Language selection

Government of Canada / Gouvernement du Canada

Search

Category: DND

Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2024: Report

Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2024

Report

Date of Publishing:

List of Acronyms

CBSA Canada Border Services Agency
CFIA Canadian Food Inspection Agency
CNSC Canadian Nuclear Safety Commission
CRA Canada Revenue Agency
CSE Communications Security Establishment
CSIS Canadian Security Intelligence Service
DND/CAF Department of National Defence/Canadian Armed Forces
FINTRAC Financial Transactions and Reports Analysis Centre of Canada
GAC Global Affairs Canada
GC Government of Canada
IRCC Immigration, Refugees and Citizenship Canada
NSIRA National Security and Intelligence Review Agency
PHAC Public Health Agency of Canada
PS Public Safety Canada
RCMP Royal Canadian Mounted Police
SCIDA Security of Canada Information Disclosure Act
TC Transport Canada

Glossary of Terms

Contribution test The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).

Executive Summary

This review assessed Government of Canada (GC) institutions’ compliance with the disclosure and record-keeping requirements of the Security of Canada Information Disclosure Act (SCIDA) throughout 2024. The review also captured the volume of SCIDA disclosures and identified trends in its application across GC institutions over time.

NSIRA found that the Canada Border Services Agency (CBSA), Communications Security Establishment (CSE), Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), Immigration, Refugees and Citizenship Canada (IRCC), and the Royal Canadian Mounted Police (RCMP) generally complied with their record-keeping obligations under the SCIDA.

Due to the substantial increase of nearly 300% in disclosures from IRCC to CSIS in 2024, NSIRA focused its review primarily on these two institutions.

During the review period, IRCC and CSIS implemented a tiered request and disclosure process which reduced the amount of third-party information disclosed by IRCC, contributing to enhanced compliance with the SCIDA. However, NSIRA found instances when the information provided to IRCC by CSIS was limited and hampered IRCC’s ability to fulfill its obligations as a disclosing institution to satisfy itself that the information disclosed is in respect of an activity that undermines the security of Canada.

In addition, NSIRA found that IRCC lacked a formal policy governing the disclosure of information about minors.

NSIRA found that CSE, in three of its requests for information under the SCIDA, provided IRCC with more information than was relevant to its disclosures.

NSIRA made four recommendations designed to ensure that institutions minimize the privacy impact to individuals in their requests and disclosures under the SCIDA.

With regard to the SCIDA’s requirement in subsection 5.1(1) that recipient institutions destroy or return unnecessary personal information, NSIRA found that CSIS may not have complied in its retention of one disclosure containing erroneous personal information.

1. Introduction

Authority

This review was conducted under the authority of paragraphs 8(1)(a), 8(1)(b), and subsection 39(1) of the National Security and Intelligence Review Agency Act (“NSIRA Act”).

In accordance with section 39 of the NSIRA Act, this review fulfills NSIRA’s requirement to submit an annual report to the Minister of Public Safety regarding disclosures made under the Security of Canada Information Disclosure Act (SCIDA, or the Act) in the preceding calendar year.

Scope

The objective of this review was to assess Government of Canada (GC) institutions’ compliance with the SCIDA’s disclosure and record-keeping requirements in 2024. The review also tracked the volume of SCIDA disclosures, analyzed usage patterns across institutions and over time, and examined how GC institutions employed information-sharing agreements.

The review’s assessment of compliance was limited to GC institutions that disclosed or received information under the SCIDA in 2024: the Canada Border Services Agency (CBSA), Communications Security Establishment (CSE), Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), Immigration, Refugees, and Citizenship Canada (IRCC), and the Royal Canadian Mounted Police (RCMP).

Methodology

The review was primarily based on records provided to NSIRA by disclosing and recipient institutions under subsection 9(3) of the SCIDA. It was supplemented by an examination of the institutions’ SCIDA policies and procedures, as well as their responses to related information requests.

NSIRA assessed administrative and substantive compliance with the SCIDA’s record-keeping requirements for all disclosures made by CBSA, CSE, GAC, and the RCMP. With respect to disclosures from IRCC to CSIS, NSIRA reviewed a random representative sample of 250 disclosures.

Review Statements

The NSIRA Act grants NSIRA rights of timely access to any information in the possession or under the control of a department (except for Cabinet confidences) and to receive from the department any documents and explanations NSIRA deems necessary. NSIRA monitors cooperation with access requests, including the completeness and accuracy of disclosures, which inform its overall assessment of a department’s responsiveness in each review.

CBSA, CSE, CSIS, GAC, and the RCMP met NSIRA’s expectations for responsiveness during this review. IRCC only partially met NSIRA’s expectations for responsiveness, given extended delays in IRCC’s responses to requests for information.

2. Background

The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who disclose or receive information under the Act. Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.

Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information—subject to any prohibitions or restrictions in other legislation or regulations—to designated recipient institutions if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).

Subsection 5(2) requires disclosing institutions to, at the time of the disclosure, also provide information regarding the disclosure’s accuracy and the reliability of the manner in which it was obtained.

When a GC institution receives information under the Act, subsection 5.1(1) requires that the institution destroy or return any unnecessary personal information as soon as feasible after receiving it.

The SCIDA’s guiding principles reinforce the notion that effective and responsible disclosure of information protects Canada and Canadians. Of note, subsection 4(c) suggests that GC institutions enter into an information-sharing arrangement when they regularly disclose information to the same recipient.

3. Findings, Analysis, and recommendations

Volume and Nature of Disclosures

Finding 1.  NSIRA found that IRCC’s disclosures to CSIS under the SCIDA increased significantly in 2024.

In 2024, GC institutions made a total of 900 disclosures under the SCIDA (see Table 1). The number of disclosures increased 235% overall since 2023.

Table 1: Number of SCIDA disclosures made in 2024, by disclosing and recipient institution [all disclosures (proactive disclosures)]

  Designated Recipient Institutions
Disclosing Institution CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
CBSA (2) (2) (4)
GAC (1) 41
(12)		 7
(2)		 49
(15)
IRCC 76 770 (1) 847
(1)
TOTAL (proactive) 77
(1)		 813
(14)		 10
(5)		 900
(20)

This substantial increase in records was primarily driven by IRCC’s disclosures to CSIS, which grew nearly 300% from 194 in 2023 to 770 in 2024. IRCC previously disclosed similar information to CSIS under the Privacy Act, whereas now the SCIDA is the primary mechanism for CSIS to obtain immigration information. CSIS also credits the increase in disclosures to enhanced collaboration with IRCC aimed at improving operational staff awareness and understanding of the SCIDA regime.

As observed in prior years, institutions predominantly made disclosures following a request. Only 2% of disclosures were sent proactively by the disclosing institution.

Record Keeping Requirements – Section 9

Finding 2.  NSIRA found that, within the sample of disclosures reviewed, every institution that disclosed or received information pursuant to the SCIDA in 2024 generally complied with its record-keeping obligations under section 9.

Section 9 of the SCIDA establishes record-keeping obligations for both disclosing and recipient institutions. These requirements are designed to promote accountability and transparency by mandating the documentation of essential information, including descriptions of the disclosed or received data, the individuals involved, relevant dates, and the legal basis for the disclosure. Institutions are also required to record whether the information was destroyed or returned.

NSIRA’s analysis of records submitted by CSIS and IRCC revealed several minor discrepancies in record-keeping. These discrepancies can be attributed to duplicated, amended, and cancelled requests from CSIS. For example, in some cases, follow-up questions from CSIS regarding disclosures it had received were recorded by IRCC as a different request.

In addition, IRCC assigned sequential file numbers for a number of requests that were sent in 2024 but not processed until 2025. These disclosures were included in the record-keeping logs submitted to NSIRA. IRCC explained that, moving forward, it will only assign file numbers to requests that are completed in the current calendar year to minimize confusion.

IRCC also noted that it has committed to sharing its record-keeping log with CSIS on a quarterly basis to address potential discrepancies early. Clear and effective communication between disclosing and recipient institutions is vital to accurate record-keeping and enables secure information management, legal compliance, and administrative precision.

Information Sharing Agreements – Subsection 4(c)

Finding 3.  NSIRA found that CSE provided IRCC with more information than necessary in three of its requests for disclosure under the SCIDA.

In August 2023, CSE and IRCC signed an information sharing agreement (ISA) to formalize their regular information exchanges and facilitate compliance with the SCIDA. The primary purpose of IRCC disclosures to CSE under the SCIDA is to determine a subject of interest’s legal citizenship status and/or immigration status in Canada. These disclosures help to ensure CSE’s lawfulness, as its mandate prohibits the direction of operational activities at Canadians and persons in Canada.

In its requests, CSE provides an individual’s identifying information in order for IRCC to conduct a search in the relevant systems, primarily the Global Case Management System (GCMS). The GCMS holds all citizenship and immigration information of Canadian citizens, foreign nationals, and permanent residents. It includes any application submitted by individuals as well as information entered by immigration officers and/or other departments, such as the CBSA.

At minimum, CSE provides IRCC with an individual’s full name and date of birth in its request. When available, CSE may include additional identifying information such as an individual’s known or suspected nationality, place of birth, and phone number(s), among others. The ISA between CSE and IRCC contains a comprehensive list of all the information that CSE may provide to assist IRCC in producing accurate results.

In three different instances, however, NSIRA observed that CSE provided IRCC with additional personal information that was not identified in the ISA. CSE explained that all relevant details were disclosed to increase the likelihood of IRCC yielding results. IRCC confirmed to NSIRA that it could not, and has never, leveraged the specific personal information provided by CSE to conduct its searches.

The ISA does not formally prohibit CSE from sharing information outside of the parameters agreed upon with IRCC. Nevertheless, CSE should verify whether the information it shares is relevant to the disclosing institution to avoid unnecessary sharing of personal data.

Recommendation 1.  NSIRA recommends that CSE limit the sharing of information when requesting a disclosure under the SCIDA to only that which IRCC has identified as relevant to its information holdings.

Disclosure of Information Requirements – Section 5

Finding 4.  NSIRA found that IRCC and CSIS’s implementation of a tiered request and disclosure process reduced the amount of third-party information disclosed by IRCC, which contributed to enhanced compliance with the SCIDA.

In the spring of 2024, IRCC and CSIS developed a tiered process for sharing under the SCIDA and introduced the classification of SCIDA requests and disclosures into “basic” or “advanced”. In implementing this process, IRCC and CSIS also formally adopted three standardized templates: a request letter, a checklist, and a response form. The checklist and response forms, in particular, aim to guide IRCC analysts in providing only necessary information and were included in all disclosures.

At minimum, a basic disclosure contains biographic details from the past five years, such as citizenship or immigration information, marital status, and contact information. It may also include photographs, recent employment information, travel history, and physical characteristics.

Should CSIS require an extensive personal history and supporting documents, such as scanned immigration applications, the request becomes an advanced SCIDA disclosure requiring additional rationale. This type of disclosure often contains information from a longer period of time (past ten years or more).

Previously, in order to share even basic biographic information, IRCC would include a scanned copy of an individual’s most recent immigration application (e.g. a passport or visa application). As a result, a number of disclosures from early in the review year contained third party information, such as unredacted guarantor, emergency contact, or reference information. NSIRA observed that the tiered system reduced the number of instances where IRCC included third party information in a basic SCIDA disclosure, in part because scanned copies of applications were no longer included.

Typically, IRCC will redact references from passport applications in an advanced disclosure. Other types of third-party information are redacted on a case-by-case basis.

The disclosure process begins when IRCC receives a request letter from CSIS containing a standardized list of items agreed upon by both institutions. This approach allows CSIS to identify only the information necessary for its request, addressing previous issues with customized and inconsistent information lists. For example, CSIS may request biographic details, such as citizenship and passport information, but choose not to request contact information. Advanced request letters include an option to receive scanned copies of applications.

Throughout 2024, the request letter, checklist, and response form evolved to meet the needs of IRCC and CSIS. NSIRA observed that new types of commonly requested information that had been previously absent from the request letter would be added as needed. In addition, IRCC combined the checklist and response form to reduce its administrative burden. The tiered process enabled IRCC to manage the increase in disclosures while limiting the amount of third-party information shared.

Importantly, IRCC’s decision to use a response checklist and form indicates an iterative process that improved the operational efficiency and legal compliance of both institutions under the SCIDA. Specific response times are prioritized into the following three categories: urgent life-threatening requests, priority operational requests, and routine requests. IRCC intends to prioritize requests from other institutions under the SCIDA in a similar manner.

The disclosures below briefly illustrate how the tiered process improved IRCC’s minimization of personal information in disclosures under the SCIDA. The first case represents a typical disclosure prior to the tiered system, while the second and third disclosures occurred after its introduction.

Disclosure 1

CSIS sent a letter to IRCC requesting the disclosure of information about a foreign individual under investigation relating to a particular institution. The request was to include records from the past five years.

Without a system to limit what information was shared, IRCC disclosed all available scanned copies of the individual’s study permit, work permit, permanent residence, and temporary resident visa applications. All documents provided in the disclosure were without redactions and included third party, minor, and financial information.

Disclosure 2

CSIS requested a basic SCIDA disclosure from IRCC for information relating to individuals affiliated with a particular foreign entity. In its justification, CSIS noted that the foreign entity and any individuals identified were of “national security interest” in relation to a CSIS investigation.

As this was a basic request, IRCC took steps towards limiting the disclosure by providing CSIS with a chart containing only the name, place and date of birth, status or immigration history, and the nature of affiliation. In email correspondence, IRCC stated that should CSIS require additional details or would like to request an advanced SCIDA for any or all of the individuals implicated, it would be required to include an additional detailed rationale.

Disclosure 3

CSIS requested an advanced disclosure from IRCC for information relating to several individuals with the justification that it had “reasonable grounds to believe” the subjects may have been in contact with “known members” of a foreign intelligence service. CSIS continued to justify its reasoning in detail, providing IRCC with a substantial amount of contextual information about the foreign entity in question and how the information it requested would contribute to its investigation.

CSIS also requested scanned copies of all documents in its request. IRCC disclosed nearly all categories of information requested by CSIS. In the checklist attached to the disclosure, IRCC stated that it had redacted third party information as well as other records that were irrelevant to CSIS’s request.

When compared to the first case, the delineation of basic and advanced disclosures under the SCIDA prevented the over sharing of personal information by IRCC in the second case without further justification. Despite CSIS’s expanded justification in the third case, IRCC did not include all the information in its holdings on the identified subjects because not everything was relevant.

Contribution and Proportionality Tests – Section 5(1)

Finding 5.  NSIRA found instances when the information provided to IRCC by CSIS was limited and hampered IRCC’s ability to fulfill its obligation as a disclosing institution to satisfy itself that the information disclosed is in respect of an activity that undermines the security of Canada.

SCIDA disclosures made under section 5(1) require IRCC to satisfy itself of two specific criteria. First, IRCC must satisfy itself that the disclosure will contribute to CSIS’s exercise of its jurisdiction in respect of activities that undermine the security of Canada. Second, IRCC must satisfy itself that the disclosure will not affect any person’s privacy interest more than is reasonably necessary in the circumstances. If IRCC is satisfied in both instances, it “may” make a disclosure. The onus is on the disclosing institution to assure itself that the information it discloses will contribute in the requisite sense.

While CSIS may not be required to share detailed information about its investigations, programs, or activities with IRCC, it needs to provide enough information in a request so that IRCC can responsibly exercise its discretion. A succinct high-level explanation of the link between the information sought and CSIS’s national security jurisdiction and responsibilities may be enough. However, disclosing institutions can seek clarification by requiring a more specific articulation of the activity that undermines the security of Canada that the request relates to.

In the majority of basic requests reviewed by NSIRA, CSIS elected to use scant phrasing in its justifications, such as “Subject is of national security interest in relation to the Service’s investigation of” the threat in question. In contrast, NSIRA observed other basic requests where CSIS demonstrated how the requested information would contribute to its investigations in a clear and descriptive manner in its justification. As a matter of course, advanced requests almost always contained robust justifications.

Inconsistencies in the description of the undermining activity in CSIS’s basic request letters did not often prompt IRCC to seek further clarification. In practice, IRCC maintained an institutional understanding that CSIS would only request information that will contribute to its mandate. NSIRA did not observe that IRCC conducted independent assessments based on a structured framework or consistent criteria.

IRCC has stated that it redacts any information it deems irrelevant in its disclosures to ensure that only pertinent details are disclosed. Particularly for advanced and bulk requests, IRCC was not always satisfied with CSIS’s justifications. NSIRA observed that IRCC either required additional rationale, disclosed less information than had been requested, or redacted unnecessary third-party information.

The absence of detailed justifications in SCIDA requests risks compromising compliance with paragraph 5(1)(b). Consequently, recipient institutions should provide disclosing institutions with the necessary information and rationale to satisfy the disclosing institution’s contribution threshold. A sufficient analysis of the activity that undermines the security of Canada requires that IRCC have knowledge of those circumstances.

The recommendation below echoes those from NSIRA’s 2024 review of the SCIDA, namely that IRCC should not automatically accept, without an independent assessment, a recipient institution’s request. The review also recommended that IRCC disclose only the minimum information reasonably necessary to protect individuals’ privacy in the circumstances and comply with the legal standards of the SCIDA.

Recommendation 2.  NSIRA recommends that IRCC seek clarification from requesting institutions, as needed, to ensure it has all relevant information necessary to fulfill its obligations as a disclosing institution under the SCIDA, before making a disclosure.

Finding 6.  NSIRA found that IRCC did not have a policy governing the disclosure of information concerning minors under the SCIDA.

In 2024, IRCC indicated that it had received an increase in requests for disclosures regarding minors and engaged with CSIS to ensure their privacy. IRCC’s existing SCIDA policy, however, does not address the treatment of minors in disclosures under the regime.

NSIRA observed that IRCC was inconsistent in its approach to disclosing information about minors and did not redact information appropriately in several disclosures reviewed. In at least one instance, IRCC stated that it had redacted a minor’s information. However, NSIRA observed that IRCC had done so inconsistently, leaving the minor’s name, date of birth, and national identification number unredacted elsewhere in the same disclosure. In other disclosures, IRCC either redacted information about a minor in full or chose not to make the disclosure at all.

The care attendant to a minor’s privacy rights in other areas of the law (as seen in, among others, the Criminal Code, the Youth Criminal Justice Act and various international conventions) indicates that minors may also attract a heightened privacy expectation in a national security context. Children under 16, for example, may not have a choice in submitting applications for passports which are completed on their behalf by a parent or guardian.

Recommendation 3.  NSIRA recommends that IRCC institute a policy on the disclosure of information related to minors that recognizes their distinct privacy interests.

Requirement to Destroy or Return – Subsection 5.1(1)

Finding 7.  NSIRA found that CSIS may not have complied with subsection 5.1(1) of the SCIDA when it retained one disclosure containing personal information that was not necessary for exercising its jurisdiction.

Subsection 5.1(1) of the SCIDA requires, as soon as feasible, the destruction or return of any personal information received under section 5 of the Act that is not necessary for a department to fulfill their lawful responsibilities related to national security. CSIS is excluded from this requirement by subsection 5.1(3) when a disclosure is retained pursuant to the performance of its duties and functions under section 12 of the CSIS Act.

In 2024, CSIS was the only institution to identify disclosures containing information that was destroyed or returned under subsection 5.1(1): three were deemed non-reportable, one was incorrect (wrong subject), and one had been disclosed by IRCC before CSIS could cancel the request, although it was not disseminated.

Separately, NSIRA identified one disclosure where CSIS retained personal information about the wrong individual. In early 2024, CSIS sent a letter to IRCC requesting a foreign citizen’s current and past applications for the past five years. As the request was made before the tiered process had been implemented, IRCC’s disclosure was extensive and included full visa and work permit applications, as well as unredacted familial and financial information.

Shortly following receipt of the disclosure, CSIS assessed that the individual implicated was not the subject of the request. Despite the requirement to destroy the information, CSIS retained it in its entirety for “reference purposes.” When asked, CSIS confirmed the disclosure should not have been retained “in its totality and possibly at all” and that the matter had been referred to its internal compliance section.

To the extent that it is strictly necessary, section 12 of the CSIS Act allows CSIS to collect, analyse and retain on activities constituting threats to the security of Canada. However, as CSIS did not claim that this information was retained pursuant to section 12 of the CSIS Act, and thus was not strictly necessary to keep, the exception at 5.1(3) of the SCIDA did not apply and CSIS was required to destroy or return the information pursuant to 5.1(1).

Recommendation 4.  NSIRA recommends that CSIS destroy all personal information in one disclosure that was not necessary for exercising its jurisdiction.

4. Conclusion

This review marks the sixth year that NSIRA has examined GC institutions’ compliance with the SCIDA. NSIRA concluded that, within the disclosures reviewed, institutions generally adhered to the SCIDA’s requirements for disclosure and record-keeping.

NSIRA noted important improvements that streamlined the request and disclosure process between IRCC and CSIS and enhanced compliance. However, NSIRA observed risks with IRCC’s application of the substantive requirements under paragraphs 5(1)(a) and 5(1)(b) of the SCIDA.

NSIRA also identified possible non-compliance with subsection 5.1(1) of the SCIDA owing to CSIS’s retention of personal information that it had identified as unnecessary.

NSIRA’s recommendations in this review are designed to assist both recipient and disclosing institutions in adhering to the SCIDA’s privacy standards while effectively supporting national security and lawful mandates.

