b) Formalize and communicate an accommodation process for employees with disabilities.
Consult employees to identify barriers and gaps in workplace accommodations.
Inform employees about the Government of Canada Workplace Accessibility Passport and implement on a voluntary basis.
Consult other organizations to increase awareness of accessibility and to seek individualized accommodation strategies for employees.
Identify mechanisms to reduce wait times for workplace accommodations.
Corporate Services Branch
2023-24 and ongoing
c) Increase awareness for staff at all levels on accessibility issues.
Provide all staff with training on accessibility awareness and sensitivity.
Provide enhanced training to executives, managers, and subject matter experts relative to their role, e.g., training on Web Content Accessibility Guidelines for IT staff.
Incorporate accessibility awareness generally and information about accommodation measures specifically in new employee orientation and on-boarding.
Corporate Services Branch
2023-24 and ongoing
d) Review the NSIRA Secretariat’s Human Rights, Accessibility, Employment Equity, Diversity, and Inclusion Plan, Human Resources Management Policy, and Terms and Conditions of Employment Policy and revise as necessary to ensure overall coherence.
Corporate Services Branch
2023-24 and ongoing
2. BUILT ENVIRONMENT
a) Identify, remove, prevent and/or mitigate barriers in the built environment.
Conduct a full assessment of accessibility barriers in the built environment(s) in conjunction with Public Services and Procurement Canada (PSPC), the Communications Security Establishment (CSE), and persons with disabilities.
Develop an action plan to remove and/or mitigate barriers, e.g., text to voice platforms, audible and visual alerts, signage, etc.
Establish in consultation with partners an accessibility/duty to accommodate process for medical/assistive devices within the on-site workspace.
Ensure alternative arrangements are available to anyone needing accessibility accommodations prior to attending a site or office.
Review, revise and document building emergency evacuation procedures and training with an accessibility lens, in collaboration with the building senior officer’s security team.
Corporate Services Branch
2023-24
2023-24
2024-25
2023-24
2023-24
b) Contribute to making security program information and facilities accessible by default.
Review forms, tools and services to identify barriers for persons with disabilities.
Collaborate with policy centers (including CSE, TBS, DND) to develop and implement accessible alternatives.
Establish an inclusive and nimble on-boarding and off-boarding process, including in-person training for operating within the on-site workspace.
Revise training and awareness to ensure accessibility.
Corporate Services Branch
2025-26
2025-26
2023-24
2023-24
3. INFORMATION AND COMMUNICATION TECHNOLOGIES (ICT)
a) Ensure NSIRA’s public-facing website and internal ICT platforms (e.g., Sharepoint libraries) adhere to all accessibility standards and are compliant to WCAG 2.0 AA at a minimum.
Review and revise current publications.
Develop a lifecycle review plan to modify accessibility of previously published NSIRA documents.
Corporate Services Branch
2023-24 and ongoing
b) Ensure major corporate ICT inventory (i.e., systems, hardware and software) is accessible.
Review existing inventory to identify accessibility barriers and gaps.
Develop plans to resolve, mitigate and prevent accessibility barriers in consultation with key partners, including increasing awareness of accessibility requirements.
Ensure that future ICT systems, hardware and software meet the leading accessibility standards and function with adaptive technologies.
Corporate Services Branch
2023-24 and ongoing
c) Build awareness among all NSIRA staff about accessibility requirements, tools and options.
Provide training for staff at all levels about creating accessible documents and using other accessibility features available through ICT (e.g., text to voice options, tools for virtual meetings, etc.)
Provide enhanced accessibility training to those responsible for publications, reports and web content.
Corporate Services Branch
2023-24 and ongoing
d) Ensure that persons with disabilities can participate fully in the complaints process.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Incorporate digital tools to enhance accessibility.
Investigations
Corporate Services Branch
2023-24 and ongoing
4. COMMUNICATIONS OTHER THAN ICT
a) Ensure that all communications are accessible for staff, stakeholders and members of the public.
Review existing practices, tools, and systems to remove, resolve, mitigate and prevent barriers.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Put in place arrangements for services to support communications such as sign language interpretation, Braille printing, etc.
Executive Director’s Office
Investigations
Corporate Services Branch
2022-23 and ongoing
2023-24 and ongoing
b) Build awareness among all NSIRA staff about accessible communication requirements, tools and options.