Annex A. Historical SCIDA Disclosures

Disclosing Institution Designated Recipient Institutions under the SCIDA, Schedule 3
CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PS RCMP TC TOTAL
2023
CBSA 2 (2) 2 (2)
GAC 1 (1) 10 (0) 15 (1)
RCC 58 (0) 194 (7) 252 (7)
TOTAL 59 (1) 204 (7) 6 (2) 269 (10)
2022
CBSA 4 4
GAC 39 2 12 53
IRCC 59 56 115
RCMP 1 1
TOTAL 59 95 2 1 16 173
2021
DND/CAF 2 2
GAC 41 1 2 44
IRCC 68 79 2 149
TOTAL 68 122 2 1 2 195
2020
CBSA 1 3 4
GAC 1 25 1 13 40
IRCC 60 61 37 1 159
RCMP 1 3 5 9
TC 2 2
Other 1 1
TOTAL 61 88 1 3 6 55 1 215
2019
CBSA 1 2 3
GAC 23 3 1 15 42
IRCC 5 17 1 36 59
RCMP 4 1 3 1 9
TC 1 1
TOTAL 4 5 41 1 1 3 4 1 54 114

Annex B. Findings and Recommendations

NSIRA made the following findings and recommendations in this review:

Volume and Trend Analysis

Finding 1. NSIRA found that IRCC’s disclosures to CSIS under the SCIDA increased significantly in 2024.

Record Keeping Requirements – Section 9

Finding 2. NSIRA found that, within the sample of disclosures reviewed, every institution that disclosed or received information pursuant to the SCIDA in 2024 generally complied with its record-keeping obligations under section 9.

Information Sharing Agreements – Subsection 4(c)

Finding 3. NSIRA found that CSE provided IRCC with more information than necessary in three of its requests for disclosure under the SCIDA.

Recommendation 1. NSIRA recommends that CSE limit the sharing of information when requesting a disclosure under the SCIDA to only that which IRCC has identified as relevant to its information holdings.

Disclosure of Information Requirements – Section 5

Finding 4. NSIRA found that IRCC and CSIS’s implementation of a tiered request and disclosure process reduced the amount of third-party information disclosed by IRCC, which contributed to enhanced compliance with the SCIDA.

Finding 5. NSIRA found instances when the information provided to IRCC by CSIS was limited and hampered IRCC’s ability to fulfill its obligation as a disclosing institution to satisfy itself that the information disclosed is in respect of an activity that undermines the security of Canada.

Recommendation 2. NSIRA recommends that IRCC seek clarification from requesting institutions, as needed, to ensure it has all relevant information necessary to fulfill its obligations as a disclosing institution under the SCIDA, before making a disclosure.

Finding 6. NSIRA found that IRCC did not have a policy governing the disclosure of information concerning minors under the SCIDA.

Recommendation 3. NSIRA recommends that IRCC institute a policy on the disclosure of information related to minors that recognizes their distinct privacy interests.

Requirement to Destroy or Return – Subsection 5.1(1)

Finding 7. NSIRA found that CSIS may not have complied with subsection 5.1(1) of the SCIDA when it retained one disclosure containing personal information that was not necessary for exercising its jurisdiction.

Recommendation 4. NSIRA recommends that CSIS destroy all personal information in one disclosure that was not necessary for exercising its jurisdiction.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Accessibility Plan 2026-2028

Accessibility Plan 2026-2028

Date of Publishing:

From the Executive Director

I am pleased to share the National Security and Intelligence Review Agency (NSIRA) Secretariat’s Accessibility Plan 2026-2028. This plan builds on the progress made since the publication of the NSIRA Secretariat’s inaugural accessibility plan and reaffirms our continued commitment to fostering an organization that is inclusive, equitable, and accessible to all.

Accessibility remains a shared responsibility and an ongoing process of learning, collaboration, and improvement. This new plan outlines the concrete steps we will take over the next three years to identify, remove, and prevent barriers across our workplaces, programs, policies, practices and services. Where barriers cannot be removed immediately, we will take action to mitigate them and ensure accessibility principles are embedded in our daily practices and decision-making.

The development of this plan was guided by consultations with NSIRA Secretariat employees, including persons with disabilities, as well as input from subject matter experts and functional leads across key operational areas. Their insights have been invaluable in shaping our understanding of the barriers that exist and the opportunities to strengthen accessibility across the organization.

Accessibility remains an important part of the NSIRA Secretariat’s broader vision of accountability, transparency, and inclusiveness. Through the actions outlined in this plan, we are taking important steps toward ensuring that every member of our workforce–and every Canadian who engages with the NSIRA Secretariat–can participate fully and meaningfully in our work.

Charles Fugère

Executive Director

General

The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat will monitor feedback to evaluate progress and to determine its future accessibility plans.

In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this plan is available on NSIRA’s website, which is used to communicate with the public.  

To request a copy of the accessibility plan or a description of the feedback process in an alternate format, or to provide feedback about NSIRA’s accessibility plan and any barriers encountered in dealing with NSIRA, please contact the undersigned by mail, telephone, or e-mail. 

Senior Advisor, Wellness Initiatives

National Security and Intelligence Review Agency Secretariat
P.O. Box 2430, Station “B”
Ottawa, Ontario, K1P 5W5

Telephone: 1-833-890-0293
Email: accessible@nsira-ossnr.gc.ca

Executive Summary

The National Security and Intelligence Review Agency (NSIRA) Secretariat is committed to building an accessible organization—one where persons with disabilities can participate fully and equitably in all aspects of its work. The Accessibility Plan (2026-2028) outlines the steps the NSIRA Secretariat will take over the next three years to identify, remove and prevent barriers to accessibility across its programs, policies, practices, operations, and workplaces.

Accessibility is not a one-time achievement, but an ongoing effort that requires continuous attention and collaboration. Where barriers cannot be immediately removed, the NSIRA Secretariat will take proactive steps to mitigate them while building awareness, strengthening inclusive practices, and embedding accessibility into everyday processes and decision-making.

This work aligns directly with NSIRA’s Strategic Plan, which promotes innovation, professional growth, retention, and wellbeing, and reaffirms leadership’s commitment to a workforce that reflects Canada’s diversity. By integrating accessibility into this broader framework, the NSIRA Secretariat seeks to ensure that accessibility principles are considered in all activities—from recruitment and training to publications and stakeholder engagement.

Since publishing its inaugural Accessibility Plan in 2022, the NSIRA Secretariat has made measurable progress in several areas, including improving the accessibility of its websites, publications and complaints processes; reviewing its physical office spaces; and increasing internal capacity through training and guidance These efforts were informed by the results of an initial barrier assessment, ongoing consultations with staff (including persons with disabilities), and feedback from subject matter experts across key operational areas.

The 2026-2028 Accessibility Plan builds on that foundation. It reflects feedback gathered through targeted questionnaires and consultations with leads in Employment, Built Environment, Information and Communication Technologies (ICT), Communications, and other core areas, as well las input from persons with disabilities. The barriers identified largely relate to awareness, training, and the need to embed accessibility into standard practices such as staffing, publications, and policy development.

Guided by principles of the Accessible Canada Act, this plan outlines concrete actions to address those barriers and to strengthen accessibility across the NSIRA Secretariat’s work environment and service delivery. It reaffirms our ongoing commitment to creating an organization where everyone can participate meaningfully and equitably.

Context

The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body that reports to Parliament. NSIRA reviews Government of Canada national security or intelligence activities to assess whether they are lawful, reasonable and necessary, and reports accordingly. NSIRA investigates complaints from members of the public regarding activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as decisions by deputy heads to deny or revoke a security clearance. In addition, NSIRA investigates complaints that are closely related to national security referred by the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC), matters referred by the Canadian Human Rights Commission (CHRC) and certain reports made to NSIRA under the Citizenship Act. This independent scrutiny contributes to strengthening the framework of accountability for national security or intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

The National Security and Intelligence Review Agency Secretariat is a separate agency identified in Schedule V of the Financial Administration Act(FAA)and is not a part of the core public administration. Treasury Board of Canadapolicies with respect to financial management, procurement, communications, information management and technology, amongst others, apply to the NSIRA Secretariat. With respect to human resources, the Executive Director is the employer, whose authorities are derived from the National Security and Intelligence Review Agency Act (sections 42 through 48) and subsection 12(2) of the FAA. 

Under the ACA and the Accessible Canada Regulations, federally regulated entities are required to publish an initial accessibility plan, establish a process for receiving and responding to feedback, and report annually on progress. An updated accessibility plan must be published every three years. The NSIRA Secretariat’s first accessibility plan was published in 2022. This updated plan outlines the Secretariat’s ongoing and future efforts to remove barriers and advance accessibility in all aspects of its operations.

Consultations

The NSIRA Secretariat developed this Accessibility Plan (2026–2028) using consultation input from employees, including persons with disabilities, and internal subject matter experts. Conducted between 2023 and early 2025 in accordance with the Accessible Canada Act, these consultations identified barriers, reviewed progress under the 2022–2025 plan, and set priorities for the next cycle.

Consultation Approach

Consultations included organization-wide staff outreach, targeted engagement with employees who self-identified as having a disability and focus groups with internal experts across the Act’s priority areas. Input was gathered through accessible surveys, written submissions, and virtual discussions.

External Perspectives

In addition to internal consultations, the NSIRA Secretariat sought input from external individuals through voluntary post-staffing process surveys and through the accessibility feedback form available on its public website. These mechanisms provide opportunities for members of the public to share experiences or identify barriers encountered when interacting with the organization.

Results

Consultations confirmed progress in areas such as training, communications, and accessible information technology, while highlighting the need for continued awareness, leadership engagement, and the integration of accessibility into staffing and policy development. Participant input directly informed the actions and priorities outlined in this plan.

Ongoing Commitment to Engagement

The NSIRA Secretariat recognizes that meaningful consultation with persons with disabilities is central to the Accessible Canada Act. Consultation and feedback opportunities are available year-round by phone, email, mail, or through an online form, with alternate formats and anonymous submissions accepted.

All feedback is reviewed to identify barriers and inform continuous improvement. Future engagement efforts will broaden outreach and include collaboration through interdepartmental committees and working groups to share best practices.

The Secretariat also recognizes the need to strengthen its efforts to actively engage persons with disabilities in future consultations. To support this, the organization will continue to explore opportunities to collaborate with external networks and organizations representing persons with disabilities, ensuring that future plans are informed by diverse lived experiences and expertise.

Feedback and consultation remain key to strengthening accessibility across all areas of the Secretariat’s work.

Priority Areas and Action Planned

The National Security and Intelligence Review Agency Secretariat is committed to identifying and addressing accessibility barriers across all aspects of its operations. This Accessibility Plan addresses the seven key priority areas identified in the Accessible Canada Act, ensuring comprehensive coverage of accessibility requirements for employees, stakeholders, and the public.

For each priority area, the plan highlights actions over the next three years that are expected to have the greatest practical impact in removing obstacles, enhancing accessibility, and promoting equitable participation. These actions were informed by consultations, internal subject matter expertise, and an assessment of operational realities, while aiming for accessibility and inclusivity for all employees, stakeholders, and the public.  

The following sections detail the priority areas and the concrete steps the NSIRA Secretariat will take to ensure accessibility and inclusion in our workplace, communications, services, and beyond.

1. Employment

The NSIRA Secretariat is committed to ensuring accessibility in recruitment, retention, and the career advancement for persons with disabilities. While formal processes for requesting accommodations are in place, recent Public Service Employee Survey (PSES) results suggest a possible barrier related to stigma. Between 2022 and 2024, the percentage of employees who reported feeling comfortable requesting accommodation measures from their immediate supervisor decreased from 94% to 88%. This shift indicates that some employees may hesitate to seek accommodations due to concerns about stigma or negative perceptions.

The 2026-2028 plan emphasizes accessible and inclusive employment processes throughout the employee lifecycle. In addition to strengthening recruitment, onboarding, and career development practices, particular attention will be given to reducing stigma that may discourage employees from requesting accommodations. Actions will focus on strengthening awareness, promoting available tools such as the Accessibility Passport, and fostering a culture where accommodation requests are normalized and fully supported.

To advance these objectives, the Secretariat will take the following actions;

a) Continue improving accessible recruitment and hiring:

Staffing processes and job postings will continue to clearly communicate accessibility and accommodations. Processes will be regularly reviewed to ensure that no steps disadvantage or prevent persons with disabilities from applying, participating, or being evaluated. Appropriate accommodation measures will be available as needed throughout the staffing lifecycle. By embedding accessibility throughout recruitment, the process helps signal that accommodations are a standard and supported part of employment.

b) Sustain and enhance workplace accommodations:

A dedicated email box will remain available to simplify the accommodation request process. Promotion of the Workplace Accessibility Passport will continue, making it easier for employees to document and communicate their accommodation needs. Options to modernize how accommodation requests are tracked and managed will be explored to improve timeliness and ensure continuous support, so that accommodations can be promptly addressed by any member of the Human Resources (HR) team. These measures help normalize the process and reduce stigma by demonstrating organizational commitment to accommodations as a routine and supported practice.

c) Strengthen accessibility awareness:

Training and awareness will continue across three key areas;

  1. Staffing: Hiring managers and staff involved in recruitment will receive ongoing guidance on inclusive hiring practices and the consistent application of accommodation measures.
  2. Onboarding: Accessibility and inclusion topics will remain a core part of onboarding for all staff, with targeted session for managers and subject matter experts.
  3. Communications and reminders: Accessibility considerations will be embedded in internal communications and onboarding materials, with regular reminders about available tools and resources that support workplace inclusion, including clear guidance on how to report accessibility issues or request support.

By strengthening knowledge and confidence across these areas, the organization helps reduce potential stigma around requesting accommodations and fosters a consistent, organization-wide approach to supporting accessibility and inclusion.

d) Embed accessibility in HR policies and practices:

New or revised HR and organizational policies will be developed with accessibility in mind, ensuring they reflect barrier-free principles from the outset. This approach reinforces a culture where accessibility and accommodation are understood as integral, not exceptional, aspects of workplace practices. Through these measures, the NSIRA Secretariat will continue building a more inclusive workplace and advancing accessibility throughout the employment experience.

Together, these measures help address the stigma that may discourage employees from requesting accommodations by normalizing accessibility as a standard and supported practice. Through sustained effort, the Secretariat will continue fostering a workplace where employees feel safe and confident seeking the support they need.

2. Built Environment 

The National Security and Intelligence Review Agency (NSIRA) Secretariat operates from secured office space in the National Capital Region. Employees work on-site and/or remotely, depending on operational requirements. Hearings, investigative interviews, and inter-organizational meetings are often conducted in person, making physical accessibility a critical consideration.

In supporting Canada’s independent expert review body for national security and intelligence activities, the NSIRA Secretariat operates within secured areas and must respect strict security protocols. These requirements, while essential to safeguarding classified information, create unique accessibility challenges. For example, personal medical or assistive devices (e.g., heart monitors, hearing aids, glucose monitors) must be reviewed and approved by the Communications Security Establishment (CSE), which can cause delays and postpone the full availability of adaptive equipment or full accommodation for an individual. Similarly, Bluetooth-enabled devices and some electronics cannot be brought into secure spaces at all. In addition, as a tenant rather than a building owner, the NSIRA Secretariat often relies on coordination with partner departments to address building-related barriers. Together, these factors mean that some barriers cannot be fully removed and must instead be mitigated through planning and accommodations.

Some of these barriers were also identified in the NSIRA Secretariat’s 2022 Accessibility Plan. While steps have been taken to mitigate them – such as installing automatic door openers at all main entrances – challenges remain. Heavy doors to private or individual office spaces continue to pose difficulties for persons with reduced mobility, and other issues persist.

Based on recent reviews and the use of Accessibility Checklists, the following barriers have been identified. One of these, related to emergency evacuation procedures, was identified earlier in 2025 and subsequently resolved in November, prior to finalizing this Accessibility Plan.

  • Heavy doors to private offices and hoteling stations
    Some doors remain difficult to open for persons with reduced mobility or those using a wheelchair.
  • Lack of accessible signage
    Boardroom, offices, and shared spaces are not consistently equipped with signage that meets accessibility standards.
  • Emergency evacuation procedures (resolved in 2025)
    A gap was identified in that the evacuation assistance process had not yet been formally launched or fully communicated. As a result, individuals who may require support during an evacuation may not have known what steps to take or how to obtain assistance. This process was officially launched in November 2025 and is now being implemented and communicated across the organization.

In 2026–2028, efforts will be focused on addressing these barriers and ensuring that all employees and visitors can navigate the physical workplace safely and equitably. These efforts will include;

a) Facilitate timely access to assistive and adaptive tools:

Work will continue with security and building management teams to collaborate on identifying opportunities to streamline approval processes for personal medical and assistive devices, reducing delays when entering secure areas. The Secretariat will also strengthen relationships with both organizations that face similar security requirements and small departments and agencies to share best practices and identify ways to improve or expedite accessibility-related processes. At the same time, the inventory of pre-approved adaptive tools (e.g., vertical mice, split keyboards) will be maintained and expanded to ensure employees and visitors can access necessary supports without delay.

b) Finalize and communicate accessible emergency procedures:

With the formal launch of the enhanced evacuation assistance process in November 2025, the Secretariat will now focus on ensuring that all employees understand the procedures and know how support will be provided during an evacuation. Clear, accessible communication materials will be developed and shared so that individuals who may require assistance are aware of the steps to take, the supports available to them, and the roles and responsibilities of designed personnel. Ongoing monitoring will help ensure the process is applied consistently and remains responsive to employee needs.

c) Improve accessibility of interior office doors:

To reduce barriers caused by heavy doors to individual offices and hoteling stations, the NSIRA Secretariat will work with building management to explore solutions such as installing mechanisms that support accessibility for persons with reduced mobility.

d) Enhance accessible signage:

Consistent with Treasury Board Secretariat (TBS) guidance, the NSIRA Secretariat will refrain from modifying current signage until Accessibility Standards Canada (ASC) completes the standards-development process. The Secretariat will monitor the publication of final standards, expected in 2027, and prepare to update signage in boardrooms, offices, and shared spaces. This will ensure alignment with government-wide standards as appropriate and support consistent, accessible wayfinding for employees and visitors.

e) Embed accessibility into training and ongoing guidance:

Accessibility guidance will remain a key part of the mandatory security onboarding, ensuring new employees understand how to navigate secured office spaces with assistive devices, access restricted areas, and request support when barriers are encountered. Annual reminders and guidance will also be provided to all staff on how to identify and address building-related accessibility issues, reinforcing awareness and responsiveness.

Through these actions, the NSIRA Secretariat will continue to improve the accessibility of its physical workspaces, working within the requirements and constraints of secured government facilities and the external processes on which it depends, and using mitigation strategies where full removal of barriers is not possible.

3. Information and Communication Technologies (ICT) 

The NSIRA Secretariat relies on digital tools and platforms to support internal operations and public engagement. The intranet and internet websites are key means of communication, while employees use secure networks, devices, and applications to carry out their responsibilities on-site and remotely.

Operating within a highly secured digital environment means that all systems must comply with strict IT and network protocols designed to protect classified information. While these measures are essential, they can create challenges in implementing or testing new accessibility tools and updates. Most IT services are also externally managed, requiring coordination and approval from partner departments before changes are made.

Since the release of the NSIRA Secretariat’s 2022 Accessibility Plan, meaningful progress has been achieved – particularly in improving the accessibility of the public website, which now aligns closely with Web Content Accessibility Guidelines (WCAG) standards. However, accessibility gaps persist within internal systems and processes.

Based on recent reviews and input from subject matter experts in ICT, the following barriers have been identified;

  • Intranet accessibility gaps: The current intranet has not yet been updated to meet accessibility standards. Its renewal is a stated organizational priority for the upcoming fiscal year.
  • Limited capacity to deliver accessibility training: While resources exist, current staffing and workload constraints have limited the capacity to provide presentations or guidance on accessibility best practices.
  • Dependence on external ICT service providers: Because ICT procurement and implementation are largely managed by PCO, SSC and CSE, NSIRA Secretariat has limited ability to integrate accessibility considerations directly into these processes.

In 2026-2028, efforts will focus on addressing these barriers and ensuring that digital systems and services are accessible to both employees and the public. These efforts will include:

a) Integrate accessibility into intranet renewal:

Accessibility requirements will be built into the design and implementation of the new intranet from the outset. The Web Operations team will collaborate with IM, HR and external service partners to ensure employees can navigate and access key resources, including accessibility tools and guidance, without barriers.

b) Integrate accessibility considerations into ICT request:

Accessibility requirements will be incorporated into all ICT-related requests made to external service providers. ICT staff will request accessibility documentation for new tools, software, or equipment and verify known accessibility features before adoption. An internal checklist will support consistent review and documentation.

c) Strengthen capacity and collaboration on digital accessibility:

ICT staff will make efforts to contribute to accessibility-focused activities, including sharing guidance and participating in events such as National AccessAbility Week. The NSIRA Secretariat will strengthen relationships with accessibility and ICT teams in other small departments, agencies, and organizations working in secure environments to share best practices and explore ways to improve or accelerate accessibility-related processes.

d) Maintain and monitor digital accessibility compliance:

All new content on internal and external sites will continue to meet or exceed WCAG 2.1 standards. Regular reviews will assess the accessibility of existing digital content and systems, with adjustments made as needed to ensure continued compliance.

Through these efforts, the NSIRA Secretariat will continue to enhance the accessibility of its digital environment, balancing necessary security requirements with its commitment to equitable access for all employees and members of the public.

4. Communications other than ICT 

The NSIRA Secretariat communicates findings and recommendations to implicated departments, agencies, responsible ministers, and the public. Ensuring accessibility in all communications allows employees, stakeholders, and members of the public to access and engage with NSIRA’s work effectively.

While significant progress has been made in improving accessibility in publications, barriers remain in the consistency and application of accessible communication practices across the organization. The barriers identified include;

  • Inconsistent use of plain language in both internal and external communications
  • Limited awareness or training among staff on accessible communication principles and best practices.

In 2026-2028, efforts will focus in the following areas:

a) Embed accessibility in communication tools and policies:

Accessible communication principles will continue to be integrated into all communication guides, checklists, templates, and policies. This includes both internal and public-facing materials. Plain language and relevant accessibility standards will continue to be incorporated into the NSIRA Secretariat’s publishing practices and guidance materials, including  the Review Report Style Guide and other resources supporting external communications.

b) Strengthen awareness and training on accessible communication:

All staff will have access to awareness and learning opportunities on plain language and accessible document creation. Members of the Communications team will complete specialized training and help promote accessibility best practices across the Secretariat.

c) Develop and promote accessible communication resources:

Quick reference materials such as toolkits and checklists will be developed or promoted internally to support accessible writing and digital content creation. The Secretariat will leverage existing federal resources and aim to align, as appropriate with the Accessible Standards Canada Plain Language Standard that was published in October 2025.

d) Provide alternate formats and communication supports upon request:

Processes will be formalized to ensure alternate formats and supports – such as Braille, large print, audio, sign language interpretation, and captioning – are available for meetings, events, and publications. Partnerships with service providers, including Public Services and Procurement Canada (PSPC)’s Translation Bureau, will continue to support these services.

Through these measures, the NSIRA Secretariat will strengthen accessibility, clarity, and inclusiveness in all communications, ensuring that employees, partners, and members of the public can fully engage with its work.

5. Procurement of Goods, Services and Facilities 

The NSIRA Secretariat procures goods, services and facilities in accordance with the policies and processes established by Public Services and Procurement Canada (PSPC), the Treasury Board of Canada Secretariat (TBS), and other key partners.

While no barriers were identified in the 2022–2025 Accessibility Plan, the Secretariat recognized the need to strengthen accessibility by design within its procurement practices. Since then, accessibility training has been provided to cost centre managers and procurement staff, and work has begun to develop templates and procedures that better integrate accessibility requirements.

Recent consultations identified areas where accessibility can be more consistently embedded across the procurement lifecycle. These include ensuring accessibility requirements are reflected in solicitation documents and contracts, that supplier compliance is assessed, and that post-delivery monitoring processes are in place.

In 2026–2028, efforts will focus on the following:

a) Embed accessibility across procurement tools and planning:

Standard templates, checklists, and procedures will be completed to ensure accessibility considerations are incorporated from the earliest stages of procurement planning through contract management. These tools will promote consistency and transparency in applying accessibility criteria across all acquisitions.

b) Strengthen monitoring and accountability:

Processes will be established to track accessibility commitments after contract award, ensuring goods and services continue to meet accessibility expectations. Lessons learned from each procurement will be documented to support continuous improvement.

c) Maintain accessibility awareness and training:

Procurement leads and cost centre managers will continue to receive training and guidance to reinforce awareness of accessibility requirements and evolving federal standards. This will help ensure accessibility remains a routine part of all purchasing decisions.

Through these actions, the NSIRA Secretariat will strengthen accessibility by design in procurement and ensure that all goods, services, and facilities support an inclusive and accessible work environment.

6. Design and Delivery of Programs and Services

An important part of the Review Agency’s mandate is to investigate complaints related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), and the Royal Canadian Mounted Police (RCMP) when closely related to national security, as well as complaints concerning the denial or revocation of security clearances. The Agency also reviews the national security and intelligence activities of CSIS, CSE, and all other federal departments and agencies with such responsibilities. In fulfilling this mandate, the NSIRA Secretariat interacts with members of the public as well as public servants, and must promote accessibility for all participants. Ensuring that persons with disabilities can participate fully in these complaint and review processes remains integral to the NSIRA Secretariat’s operations.

Amendments to the Rules of Procedure have clarified that complaint investigation participants may request accommodations and receive procedural assistance to address accessibility barriers, including support for persons with cognitive or other disabilities. Accessibility remains closely linked to progress in other areas, such as the built environment and information and communication technology (ICT).

Based on recent assessments and questionnaire feedback, the following barriers or opportunities were identified:

  • The absence of a formalized process for tracking accessibility-related requests creates a potential risk of gaps in ensuring timely or appropriate support for individuals with disabilities.
  • There is a need to enhance existing accessibility training to ensure employees feel fully confident in supporting participant’s diverse accessibility needs.

In 2026–2028, the NSIRA Secretariat will focus on the following:

a) Implement a process to track accessibility-related accommodations:

The Secretariat will formalize a system to record and monitor all accessibility-related requests made during the public complaints process. This process will support timely follow-up, help identify recurring accessibility needs and improve reporting on service delivery accessibility.

b) Provide targeted training for staff involved in operations:

Employees who regularly interact with persons outside of the NSIRA Secretariat—including complainants, members of the public, and public servants involved in review activities—will receive targeted training to strengthen awareness of accessibility principles and confidence in providing accommodations. The training will focus on inclusive communication, plain language, and the practical application of the duty to accommodate during interviews, briefings and correspondence. This will help ensure that all participants can engage fully in the Secretariat’s processes.

Through these measures, the NSIRA Secretariat will continue advancing accessibility in its operations, ensuring that its Programs and Services remain inclusive, responsive, and barrier-free for all participants.

7. Transportation 

The NSIRA Secretariat’s offices are located in Ottawa, where accessible transportation services are provided by OC Transpo and the Société de Transport de l’Outaouais. Designated accessible parking spaces are available at nearby lots.

While no barriers have been identified at the NSIRA Secretariat’s primary location, employees occasionally travel domestically and internationally for work-related meetings and activities. To support an accessible and inclusive workplace, accessibility considerations will continue to be integrated into travel planning and coordination.

In 2026-2028, efforts will focus on the following:

a) Integrate accessibility into travel planning and procedures:

The Secretariat will incorporate accessibility considerations into travel policies, guidance, and procedures. This will include identifying employees’ accessibility needs during the travel authorization process and ensuring that travel arrangements (such as flight bookings, airport assistance, or ground transportation) accommodate those needs.

b) Provide guidance and support for accessible travel:

Employees and managers will have access to clear guidance on planning and requesting accessible travel arrangements, both domestically and internationally. This will help ensure that employees with disabilities are supported before, during, and after travel, and that accessibility considerations are applied consistently across all travel requests.

Through these initiatives, the NSIRA Secretariat will promote accessible travel planning, ensuring that all employees can participate in work-related travel and activities.

Implementation, monitoring and reporting

To ensure accessibility remains a core priority, the ACA and the Accessible Canada Regulations require regulated entities to prepare and publish annual progress reports on the implementation of their accessibility plans. These progress reports must be developed in consultation with persons with disabilities and describe the consultation process, including how feedback was considered and incorporated.

The NSIRA Secretariat is committed to ongoing engagement with persons with disabilities and other stakeholders to continuously improve accessibility across its programs, services, and workplace. Feedback received through consultations, public inquiries, or other channels will be carefully reviewed and addressed to inform future actions and updates.

In accordance with the regulations, the NSIRA Secretariat will publish an updated accessibility plan every three years. The first plan was published in December 2022, and the second in December 2025. All accessibility plans and progress reports will be made publicly available to ensure transparency and accountability in advancing accessibility throughout the organization.

Through these measures, the NSIRA Secretariat strives to foster an inclusive and accessible environment for all Canadians, demonstrating a sustained commitment to removing barriers and enhancing equitable participation.

Glossary

Barrier: means anything—including anything physical, architectural, technological or attitudinal, anything that is based on information or communications or anything that is the result of a policy or a practice—that hinders the full and equal participation in society of persons with an impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment or a functional limitation.

Disability: means any impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment—or a functional limitation—whether permanent, temporary or episodic in nature, or evident or not, that, in interaction with a barrier, hinders a person’s full and equal participation in society.

Information and Communication Technology (ICT): is an extensional term for information technology (IT) that stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals) and computers, as well as necessary enterprise software, middleware, storage and audiovisual, that enable users to access, store, transmit, understand and manipulate information.

Web Content Accessibility Guideline (WCAG): the Web Content Accessibility Guidelines (WCAG) are part of a series of web accessibility guidelines published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C), the main international standards organization for the Internet. They are a set of recommendations for making Web content more accessible, primarily for people with disabilities.

References and resources

Accessible Canada Act (justice.gc.ca)

Accessible Canada Regulations (justice.gc.ca)

Accessibility Strategy for the Public Service of Canada – Canada.ca (also referred to as “Nothing Without Us”)

Canadian Human Rights Act (justice.gc.ca)

Canadian Human Rights Commission

National Security and Intelligence Review Agency Act (justice.gc.ca)

Policy on Government Security- Canada.ca

Web Content Accessibility Guidelines (WCAG)

Meta data information

National Security and Intelligence Review Agency, Accessibility Plan 2026 – 2028
Title in French: Office de surveillance des activités en matière de sécurité nationale et de renseignement, Plan sur l’accessibilité 2026 – 2028
Also available online: www.nsira-ossnr.gc.ca/accessibility-plan-2026-2028/
ISSN: 2817-1160, PS106-13E-PDF
Key title: Accessibility plan (National Security and Intelligence Review Agency (Canada)‏)
© His Majesty the King in Right of Canada, 2022

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2023: Backgrounder

Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023

Backgrounder

Backgrounder

The Security of Canada Information Disclosure Act (SCIDA) is intended to facilitate information sharing across government for national security purposes. Disclosures under SCIDA tend to include considerable personal information, such as passport information, citizenship status, and information gathered by diplomatic missions.

NSIRA is responsible for annually reviewing disclosures made during the previous calendar year and submits a report with its findings and recommendations to the Minister of Public Safety.

Annual reviews of disclosures by NSIRA are key to ensuring that Government of Canada (GC) institutions use SCIDA in a manner that respects the Canadian Charter of Rights and Freedoms and the privacy rights of the individuals whose information is being disclosed.

This report describes the results of a review by NSIRA of SCIDA disclosures made in 2023. It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on June 13 2025.

Since NSIRA began reviewing GC institutions’ compliance with the Act five years ago, it has made recommendations to promote higher levels of compliance among GC institutions. This has resulted in those institutions adjusting their practices and increasingly demonstrating an improved understanding of their obligations.

This year, for the first time in SCIDA’s history, NSIRA has found full compliance with the Act. As such, the report contains seven recommendations aimed at improving the practices of GC institutions to ensure that this high level of compliance is maintained.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2023: Report

Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023

Report

Date of Publishing:

List of Acronyms

CBSA Canada Border Services Agency
CFIA Canadian Food Inspection Agency
CNSC Canadian Nuclear Safety Commission
CRA Canada Revenue Agency
CSE Communications Security Establishment
CSIS Canadian Security Intelligence Service
DND/CAF Department of National Defence/Canadian Armed Forces
FINTRAC Financial Transactions and Reports Analysis Centre of Canada
GAC Global Affairs Canada
GC Government of Canada
IRCC Immigration, Refugees and Citizenship Canada
NSIRA National Security and Intelligence Review Agency
PHAC Public Health Agency of Canada
PS Public Safety Canada
RCMP Royal Canadian Mounted Police
SCIDA Security of Canada Information Disclosure Act
TC Transport Canada

Glossary of Terms

Contribution test The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).

Executive Summary

The objective of this review was to determine whether Government of Canada (GC) institutions complied with the Security of Canada Information Disclosure Act (SCIDA)’s requirements for disclosure and record keeping in 2023. The review assessed GC institutions’ use of information-sharing arrangements, consistent with SCIDA’s guiding principles. The review also documented the volume of SCIDA disclosures and highlighted patterns in the SCIDA’s use across GC institutions and over time.

This is the fifth year that GC institutions have used the SCIDA and that NSIRA has reviewed their compliance with the act. Each year, NSIRA has made recommendations aimed at promoting compliance with the Act. Over the last five years, GC institutions have adjusted their practices and are increasingly demonstrating an improved understanding of their obligations. As a result, for the first time in SCIDA’s history, NSIRA found full compliance with the SCIDA. This allowed NSIRA to focus its review on in-depth analysis of the SCIDA’s contribution and proportionality tests.

For instance, some Immigration, Refugees and Citizenship Canada (IRCC) disclosures, albeit compliant with the SCIDA, presented a heightened risk of non-compliance with these two tests. One disclosure involving protest activity raised concerns regarding how IRCC arrived at the conclusion that the disclosure was related to activity that undermined the security of Canada, and thus complied with paragraph 5(1)(a) of the SCIDA. Three disclosures also raised concerns with regard to the amount of personal information that IRCC disclosed following its proportionality assessment, pursuant to paragraph 5(1)(b).

CSIS request letters, on which IRCC often relies to assess compliance with subsection 5(1), were at times unclear. This hindered IRCC’s effort to satisfy itself that the disclosure was authorised under the SCIDA.

IRCC provided templated statements on accuracy and reliability that were not always relevant or specific to the circumstances of the disclosure. In one case, the Canada Border Services Agency (CBSA) made a verbal disclosure that did not include an explicit statement about accuracy and reliability at time of disclosure. In addition, CBSA’s record of disclosure form contradicts the SCIDA by suggesting that the provision of information on accuracy and reliability is optional.

As encouraged by the SCIDA’s guiding principles, and as recommended by NSIRA previously, IRCC and the Communication Security Establishment signed an informationsharing agreement.

NSIRA made seven recommendations to mitigate risks of non-compliance and enshrine best practices in future years.

1. Introduction

Authority

This review was conducted pursuant to subsections 8(1)(b) and 39(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).

The review satisfies the NSIRA Act’s section 39 requirement for NSIRA to submit a report to the Minister of Public Safety on disclosures made under the Security of Canada Information Disclosure Act (SCIDA, Act) during the previous calendar year.

Scope of the Review

The objective of this review was to determine whether Government of Canada (GC) institutions complied with the SCIDA’s requirements for disclosure and record keeping. The review assessed GC institutions’ use of information-sharing arrangements, consistent with SCIDA’s guiding principles. The review also documented the volume of SCIDA disclosures and highlighted patterns in the SCIDA’s use across GC institutions and over time.

The review included all GC institutions that disclosed or received information under the SCIDA in 2023: the Canada Border Services Agency (CBSA), Communications Security Establishment (CSE), Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), Immigration, Refugees and Citizenship Canada (IRCC), and Royal Canadian Mounted Police (RCMP). The review also included Public Safety Canada (PS), which provides SCIDA-related policy guidance and training across the GC.

Methodology

NSIRA assessed administrative compliance with the SCIDA’s record keeping obligations in respect of all disclosures made in 2023.

NSIRA assessed substantive compliance with the SCIDA’s disclosure requirements for a targeted sample of 27 disclosures, selected according to the parameters described in Annex A.

Review Statements

The NSIRA Act grants NSIRA rights of timely access to any information in the possession or under the control of a department (except for cabinet confidences) and to receive from the department any documents and explanations NSIRA deems necessary. NSIRA monitors cooperation with access requests, including the completeness and accuracy of disclosures, which inform its overall assessment of a department’s responsiveness in each review.

All reviewees met NSIRA’s expectations for responsiveness during this review.

2. Background

The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who disclose or receive information under the Act. Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.

Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information –subject to any prohibitions or restrictions in other legislation or regulations – to designated recipient institutions if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).

Subsection 5(2) requires disclosing institutions to, at the time of the disclosure,also provide information regarding the disclosure’s accuracy and the reliability ofthe manner in which it was obtained.

When a GC institution receives information under the Act, subsection 5.1(1)requires that the institution destroy or return any unnecessary personal informationas soon as feasible after receiving it.

The SCIDA’s guiding principles reinforce the notion that effective and responsible disclosure of information protects Canada and Canadians. Of note, subsection 4(c)suggests that GC institutions enter into an information-sharing arrangement when they regularly disclose information to the same recipient.

3. Findings, Analysis, and recommendations

Volume and Nature of Disclosures

In 2023, GC institutions made a total of 269 disclosures under the SCIDA (see Table 1).

Table 1: Number of SCIDA disclosures made in 2023, by disclosing and recipient institution [all disclosures (proactive disclosures)]

    Designated Recipient Institutions
Disclosing Institution   CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
CBSA 2
(2)		 2
(2)
GAC 1
(1)		 10
(0)		 4
(0)		 15
(1)		 53
(32)
IRCC 58
(0)		 194
(7)		 252
(7)
TOTAL (proactive) 59
(1)		 204
(7)		 1
(0)		 6
(2)		 263
(10)

The number of disclosures increased 55% since 2022, reversing the slight downward trend in the number of disclosures observed across prior years. This shift is largely due to a 246% increase in disclosures from IRCC to CSIS. CSIS attributes this increase to a policy shift that led them to use the SCIDA to request information that IRCC previously provided under the Privacy Act.

As in previous years, disclosing institutions made the vast majority of disclosures following a request. Only 4% of disclosures were sent proactively by the disclosing institution.

Record Keeping Requirements – Section 9

Finding 1. NSIRA found that every institution that disclosed or received information pursuant to SCIDA in 2023 complied with their record keeping obligations under section 9, but some records were inaccurate or imprecise.

Section 9 of the SCIDA prescribes record-keeping obligations for all disclosing institutions, as well as institutions who receive information pursuant to a disclosure. These requirements include, among others, that records of the disclosure describe the information as well as indicate whether the information was destroyed or retained by the recipient. NSIRA’s cross-reference of records provided by disclosing and recipient institutions revealed some inaccuracies that were clarified through discussion with the institutions following receipt of their records:

  • Under paragraph 9(2)(a), CSE mislabelled the number of subjects that the disclosure pertained to in four (of 59) instances;
  • Under paragraph 9(2)(e), CSIS records included contradictory information as to whether the information received has been destroyed or retained; and
  • Under paragraph 9(1)(a), IRCC records included contradictory descriptions of the information disclosed.

NSIRA was unable to reconcile the information provided in relation to one case where the CBSA made a verbal disclosure to the RCMP. Based on the initial records provided by the RCMP and CBSA, NSIRA could not determine with certainty what personal information was shared, and when. In response to a recommendation from NSIRA’s SCIDA review for 2022, the CBSA developed a record of disclosure form to serve as a record overview. In this instance, the form was incomplete and contradicted the copy of the disclosure that was also provided to NSIRA.

As it did last year, NSIRA underscores the importance of administrative precision in preparing records, and notes that a record overview – when correctly prepared –supports compliance with SCIDA record keeping requirements.

NSIRA identified several instances in which the disclosing institution did not provide an explicit statement, under paragraph 9(1)(e), regarding the information that was relied on to satisfy the disclosing institution of the proportionality test. Three of these disclosures were included in NSIRA’s targeted sample for assessing the contribution and proportionality tests.

Contribution and Proportionality Tests – Subsection 5(1)

Finding 2. NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves under the contribution and proportionality tests in compliance with subsection 5(1) of the SCIDA.

To assess compliance with subsection 5(1), NSIRA first considered the explicit statements prepared by disclosing institutions under paragraph 9(1)(e), describing the information that was relied on to satisfy themselves that the disclosure was authorized under the Act. When an explicit statement was provided, NSIRA analysed and corroborated these statements by reviewing all other documents provided by GC institutions related to a given disclosure. Additional documents provided did not raise any concern with paragraphs 5(1)(a) and 5(1)(b) compliance.

For all 27 disclosures included in the sample, the disclosing institution provided anexplicit statement that demonstrated that they had satisfied themselves that thedisclosure would contribute to the recipient’s jurisdiction or its responsibilities.24.

For 24 of the 27 disclosures, the disclosing institution provided an explicit statement that demonstrated they had satisfied themselves that no one’s privacy would be affected more than reasonably necessary in the circumstances. In the remaining three disclosures, despite having no explicit statement, other documents provided by the disclosing institutions nevertheless demonstrated that they had satisfied themselves of the proportionality test.25.

While NSIRA found that institutions were generally compliant with paragraphs5(1)(a) and 5(1)(b), IRCC’s contribution and proportionality assessments demonstrated some deficiencies. These deficiencies form the basis of findings 3and 4.

Recommendation 1. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.

SCIDA’s Exception for Advocacy, Protest, or Dissent

Finding 3. NSIRA found that IRCC did not, in one instance, independently consider whether its disclosure related to activities that fell under the SCIDA exception for advocacy, protest, or dissent. Instead, IRCC satisfied itself of the SCIDA’s contribution test based on assumptions about how CSIS assessed activities that undermine the security of Canada.

The contribution test under paragraph 5(1)(a) requires the disclosing institution to assess whether the disclosure relates to activities that undermine the security of Canada. These activities are defined by the Act and include, for example, espionage, covert foreign-influenced activities, terrorism, and significant or widespread interference with critical infrastructure. In its definition of activities that undermine the security of Canada, subsection 2(2) of the SCIDA includes an exception for advocacy, protest, dissent, or artistic expression. These, in and of themselves, do not constitute activities that undermine the security of Canada. The legislated exception helps to distinguish between legitimate forms of political dissent and national security threats.

In one instance, CSIS requested detailed information from IRCC related to an individual. The request sought current and past passport applications and these contain a great deal of personal information3.CSIS justified its request with anexcerpt from a news article which cited a quote uttered publicly by the individualduring a protest.

IRCC did not request any additional rationale from CSIS. It disclosed the individual’s passport application, including some associate’s information, along with the individual’s passport number, place of issue, and dates of issue and expiry.

In response to a query from NSIRA regarding on what basis it satisfied itself of the contribution test, IRCC explained that it “relies on the partner to accurately describe that the individual is tied to an activity that may undermine the security of Canada.” The IRCC official who authorized the disclosure further explained that IRCC assumed that CSIS had not relied solely on the individual’s statements quoted in the news article given the limits of CSIS’s authority to investigate lawful advocacy, protest or dissent under the CSIS Act.