Provide training for staff at all levels about accessible communication and using accessibility features such as closed captioning for meetings and events, alternate formats such as large print, Braille, audio or electronic formats.
Provide enhanced accessibility training to those responsible for publications, reports, meetings and events.
Corporate Services Branch
2023-24 and ongoing
5. PROCUREMENT OF GOODS, SERVICES AND FACILITIES
a) Ensure that procurement practices, processes and outcomes support an accessible workplace and accessible programs, and services.
Provide training for cost centre managers and staff about integrating accessibility considerations into procurement processes and practices.
Provide enhanced accessibility training to those responsible for procurement.
Review practices and processes and revise as appropriate to ensure compliance with Accessible Procurement principles, e.g., accessibility requirements incorporated in contracts, documentation, etc.
Assess the feasibility of incorporating standard requirements for procurement practices and processes, e.g., templates for scope-of-work documentations, evaluation criteria, contracts etc.
Corporate Services Branch
2022-23 and ongoing
6. DESIGN AND DELIVERY OF PROGRAMS AND SERVICES
a) Ensure that NSIRA’s programs and services are inclusive and accessible, while protecting privacy, meeting security requirements and safeguarding sensitive information.
Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
Ensure that accessibility is integrated in the approval process for new programs, activities or services.
Review of the Canadian Forces National Counter-Intelligence Unit: Backgrounder
Review of the Canadian Forces National Counter-Intelligence Unit
Backgrounder
Review Backgrounder
This review focused on one aspect of the Department of National Defence / Canadian Armed Force’s (DND/CAF) intelligence activities: The Canadian Forces National Counter-Intelligence Unit (CFNCIU, or the Unit). The review was selected given that it is consistent with NSIRA’s emphasis on conducting a series of safeguarding reviews over the next few years.
The review examined CFNCIU’s domestic efforts at investigating Counter Intelligence (Cl) threats posed to DND/CAF, the rationale used by CFNCIU for justifying investigations, and the associated activities that transpire once this determination is made.
NSIRA reviewed the Unit’s case files, interviewed CFNCIUFIQ staff, detachment investigators and other internal stakeholders, as well as key senior officers with the aim of understanding CFNCIU’s contribution to Cl and insider-threat scenarios within DND/CAF. Based on the assessment of this information, NSIRA made several findings and recommendations to improve how intelligence is derived from investigations and conveyed to government decision-makers.
It is important to note that since inception of the Unit in 1997, the CFNCIU has been the subject of ten internal studies, each of which have identified the Unit as having suffered from resource and policy limitations (among others), resulting in an inability to fully meet its mandate. This review does not significantly depart from these previous assessments.
Our team is working on an HTML version of this content to enhance usability and compatibility across devices. We aim to make it available in the near future. Thank you for your patience!
The Avoiding Complicity in Mistreatment by Foreign Entities Act (Avoiding Complicity Act or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated or not. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, September 4, 2019, to the end of the previous calendar year, December 31, 2019. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Act.
While this was the inaugural annual review under the NSIRA Act, it builds upon previous work in this area undertaken by NSIRA and its predecessor SIRC. NSIRA’s review on the 2017 Ministerial Direction on information sharing with Foreign Entities is an example. The results from this previous review were sent to applicable departments in July 2020. NSIRA is building upon this previous review and strongly supports the findings and recommendations within it. As of the date of this report, departmental responses have not been received regarding the recommendations provided in NSIRA’s July 2020 Ministerial Direction review.
(U) It was essential to ensure that both NSIRA and the departments being reviewed met their obligations under the Avoiding Complicity Act and the NSIRA Act. The approach used to gather information during a global pandemic was purposely designed for this first and unique review period.
To capture a complete view on the departmental implementation, NSIRA requested information that related directly to every department’s specific obligations under the Act and the directions. The responses and associated information captured departmental activities related to the Act during the review period, and what procedures, policies, tools, etc. (frameworks) were leveraged to support these activities. NSIRA believes that having a robust framework is an essential part of an effective implementation of the directions departments have received.