The CSIS Act includes an exemption preventing CSIS from investigating lawful advocacy, protest or dissent, without the presence of threat related activities itemised in the CSIS Act. However, the SCIDA’s use of “activity that undermines the security of Canada” is a purposeful departure from the CSIS Act’s “threat to the security of Canada”. The distinction reflects legislative intent that the disclosing institution perform its own, fit-for-purpose assessment.

Subsection 5(1) of the SCIDA explicitly places the onus on the disclosing entity to assure itself that the disclosure is authorized. The process by which an institution satisfies itself should be grounded in an independent and factual assessment. In that context, a mere acquiesce of a request would not be sufficient, nor would a de facto reliance on the recipient respecting their enabling legislation. The threshold of satisfaction imports an objective standard that must be based on facts.

PS guidance notes that although the threshold imposed by subsection 5(1) does not hold institutions to perfection, they must make all reasonable efforts to satisfy themselves that the information will contribute to the recipient’s national security mandate. When encountering activities occurring in the context of political dissent or a protest, NSIRA expects institutions with a national security mandate to exercise caution when requesting information relating to an activity protected under the Canadian Charter of Rights and Freedoms (Charter) to further an investigation. At the same time, in this case, IRCC should have obtained more information prior to disclosure, to substantiate what activities were undermining the security of Canada to ensure the exception did not apply.

Recommendation 2. NSIRA recommends that IRCC amend their SCIDA policy to underscore that IRCC must independently assess whether the disclosure is authorized. This assessment should consider whether the activity amounts to one of the exceptions to the SCIDA’s definition of activities that undermine the security of Canada.

IRCC’s New Approach to Proportionality Assessments

Finding 4. NSIRA found that, throughout the course of 2023, IRCC improved the rigour of its proportionality assessments regarding disclosure of passport information. However, NSIRA identified three instances where IRCC disclosed visa information without applying the same rigorous approach, which risked disclosing more personal information than reasonably necessary in the circumstances.

In summer 2023, IRCC adopted a “higher” standard to satisfy itself that no person’s privacy interest would be affected more than reasonably necessary when disclosing passport information to CSIS. According to IRCC, this shift was prompted by a previous NSIRA recommendation that IRCC be explicit in their records that the proportionality test was met. Not only did IRCC adjust their record keeping practices, but they also turned their attention to the substantive issue at hand. Indeed, IRCC closely examined the privacy impact their disclosures may have when responding to CSIS requests.

As a result, when dealing with the absence of additional rationale from CSIS, IRCC became more conservative in the disclosure of information. For example, IRCC began redacting associate’s information in passport applications, limiting the provision of historical applications, and refraining from disclosing applications of minors. They adopted an iterative approach to disclosing passport information, which cultivated a more appropriate weighting of individuals’ privacy interests vis-à-vis the recipient’s investigative needs.

IRCC’s new approach to assessing the proportionality of passport information disclosures was not well-received by CSIS, who characterize their receipt of redacted passport applications as a “massive” hindrance to section 12 investigations. In internal correspondence, a CSIS analyst noted that they would prefer that “IRCC not filter down the info and let them [CSIS] make the assessment based on the knowledge of [national security] threats”.

Still, the discretionary nature of SCIDA disclosures make it such that IRCC may choose what information to disclose, if any. IRCC’s SCIDA Standard Operating Procedure states that requests for disclosure must provide sufficient information to justify the release of associate’s information. Under the SCIDA, it is entirely within IRCC’s purview to seek and obtain such justification prior to disclosing information.

IRCC’s increased attention to privacy interests in the context of passport application disclosures was not imparted to disclosures of information collected from visa applications. It is important to note that this distinction is not a factor that should be considered when assessing proportionality. Under the SCIDA, the privacy interests of citizens and non-citizens must be similarly assessed, and only treated differently in a visa application if no reasonable expectation of privacy is assessed.

Annex B presents the details of three disclosures in relation to which IRCC disclosed visa information to CSIS, concerning over 20 individuals, without having first established facts relevant to the conduct of an informed proportionality assessment. In these cases, either the identities of the subject of the request were unknown or the link between the subject of the disclosure and the threat had yet to be established. NSIRA would have expected IRCC to follow a more iterative approach to disclosing this information, consistent with its approach to passport disclosures in the later part of 2023. Such an iterative approach would have entailed disclosing only basic information until a greater connection to the activity that undermined the security of Canada could be established or the identity of the individual could be confirmed.

Additionally, the cases presented in Annex B are not fully consistent with IRCC policy, which underscores that “disclosing […] more personal information than is necessary could constitute a breach of a person’s reasonable expectation of privacy, a right protected by the Canadian Charter of Rights and Freedoms”. This is an important consideration since the proportionality of a given disclosure may be a factor in determining its Charter reasonableness.

Under the SCIDA regime, and as explained in PS guidance, the proportionality testis conducted to help determine the scope of what can be disclosed, and not necessarily whether the disclosure should occur. Thus, it would have been warranted for IRCC to assess how the sharing of each piece of information would impact the privacy of the individuals in question.

Recommendation 3. NSIRA recommends that IRCC apply an iterative approach to its proportionality assessments, with a view to disclosing only the minimum information reasonably necessary in the circumstances to enable the recipient institution to further their investigation.

CSIS Request Letters

Finding 5. NSIRA found that CSIS requests to IRCC used inconsistent terminology and were often unclear about the relationship between the subject of the request and its investigation. At times, this lack of clear communication hindered IRCC’s efforts to satisfy itself that the disclosure was authorised under the SCIDA.

96% of IRCC disclosures to CSIS were in response to a request. IRCC used the information in CSIS’s request letters to assure itself that a disclosure met both the contribution and the proportionality tests. While IRCC is always at liberty to request more information from CSIS to satisfy itself that the disclosure is authorized, in the majority of disclosures requested by CSIS, IRCC based its assessments solely on the information provided by CSIS in the request letter.

NSIRA reviewed all request letters sent by CSIS to IRCC. CSIS used a wide variety of terms to describe the nature of its interest in the subject of a request, such as:

  • The subject came to the attention of the Service
  • The subject is of interest for possible involvement in
  • The subject is of interest in connection with
  • The subject is believed to be an associate of a target
  • The subject is related to the threat
  • The individual is the subject of a Service investigation
  • The subject is part of a Service investigation
  • The subject is very closely associated to a CSIS subject of investigation

In most cases, CSIS did not define these terms or provide any more information on why the subject was of interest.

Furthermore, CSIS used the same (or similar) words when referring to different levels of interest. For example, “associated with” and “part of a Service Investigation” were used in requests for individuals with no known involvement in threat related activities and for individuals who CSIS has reason to suspect are involved in threat activities. In another instance, CSIS’s request letter stated that the subjects were related to the threat, but the connection between the threat and the individuals had not been established.

As a result of these inconsistencies and lack of clarity, IRCC could not understand key nuances relevant to its proportionality assessments. This issue is compounded by the fact the CSIS tended to request “any and all information” associated with the subject(s) of a request.

The relationship between the information requested and an investigation is an important factor considered by IRCC when assessing proportionality. Indeed, IRCC’s new approach to assessing proportionality takes into consideration the fact that information on associates contained in passport applications may not be material to the investigation. As a result, IRCC has often opted to redact some associate’s information, unless CSIS provided some indication that they are, or could be, implicated in the threat activity. In one of the several instances where CSIS stated that the subject of the request was “very closely associated to a CSIS subject of investigation”, IRCC requested an explanation to clearly link the subject of the request to the investigation. When CSIS did not provide it, IRCC opted to cancel the disclosure as it was not satisfied that the disclosure would meet the proportionality test.

It is essential that CSIS convey information in a clear and consistent manner given that IRCC takes this information into account in conducting its proportionality assessments. This is especially true when IRCC is disclosing associate’s information. When requesting information under the SCIDA, recipient institutions should, as a matter of course, facilitate disclosing institutions’ compliance with SCIDA thresholds by using clear and consistent terminology.

In late 2023, CSIS began centralizing its process for requesting IRCC SCIDA disclosures and developed a standard request form, which should help with consistency. As no requests were made in 2023 using these standard forms, NSIRA could not assess the effect of these changes in practice.

Recommendation 4. NSIRA recommends that CSIS use consistent terminology, and be clear about the nature of the link that has been established between the subject of a request and its investigation, to assist IRCC in satisfying itself of the proportionality test.

Reliability and Accuracy Statement – Subsection 5(2)

Finding 6. NSIRA found that disclosing institutions provided information regarding the accuracy of the information and reliability of the manner in which it was obtained in relation to all disclosures. However, CBSA made one verbal disclosure that did not include an explicit statement on accuracy and reliability.

Under the SCIDA, departments are required to provide information on the accuracy and the reliability of the manner in which the information being disclosed was obtained. They must do so at the time of the disclosure.

All written disclosures made in 2023 contained a statement on accuracy and reliability. However, CBSA made one proactive verbal disclosure of a tip to the RCMP, previously described in paragraph 19, in which it did not provide an explicit statement regarding accuracy and reliability at the time of disclosure.

Although the same information was shared again in writing two weeks later, an explicit, written statement on accuracy and reliability was only shared with the RCMP nearly two months later, when the CBSA disclosed additional information about the subject.

Subsection 5(2) states that “information” regarding accuracy and reliability “must” be provided at time of disclosure. NSIRA assesses in this case that, by its very nature, relaying that the information disclosed was derived from a tip conveyed information regarding accuracy and reliability to the RCMP. That said, an explicit, written statement is considered best practice. While verbal disclosures are not prohibited by the SCIDA, PS guidance notes that “[i]nformal communication cannot be used in lieu of the formal disclosure process or to replace the formal recordkeeping obligations.”

Recommendation 5. NSIRA recommends that institutions avoid making verbal disclosures whenever possible. When they must occur, verbal disclosures should explicitly convey the requisite information on accuracy and reliability.

Finding 7. NSIRA found that CBSA’s record of disclosure form contradicts the SCIDA by allowing officials to opt out of providing information regarding accuracy and reliability.

Although CBSA policy correctly reflects the mandatory nature of providinginformation on accuracy and reliability, its new record of disclosure form does not.The form includes a yes/no checkbox to indicate whether a statement confirmingthe accuracy and reliability was provided to the recipient institution. If the CBSAofficial selects “no”, they are prompted to explain why they elected to not provide astatement. This implies that it is discretionary and leaves the opportunity for CBSAto opt out of the requirement.

Further, the form does not specify that the statement must be provided at the timeof disclosure, as the SCIDA specifically demands.

Recommendation 6. NSIRA recommends that CBSA harmonize its record of disclosure form with the SCIDA to convey the mandatory nature of providing information on accuracy and reliability at the time of the disclosure.

Finding 8. NSIRA found that IRCC used templated language to describe the disclosure’s accuracy and reliability that was not always relevant or specific to the circumstances of the disclosure.

All IRCC disclosures made in 2023 included the same accuracy and reliability statement:

The information in this disclosure was provided by the Subject as part of their various applications to IRCC. The Subject declared that the information they provided as part of their applications was truthful, complete and correct. The information in this disclosure is accurate and reliable in so far as the Subject was truthful in their submissions to our Department. IRCC holds no information that would call into question the accuracy and reliability of the information provided by the Subject.

There are several cases where this statement provided by IRCC did not reflect the specific circumstances of the disclosure. For example, the statement above was included in a disclosure where no immigration or passport records were found and the only information disclosed was the lack of records. The same statement was used in disclosures of child general passport applications, which are actually completed by parents or legal guardians rather than by the subject themselves. When solely disclosing citizenship status to CSE, IRCC still included the same statement, despite the information disclosed not being provided by the subject as part of their application. In one case, the IRCC used the same statement in the disclosure but nevertheless contradicted itself by also stating that there was some reason to believe the information might not be accurate.

All of these cases point to a tendency of copying the accuracy and reliability information without giving sufficient attention to the relevance of the statement.

When instructing on the accuracy and reliability statement, the PS SCIDA guide suggests that “formulaic (templated) language should be avoided, unless the nature and source of information disclosed is derived from a routine process.” IRCC produces a large number of disclosures every year. While some language can be recycled, it is necessary that the statement remain an accurate representation of each disclosure. NSIRA has previously recommended that statements be clear and specific to the circumstances of the disclosure.

Recommendation 7. NSIRA recommends that IRCC tailor its statements on accuracy and reliability as to ensure that each disclosure’s statement is specific to the circumstances of the case.

Information Sharing Agreement – Subsection 4(c)

Finding 9. NSIRA found that disclosures between IRCC and CSE that occurred following the enactment of their new information sharing agreement were compliant with both the SCIDA and their information sharing agreement.

In past SCIDA reviews, NSIRA noted that some departments regularly use the SCIDA in a manner that warrants information sharing arrangements (ISA), as encouraged by subsection 4(c) of SCIDA. In 2022, NSIRA recommended that IRCC and CSE develop an ISA to govern their SCIDA disclosures.

In August 2023, IRCC and CSE signed an ISA. As a whole, the new ISA between IRCC and CSE supports compliance with SCIDA, with all key legislated requirements from SCIDA being included in the ISA. The agreement also adheres to the guidance on preparing ISAs recently developed by PS.

Of the 24 disclosures made after the ISA implementation, all were deemed compliant with the new agreement. NSIRA looked at each disclosure made under the ISA and assessed them against a majority of the requirements outlined in the agreement.

4. Conclusion

This is the fifth year that GC institutions have used the SCIDA and that NSIRA has reviewed their compliance with the act. Each year, NSIRA has made recommendations aimed at promoting compliance with the Act. Over the last five years, GC institutions have adjusted their practices and are increasingly demonstrating an improved understanding of their obligations. As a result, for the first time in SCIDA’s history, NSIRA found full compliance with the SCIDA.

This review assessed GC institutions’ compliance with requirements for recordkeeping in respect of all 269 disclosures that were made and received in 2023. It assessed their compliance with requirements for disclosure in relation to a targeted sample of 27 disclosures. All were compliant with SCIDA requirements, but NSIRA found that IRCC’s contribution and proportionality assessments demonstrated some deficiencies. An increased understanding of the activities that undermine the security of Canada would support a more thorough proportionality assessment and greater utility of the disclosed information.

NSIRA made recommendations aimed at promoting compliance with SCIDA, particularly with regard to how departments determine whether the contribution and proportionality tests have been met.

Annex A. Sample of Disclosures

Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to the following parameters:

  • At least two disclosures per discloser-recipient pair, if available;
  • At least one proactive disclosure per discloser, if available;
  • At least one requested disclosure per recipient, if available;
  • All disclosures identified by recipient institutions as including personal information that was destroyed or returned under the SCIDA, subsection5.1(1);
  • All disclosures for which there is a high-level discrepancy in the discloser and recipient records;
  • All disclosures made by an institution that is not listed in Schedule 3 of the SCIDA;
  • All disclosures received by institutions added to Schedule 3 in the preceding year; and
  • All disclosures that, based on the review team’s preliminary assessment, present a heightened risk of non-compliance under section 5.

Annex B. Cases Relating to IRCC’s Disclosure of Visa Information

Disclosure 1 (Economic Security Threat)

IRCC proactively disclosed to CSIS the visa applications of several individuals who received a work permit in various research fields linked to economic security threat. These applications included personal information such as employment history, travel history, contact information, photos, passport information, and associate’s information. This was part of IRCC’s effort to proactively identify and share with CSIS information about individuals that may engage in activities that pose a threat to Canada’s economic prosperity.

While the national security concern posed by these types of economic security threats is well documented, the role that these individuals played in that space was unknown. IRCC selected the individuals in question based on one threat related criteria, but the other criteria used to narrow the pool individuals from several hundreds to a few individuals were unrelated to the threat the individuals posed. Indeed, IRCC chose these additional arbitrary criteria mainly for practical reasons.

For greater clarity, there was no information indicating that any of the several individuals in question were involved in activities that undermine the security of Canada. Most of these applications were not initially referred to CSIS for security screening by IRCC, meaning that the visa officer was fully satisfied that the applicants posed no threat. In one case, the application was sent for security screening but CSIS returned a favorable recommendation and the individual was granted a visa.

The proactive sharing of complete visa application packages with CSIS risked affecting these individuals’ privacy more than was reasonably necessary in the circumstances.

Disclosure 2 (Foreign Entity)

CSIS requested passport information about any individuals with a valid visa currently working for a specific foreign entity. IRCC did not have any passport applications for the individuals that matched the search criteria, but nevertheless disclosed entire visa applications for some individuals. IRCC also provided information about individuals who had previously worked at the foreign entity, and individuals who did not have a valid visa. This misalignment between what was requested and what was disclosed does not reflect a proper tailoring of information to meet SCIDA’s contribution and proportionality tests.

None of these individuals had been linked to a specific activity that undermined the security of Canada, either at the time of the request nor following the disclosure. CSIS and IRCC’s inability to characterize the nature of the individuals’ relationship to threat activities created a risk that IRCC’s disclosure may have affected their privacy more than was reasonably necessary in the circumstances.

Disclosure 3 (Bulk Data)

CSIS sent a letter to IRCC requesting the disclosure of information within immigration applications on individuals including a spreadsheet with certain identifying personal information (called “selectors”). While large data-set requests and disclosures are not prohibited by the SCIDA, the requirements imposed by the contribution and proportionality tests must be applied to every discrete piece of information disclosed. As such, this type of information would need to be responsibly assessed prior to disclosure.

While the CSIS request letter provides extensive rationale as to why the threat actor named in the request letter poses a threat to national security, the IRCC officials that authorized the disclosure did not have contemporaneous information on how these selectors, and, by extension the individuals linked to these selectors, are linked to the threat actor.

Nevertheless, IRCC disclosed significant personal details pertaining to several individuals. For example, the disclosure included a foreign state visa refusal, information about military service, a personal picture, and other documents that would have been provided as part of a visa application.

This disclosure included more information than what CSIS requested. Given that the identity of the individuals are unconfirmed, as CSIS’s request clearly stated that the purpose of this request was for identification, this suggests that IRCC risked disclosing more than the least amount of personal information necessary for CSIS to further its investigation.

While the legislative burden to ensure that the disclosure is authorized under SCIDA falls on the disclosing entity, in this case IRCC, it may be very complex fora disclosing entity to discharge its obligation under paragraphs 5(1)(a) and 5(1)(b)with these types of large data-sets requests, particularly when the requester provides very little rationale linking each selector or individual to the activity that undermines the security of Canada.

Annex C. Overview of SCIDA Disclosures in Prior Years

Disclosing Institution Designated Recipient Institutions under the SCIDA, Schedule 3
CBSAGACCNSCCRACSECSISDND/CAFFinance FINTRACGACHealthIRCCPHACPSRCMPTC TOTAL
2022
CBSA44
GAC3921253
IRCC5956115
RCMP11
TOTAL5995216173
2021
DND/CAF22
GAC244
IRCC687921149
TOTAL681222212195
2020
CBSA14
GAC251340
IRCC6061137159
RCMP113
TC22
Other¹⁰1
TOTAL6188136551215
2019
CBSA13
GAC2342
IRCC51713659
RCMP4138
TC12
TOTAL454111114

Annex D. Findings and Recommendations

Record Keeping Requirements – Section 9

Finding 1. NSIRA found that every institution that disclosed or received information pursuant to SCIDA in 2023 complied with their record keeping obligations under section 9, but some records were inaccurate or imprecise.

Contribution and Proportionality Tests – Subsection 5(1)

Finding 2. NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves under the contribution and proportionality tests in compliance with subsection 5(1) of the SCIDA.

Recommendation 1. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.

Finding 3. NSIRA found that IRCC did not, in one instance, independently consider whether its disclosure related to activities that fell under the SCIDA exception for advocacy, protest, or dissent. Instead, IRCC satisfied itself of the SCIDA’s contribution test based on assumptions about how CSIS assessed activities that undermine the security of Canada.

Recommendation 2. NSIRA recommends that IRCC amend their SCIDA policy to underscore that IRCC must independently assess whether the disclosure is authorized. This assessment should consider whether the activity amounts to one of the exceptions to the SCIDA’s definition of activities that undermine the security of Canada.

Finding 4. NSIRA found that, throughout the course of 2023, IRCC improved the rigour of its proportionality assessments regarding disclosure of passport information. However, NSIRA identified three instances where IRCC disclosed visa information without applying the same rigorous approach, which risked disclosing more personal information than reasonably necessary in the circumstances.

Recommendation 3. NSIRA recommends that IRCC apply an iterative approach to its proportionality assessments, with a view to disclosing only the minimum information reasonably necessary in the circumstances to enable the recipient institution to further their investigation.

Finding 5. NSIRA found that CSIS requests to IRCC used inconsistent terminology and were often unclear about the relationship between the subject of the request and its investigation. At times, this lack of clear communication hindered IRCC’s efforts to satisfy itself that the disclosure was authorised under the SCIDA.

Recommendation 4. NSIRA recommends that CSIS use consistent terminology, and be clear about the nature of the link that has been established between the subject of a request and its investigation, to assist IRCC in satisfying itself of the proportionality test.

Reliability and Accuracy Statement – Subsection 5(2)

Finding 6. NSIRA found that disclosing institutions provided information regarding the accuracy of the information and reliability of the manner in which it was obtained in relation to all disclosures. However, CBSA made one verbal disclosure that did not include an explicit statement on accuracy and reliability.

Recommendation 5. NSIRA recommends that institutions avoid making verbal disclosures whenever possible. When they must occur, verbal disclosures should explicitly convey the requisite information on accuracy and reliability.

Finding 7. NSIRA found that CBSA’s record of disclosure form contradicts the SCIDA by allowing officials to opt out of providing information regarding accuracy and reliability.

Recommendation 6. NSIRA recommends that CBSA harmonize its record of disclosure form with the SCIDA, to convey the mandatory nature of providing information on accuracy and reliability at the time of the disclosure.