Beyond the specific requirements of implementation, the information provided by the departments also helped to identify gaps, considerations for best practices, and the work departments have undertaken since the review period to build and formalize their frameworks. This information and knowledge will help set up the foundation for future reviews and assist efforts on creating consistent implementation across departments. While many of the issues discussed in this report go beyond the specific requirements of the directions, their consideration is critical to the overall improvement of the implementation process and how departments ultimately support the Act. No case studies were undertaken for this review. However, the information gathered has helped establish a baseline for overarching issues the community is facing. Building on this, future reviews will begin to examine specific sharing framework challenges and questions and look closely at specific cases and departmental legal opinions to guide review findings.
While NSIRA was pleased with the considerable efforts made by many departments new to the Avoiding Complicity Act in building up their supporting frameworks, it was clear during this review that departments are employing very different approaches to guide their information handling activities. The responses received demonstrate various inconsistencies across the departments. Having a consistent and coordinated approach when addressing the concerns related the Act is not a requirement for implementation, however, NSIRA believes that there is value in such an approach. And while departments will always require unique aspects in their sharing frameworks to address the unique characteristics of their mandates and activities, to improve the implementation process, a goal all involved likely have, the identification and sharing of best practices is critical.
For example, determining the best means for having a unified approach when engaging with foreign entities of concern or ensuring that an information sharing activity is consistently evaluated for risk by all departments. The recommendations provided on these issues in this review capture what NSIRA believes to be important concerns and considerations for supporting and improving departmental implementation.
Additionally, as the directives received under the Act do not describe the specific means by which departments ‘implement’ them, it is incumbent on the community to ensure that they have sufficiently robust frameworks and programs in place to fully support an assertion of implementation. Therefore, the information gathered during this review went beyond a strict assessment of implementation, but also considered the aspects required to better support this implementation. Going forward, this approach will help establish the foundation for subsequent reviews. Drawing on the findings and concerns identified here, NSIRA will continue to consider aspects that will ultimately improve underlying frameworks, thereby supporting an improved implementation of the Act across the community.
Authorities
This review was conducted under subsection 8(2.2) of the NSIRA Act, which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Avoiding Complicity Act.
Introduction
Focus of the Act
In the same spirit as the Ministerial Direction (MD) that preceded it, the Avoiding Complicity Act and its associated directions seek to prevent the mistreatment of any individual due to the exchange of information between a Government of Canada department and a foreign entity. The Act also aims to limit the use of information received from a foreign entity that may have been obtained through the mistreatment of an individual. While the previous MD guided the activities of a selection of Canada’s security and intelligence departments, the Act broadened this scope to capture all departments whose interactions with foreign entities included information exchanges where such a concern may apply.
The focus of the Act is to ensure departments take the necessary steps during their information sharing activities to avoid contributing in any way to the mistreatment of an individual. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. There is an expectation that each department will satisfy these requirements by leveraging departmentally established mechanisms and procedures, or frameworks that will allow each department to confidently demonstrate how it has responded to its responsibilities under the Act.
During the first year that the Act was in force, written directions using nearly identical language were sent to the Deputy Heads of 12 departments. In regard to disclosure, the directions read as follows: “If the disclosure of information to a foreign entity would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not disclose the information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.”
With respect to requesting information, the directions state: “If the making of a request to a foreign entity for information would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not make the request for information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.”
Lastly, as it relates to the use of information, the directions indicate: “The Deputy Head must ensure that information that is likely to have been obtained through the mistreatment of an individual by a foreign entity is not used by the Department
(a) in any way that creates a substantial risk of further mistreatment;
(b) as evidence in any judicial, administrative or other proceeding; or (c) in any way that deprives someone of their rights or freedoms, unless the Deputy Head or, in exceptional circumstances, a senior official designated by the Deputy Head determines that the use of the information is necessary to prevent loss of life or significant personal injury and authorizes the use accordingly.”
At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated or not. This determination is done on a case-by-case basis. Each department is responsible for making these determinations as it applies to its activities. Following the outcome of a department’s determination of these important questions, cases may be approved, denied, or elevated to the Deputy Head for consideration. For the latter cases, this then results in additional reporting requirements for the Deputy Head. Throughout this process, there is also a requirement to ensure the accuracy, reliability, and limitations of use of all information being handled.
Review Objectives
After the Avoiding Complicity Act came into force in July 2019, the Governor in Council’s written directions were sent to each applicable department in September 2019. The period for this year’s review is September 4, 2019 to December 31, 2019. The short timeframe (approximately 4 months) associated with this year’s review means that departments are being assessed, in large part, on what they would already have had in place to address risks of mistreatment associated with information sharing, or what they were able to implement in a four-month window. NSIRA is cognizant that for the departments that were not previously subject to the 2017 MD on Avoiding Complicity in Mistreatment by Foreign Entities, the timeframe to implement the written directions was somewhat limited, as it would have been challenging to create and operationalize new procedures such that they would be reflected in the department’s activities during the period being reviewed.
While it was essential to ensure that both NSIRA and the departments being reviewed met their obligations, these challenges were kept in mind when evaluating the objectives for this first review. Given these considerations, the objectives of this year’s review were to determine whether:
departments had fully implemented the directions received under the Act in conformity with the obligations set out therein;
departments had established and operationalized frameworks that sufficiently enabled them to meet the obligations set out in the Act and directions; and,
there was consistency in implementation across applicable departments.
Methodology and assessment focus
To capture a complete view of the departmental implementation of the Act, NSIRA constructed a series of questions related directly to every department’s obligations under the Act and the directions. The responses and associated information captured what specific activities took place during the review period and what departmental frameworks were leveraged to adequately support these activities.
The information provided by the departments also helped to identify gaps, considerations for best practices, and the work departments have undertaken to build and formalize their frameworks to meet their obligations under the Act and directions. The information provided and the knowledge gained will help set up the foundation for future reviews and help create consistent implementation across departments.
The method used to gather information during a global pandemic was designed for this first and unique review period. We believe it allowed departments to quickly and efficiently indicate both whether the directions had been implemented, and what frameworks, processes, and policies had been leveraged or put in place.
Responses to many of the RFI questions were simply yes/no answers. Often, answers were dependent on what information handling activities took place with foreign entities by the department during the review period. As such, a number of questions could be returned with ‘not applicable’, and this was an acceptable response. Many of the questions were related to specific and easily defined requirements under the Act and its associated directions, e.g. ‘was a report submitted to the Minister?’ or ‘Did the Deputy Minister inform the applicable bodies of all their decision made under the act?’.
Other questions were designed to capture the details of the underlying processes that supported a department’s implementation, i.e. a department may indicate that they ensured no substantial risk of mistreatment was present in any of their information sharing activities, but how did they support this claim? Likewise, for an assertion that a possible substantial risk of mistreatment had been mitigated, what was in place that allowed a department to make this assertion? Therefore, this series of questions required sufficiently detailed responses to fully capture what a department had in place that allowed it to confidently state that it has met its implementation obligations under the Act and the issued directions.
Finally, a portion of the questions was intended to capture the level of uniformity in implementation across departments. This includes such things as country/entity assessments, triage practices, and record keeping. Much of this information will also help with recommendations going forward. This multi-faceted approach resulted in three main areas being evaluated to assess implementation for this review period and help set the groundwork for future reviews.
Departments have clear and comprehensive frameworks, policies, and guidelines such that they can demonstrate how they have fully implemented the directions under the Act.
All reporting requirements associated with both the Act and its applicable directions have been met.
Differences or gaps associate with areas such as country/entities assessments, record keeping, case triage, etc., such that consistent implementation across departments would be challenging.
Summary of the results table
The table in Annex A captures a summary of both the departmental responses to the implementation questions and NSIRA’s assessment regarding these responses. The assessment was based on the associated details provided by departments in the context of the specific information requested. As explained above, many of the responses were returned as not applicable (n/a). Since many implementation requirements are connected to specific activities, the absence of such activities would mean that the requirement does not come into play. The best example of this for the current review is the absence of any Deputy Minister level determinations. All 12 departments indicated that they did not have any cases referred to the Deputy Minister level for determination. All additional reporting requirements associated with this level of decision were not applicable and thus considered satisfied.
If a specific requirement was not met, it was flagged. The relatively few instances of this were connected with departments not meeting certain reporting obligations under the Act. In all cases, the department involved pre-identified these missing requirements and indicated that efforts were underway to address them.
The concerns and findings captured in the table (and others) are discussed subsequently. A concern was flagged in two situations: where there was an uncertainty associated with a department’s ability to support their implementation requirements; and cross-cutting issues related to general aspects of all of the frameworks described, both of which led to the findings and recommendations proposed.