Finding 8. NSIRA found that IRCC used templated language to describe the disclosure’s accuracy and reliability that was not always relevant or specific to the circumstances of the disclosure.

Recommendation 7. NSIRA recommends that IRCC tailor its statements on accuracy and reliability as to ensure that each disclosure’s statement is specific to the circumstances of the case.

Information Sharing Agreement – Subsection 4(c)

Finding 9. NSIRA found that disclosures between IRCC and CSE that occurred following the enactment of their new information sharing agreement were compliant with both the SCIDA and their information sharing agreement.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022: Backgrounder

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022

Backgrounder

Backgrounder

ISSN: 2817-7525

This report presents findings and recommendations made in NSIRA’s annual review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA)It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on November 1st, 2023.

The SCIDA provides an explicit, stand-alone authority to disclose information between Government of Canada institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

This report provides an overview of the SCIDA’s use in 2022. In doing so, it:

  • documents the volume and nature of information disclosures made under the SCIDA;
  • assesses compliance with the SCIDA; and
  • highlights patterns in the SCIDA’s use across Government of Canada institutions and over time.

The report contains six recommendations designed to increase standardization across the Government of Canada in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Accessibility Plan – Second Progress Report

Accessibility Plan – Second Progress Report

Meta data information

National Security and Intelligence Review Agency, Accessibility Plan – Second Progress Report, December 2024

Titre en Anglais : National Security and Intelligence Review Agency, Accessibility Plan – Second Progress Report, December 2024

Title in French: Office de surveillance des activités en matière de sécurité nationale et de renseignement, Plan sur l’accessibilité – Deuxième rapport d’étape, Décembre 2024

Also available online: https://nsira-ossnr.gc.ca/publications/secretariat-operations/accessibility-plan-second-progress-report/
ISSN 2818-5927
Key title: Accessibility Plan – Second Progress Report (National Security and Intelligence Review Agency (Canada))
© His Majesty the King in Right of Canada, 2024

Date of Publishing:

From the Executive Director

In accordance with the Accessible Canada Act, I am pleased to publish the National Security and Intelligence Review Agency Secretariat (NSIRA Secretariat)’s second progress report for its Accessibility Plan 2022 – 2025. This progress report describes the work that has been done to implement activities over the course of 2024.

Our commitment to creating an inclusive environment is reflected in our ongoing work to remove barriers and respond proactively to feedback. This dedication is also embedded in our institutional Vision, Mission, and Values statement adopted in 2024, which underscores inclusiveness as a core value.  This year, we have made a number of improvements towards integrating accessibility as a core component of our operations.

Key changes include the incorporation of accessibility principles into the Rules of Procedure, explicitly providing for participants in investigations to request accommodations and receive procedural support through the Registrar. We also updated our branding to meet accessibility standards, including our website, promotional materials and recruitment resources.

Ensuring that the organization is accessible by design requires continued attention. In 2025 we will not only continue our efforts, but also prepare for a new accessibility plan. The goal is to complete what we started in 2022 and seek opportunities to build on our success. I look forward to continuing our progress together.

Charles Fugère

Executive Director, NSIRA Secretariat

General

The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat is responsible for monitoring feedback to evaluate progress and establishing its future accessibility plans.

In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this progress report is available on NSIRA’s website, which is used to communicate with the public.

To request a copy of this or our previous progress report, the accessibility plan, or a description of the feedback process in an alternate format or to provide feedback about our progress report(s), the accessibility plan and any barriers encountered in dealing with NSIRA, please contact the NSIRA Secretariat by mail, telephone, or email at:

National Security and Intelligence Review Agency Secretariat
P.O. Box 2430, Station “B”
Ottawa, Ontario, K1P 5W5

Telephone: 1-833-890-0293
Email: info@nsira-ossnr.gc.ca

Introduction

The National Security and Intelligence Review Agency published its Accessibility Plan 2022 – 2025 in December 2022 and its first progress report in December 2023. This second progress report describes the work that has been done to implement activities between January 1 and December 31, 2024.

The Accessibility Plan 2022 – 2025 set out three priority areas to improve accessibility:

  1. Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
  2. Ensuring Canadians have access to NSIRA’s publications and services.
  3. Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.

Through the efforts of the Senior Advisor, Wellness Initiatives, the NSIRA Secretariat can monitor progress, identify areas for improvement, and ensure overall coherence across the activities outlined in the accessibility plan.

Progress with respect to the priority areas and the accessibility plan is set out on the following pages. It is organized according to the seven key areas outlined in the ACA namely: employment; built environment; information and communication technologies (ICT); communication other than ICT; procurement of goods, services, and facilities; design and delivery of programs and services; and transportation.

The NSIRA Secretariat does not have ultimate control over certain fundamental aspects related to the built environment, technology or security and must, therefore, adjust its pace to align with the direction given by the responsible policy centres. Despite these constraints, the NSIRA Secretariat was able to make advances on several fronts.

Progress vis-à-vis accessibility plan

Employment

While developing the accessibility plan in 2022, the NSIRA Secretariat identified gaps with respect to employment. There was no written accommodation process for persons with disabilities employed in the NSIRA Secretariat. Furthermore, there was limited material available about accessibility requirements, resources, and information.

Status: On track

The NSIRA Secretariat was able to make advances in relation to many of the priorities with respect to employment in the last year. The Director, Human Resources Services, and the Senior Advisor, Wellness Initiatives, worked together on 14 specific cases in 2024, to ensure that employees received accommodations to enable them to participate fully in all aspects of their work experience. Additionally, progress was made in the following areas;

Training and Capacity Building on Accessibility

Human resources (HR) employees responsible for accessibility attended training on the Government of Canada Workplace Accessibility Passport (the Passport); a tool that helps federal public service employees with disabilities access the supports they need to excel at work. This training improved their foundational skills in accessibility, enabling them to offer higher-quality advice and guidance to managers and employees. To further promote accessible and inclusive communication, all HR staff completed “Accessible Documents” training, enhancing their ability to communicate effectively with candidates and employees regarding staffing and other HR matters. Additionally, a training video on “Making Documents Accessible” was added to the new mandatory training guides.

Resources and Support Initiatives

An Accessibility Resource Centre was launched and published on the NSIRA Secretariat’s intranet. This centre offers “How to” guides, training, and information on the Passport, accessible communications and technology, making key resources easily accessible to all staff. To promote the Passport, all newly hired employees were introduced to it during their onboarding and orientation sessions, ensuring awareness of this important accessibility tool. Managers and employees were regularly encouraged to make use of the Passport.

Accessibility in Recruitment and Staffing

The NSIRA Secretariat continued to take steps to ensure accessibility in its recruitment process. All recruitment and staffing materials, including communications with candidates at all hiring stages, included information about accommodations and accessibility. For example, interview invitations and written exam notices clearly stated that accommodations are available upon request. A centralized accommodation process, managed by the Senior Advisor, Wellness Initiatives, was developed to protect the candidates’ privacy consistent with the “need to know” principle for handling personal information. Additionally, a “Fact Sheet on Inclusive Recruitment” was provided to managers to support bias-free hiring. A feedback questionnaire was also developed and distributed to candidates requesting accommodations during the selection processes, helping the HR team to assess the effectiveness of these measures.

Promoting Accessibility Awareness

The NSIRA Secretariat promoted accessibility awareness among staff and managers. Accessibility-related training, tools and events were regularly shared with subject-matter experts and staff as appropriate. For example, a session on “Understanding Digital Accessibility and Disability Inclusion” was shared with information technology experts, while a session on accessible procurement was shared with procurement specialists. A “Quick Guide on Accessible Documents” was also developed and shared with managers, and tailored sessions were made available to entire teams. National AccessAbility Week was promoted for the second consecutive year, highlighted by an internal session entitled “Accommodations at NSIRA”.

Collaboration and Consultation

To ensure accessible internal digital training, the NSIRA Secretariat consulted Shared Services Canada (SSC)’s Accessibility, Accommodation, and Adaptive Computer Technology (AAACT) program for feedback on accessible tools. This step supported the ongoing development of a fully accessible digital training program within the Secretariat.

Representation Data and Self-ID Initiatives

As noted in its previous progress report, the NSIRA Secretariat launched a new Self-ID Questionnaire in 2023, which is completed by all new hired term and indeterminate employees. Data for 2024 indicated that 17.5% of the NSIRA Secretariat’s workforce identified as persons with disabilities. Additionally, the data revealed that 16% of newly hired employees self-identified as having a disability. The NSIRA Secretariat continues to make progress in increasing the overall representation of persons with disabilities within the organization in keeping with the Vision, Mission and Values statement adopted during the reporting period, and in particular the Value of Inclusiveness.

Built Environment

The accessibility plan identified barriers in the built environment including heavy doors without automatic door openers; airlocks between doors; tripping hazards; narrow corridors; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights but does not emit an audible alarm; lack of control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers were tied to physical security requirements of the Treasury Board Policy on Government Security and other policies that apply to the NSIRA Secretariat.

Status: Ongoing

The NSIRA Secretariat made some progress incorporating accessibility requirements in the built environment. An ongoing challenge is that the NSIRA Secretariat’s built environment is subject to standards established by Public Services and Procurement Canada (PSPC) and the Communications Security Establishment (CSE). The following provides additional detail about progress in respect of the built environment:

Accessibility in Construction and Design

The NSIRA Secretariat engaged with CSE to gather information on accessibility considerations for the construction of the NSIRA Secretariat’s new office, ensuring that accessibility was a key component of infrastructure planning and design.

Several adjustments were made to the new office location to enhance accessibility, despite the design being completed before the ACA came into force. These included ergonomic adjustments and adaptive equipment setup supported by the Senior Advisor, Wellness Initiatives, which was well-received by employees and will continue as an ongoing initiative.

Addressing Physical and Mobility Barriers

Heavy doors, identified as a barrier for persons with mobility challenges, were repaired to ensure the proper functioning of automatic door openers, significantly improving accessibility and ease of use.

Accessible Communication and Signage

As noted above, in some areas the NSIRA Secretariat does not operate on its own. Considerable work was undertaken to establish a process for ordering Braille signage before the Treasury Board of Canada Secretariat (TBS) advised that it would be providing guidance on the use of signage for the public service once Accessible Standards Canada finalizes its standards. It is anticipated that Accessible Standards Canada will finalize the standards on accessible signage and wayfinding sometime in 2025.

Enhanced Visual and Cognitive Accessibility

In response to barriers caused by the existing alarm lighting system for individuals with visual and cognitive impairments, the NSIRA Secretariat opted to replace continuous flashing lights with LED alternatives, providing a more inclusive and manageable alert system.

Supportive Security Processes for Assistive Devices

Recognizing the need to streamline security processes for assistive devices, the Security Team developed a list of pre-approved electronics, such as hearing aids and heart monitors, expediting their approval for workplace entry and enhancing employee support.

Information and Communication Technologies

The accessibility plan identified barriers with respect to information and communication technologies (ICT), notably that neither the intranet website, nor the internet website were fully accessible. Documents on both websites were not designed with accessibility in mind. Individuals bringing a complaint did not have the option to bring a complaint through any means other than by completing a templated form and persons with a hearing impairment had limited options for engaging with the Registrar.

Status: Ongoing

Much of the NSIRA Secretariat’s Information Management (IM) and Information Technology (IT) teams’ work in 2024 was focused on the launch of a new institutional electronic document and records management system. Despite operating with slightly reduced staff levels, progress was made in the following areas:

Document Accessibility and WCAG Compliance

The NSIRA Secretariat reviewed and modified previously published documents, including fillable forms, to ensure compliance with Web Content Accessibility Guidelines (WCAG) 2.1 standards. This served to enhance digital accessibility across all published materials.

IT Accessibility Partnerships and Interim Solutions

The NSIRA Secretariat leverages IT services provided by other government institutions, which operate under distinct service models managed through formal, non-binding agreements. While these service models present inherent challenges in adapting to specific accessibility needs due to their structure and limitations, the NSIRA Secretariat engaged both providers informally to address accessibility gaps. As a result, some interim accessibility solutions were successfully implemented (such as expediting equipment and technology requests for adaptive tools), while efforts continue to identify and implement further measures, reflecting a commitment to improving IT accessibility within the current constraints.

Accessibility Resource Centre

As previously mentioned, the NSIRA Secretariat launched an online Accessibility Resource Centre, creating a dedicated space for Accessible Technology. This centre provides employees with access to adaptive tools and programs available, promoting awareness and use of supportive technology to foster inclusivity in the workplace. 

Accessibility-Focused Training for IM and IT Teams

Training guides for IM and IT teams were reviewed and updated to include several accessibility-related courses. These additions, including sessions developed by Government of Canada programs specializing in digital accessibility (such as the AAACT program), reinforce the NSIRA Secretariat’s commitment to building digital accessibility expertise within its workforce.

Assessment of Digital Complaints Portal Feasibility

In the past year, a feasibility study was undertaken to evaluate the development of a web-based complaints portal aimed at digitizing the complaints process and enhancing accessibility. However, the study identified several significant constraints early on, including financial limitations, technical challenges associated with the organization’s current IT infrastructure, and privacy and security concerns. As a result, the initiative was postponed indefinitely. The NSIRA Secretariat remains committed to exploring alternative approaches to improve accessibility and enhance user experiences within the complaints process while addressing these challenges.

Communication other than ICT

The accessibility plan aimed to address several barriers with respect to communication for staff and members of the public, including the absence of a process to provide alternate formats and communication support upon request. Other barriers included technical or sector-specific language in public facing documents and reports, as well as the lack of guidance or established procedures for use of closed captioning, sign language interpretation or teletypewriters for persons with a hearing disability.

Status: Ongoing

The NSIRA Secretariat finalized its recruitment process to hire a Communications Writer/Editor and a Senior Communications Advisor in November 2024. Both employees are expected to be on board in early 2025. Their responsibilities will include implementing a communications strategy and continuing to implement the communications activities identified in the Accessibility Plan 2022-2025. In addition, progress was made in the following areas in 2024:

Accessible Review Reports

Review reports are a critical mechanism through which the Review Agency fulfills its mission to serve Canadians by independently reviewing national security or intelligence activities. Significant effort was undertaken to update the NSIRA Secretariat’s style guide and template for drafting review reports, to incorporate comprehensive accessibility guidelines and ensure all reports produced on behalf of the Review Agency meet high accessibility standards. These updates are expected to be available for internal consultation by the end of 2024, with final approval anticipated in 2025. In the interim, other internal review policies have been revised to reflect accessibility guidelines. These resources have been shared internally and are already in use.

Accessible Publication Formats and Online Presence

Reports published on behalf of the Review Agency by the NSIRA Secretariat in 2024 were made available in both HTML and PDF format, with alt text included for all graphics and images to improve accessibility. Alt text was also integrated into posts on X and LinkedIn, ensuring inclusive and accessible online engagement. Additionally, and as previously mentioned, the NSIRA Secretariat’s Webmaster worked to ensure all previously published materials, including publications and reports, met WCAG 2.1 compliance. To further accessibility, a statement was added to the Accessibility Notice on our public website, inviting users to contact us to report any barriers encountered while using our website or to request information in an alternative format.

Accessibility Guidelines for Events

Administrative staff received detailed guidelines for planning and hosting accessible events, both virtual and in-person. The guidelines emphasize making accessibility a default consideration and include a requirement for all event and meeting invitations to identify a dedicated Accessibility Contact for individuals to communicate specific needs, fostering a more inclusive experience.

Accessible Communications Support

The NSIRA Secretariat established processes to access accessible communications resources as needed. This includes, among other things, leveraging PSPC’s Translation Bureau for sign language interpretation and arranging for Braille printing, ensuring that both internal and external communications can be tailored to meet diverse accessibility needs.

Accessible Branding and Promotional Materials

Efforts to improve accessibility in branding have led to several changes, including a new color scheme for better readability and an updated standardized email signature that aligns with accessibility standards. Additionally, HR-related promotional materials used at job fairs – such as business cards, banners and other items – were redesigned to increase accessibility, demonstrating a commitment to engaging with a broad cross-section of individuals and recruiting a diverse workforce.

Procurement of Goods, Services and Facilities

Although no barriers were identified with respect to the procurement of goods, services and facilities, the accessibility plan nevertheless noted that improvements could be made to ensure “accessibility by design” in procurement practices.

Status: Ongoing

In July 2024, the NSIRA Secretariat’s Finance & Procurement team welcomed a new Procurement Team Leader, who introduced a structured approach with a dedicated focus on accessibility in procurement. Progress was made in the following areas:

Training and Capacity Building

Training resources were provided to cost centre managers to support the integration of accessibility considerations into procurement processes and practices. This training ensured that managers are equipped with the necessary knowledge to incorporate accessibility into all stages of procurement, promoting inclusivity in the acquisition of goods and services.

Enhanced Accessibility Training for Leadership

The procurement management team attended specialized training focused on accessibility in procurement. This training enhanced their understanding of accessible procurement requirements and strengthened their capacity to lead inclusive procurement practices within the NSIRA Secretariat.

Accessibility-Driven Procurement Practices

Accessibility remains a central focus in all ongoing procurement activities. Work began to review practices to ensure compliance with accessibility principles and incorporate standard accessibility requirements into procurement practices.

Design and Delivery of Programs and Services

An important part of the Review Agency’s mandate is to investigate complaints related to activities carried out by the Canadian Security Intelligence Service, the CSE, and the Royal Canadian Mounted Police (RCMP) if the complaint is closely related to national security, as well as complaints related to the denial or revocation of security clearances, and other matters under its purview. Ensuring that Canadians with disabilities can participate fully in these processes is integral to the investigations, however when the NSIRA Secretariat’s Accessibility Plan 2022 – 2025 was published, Rules of Procedure did not clarify accessibility options to accommodate the needs of persons with disabilities, while also complying with the necessary security requirements. 

Status: Ongoing

As the work began to address the barriers identified with respect to the Review Agency’s investigation mandate, it became clear that accessibility is contingent primarily on the built environment. The accessibility plan reported barriers such as heavy doors without automatic door openers. This included the hearing room where investigative proceedings are held. Tripping hazards and restrictions with respect to assistive devices were also noted, among other concerns. 

Similarly, progress around programs and services is inextricably linked to the barriers with respect to ICT. For the complaint investigation process, this included the internet website, which was not fully accessible, and lack of clarity for persons with a hearing impairment to engage with the Registrar. 

The new internet website includes a more user-friendly interface that meets WCAG standards. Complainants can more easily navigate to the information and forms they need to bring a complaint. The complaint forms themselves have been redesigned to be more accessible. Additionally, the following activities were underway in 2024: 

Commitment to Accessibility in NSIRA’s Rules of Procedure 

A new section was drafted for the Rules of Procedure to reflect a commitment to ensuring accessibility. This progress aligns with continuing efforts to incorporate accessibility requirements within the built environment, demonstrating a comprehensive approach to creating an inclusive and accessible operational framework. 

Case-by-Case Accessibility Arrangements 

Amendments to the Rules of Procedure now clarify that investigation participants may request and access alternate arrangements tailored to their specific accessibility needs. This flexible approach ensures that participants can fully engage in investigative proceedings with the necessary accommodations, enhancing inclusivity and equitable participation. 

Notification of Accessibility Needs 

The revised Rules of Procedure specify that the Registrar must be notified of any barriers encountered by, or accessibility requirements of, participants. This provision ensures that accessibility needs are proactively addressed, fostering a supportive environment for all individuals engaging with the Review Agency and in turn promoting access to justice. 

Procedural Assistance for Complainants 

The revised Rules of Procedure now clarify that individuals wishing to bring forward a complaint are entitled to procedural assistance from the Registrar if they encounter barriers. This includes support for individuals with cognitive disabilities who may require assistance in articulating their complaints or allegations, promoting access for a diverse range of disabilities. 

Transportation

The NSIRA Secretariat did not identify any barriers or develop an action plan with respect to this element.

Although specific actions were not identified, it is worth noting that the NSIRA Secretariat’s offices are in Ottawa, where employees and members of the public may use various modes of transportation to reach the work sites. Accessible transportation services are provided by OC Transpo in Ottawa and by the Société de Transport de l’Outaouais in Gatineau. Individuals who use their personal vehicles may park in designated spots available at nearby lots. Information is provided to new hires about designated parking spaces.

Consultations

The ACA requires consultations with persons with disabilities in preparing progress reports. The activities outlined in the accessibility plan for completion or launch in the second year aimed to improve accessibility for the workforce and in the workplace.

Thanks to the introduction of a Self-Identification Questionnaire, employees who identified as a person with a disability were specifically invited to provide insight. Additionally, all staff were offered an opportunity to share their feedback on the implementation of the Accessibility Plan, regardless of self-identification. Members of the Equity, Diversity & Inclusion Committee were also invited to share their perspectives on progress, barriers and potential solutions. This approach enabled the NSIRA Secretariat to gather diverse insights and first-hand experiences, fostering a better understanding of the steps taken and actions still needed to create a more inclusive and accessible organization.

Feedback

General feedback from employees

A key highlight from the feedback was the significant reduction of accessibility barriers for employees with cognitive needs through improvements in IM and IT – a meaningful step forward in fostering an inclusive and accessible work environment.

The feedback also underscored a need to update existing PowerPoint templates, which were based on an outdated website and not fully accessible. The issue has since been resolved, as detailed in the “Communication other than ICT” section of this report, with the NSIRA Secretariat’s branding now fully aligned with accessibility standards. Additionally, concerns were raised regarding the lack of adequate sound equipment in collaborative spaces used for large informal gatherings, which previously made it difficult for some to hear speakers. This barrier has been addressed through the purchase of a portable microphone and speaker combination, enhancing the accessibility of these spaces and ensuring inclusive participation in future gatherings.