Findings and Recommendations
Realities of Implementation for 2019
A challenge for departments for this first review was associated with one of the assessment items listed above, i.e. whether they had established frameworks to demonstrate how they supported the implementation of the directions they received.
With the Avoiding Complicity Act coming into force in July 2019, it was not feasible that departments would create and stand-up new frameworks for information exchanges in time for the period being reviewed. Although the Act did specify several Deputy Heads that were to receive directions, it only included those who received the previous 2017 MD. The remaining new departments received their directions in September 2019. Regardless of this two-month difference, each department would have been required to rely on, to some extent, existing procedures when handling information sharing with foreign entities during the review period.
This put the departments that had previously formalized policies and processes at an advantage when implementing the directions. For those departments who were not subject to the previous 2017 MD on information sharing, NSIRA considered how they leveraged and adjusted what was already in place to respond to their new responsibilities under the Act. What we then expected to see, for all departments, was what subsequent steps were taken during the review period and afterwards, to either adjust or create frameworks to better meet implementation requirements going forward. NSIRA noted that in response to questions on frameworks for handling information and mitigating risk, several of the departments new to the considerations of the Act provided extensive detail on their efforts and progress on building out their frameworks to support the directives. References to having these frameworks formalized over the subsequent year were also encouraging.
Finding no. 1: NSIRA found that several departments, new to the considerations of the Act, described considerable progress being made during the review period and afterwards to build out formalized frameworks to support implementation.
Importance of establishing operational framework
As discussed, having fully established operational frameworks in place for this review period may not have been feasible for the departments that did not previously have processes to support their activities. This, however, did not exempt a department from the requirements of implementation. Each department was still expected to leverage what it currently had in place to properly address the concerns associated with the Avoiding Complicity Act. Furthermore, there was a logical follow-on expectation that departments would take subsequent steps to build out formal frameworks to address any perceived gaps to support the implementation of the Act going forward if necessary.
After reviewing the responses received, NSIRA is concerned that departments with minimal information sharing activities taking place during their operations have yet to address the necessity of having a robust framework in place, regardless of how often that framework is leveraged. For example, although PS and TC may primarily act as facilitators or coordinators for information exchanges on specific programs, they are still interacting with foreign entities, and therefore are required to fully assess their interactions with a foreign entity in this regard.
If a department without a formal framework assesses that it has few or no cases associated with the Act, then it may believe it is adequately positioned to address any sharing concerns should they arise. This, however, is not the case. Even single instances of information exchange in which the concerns of the Act may apply require a framework to support it properly. In many cases, it will be the framework itself that properly identifies whether a sharing activity raises concerns under the Act. If there is no formal process in place, then this identification becomes problematic. Simply saying that there are no cases or activities associated with the Act is not sufficient. That determination can only be made after a sharing activity is scrutinized through the lens of a robust framework. Going forward, all departments who receive directions should demonstrate a formal framework that ensures all information sharing activities are adequately evaluated against the considerations of the Act.
Finding no. 2: NSIRA found that departments conducting minimal information exchanges with foreign entities have not yet fully addressed the importance of having an official information sharing framework in place.
Recommendation no. 1: NSIRA recommends that all departments in receipt of directions under the Act have an official framework that ensures they can fully support their implementation of the directions.
Community coordination and best practices
While departmental coordination and the sharing of best practices are not a requirement of the Avoiding Complicity Act or the directions, NSIRA considered such an approach’s value. What became clear during this first review was that every department employs a very different framework to guide their information sharing activities with foreign entities. This is to be expected to some extent, given the different mandates, sharing requirements, and areas of focus associated with each department. However, these differences are also a reflection of the independent, internal development that has taken place for the different frameworks being used. While the departments receiving directions under the Act do interact on this subject to some extent, to date, based on the responses provided, it appears that the majority of the work done by the departments to build supporting frameworks to address their responsibilities associated with the Act have been done so independently. There was little to no overlap with how departments described the various aspects of their frameworks, even amongst the departments subject to the earlier MD on this issue.
There would be value in departments collectively identifying the key aspects common or required in all information exchanges with foreign entities and then working together to craft best practices, irrespective of what a department currently has in place. This process should draw on all available resources to make this determination. Each department can then turn to their existing frameworks to consider where and how they can be adjusted to match this community-agreed upon ideal. This is not to say that aspects of what a department already has in place in their framework will not ultimately be seen as the best practice. Several departments do have robust sharing frameworks in place, and these will contribute significantly to this exercise. However, arriving at this determination independently will provide an additional level of confidence.
Department-specific challenges, of course, cannot be ignored. In fact, they will weigh in strongly on such a conversation. Departments share information under their mandates for various reasons, and this will mean that coordination on certain aspects of a sharing framework may not be possible. However, this needs to be evaluated. It is important that what already exists, or what is hard change, does not unduly influence what may be best. This approach will create uniformity (where possible) across the community and provide a starting point for ‘must haves’ for each department to evaluate their existing processes against.
The Public Safety Information Sharing Coordination Group (ISCG) was established to support departments on information sharing. As such, it is in an ideal position to help mitigate issues arising from the lack of coordination. Leading such efforts would build on the work already being done by this group. During recent discussions with NSIRA, the ISCG indicated that the tracking of lessons learned and the sharing of best practices was not yet routine. Going forward, there would be value in a more coordinated effort when departments are updating/changing their framework. Ensuring that this coordination takes place will require support and leadership by senior-level officials. This will help in sharing best practices once identified, and establish more consistent approaches across departments.
Finding no. 3: NSIRA found that the differences and variability in departmental frameworks demonstrate a previous lack of coordination across the community and a need to identify best practices.
Recommendation no. 2: NSIRA recommends that departments coordinate to identify best practices for all essential components of information sharing frameworks and that the ISCG is leveraged to ensure these practices are shared where possible across the community to support the implementation of the Act.
Framework application inconsistency
A series of questions in this review was related to aspects of consistency in how departments apply their frameworks. From this series, a comparison was made on how many times an information sharing/use event triggered an evaluation of any kind against the considerations of the Avoiding Complicity Act, versus how many of these triaged cases were elevated or referred up for decision. The results helped gauge two important aspects of a framework: One, the threshold requirements, i.e. how often a sharing activity triggers an evaluation of any kind; and two, the decision making power given to the operators who are initially handling these activities.
The feedback and the responses received demonstrate potential inconsistencies in both aspects across departments. For example, several departments indicated zero cases as being triaged/evaluated under the concerns of the Act during the review period, yet also specified that they are involved in regular information sharing or, specified that no information received from foreign entities was derived from mistreatment. These responses appear to be inconsistent as it would be problematic to participate in information sharing or to make such mistreatment determinations without the activity being evaluated on some level.
Other departments indicated a larger number of cases as initial triaged/evaluated, but also indicated that none of them were elevated in their decision making process for higher-level decisions. This would seem to suggest that all determinations were being made at the operational level. Such a result puts significant weight on the operator and the initial assessment tools they are leveraging if they are making all determinations independently. This reinforces the importance of a robust framework to help make these determinations, as previously indicated in Finding no. 2. As a result of these differences, potential challenges arise on accurately assessing the volume of cases being handled by departments, the tracking of those cases deemed to present a substantial risk, those which can be mitigated for, and those where the risk was not found to be substantial or even present.
These responses may result from how each department defines a ‘case’ or how it records a case, or they may be a result of differences in how a department’s decision-making process is leveraged. NSIRA’s concern is that these differences may indicate an inconsistency in application thresholds at different departments. As such, the following results were viewed as a potential issue based on the responses received:
if a department was involved in any kind for information exchange with a foreign entity during the review period, but did not indicate that any cases were formally triaged/evaluated; or
if there was a significant number of cases triaged, but none were elevated to a higher level for determination.
Such results do not necessarily indicate a problem as aspects of a framework may be able to account for this, however, looking further into how and why the department’s framework produced these outcomes is important. Future reviews will be able to do this. Consistent initial steps for information sharing activities, including triage/evaluation thresholds and documentation, are critical to the effective application of a framework, and ultimately to identifying best practices.
Finding no. 4: NSIRA found that there are inconsistencies in the application of existing sharing frameworks between departments, specifically concerning information evaluation thresholds, and decisions being elevated for senior level determinations,
Recommendation no. 3: NSIRA recommends that departments establish consistent thresholds for triggers in their information sharing frameworks, including initial evaluations against the concerns of the Act, when a case is to be elevated in the decision process, and how this is documented.
Country and entity assessments
A key recommendation of NSIRA’s previous review on information sharing related to the country/entity assessments being used by departments to inform their decision making process when sharing or using information with a foreign entity. While the use of country/entity assessments is not a required aspect of implementing the directions under the Act, NSIRA continues to support this tool as an important aspect of any sharing framework. In its previous review, NSIRA determined that having a firm grasp on the human rights situation, as well as any other pertinent information associated with a country/entity, was essential to making an informed decision on whether there should be concerns, caveats, or limitations when handling information with that country/entity. Moreover, having such information captured to ensure all departments consistently approach these countries/entities is critical. At the time of the previous review, the following recommendation was made:
a unified set of assessments of the human rights situations in foreign countries including as standardized ‘risk of mistreatment’ classification level for each country; and
to the extent that multiple departments deal with the same foreign entities in a given country, standardized assessments of the risk of mistreatment of sharing information with foreign entities.
It is important to note that there has been no formal response from departments on this previous recommendation as of the date of this report. Furthermore, during this report, two departments continue to raise concerns with NSIRA’s stance on this issue during the consultation process. While NSIRA continues to support this recommendation, as explained below, further discussions with departments on how to approach this matter may be warranted, specifically on the distinction between how this recommendation may apply to a foreign country/entity vs a specific foreign partner a department may be dealing with.
Based on the responses provided on this topic for the current review period, there is still inconsistency in this area. While almost all departments indicated that country/entity assessments were a standard part of their framework, the responses also indicate differences in which country assessments are used, how they are leveraged, and who is responsible for updating them. For example, several departments rely on their own in-house created assessments, while others leverage the assessments created by Global Affairs Canada and others. While departments who indicated that they are leveraging country/entity assessment tools in their process also indicated that these assessments captured human rights concerns, this has yet to be independently evaluated. NSIRA is concerned that these differences could result in different approaches/stances being taken by departments when dealing with the same foreign entity. While the country/entity assessments tools themselves are not necessarily in question, the fact that every department is not leveraging or does not have access to all useful or applicable information is.
NSIRA remains of the view that having a consistent stance on all countries and entities when implementing the requirements of the Act is important. Issues such as mistreatment and human rights should not be decided at a departmental level, but on a whole-of-government level. While mindful of classification levels, ensuring all departments have access to the same relevant information associated with a foreign country/entity is critical to making an informed decision. Due to the nature of their work, departments may be privy to unique information on a country/entity, some or all of which can be shared. This would lead to fully informed assessments that allow for a consistent approach when dealing with any country/entity. In addition to improving duplication of effort in this area by departments, NSIRA continues to see standardized country and entity assessments, which can be accessed and contributed to by all departments, as key to moving toward a more consistent and effective implementation of the Act across the community
Finding no. 5: NSIRA found a lack of unification and standardization in the country and entity assessments being leveraged by departments, resulting in inconsistencies in approach/stance by the community when interacting with Foreign Entities of concern related to the Act.
Recommendation no. 4: NSIRA recommends that departments identify a means to establish unified and standardized country and entity risk assessment tools to support a consistent approach by departments when interacting with Foreign Entities of concern under the Act.
Conclusion
While aspects of implementation can be easily quantified and evaluated e.g. reporting requirements to a Minister, others, which support implementation are more difficult to measure, e.g.:
What does a sufficiently robust framework for assessing and mitigating risk when sharing with a foreign entity look like?
Does this depend on the specific requirements and activities of the department; or,
Are there steps that should always be involved when vetting a foreign entity under the considerations of the Act?
Measuring and weighing the answers to such questions is challenging. They are more nuanced, and can’t be as easily quantified. Regardless, they must be considered and addressed. Drawing on the considerations and concerns identified in this review will help departments to ask the questions that will improve their underlying frameworks with the following goals in mind:
To identify the essential/key elements that need to be a part of any framework for it to address the concerns associated with the Avoiding Complicity Act sufficiently; and,
To have all identified best practices implemented as consistently as possible across departments.
Future reviews will push towards these goals by seeking answers to those questions above. By looking more closely at specific case studies, departmental legal opinions, items of inconsistency, and the departmental frameworks that are already demonstrating best practices that should be shared. Ultimately the results of such efforts will contribute to improving the implementation of the Act across the community.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