Feedback from employees and external applicants about accommodations

Feedback on the accommodations process and its integration into the staffing process indicated that employees feel their accommodations are provided within a reasonable timeframe and that the solutions effectively meet their needs. Notably, no recommendations for improvement were suggested.

Feedback from the public

No feedback was received from members of the public about the accessibility plan during the year under review.

The NSIRA Secretariat will continue to welcome feedback in the coming year. The NSIRA Secretariat will continue to welcome feedback in the coming year.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Accessibility Plan – First Progress Report

Accessibility Plan – First Progress Report

Meta data information

National Security and Intelligence Review Agency, Accessibility Plan – First Progress Report, December 2023
Title in French: Office de surveillance des activités en matière de sécurité nationale et de renseignement, Plan sur l’accessibilité – Premier rapport d’étape, Décembre 2023
Also available online: https://nsira-ossnr.gc.ca/publications/secretariat-operations/accessibility-plan-first-progress-report/
ISSN: 2818-5927
Key title: Accessibility Plan – First Progress Report (National Security and Intelligence Review Agency (Canada))
© His Majesty the King in Right of Canada, 2023

Date of Publishing:

From the Executive Director

In accordance with the Accessible Canada Act, I am pleased to table the National Security and Intelligence Review Agency’s (NSIRA) first progress report to its Accessibility Plan 2022 – 2025. This progress report describes the work that has been done to implement activities over the course of 2023.

As noted in our inaugural plan, accessibility is a work in progress. The Review Agency and the NSIRA Secretariat have made advances on several fronts, however there is more work to be done. Despite the best of intentions, it is apparent that some of the timelines were optimistic given the organization’s small size and the need to wait for work to be completed by other departments or agencies.

Most of the activities identified for completion in the first year were focused on increasing awareness and improving accessibility for the workforce and in the workplace. Consequently, for this first progress report consultations were limited to engaging with members of the NSIRA Secretariat’s workforce who offered their insights as persons with disabilities. The information provided by employees reinforced the importance of seeking input from persons with disabilities to identify and resolve barriers.

Through the combined efforts of growing internal capacity and new service level agreements with other public service organizations, NSIRA hopes to be better positioned to address areas that fell behind in 2023. We are optimistic that the coming year will provide an opportunity to double down on efforts to ensure that accessibility is integrated in an effective and sustainable manner in all aspects of the Review Agency’s and the NSIRA Secretariat’s work.

John Davies

Executive Director, NSIRA Secretariat

General

The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat is responsible for monitoring feedback to evaluate progress and to determine its future accessibility plans.

In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this progress report is available on NSIRA’s website, which is used to communicate with the public.

To request a copy of this report, the accessibility plan, or a description of the feedback process in an alternate format or to provide feedback about NSIRA’s progress report, the accessibility plan and any barriers encountered in dealing with NSIRA, please contact the undersigned by mail, telephone, or email.

Chief of Staff, Executive Director’s Office
National Security and Intelligence Review Agency Secretariat
P.O. Box 2430, Station “B”
Ottawa, Ontario, K1P 5W5


Telephone: 1-833-890-0293
Email: info@nsira-ossnr.gc.ca

Introduction

The National Security and Intelligence Review Agency published its Accessibility Plan 2022 – 2025 in December 2022. This first progress report describes the work that has been done to implement activities between January 1 and December 31, 2023.

The Accessibility Plan 2022 – 2025 set out three priority areas to improve accessibility:

  1. Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
  2. Ensuring Canadians have access to NSIRA’s publications and services.
  3. Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.

Through the efforts of the Senior Advisor, Wellness Initiatives, the NSIRA Secretariat can monitor progress, identify areas for improvement, and ensure overall coherence across the activities outlined in the accessibility plan.

Progress with respect to the priority areas and the accessibility plan is set out on the following pages. It is organized according to the seven key areas outlined in the Accessible Canada Act namely: employment; built environment; information and communication technologies (ICT); communication other than ICT; procurement of goods, services, and facilities; design and delivery of programs and services; and transportation.

The Review Agency and the NSIRA Secretariat were able to make advances on several fronts, however delays in staffing, stringent security requirements, and the organization’s small size meant activities did not progress as quickly as initially anticipated. The NSIRA Secretariat does not have ultimate control over certain fundamental aspects related to the built environment, technology, or security and must, therefore, adjust its pace to align with the direction given by the responsible policy centres.

Progress vis-à-vis accessibility plan

Employment

While developing the accessibility plan, the NSIRA Secretariat identified gaps with respect to employment. There was no written accommodation process for persons with disabilities employed in the NSIRA Secretariat. Furthermore, there was limited information available about accessibility requirements, resources, and information.

Status: On track

The NSIRA Secretariat was able to make advances in relation to many of the priorities with respect to employment. The Manager, Human Resources Services was joined by the Senior Advisor, Wellness Initiatives, midway through the year. Together they worked on 14 specific cases in 2023 to ensure that employees received the accommodations they requested to enable them to participate fully in all aspects of their work experience. Additionally, the following progress was made:

  • Duty to accommodate training was developed and delivered to all human resources staff and managers in February 2023.
  • Work is underway to make available a series of “how to” guides and a calendar of events for HR advisors, managers, and employees early in 2024.
  • The NSIRA Secretariat launched a new SelfID questionnaire in 2023, which was completed by all term and indeterminate employees. The data shows that the representation of persons with disabilities currently stands at 19.5%.
  • Performance measures and indicators relative to employment are under development, which will enable the NSIRA Secretariat to review selection practices to identify and prevent or mitigate barriers.
  • All recruitment and staffing material and communications with candidates at all stages of hiring processes include information about accommodations and accessibility. For example, invitations to interviews or to written exams clearly indicate that accommodations are available upon request.
  • A new feedback questionnaire was developed and launched in November 2023, to systematically seek feedback from candidates about the effectiveness of accommodation measures in selection processes.
  • A second feedback questionnaire was developed and launched in October 2023 to seek feedback from NSIRA Secretariat employees about barriers, gaps, appropriateness, and timeliness of workplace accommodations. (See the section entitled “Feedback” for more information.)
  • Employees and managers received training on the Government of Canada Workplace Accessibility Passport (GCWAP) in February and May 2023. Managers and employees are routinely encouraged to use GCWAP.
  • The Senior Advisor, Wellness Initiatives, introduced a standard operating practice to consult with other organizations to increase awareness of accessibility and to develop accommodation strategies for NSIRA Secretariat employees. Additionally, the Senior Advisor coordinates with the Communication Security Establishment (CSE), Privy Council Office (PCO), RCMP, and ergonomic firms as needed to develop individualized approaches.
  • Electronics must undergo specialized screening before they can be brought into the workplace. This type of security screening falls outside the control of the NSIRA Secretariat, which has requested expedited screening of electronics intended as an accommodation measure. The NSIRA Secretariat has set up a small inventory of screened equipment to further accelerate the process.
  • A new workshop entitled Accommodations at NSIRA was developed and delivered in May 2023. It will continue to be offered at least annually during National Accessibility Week. Accessibility awareness is routinely discussed at various occupational health and safety committee meetings.
  • Accessibility awareness and accommodation measures are now featured in training offered to HR staff and managers, as well as new employee orientation and on-boarding. Every letter of offer includes a point of contact with whom employees may confidentially discuss their accommodation needs.

Built Environment

The accessibility plan reported barriers in the built environment including heavy doors without automatic door openers; airlocks between doors; tripping hazards; narrow corridors; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights but does not emit an audible alarm; lack of control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers were tied to requirements of the Treasury Board Policy on Government Security and other policies that apply to the NSIRA Secretariat, but for which it is not the author.

Status: Ongoing

The NSIRA Secretariat made some inroads incorporating accessibility requirements into the built environment, but progress was slow. Delays can be attributed to two main reasons. First, NSIRA’s built environment is subject to standards established by Public Services and Procurement Canada (PSPC) and the CSE. Second, there was a lot of staff movement, which was compounded by delays in staffing. The following provides additional detail about progress in respect of the built environment:

  • The NSIRA Secretariat identified the need for updated standards to PSPC and CSE and will continue to emphasize the importance of accessibility assessments in the built environment in its ongoing discussions with PSPC and CSE.
  • Efforts to develop an action plan to remove and/or mitigate barriers, such as text to voice platforms, audible and visual alerts, signage, etc., have advanced slowly because of delays staffing.
  • In partnership with CSE and PCO, work is underway to develop and document a process to procure and enable the use of medical/assistive devices and adaptive technology in the workplace. This work is being done in consultation with the Senior Advisor, Wellness Initiatives.
  • Alternate arrangements were established on a case-by-case basis to address accessibility issues prior to individuals attending a site or office. This involved working in partnership with managers and corporate services. Delays in staffing may affect the extent to which alternative arrangements are delivered on a consistent and timely basis.
  • The NSIRA Secretariat created a process to identify employees who need assistance in a building emergency and evacuation, which was deployed for a drill in the fall 2023. The NSIRA Secretariat is continuing to work with the building senior managers of the Courts Administration Service and the Department of Natural Resources Canada, who are responsible for establishing the Building Emergency Procedures at NSIRA’s two worksites.
  • The security component of new employee on-boarding has been reviewed to identify barriers or gaps for persons with disabilities. Revisions are underway and the updated content will be launched early in 2024.

Information and Communication Technologies

The accessibility plan identified barriers with respect to information and communication technologies (ICT), notably that neither the intranet website, nor the internet website were fully accessible. Documents on both websites were not designed with accessibility in mind. Individuals bringing a complaint did not have the option to bring a complaint through any means other than by completing a templated form and persons with a hearing impairment had limited options for engaging with the Registrar.

Status: Ongoing

The NSIRA Secretariat’s Information Management (IM) and Information Technology (IT) team had several important priorities to tackle in 2023, one of which was a well-functioning internet website that adheres to accessibility standards and is compliant to Web Content Accessibility Guidelines (WCAG). This was accomplished in November 2023. The IM and IT team is understaffed and therefore has not been able to undertake all the activities identified in the accessibility plan. The team has still made some small progress in the following areas:

  • Work planning to review and modify accessibility of previously published documents, including fillable forms to ensure they are WCAG 2.0 compliant has been initiated and will continue.
  • Preliminary and informal discussions have been initiated drawing on the experiences of NSIRA’s existing workforce to better understand the types of barriers encountered as persons with disabilities and the challenges associated with accommodating their needs.
  • The NSIRA IT providers are the PCO and the CSE and both deliver their IT services with their own service model. There is a Memorandum of Understanding (MOU) between the CSE and the NSIRA as well as a MOU between the PCO and the NSIRA for the respective IT services. The NSIRA relies on these two different IT providers, which own their respective IT network and which the NSIRA Secretariat uses to communicate and collaborate; these IT providers control, monitor, manage and maintain the IT equipment on their respective networks. The NSIRA has no control over the hardware or the software that can be used on any of the networks to which it has access. Both service models are perceived not to be designed to be flexible and adaptable to meet the specific accessibility requirements of the NSIRA. In this context, the NSIRA Secretariat has already informally engaged these two partners to address accessibility in the interim. The NSIRA Secretariat will formally engage both partners to discuss tangible and sustainable solutions or means regarding accessibility in IT service delivery going forward.
  • Training for all staff about creating accessible documents and using other accessibility features available through ICT has been delayed due to a lack of resources. The Corporate Services team will inform NSIRA Secretariat employees early in the new year about training, information sessions, and online tools offered by other Government of Canada departments.
  • The NSIRA Secretariat’s Webmaster completed some training in which some concepts of WCAG 2.1 were taught. Training for other employees who draft reports, publications, and other publicly available material will begin in the second year of the Accessibility Plan 2022–2025. In the interim, the Webmaster will continue to ensure that material posted online is WCAG 2.0 compliant.
  • The work to incorporate digital tools to enhance accessibility with respect to the complaints process is delayed. As opposed to simply adapting existing forms, the NSIRA Secretariat has determined that a new complaints portal must be developed. Accessibility will be incorporated into the design and development of the new portal.

Communication other than ICT

The accessibility plan aimed to address several barriers with respect to communication for staff and members of the public including the absence of a process to provide alternate formats and communication support upon request. Other barriers included technical or sector-specific language in public facing documents and reports, as well as lack of guidance or established procedures for use of closed captioning, sign language interpretation, or TTY for persons with a hearing disability.

Status: Ongoing

In 2023 the NSIRA Secretariat engaged the services of a communications expert, a partner of the Five Eyes Intelligence Oversight and Review Council (FIORC), to develop a new communication strategy, which reviewed internal and external communications, as well as stakeholder engagement practices. The strategy identified key priorities for improving NSIRA’s output, engagement, and reputation, including recommendations for a new public-facing website. The NSIRA Secretariat is in the process of recruiting a Communications Manager, whose responsibilities will include implementing the communication strategy and leading on the communications activities identified in the Accessibility Plan 2022 – 2025. Progress was achieved on the following in 2023:

  • The NSIRA Secretariat’s Review Report Style Guide ensures that all review reports are written in accordance with accessibility guidelines published by Employment and Social Development Canada.
  • The Review Report Style Guide is an evergreen document. Additional changes are underway, which will be more explicit about what to include/consider from an accessibility perspective.
  • The NSIRA reports published in 2023 were available in HTML and PDF and included alt text for all graphics and images. Alt text was also included for posts on X (formerly known as Twitter).

Procurement of Goods, Services and Facilities

Although no barriers were identified with respect to the procurement of goods, services and facilities, the accessibility plan nevertheless noted that improvements could be made to ensure “accessibility by design” in procurement practices.

Status: Delayed

Due to a lack of staff, the NSIRA Secretariat was unable to carry out its planned activities for incorporating accessibility by design in its procurement practices. The NSIRA Secretariat recently negotiated a service level agreement with another public service organization and will explore integrating accessibility into the services offered in the new year.

Design and Delivery of Programs and Services

An important part of NSIRA’s mandate is to investigate complaints related to activities carried out by the Canadian Security Intelligence Service and the CSE, as well as complaints related to the denial or revocation of security clearances, and other matters under its purview. Ensuring that Canadians with disabilities can participate in these processes is integral to the investigations, however the Rules of Procedure do not provide accessibility options to accommodate the needs of persons with disabilities, while also complying with the necessary security requirements.

Status: Ongoing

As the work began to address the barriers identified with respect to NSIRA’s investigative function, it became clear that accessibility is contingent primarily on the built environment. The accessibility plan reported barriers such as heavy doors without automatic door openers. This includes the hearing room where investigative proceedings are held. Tripping hazards and restrictions with respect to assistive devices were also noted, among other concerns.

Similarly, progress around programs and services is inextricably linked to the barriers with respect to information and communication technologies. For the complaint investigation process, this included the internet website, which was not fully accessible, and limited options for persons with a hearing impairment to engage with the Registrar.

The new internet website includes a more user-friendly interface that meets WCAG standards. Complainants can more easily navigate to the information and forms they need to bring a complaint. The complaint forms themselves have been redesigned to be more accessible. Additionally, the following activities are underway:

  • A new section of the Rules of Procedure is being drafted to reflect the Review Agency’s commitment to ensuring accessibility. Progress is significantly dependent on the NSIRA Secretariat’s progress in incorporating accessibility requirements into the built environment.
  • In addition, the amendments to the Rules of Procedure will reflect an investigation participant’s ability to access alternate arrangements on a case-by-case basis to address their accessibility needs prior to their attendance on the premises for investigative proceedings.
  • The Rules of Procedure will also provide that the Registrar is to be notified of barriers and/or accessibility requirements for the Review Agency to accommodate those needs.
  • Finally, the Rules will provide that an individual wishing to bring a complaint must be provided procedural assistance by the Registrar in the event assistance is needed to address any barriers. This will enable access to persons with a variety of disabilities, including an individual with a cognitive disability who may require assistance articulating their complaint or allegations.

Transportation

The NSIRA Secretariat did not identify any barriers or develop an action plan with respect to this element.

Status: On track

Although specific actions were not identified, it is worth noting that NSIRA’s offices are in Ottawa, where employees and members of the public may use various modes of transportation to reach the work sites. Accessible transportation services are provided by OC Transpo in Ottawa and by the Société de Transport de l’Outaouais in Gatineau. Individuals who use their personal vehicles may park in designated spots available at nearby lots. Information is provided to new hires about designated parking spaces.

Consultations

The Accessible Canada Act requires consultations with persons with disabilities in preparing progress reports. The activities outlined in the accessibility plan for completion or launch in the first year aimed to improve accessibility for the workforce and in the workplace. This, combined with NSIRA’s specific mandate, greatly influenced the focus of consultations for this first progress report.

Thanks to the introduction of a self-identification (SelfID) questionnaire, employees who identified as a person with a disability were specifically invited to provide insight into barriers in the workplace and how to resolve, remove or mitigate them. Additionally, all staff were offered an opportunity to participate in the consultation process whether they had self-identified as a person with a disability or not. In this manner the NSIRA Secretariat benefited from a range of perspectives and first-hand experiences about barriers and the actions needed to become a more inclusive and accessible organization.

Feedback

Feedback from the NSIRA Secretariat’s employees included suggestions to improve security scanning of assistive devices and other required technology. Suggestions were also made with respect to knowledge transfer among staff responsible for facilities (i.e., the built environment) to ensure a smooth transition and avoid potential delays for employees who await assistive or adaptive devices or equipment.

Other employees identified barriers with respect to wheelchair accessibility at one location, which had not been previously noted. Concerns also included the height of some equipment, which was out of reach for a person using a wheelchair.

Since the pandemic, meetings often include employees working on-site and from home. The feedback from employees revealed that the sound system does not pick up voices consistently from all areas of the boardrooms. Consequently, parts of presentations or discussions in the boardroom are not being captured and employees participating from home cannot hear what is being said. It was therefore recommended that this be addressed in the context of the built environment.

No feedback was received from members of the public about the accessibility plan during the year under review. The NSIRA Secretariat will continue to welcome feedback in the coming year.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022: Report

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022

Report

Date of Publishing:

List of Acronyms

CBSA Canada Border Services Agency
CFIA Canadian Food Inspection Agency
CNSC Canadian Nuclear Safety Commission
CRA Canada Revenue Agency
CSE Communications Security Establishment
CSIS Canadian Security Intelligence Service
DND/CAF Department of National Defence/Canadian Armed Forces
FINTRAC Financial Transactions and Reports Analysis Centre of Canada
GAC Global Affairs Canada
GC Government of Canada
IRCC Immigration, Refugees and Citizenship Canada
NSIRA National Security and Intelligence Review Agency
PHAC Public Health Agency of Canada
PS Public Safety Canada
RCMP Royal Canadian Mounted Police
SCIDA Security of Canada Information Disclosure Act
TC Transport Canada

Glossary of Terms

Contribution test The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).

Executive summary

This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it documents the volume and nature of information disclosures made under the SCIDA; assesses compliance with the SCIDA; and highlights patterns in the SCIDA’s use across Government of Canada (GC) institutions and over time.

In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions. The National Security and Intelligence Review Agency (NSIRA) found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of these disclosures. Instances of non-compliance related to subsection 9(3), regarding the timeliness of records copied to NSIRA; subsection 5.1(1), regarding the timeliness of destruction or return of personal information; and subsection 5(2), regarding the provision of a statement on accuracy and reliability. The observed non-compliance did not point to any systemic failures in GC institutions’ implementation of the SCIDA.

NSIRA also made findings in relation to practices that, although compliant with the SCIDA, left room for improvement. These findings related to:

  • the use of information sharing arrangements;
  • the format of records prepared by institutions and copied to NSIRA, including the characteristics of effective records;
  • the nature of information provided under paragraph 9(1)(e) and relied upon in the conduct of assessments under subsection 5(1);
  • the provision of statements regarding accuracy and reliability prepared under subsection 5(2); and
  • the timeliness of administrative processes supporting information disclosure.

NSIRA made six recommendations designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Overall, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. These improvements include corrective actions taken by reviewees in response to NSIRA’s requests for information in support of this review.

1. Introduction

Authority

This review was conducted pursuant to paragraph 8(1)(b) and subsection 39(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).

Scope of the Review

This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it:

  1. Documents the volume and nature of information disclosures made under the SCIDA;
  2. Assesses Government of Canada (GC) institutions’ compliance with the SCIDA’s requirements for record keeping;
  3. Assesses GC institutions’ compliance with the SCIDA’s requirements for disclosure, including the destruction or return of personal information, as appropriate; and
  4. Highlights patterns in the SCIDA’s use across GC institutions and over time.

The review’s scope was defined by records provided to NSIRA under the SCIDA, subsection 9(3) (see Annex A for a copy of institutions’ section 9 obligations under the Act). As such, the review’s assessment of compliance was limited to the seven GC institutions identified within these records as either disclosers or recipients (Canada Border Services Agency [CBSA], Communications Security Establishment [CSE], Canadian Security Intelligence Service [CSIS], Department of National Defence/Canadian Armed Forces [DND/CAF], Global Affairs Canada [GAC], Immigration, Refugees and Citizenship Canada [IRCC], and the Royal Canadian Mounted Police [RCMP]); and to instances of information disclosure where the SCIDA was identified by these institutions as an authority for disclosure. The review also included Public Safety Canada (PS) in its capacity as manager of the Strategic Coordination Centre on Information Sharing, which provides SCIDA-related policy guidance and training across the GC. 

The review satisfies the NSIRA Act’s section 39 requirement for NSIRA to report to the Minister of Public Safety on disclosures made under the SCIDA during the previous calendar year.

Methodology

The review’s primary source of information was records provided to NSIRA by disclosing and recipient institutions under the SCIDA, subsection 9(3). NSIRA also identified a targeted sample of disclosures for which it requested and assessed all associated documents provided by both the disclosing and recipient institution. This information was supplemented by a document review of institutions’ SCIDA policies and procedures, and related explanations.

NSIRA assessed administrative compliance with the SCIDA’s record-keeping obligations in relation to all disclosures identified in the records provided to NSIRA under subsection 9(3) (N=173). Where these records were incomplete, NSIRA provided an opportunity for institutions to supply the missing records. NSIRA accounted for such late submissions in its assessment of compliance with subsections 9(1) and 9(2).

NSIRA assessed substantive compliance with the SCIDA’s disclosure requirements in relation to the sample of disclosures (n=19). The sample was designed to reflect a non-representative cross-section of the SCIDA’s use, with particular attention to areas at higher risk of non-compliance. Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to defined parameters (see Annex B, Sample of Disclosures).

Review Statements

NSIRA found that, overall, its expectations for responsiveness by CSE, CSIS, DND/CAF, GAC, IRCC, PS, and RCMP during this review were met. Its expectations for responsiveness by CBSA were partially met, as CBSA required repeated follow-up to provide the requested information.

NSIRA was able to verify information for this review in a manner that met NSIRA’s expectations.

2. Backgrounder

The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who (1) disclose or (2) receive information under the Act. Each paragraph under subsections 9(1) and 9(2) identifies particular elements that must be set out in the records prepared and kept by each institution (see Annex A). Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.

Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information – subject to any prohibitions or restrictions in other legislation or regulations – to designated recipient institutions, if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).

Subsection 5(2) requires institutions that disclose information under subsection (1) to, at the time of the disclosure, also provide information regarding its accuracy and the reliability of the manner in which it was obtained.

When a GC institution receives information under the Act, subsection 5.1(1) requires that the institution destroy or return any unnecessary personal information as soon as feasible after receiving it.

The Act’s guiding principles underscore the importance of effectiveness and responsibility across disclosure activities. Of note, subsection 4(c) sets out that information sharing arrangements are appropriate in particular circumstances.

3. Findings, Analysis, and recommendations

Volume and Nature of Disclosures

In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions (see Table 1). 79% (n=136) of these disclosures were requested by the recipient institution. The other 21% of disclosures (n=37) were sent proactively by the disclosing institution.

Table 1: Number of SCIDA disclosures made in 2022, by disclosing and recipient institution [all disclosures (proactive disclosures)]

    Designated Recipient Institutions
Disclosing Institution   CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
CBSA 4
(3)		 4
(3)
GAC 39
(18)		 2
(2)		 12
(12)		 53
(32)
IRCC 59
(0)		 56
(2)		 115
(2)
RCMP 1
(0)		 1
(0)
TOTAL (proactive) 59
(0)		 95
(20)		 2
(2)		 1
(0)		 16
(15)		 173
(37)

The total number of disclosures made under the SCIDA since its implementation reflects a slight downward trend, with a generally constant proportion of requested versus proactive disclosures for the years in which this data was collected (see Figure 1).

Figure 1: Number of SCIDA disclosures over time

In 2022, these disclosures were made and received by institutions that had each disclosed or received information, as the case may be, in at least two prior review years (see Annex C, Overview of SCIDA Disclosures in Prior Years).

Finding 1: NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.

CSE, CSIS, GAC, and IRCC were the most frequent users of the SCIDA in 2022. The number of disclosures between these institutions was comparable to those observed by NSIRA in prior years (see Annex C), indicating the occurrence of regular exchange over time.

NSIRA also observed regular patterns in the purpose and nature of the information exchanged between these institutions in 2022, as described in Table 2. These information exchanges were not governed by up-to-date information sharing arrangements.

Table 2: Nature of disclosures between the SCIDA’s most frequent users

GAC-to-CSIS (N=39) IRCC-to-CSIS (N=56) IRCC-to-CSE (N=59)
  • GAC information holdings relevant to threats to the security of Canada
  • Often (85%) made in direct response, or as a follow-up, to CSIS requests
  • IRCC information holdings relevant to threats to the security of Canada
  • Almost always (96%) made in response to CSIS requests
  • IRCC confirmation of Canadian status of named individuals of interest, required to ensure lawfulness of CSE operational activities
  • All (100%) made in response to CSE requests

NSIRA has previously recommended that information sharing arrangements be updated (for GAC and CSIS) or created (for IRCC and CSE) to govern certain information exchanges made under the SCIDA.

Recommendation 1: NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.

Record Keeping

Copy to NSIRA: Subsection 9(3)

Finding 2: NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.

Requests for information from NSIRA during the course of this review prompted the late production of additional records relating to paragraphs under subsections 9(1) or 9(2) from each of CBSA, DND/CAF, and IRCC (see Table 3).

Table 3: Number [and associated subsection 9(1) or 9(2) paragraph] of late records leading to non-compliance with subsection 9(3), by cause

Administrative Error Delayed Preparation of Records
CBSA 2 [paragraph 9(1)(e)]
DND/CAF 2 [paragraphs 9(2)(e-g)]
IRCC 6 [paragraph 9(1)(e)] 1 [paragraphs 9(2)(e-g)]

CBSA and IRCC were non-compliant with subsection 9(3) due to administrative error; the records they eventually supplied had existed at the time of the reporting deadline, but were not copied to NSIRA as required.

NSIRA expected that all records would be prepared within 30 days after the end of the calendar year, in order to meet the subsection 9(3) requirement to provide a copy of those records to NSIRA within that timeframe.

DND/CAF and IRCC were non-compliant with subsection 9(3) on account of delayed preparation of records; they did not prepare the records referred to in Table 3 within 30 days after the end of the calendar year, and therefore did not provide a copy of them to NSIRA within the legislated timeframe.

NSIRA underscores the importance of administrative precision and timeliness in preparing records and copying them to NSIRA.

Format of Records

Finding 3: NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:

  • a row for each disclosure made or received;
  • columns explicitly tied to each individual paragraph under section 9; and
  • additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.

The SCIDA does not specify a format for records prepared under section 9. Accordingly, in 2022, GC institutions fulfilled their record-keeping obligations in different ways.

Most institutions provided NSIRA with an overview of each disclosure made or received. These overviews were submitted to NSIRA as spreadsheets that generally captured the information required in records under subsections 9(1) and 9(2).

Most institutions also provided NSIRA with a copy of the disclosure itself and a selection of related documents. These documents often included email consultations with legal services, disclosure request letters, and other correspondence between disclosing and recipient institutions. The scope of requests for information in the course of the review was minimized in cases where institutions provided such documents.

DND/CAF and IRCC (for its one disclosure receipt) were the only institutions that originally provided NSIRA with a copy of the raw disclosure, including transmittal details, in the absence of a record overview or other related documents.

NSIRA observed that DND/CAF and IRCC’s choice in records format for these disclosures contributed to their non-compliance with subsection 9(3), described in Table 3. The information elicited under paragraphs 9(2)(e-g) cannot by definition be found within a copy of the disclosure itself, as it relates to action taken by recipient institutions following the disclosure’s receipt. A copy of the disclosure on its own is therefore insufficient to comply with all requirements under subsection 9(2).

Both DND/CAF and IRCC were infrequent recipients of disclosures under the SCIDA in 2022, accounting for only two and one disclosures, respectively. Each of the more frequent recipients of information (CSE, CSIS, and RCMP) included express columns in their record overview spreadsheets to capture whether and, if applicable, when personal information was destroyed or returned, per the requirements of paragraphs 9(2)(e-g).

NSIRA also observed that CBSA and IRCC’s choice in records format contributed to their non-compliance with subsection 9(3) due to administrative error. These institutions did not account for the full scope of information required under paragraph 9(1)(e) in their record overview spreadsheets.

The information relied upon to satisfy the disclosing institution that a disclosure is authorized under the Act is not required to be conveyed within the disclosure itself. Completing an appropriately-specified record overview spreadsheet is therefore an effective way to ensure that the corresponding information is documented and conveyed to NSIRA ahead of the legislated deadline.

The RCMP’s record overview spreadsheet was particularly effective in demonstrating compliance with the Act. The spreadsheet included columns that were explicitly tied to individual paragraphs under section 9, with additional fields limited to RCMP administrative information such as file and database reference numbers.

Spreadsheets designed in this way enable institutions’ efficient self-assessment against the requirements of the Act. They also facilitate the task of review by clearly matching the information provided with its corresponding requirement under the SCIDA, and by organizing disclosures and receipts of information in a manner that supports cross-verification.

Recommendation 2: NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.

Preparing and Keeping Records: Subsections 9(1) and 9(2)

Finding 4: NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.

Finding 5: NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.

Although NSIRA expected an express statement describing the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under the SCIDA, in this review, NSIRA considered any records that demonstrated the corresponding assessment had been conducted.

IRCC n’a pas fait de déclaration expresse précisant que les communications demandées par le SCRS, qui représentent 57 % (n=54) de l’ensemble de ses communications, lui semblaient satisfaisantes du point de vue du critère de proportionnalité. En revanche, IRCC a fourni des copies des lettres de demande et de l’information communiquée en guise de réponse, ce qui confirme que la communication était manifestement conforme aux besoins précis de la demande (et donc témoigne d’une évaluation de la proportionnalité).

L’ASFC n’a pas fourni de déclaration expresse concernant sa satisfaction au regard du critère de proportionnalité pour 75 % (n=3) de ses communications. Elle a plutôt démontré qu’elle tenait compte du principe de proportionnalité en fournissant divers documents justificatifs, y compris de la correspondance interne.

La feuille de calcul utilisée par AMC pour donner une vue d’ensemble de ses documents a été particulièrement efficace pour répondre aux exigences de l’alinéa 9(1)e). L’analyse détaillée qu’elle a consignée en ce qui concerne les critères de contribution et de proportionnalité lui a permis de remplir ses obligations en matière de conservation des dossiers et de démontrer qu’elle respectait en substance le paragraphe 5(1).

Recommendation 3: NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.

Disclosure of Information

Contribution and Proportionality Tests: Paragraphs 5(1)(a) and 5(1)(b)

Finding 6: NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.

Finding 7: NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.

The threshold for compliance with subsection 5(1) is that the disclosing institution has satisfied itself of the contribution and proportionality tests, and that it has done so prior to having made the disclosure.

In relation to the two disclosures that it made proactively to DND/CAF, GAC provided a rationale for the information’s contribution to DND/CAF’s mandate in respect of national security. Upon receipt of the information, however, DND/CAF did not agree with GAC’s assessment and therefore assessed that the SCIDA was not an appropriate disclosure mechanism in the circumstances.

Informal communication between the two institutions may have allowed DND/CAF and GAC to resolve this issue prior to the disclosure. When such communications occur, it is important that they be limited to the information necessary to confirm that the information contributes to the recipient’s mandate in respect of activities that undermine the security of Canada.

Recommendation 4: NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).

Statement Regarding Accuracy and Reliability: Subsection 5(2)

Finding 8: NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.

Finding 9: NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.

Providing the statement on accuracy and reliability in a cover letter for the disclosure satisfies the Act’s requirement to provide the statement at the time of disclosure. However, separating the statement from the information disclosed increases the risk that the information may be subsequently used without awareness of relevant qualifiers. The location of the statement on accuracy and reliability – and not just its contemporaneous provision to the recipient – is therefore relevant to its value added.

Recommendation 5: NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.

Requirement to Destroy or Return Personal Information: Subsection 5.1(1)

Finding 10: NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”

DND/CAF determined, upon receipt of the two disclosures it received from GAC, that the personal information contained within the disclosures should not be retained. The information, however, was not destroyed until April 2023 – 12 days following a request for information from NSIRA to provide a copy of records that set out whether and when the information had been destroyed or returned. The date of destruction was 299 and 336 days following DND/CAF’s receipt of each disclosure.

Taking into consideration the elapsed time between receipt of the information and its destruction, as well as DND/CAF’s timely conclusion that the information should not be retained, DND/CAF’s ultimate destruction of the information was non-compliant with the requirement to destroy the information “as soon as feasible after receiving it.” Its delay in this respect was also inconsistent with the responsible use and management of the information.

DND/CAF was the only institution to identify any disclosures as containing information that was destroyed or returned under subsection 5.1(1) in 2022. NSIRA did not identify any other disclosures within the sample for which personal information disclosed should have been destroyed or returned.

Purpose and Principles: Effective and responsible disclosure of information

Finding 11: NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.

These 34 disclosures include 29 for which there was a delay between the dates provided by disclosing and recipient institutions in their section 9 records, as well as an additional five for which CSIS reported both the date of administrative receipt within the institution and the subsequent date of receipt by the person designated by the head to receive it (i.e., the relevant operational unit).

NSIRA attributes most of these delays to expected dynamics in classified information sharing: the individual authorizing the disclosure is not always the same individual who administratively sends it to the recipient, and the person who administratively receives the disclosure is not always the same person who is designated by the head to receive it.

In the majority of cases, the observed delays were shorter than one week. In nine cases, however, the delay ranged from 30 to 233 days.

Such delays mean that information is not processed and actioned within the recipient institution until long after it was sent – or intended to be sent – by the individual authorizing the disclosure. While these delays do not amount to non-compliance with the SCIDA, they are inconsistent with the Act’s purpose and guiding principles.

Recommendation 6: NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.

4. Conclusion

The SCIDA’s requirements for disclosure and record keeping apply to both disclosing and recipient institutions in all cases where the SCIDA is invoked as a mechanism for disclosure. This review assessed GC institutions’ compliance with requirements for record keeping in respect of all 173 disclosures that were made and received in 2022. It assessed their compliance with requirements for disclosure in relation to a targeted sample of 19 disclosures.

NSIRA found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of disclosures. GC institutions’ non-compliance with subsection 9(3) was driven by irregularities in the reporting of 11 disclosures. Observed non-compliance with substantive requirements under subsection 5(2) related to three disclosures; and non-compliance with subsection 5.1(1) related to two disclosures. These instances of non-compliance do not point to any systemic failures in GC institutions’ implementation of the SCIDA.

Within this context, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. Of note, NSIRA’s requests for information in support of this review prompted corrective action by CBSA, DND/CAF, and IRCC that would have otherwise amounted to non-compliance with requirements under section 9.

NSIRA also observed several practices that, although compliant with the SCIDA, leave room for improvement. NSIRA’s recommendations in this review are designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Annex A. Record Keeping Obligations for Disclosing and Recipient Institutions

Obligation – disclosing institution Obligation — recipient institution 
9 (1) Every Government of Canada institution that discloses information under this Act must prepare and keep records that set out (2) Every Government of Canada institution that receives information under this Act must prepare and keep records that set out
(a) a description of the information; (a) a description of the information;
(b) the name of the individual who authorized its disclosure; (b) the name of the institution that disclosed it;
(c) the name of the recipient Government of Canada institution; (c) the name or position of the head of the recipient institution — or of the person designated by the head — who received the information;
(d) the date on which it was disclosed; (d) the date on which it was received by the recipient institution;
(e) a description of the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under this Act; and (e) whether the information has been destroyed or returned under subsection 5.1(1);
(f) if the information has been destroyed under subsection 5.1(1), the date on which it was destroyed;
(g) if the information was returned under subsection 5.1(1) to the institution that disclosed it, the date on which it was returned; and
(f) any other information specified by the regulations. (h) any other information specified by the regulations.

Copy to National Security and Intelligence Review Agency

Within 30 days after the end of each calendar year, every Government of Canada institution that disclosed information under section 5 during the year and every Government of Canada institution that received such information must provide the National Security and Intelligence Review Agency with a copy of every record it prepared under subsection (1) or (2), as the case may be, with respect to the information.

Annex B. Sample of Disclosures

Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to the following parameters:

  • At least two disclosures per discloser-recipient pair, if available;
  • At least one proactive disclosure per discloser, if available;
  • At least one requested disclosure per recipient, if available;
  • All disclosures identified by recipient institutions as including personal information that was destroyed or returned under the SCIDA, subsection 5.1(1);
  • All disclosures for which there is a high-level discrepancy in the discloser and recipient records (i.e., a record of receipt, but no record of disclosure; a substantive misalignment in the description of the information; greater than seven days’ discrepancy in the date sent and received; date of receipt earlier than the date of sending);
  • All disclosures made by an institution that is not listed in Schedule 3 of the SCIDA; and
  • All disclosures received by institutions added to Schedule 3 in the preceding year.

Annex C. Overview of SCIDA Disclosures in Prior Years

Drawing on information published in previous NSIRA reports, Table 5 summarizes the number and distribution of disclosures made under the SCIDA in prior years.

Table 5: Number of SCIDA disclosures, by disclosing and recipient institution, 2019-2021

    Designated Recipient Institutions
  Disclosing Institution CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
2021 DND/CAF 2 2
GAC 41 1 2 44
IRCC 68 79 2 149
TOTAL 68 122 2 1 2 195
2020 CBSA 1 3 4
GAC 1 25 1 13 40
IRCC 60 61 37 1 159
RCMP 1 3 5 9
TC 2 2
Other 1 1
TOTAL 61 88 1 3 6 55 1 215
2019 CBSA 1 2 3
GAC 23 3 1 15 42
IRCC 5 17 1 36 59
RCMP 4 1 3 1 9
TC 1 1
TOTAL 4 5 41 1 1 3 4 1 54 114

Annex D. Findings and Recommendations

Findings

NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.

NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.

NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:

  • a row for each disclosure made or received;
  • columns explicitly tied to each individual paragraph under section 9; and
  • additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.

NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.

NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.

NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.

NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.

NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.

NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.

NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”

NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.

Recommendations

  1. NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.
  2. NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.
  3. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
  4. NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).
  5. NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.
  6. NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022

Last Updated:

Status:

Published

Review Number:

23-03

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Accessibility Plan 2022-2025

Accessibility Plan 2022-2025

Meta data information

National Security and Intelligence Review Agency, Accessibility Plan 2022 – 2025
Title in French: Office de surveillance des activités en matière de sécurité nationale et de renseignement, Plan sur l’accessibilité 2022 – 2025
Also available online: www.nsira-ossnr.gc.ca/accessibility-plan-2022-2025/
ISSN: 2817-1160, PS106-13E-PDF
Key title: Accessibility plan (National Security and Intelligence Review Agency (Canada)‏)
© His Majesty the King in Right of Canada, 2022

Date of Publishing:

From the executive director

I am pleased to share the National Security and Intelligence Review Agency Accessibility Plan 2022 – 2025. This plan outlines the activities that are necessary to address barriers in priority areas identified in accordance with the Accessible Canada Act.

The National Security and Intelligence Review Agency (NSIRA) is committed to ensuring it is accessible to Canadians. Our objective is to identify and remove, as well as prevent, barriers to accessibility to the greatest extent possible. Accessibility is a work in progress and where barriers cannot be removed, we will take action to mitigate them. This inaugural accessibility plan outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years.

This plan was developed in consultation with NSIRA Secretariat managers, subject matter experts, and employees who volunteered to share their experience as persons with a disability. Consultations also included an external panel of resources whose lived experience as persons with a disability provided an invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies.

It is slightly more than three years since NSIRA came into existence. Much has been accomplished in that time, however, there is still much to do to ensure accessibility in all aspects of the Agency’s work. This plan is an essential first step towards achieving this objective.

John Davies
Executive Director

General

The Executive Director of the NSIRA Secretariat, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate under the National Security and Intelligence Review Agency Act. The Secretariat will monitor feedback to evaluate progress and to determine its future accessibility plans.

In compliance with the requirements of the Accessible Canada Act (“ACA”) and the Accessible Canada Regulations, this plan is available on NSIRA’s website, which is used to communicate with the public.  

To request a copy of the accessibility plan or a description of the feedback process in an alternate format, or to provide feedback about NSIRA’s accessibility plan and any barriers encountered in dealing with NSIRA, please contact the undersigned by mail, telephone, or e-mail. 

Chief of Staff, Executive Director’s Office
National Security and Intelligence Review Agency Secretariat
P.O. Box 2430, Station “B”
Ottawa, Ontario, K1P 5W5


Telephone: 1-833-890-0293
Email: info@nsira-ossnr.gc.ca

Executive Summary

The National Security and Intelligence Review Agency (NSIRA) is committed to ensuring it is accessible to Canadians. Our objective is to identify and remove, as well as prevent, barriers to accessibility to the greatest extent possible. Accessibility is a work in progress and where barriers cannot be removed, we will take action to mitigate them. This inaugural accessibility plan outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years.

As a micro-organization of fewer than 100 full-time equivalents and not having in-house expertise, the NSIRA Secretariat engaged the services of an external consultant to conduct an accessibility assessment. The consultant was charged with examining NSIRA’s policies, programs, practices and services in relation to the identification and removal of barriers, and the prevention of new barriers in the areas described in section 5 of the ACA, i.e., employment; the built environment; information and communication technologies (ICT); communication other than ICT; the procurement of goods, services and facilities; the design and delivery of programs and services; and transportation.

The consultant gathered relevant information by reviewing documents, examining NSIRA’s public-facing website, and engaging with a variety of stakeholders by means of interviews and focus group discussions. Consultations also included an external panel of resources whose lived experience as persons with a disability provided an invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies.

Several issues surfaced through the consultant’s research and consultations. The issues included the need to: 

  • improve education and awareness about accessibility among NSIRA’s workforce;
  • integrate accessibility in respect of information, communication, employment, the built environment, and programs and services; and
  • work collectively to become “inclusive by design and accessible by default”.

The following pages provide some insight into NSIRA’s context and describe the actions that NSIRA will take with respect to the seven areas identified in the ACA.

Context

The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body that reports to Parliament. NSIRA reviews Government of Canada national security or intelligence activities to assess whether they are lawful, reasonable, and necessary and reports accordingly. NSIRA investigates complaints from members of the public regarding activities of the Canadian Security Intelligence Service and the Communications Security Establishment, as well as the national security activities of the Royal Canadian Mounted Police and decisions by deputy heads to deny or revoke a security clearance. In addition, NSIRA investigates complaints that are closely related to national security referred by the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC), matters referred by the Canadian Human Rights Commission (CHRC) and certain reports made to NSIRA under the Citizenship Act. This independent scrutiny contributes to strengthening the framework of accountability for national security or intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

The National Security and Intelligence Review Agency Secretariat is a separate agency identified in Schedule V of the Financial Administration Act (FAA) and is not a part of the core public administration. Treasury Board of Canada policies with respect to financial management, procurement, communications, information management and technology, amongst others, apply to the NSIRA Secretariat. With respect to human resources, the Executive Director is the employer, whose authorities are derived from the National Security and Intelligence Review Agency Act (sections 42 through 47) and subsection 12(2) of the FAA. 

Under the ACA and the Accessible Canada Regulations, federally regulated entities must report to the public on their policies and practices in relation to the identification and removal of barriers by publishing their accessibility plans, feedback processes and progress reports. Each department, agency and federally regulated employer is also required to develop an accessibility plan and report on progress made against this plan annually starting in December 2023.

Priority areas and action plan

The following describes NSIRA’s plan to improve accessibility by acting on three fronts:

  1. Increasing staff awareness about accessibility and the barriers that limit access for Canadians with disabilities.
  2. Ensuring Canadians have access to NSIRA’s publications and services.
  3. Continuing to advance a culture of respect and inclusion by integrating accessibility in all aspects of the organization’s work.

A table summarizing the priority areas and action plan can be found at Appendix A.

1. Employment

The National Security and Intelligence Review Agency comprises up to seven members appointed by Order-in-Council. The Executive Director, who is the deputy head and employer, leads the Secretariat that supports the Review Agency in the fulfillment of its mandate. The NSIRA Secretariat is identified in Schedule V, Separate Agencies, of the Financial Administration Act.  It is not subject to the Public Service Employment Act, with the exception of Part 7 dealing with political activities. It has fewer than 100 employees who work primarily out of two locations in the National Capital Region. At the present time, staff work on-site and/or telework.

NSIRA is committed to removing and preventing barriers to recruitment, retention, and the promotion of persons with disabilities.  Accessibility accommodations are established in accordance with the duty to accommodate under the Canadian Human Rights Act (CHRA). Additionally, they are fulfilled in accordance with Treasury Board policies on financial management, government security, procurement, etc. 

Through the accessibility assessment, gaps were identified with respect to employment, notably that there is no written accommodation process for employees with disabilities, and that staff at all levels have limited access to and familiarity with accessibility requirements, resources and information.

Actions

  1. Ensure that recruitment and selection processes are accessible.
    1. Provide Human Resources (HR) staff and hiring managers with training in accessibility best practices.
    2. Review past recruitment and selection practices to identify and prevent future barriers.
    3. Ensure that all recruitment and staffing material, and communications with candidates clearly identify accessibility/accommodation options.
    4. Seek feedback from candidates about the effectiveness of accommodation measures in selection processes.
  2. Formalize and communicate an accommodation process for employees with disabilities.
    1. Consult employees to identify barriers and gaps in workplace accommodations.
    2. Inform employees about the Government of Canada Workplace Accessibility Passport and implement on a voluntary basis.
    3. Consult other organizations to increase awareness of accessibility and to seek individualized accommodation strategies for employees.
    4. Identify mechanisms to reduce wait times for workplace accommodations.
  3. Increase awareness for staff at all levels on accessibility issues.
    1. Provide all staff with training on accessibility awareness and sensitivity.
    2. Provide enhanced training to executives, managers, and subject matter experts relative to their role, e.g., training on Web Content Accessibility Guidelines (WCAG) for IT staff.
    3. Incorporate accessibility awareness generally and information about accommodation measures specifically in new employee orientation and on-boarding.
  4. Review the NSIRA Secretariat’s Human Rights, Accessibility, Employment Equity, Diversity, and Inclusion PlanHuman Resources Management Policy, and Terms and Conditions of Employment Policy and revise as necessary to ensure overall coherence.

2. Built Environment 

The National Security and Intelligence Review Agency occupies several locations in the National Capital Region. At the present time, staff work on-site and/or telework. Hearings/investigative interviews and inter-organizational meetings are held on-site.

NSIRA recognizes the importance of an accessible built environment. As such, NSIRA will continue to work with employees, building owners, and key partners to achieve the highest level of accessibility within the current location(s).

Through the accessibility assessment barriers were identified in the built environment including heavy doors without automatic door openers; air-locks between doors; tripping hazards; narrow corridors that limit access; lack of accessible signage; restrictions with respect to assistive devices and job aids; an emergency alert system that flashes lights for various safety and security reasons, but does not emit an audible alarm; no control over lighting or temperature within the office space; and an outdated building emergency evacuation plan. Some of the barriers are tied to the requirements of the Treasury Board Policy on Government Security and other policies, which apply to the NSIRA Secretariat, but for which it is not the author.

Actions

  1. Identify, remove, prevent and/or mitigate barriers in the built environment.
    1. Conduct a full assessment of accessibility barriers in the built environment(s) in conjunction with Public Services and Procurement Canada (PSPC), the Communications Security Establishment (CSE), and persons with disabilities.
    2. Develop an action plan to remove and/or mitigate barriers, e.g., text to voice platforms, audible and visual alerts, signage, etc.
    3. Establish in consultation with partners an accessibility/duty to accommodate process for medical/assistive devices within the on-site workspace.
    4. Ensure alternative arrangements are available to anyone needing accessibility accommodations prior to attending a site or office. 
    5. Review, revise and document building emergency evacuation procedures and training with an accessibility lens, in collaboration with the building senior officer’s security team.
  2. Contribute to making security program information and facilities accessible by default.
    1. Review forms, tools and services to identify barriers for persons with disabilities.
    2. Collaborate with policy centers (including CSE, TBS, DND) to develop and implement accessible alternatives.
    3. Establish an inclusive and nimble on-boarding and off-boarding process, including in-person training for operating within the on-site workspace.
    4. Revise training and awareness to ensure accessibility.

3. Information and Communication Technologies (ICT) 

The NSIRA websites, both intranet and internet, are the main vehicles for sharing information internally and with the public. The internet is also the main option for members of the public to access the complaints process, including information about the process and the required forms to file complaints.

Staff use a variety of software and tools to carry out their daily responsibilities, both while working on-site and while teleworking.

Several barriers were identified with respect to information and communication technologies (ICT). First and foremost is that neither the intranet, nor the internet are fully accessible. None of the documents shared via the intranet or the internet were designed with accessibility in mind, although features exist within the available software. There is no option for a person to bring a complaint through any means other than by completing a templated form and there is no TTY or similar alternative for a person with a hearing impairment to engage with the Registrar.

Actions

  1. Ensure NSIRA’s public-facing website and internal ICT platforms (e.g., Sharepoint libraries) adhere to all accessibility standards and are compliant to WCAG 2.0 AA at a minimum.
    1. Review and revise current publications.
    2. Develop a lifecycle review plan to modify accessibility of document previously published by NSIRA.
  2. Ensure major corporate ICT inventory (i.e., systems, hardware and software) is accessible.
    1. Review existing inventory to identify accessibility barriers and gaps.
    2. Develop plans to resolve, mitigate and prevent accessibility barriers in consultation with key partners, including increasing awareness of accessibility requirements.
    3. Ensure that future ICT systems, hardware and software meet the leading accessibility standards and function with adaptive technologies.
  3. Build awareness among all NSIRA staff about accessibility requirements, tools and options.
    1. Provide training for staff at all levels about creating accessible documents and using other accessibility features available through ICT (e.g., text to voice options, tools for virtual meetings, etc.)
    2. Provide enhanced accessibility training to those responsible for publications, reports and web content.
  4. Ensure that persons with disabilities can participate fully in the complaints process.
    1. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
    2. Incorporate digital tools to enhance accessibility.

4. Communications other than ICT 

The purpose of NSIRA’s review function is to ascertain facts after careful examination to develop findings and recommendations that inform accountability.  NSIRA’s findings and recommendations are communicated to the implicated departments and agencies, as well as the responsible minister. NSIRA’s Annual Report, summarizing and contextualizing its review work from the previous year is provided to the Prime Minister and tabled in Parliament. Unclassified versions of each review report and the Annual Report are published on NSIRA’s website. In this way, review by NSIRA informs the broader deliberation – fundamental in a free and democratic society – about the means, lengths and laws by which national security or intelligence activities are carried out.

Several barriers were noted with respect to communication for staff and members of the public including no existing process to provide alternate formats and communication supports upon request; technical or sector-specific language in public-facing documents and reports; lack of guidance or established procedures for use of closed captioning, sign language interpretation, or TTY for persons with a hearing disability.

Actions

  1. Ensure that all communications are accessible for staff, stakeholders and members of the public.
    1. Review existing practices, tools, and systems to remove, resolve, mitigate and prevent barriers.
    2. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
    3. Put in place arrangements for services to support communications such as sign language interpretation, Braille printing, etc.
  2. Build awareness among all NSIRA staff about accessible communication requirements, tools and options.
    1. Provide training for staff at all levels about accessible communication and using accessibility features such as closed captioning for meetings and events, alternate formats such as large print, Braille, audio or electronic formats.
    2. Provide enhanced accessibility training to those responsible for publications, reports, meetings and events.

5. Procurement of Goods, Services and Facilities 

The NSIRA Secretariat procures goods, services and facilities in accordance with the policies and processes established by Public Services and Procurement Canada, Treasury Board of Canada, and other key partners.

No barriers were identified with respect to the procurement of goods, services and facilities. Nonetheless the NSIRA Secretariat has noted that improvements are needed to ensure “accessibility by design” in procurement practices.

Actions

  1. Ensure that procurement practices, processes and outcomes support an accessible workplace and accessible programs, and services.
    1. Provide training for cost centre managers and staff about integrating accessibility considerations into procurement processes and practices.
    2. Provide enhanced accessibility training to those responsible for procurement.
    3. Review practices and processes and revise as appropriate to ensure compliance with Accessible Procurement principles, e.g., accessibility requirements incorporated in contracts, documentation, etc.
    4. Assess the feasibility of incorporating standard requirements for procurement practices and processes, e.g., templates for scope-of-work documentations, evaluation criteria, contracts etc.

6. Design and Delivery of Programs and Services

An important part of NSIRA’s mandate is to investigate public complaints related to any activity carried out by the Canadian Security Intelligence Service (CSIS) and the Communication Security Establishment (CSE), as well as complaints relating to the denial or revocation of security clearances.  In addition, NSIRA investigates complaints that are closely related to national security referred by the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC), matters referred by the Canadian Human Rights Commission (CHRC) and certain reports made to NSIRA under the Citizenship Act.  By law, every investigation is conducted in private.

Ensuring that Canadians with disabilities can participate in these processes fully is integral to NSIRA’s investigations. NSIRA’s Rules of Procedure do not provide accessibility options to accommodate the needs of persons with disabilities at all stages of the complaint process, while also complying with the necessary security requirements.

Actions

  1. Ensure that NSIRA’s programs and services are inclusive and accessible, while protecting privacy, meeting necessary security requirements and safeguarding sensitive information.
    1. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
    2. Ensure that accessibility is integrated in the approval process for new programs, activities or services.

7. Transportation 

This priority area does not apply to the National Security and Intelligence Review Agency.  As such no barriers or actions were identified.

Consultations

One of the guiding principles of the Government of Canada’s accessibility strategy is the statement “Nothing without us” which affirms that persons with disabilities must be involved in the design and implementation of this plan. Persons with disabilities offer a unique and valuable perspective and our goal is to ensure that we do not have any barriers that prevent their full participation in the workplace and that of those whom we serve.

All staff were invited to participate in the consultation process with a focus on engaging persons with a disability, regardless of whether they had previously identified as such. Subject matter experts, managers and employees with a disability were consulted in facilitated focus groups or individual interviews, which were conducted in either or both official languages.

Internal stakeholders with knowledge of employment practices, procurement, facilities, digital resources, communications, and the design and delivery of goods and services, were consulted. Questions regarding accessibility barriers, current accommodation practices, and priorities for remediation were discussed and responses have been used to inform this plan.

The input provided by subject matter experts, managers and employees was essential to identifying the barriers and gaps described in this plan and to developing actions to enable NSIRA to become a more inclusive and accessible organization.

In addition, the draft accessibility plan was reviewed by the consultant’s standing Accessible Canada Act Review Committee.  Review Committee members are individuals with a variety of lived experience with disabilities, and knowledge of a range of accessibility issues. The five-member committee consists of members who self-identify with a disability including mobility, vision, learning disability, mental health disability, and hearing loss.  

Committee members were provided an overview of the functions at NSIRA and an advance copy of the draft accessibility plan. Members provided comments on the plan format and readability, accessibility actions as outlined in the plan, suggested timelines for actions, and specific barriers that could be encountered.  Committee feedback has been incorporated into this approved plan.

Implementation, monitoring and reporting

To ensure that accessibility remains a priority, the Accessible Canada Act and the Accessible Canada Regulations require that regulated entities prepare and publish annual progress reports on the implementation of their accessibility plans. Like the accessibility plan, progress reports must be prepared in consultation with persons with disabilities and describe the manner of the consultations. The progress reports must also include any feedback that NSIRA receives and describe how that feedback was taken into consideration. NSIRA’s first progress report will be published 12 months after the publication of this first accessibility plan, in December 2023. It will include updates with respect to the actions that NSIRA has taken.

In accordance with the regulations, NSIRA will publish an updated plan every three (3) years, starting in December 2025.

Glossary

Barrier: means anything—including anything physical, architectural, technological or attitudinal, anything that is based on information or communications or anything that is the result of a policy or a practice—that hinders the full and equal participation in society of persons with an impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment or a functional limitation.

Disability: means any impairment, including a physical, mental, intellectual, cognitive, learning, communication or sensory impairment—or a functional limitation—whether permanent, temporary or episodic in nature, or evident or not, that, in interaction with a barrier, hinders a person’s full and equal participation in society.

Information and Communication Technology (ICT): is an extensional term for information technology (IT) that stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals) and computers, as well as necessary enterprise software, middleware, storage and audiovisual, that enable users to access, store, transmit, understand and manipulate information.

Web Content Accessibility Guideline (WCAG): the Web Content Accessibility Guidelines (WCAG) are part of a series of web accessibility guidelines published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C), the main international standards organization for the Internet. They are a set of recommendations for making Web content more accessible, primarily for people with disabilities.

References and resources

Accessible Canada Act (justice.gc.ca)

Accessible Canada Regulations (justice.gc.ca)

Accessibility Strategy for the Public Service of Canada – Canada.ca (also referred to as “Nothing Without Us”)

Canadian Human Rights Act (justice.gc.ca)

Canadian Human Rights Commission

National Security and Intelligence Review Agency Act (justice.gc.ca)

Policy on Government Security- Canada.ca

Web Content Accessibility Guidelines (WCAG)

APPENDIX A – SUMMARY OF PRIORITY AREAS AND ACTION PLAN

PRIORITY AREAS AND ACTIONS LEAD BRANCH TARGET FOR COMPLETION

1. EMPLOYMENT

    

a) Ensure that recruitment and selection processes are accessible.

  1. Provide Human Resources (HR) staff and hiring managers with training in accessibility best practices.
  2. Review past recruitment and selection practices to identify and prevent future barriers.
  3. Ensure that all recruitment and staffing material and communications with candidates clearly identify accessibility/accommodation options.
  4. Seek feedback from candidates about the effectiveness of accommodation measures in selection processes

Corporate Services Branch

2023-24 and ongoing

b) Formalize and communicate an accommodation process for employees with disabilities.

  1. Consult employees to identify barriers and gaps in workplace accommodations.
  2. Inform employees about the Government of Canada Workplace Accessibility Passport and implement on a voluntary basis.
  3. Consult other organizations to increase awareness of accessibility and to seek individualized accommodation strategies for employees.
  4. Identify mechanisms to reduce wait times for workplace accommodations.

Corporate Services Branch

2023-24 and ongoing

c) Increase awareness for staff at all levels on accessibility issues.

  1. Provide all staff with training on accessibility awareness and sensitivity.
  2. Provide enhanced training to executives, managers, and subject matter experts relative to their role, e.g., training on Web Content Accessibility Guidelines for IT staff.
  3. Incorporate accessibility awareness generally and information about accommodation measures specifically in new employee orientation and on-boarding.

Corporate Services Branch

2023-24 and ongoing

d) Review the NSIRA Secretariat’s Human Rights, Accessibility, Employment Equity, Diversity, and Inclusion Plan, Human Resources Management Policy, and Terms and Conditions of Employment Policy and revise as necessary to ensure overall coherence.

Corporate Services Branch

2023-24 and ongoing

2. BUILT ENVIRONMENT

    

a) Identify, remove, prevent and/or mitigate barriers in the built environment.

  1. Conduct a full assessment of accessibility barriers in the built environment(s) in conjunction with Public Services and Procurement Canada (PSPC), the Communications Security Establishment (CSE), and persons with disabilities.
  2. Develop an action plan to remove and/or mitigate barriers, e.g., text to voice platforms, audible and visual alerts, signage, etc.
  3. Establish in consultation with partners an accessibility/duty to accommodate process for medical/assistive devices within the on-site workspace.
  4. Ensure alternative arrangements are available to anyone needing accessibility accommodations prior to attending a site or office.
  5. Review, revise and document building emergency evacuation procedures and training with an accessibility lens, in collaboration with the building senior officer’s security team.

Corporate Services Branch

2023-24

2023-24

2024-25

2023-24

2023-24

b) Contribute to making security program information and facilities accessible by default.

  1. Review forms, tools and services to identify barriers for persons with disabilities.
  2. Collaborate with policy centers (including CSE, TBS, DND) to develop and implement accessible alternatives.
  3. Establish an inclusive and nimble on-boarding and off-boarding process, including in-person training for operating within the on-site workspace.
  4. Revise training and awareness to ensure accessibility.

Corporate Services Branch

2025-26

2025-26

2023-24

2023-24

3. INFORMATION AND COMMUNICATION TECHNOLOGIES (ICT)

    

a) Ensure NSIRA’s public-facing website and internal ICT platforms (e.g., Sharepoint libraries) adhere to all accessibility standards and are compliant to WCAG 2.0 AA at a minimum.

  1. Review and revise current publications.
  2. Develop a lifecycle review plan to modify accessibility of previously published NSIRA documents.

Corporate Services Branch

2023-24 and ongoing

b) Ensure major corporate ICT inventory (i.e., systems, hardware and software) is accessible.

  1. Review existing inventory to identify accessibility barriers and gaps.
  2. Develop plans to resolve, mitigate and prevent accessibility barriers in consultation with key partners, including increasing awareness of accessibility requirements.
  3. Ensure that future ICT systems, hardware and software meet the leading accessibility standards and function with adaptive technologies.

Corporate Services Branch

2023-24 and ongoing

c) Build awareness among all NSIRA staff about accessibility requirements, tools and options.

  1. Provide training for staff at all levels about creating accessible documents and using other accessibility features available through ICT (e.g., text to voice options, tools for virtual meetings, etc.)
  2. Provide enhanced accessibility training to those responsible for publications, reports and web content.

Corporate Services Branch

2023-24 and ongoing

d) Ensure that persons with disabilities can participate fully in the complaints process.

  1. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
  2. Incorporate digital tools to enhance accessibility.

Investigations

Corporate Services Branch

2023-24 and ongoing

4. COMMUNICATIONS OTHER THAN ICT

    

a) Ensure that all communications are accessible for staff, stakeholders and members of the public.

  1. Review existing practices, tools, and systems to remove, resolve, mitigate and prevent barriers.
  2. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
  3. Put in place arrangements for services to support communications such as sign language interpretation, Braille printing, etc.

Executive Director’s Office

Investigations

Corporate Services Branch

2022-23 and ongoing

2023-24 and ongoing

b) Build awareness among all NSIRA staff about accessible communication requirements, tools and options.

  1. Provide training for staff at all levels about accessible communication and using accessibility features such as closed captioning for meetings and events, alternate formats such as large print, Braille, audio or electronic formats.
  2. Provide enhanced accessibility training to those responsible for publications, reports, meetings and events.

Corporate Services Branch

2023-24 and ongoing

5. PROCUREMENT OF GOODS, SERVICES AND FACILITIES

    

a) Ensure that procurement practices, processes and outcomes support an accessible workplace and accessible programs, and services.

  1. Provide training for cost centre managers and staff about integrating accessibility considerations into procurement processes and practices.
  2. Provide enhanced accessibility training to those responsible for procurement.
  3. Review practices and processes and revise as appropriate to ensure compliance with Accessible Procurement principles, e.g., accessibility requirements incorporated in contracts, documentation, etc.
  4. Assess the feasibility of incorporating standard requirements for procurement practices and processes, e.g., templates for scope-of-work documentations, evaluation criteria, contracts etc.

Corporate Services Branch

2022-23 and ongoing

6. DESIGN AND DELIVERY OF PROGRAMS AND SERVICES

    

a) Ensure that NSIRA’s programs and services are inclusive and accessible, while protecting privacy, meeting security requirements and safeguarding sensitive information.

  1. Recommend to the Review Agency appropriate amendments to NSIRA’s Rules of Procedure.
  2. Ensure that accessibility is integrated in the approval process for new programs, activities or services.

Investigations

Executive Director’s Office

2023-24

2022-23 and ongoing

7. TRANSPORTATION

    

N/A

    

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified: