Date of submission: September 11, 2023
Date of Online Publication: July 25, 2025
Caroline Xavier
Chief, Communications Security Establishment
Subject: Notification of NSIRA’s Review of CSE’s Vulnerabilities Equities Process
Dear Chief Xavier,
I am writing on behalf of the Members of the National Security and Intelligence Review Agency (NSIRA) to inform you that NSIRA has initiated a review of CSE’s vulnerabilities equities process, known by CSE as the Equities Management Framework (EMF).
This review will examine how CSE manages and governs equities in the context of weighing the benefits and risks of disclosing, versus retaining, information about vulnerabilities found in various kinds of technology. The review may involve other departments and agencies if determined as relevant. The review may look beyond the confines of the EMF, if deemed relevant.
This review is being conducted pursuant to section 8 of the NSIRA Act. The NSIRA Act grants NSIRA full and timely access to all information held by reviewed departments and agencies, including classified and privileged information, except for cabinet confidences. In particular, we expect that CSE will abide by section 9 of the NSIRA Act in enabling us to fulfill our mandate.
Please identify any specific contacts you deem relevant for the subjects addressed by this review. Our review team will be in regular contact with your agency with requests for information. These may include requests for documents, system access, written explanations, briefings, interviews, surveys, and other information NSIRA determines to be of relevance to this review. This review may also include conducting independent inspections of some technical systems or tools.
I thank you in advance for your cooperation and support to the independent review process, which is key to the transparency and accountability we provide to Canadians on behalf of the Government of Canada.
Sincerely,
John Davies
Executive Director, NSIRA Secretariat
Date of submission: September 27, 2023
Date of Online Publication: July 25, 2025
David Vigneault
Director, Canadian Security Intelligence Service
Subject: Notification of NSIRA’s Review of CSE’s Vulnerabilities Equities Process
Dear Director Vigneault,
I am writing on behalf of the Members of the National Security and Intelligence Review Agency (NSIRA) to inform you that NSIRA has initiated a review of CSE’s vulnerabilities equities process, known by CSE as the Equities Management Framework (EMF).
This review will examine how CSE manages and governs equities in the context of weighing the benefits and risks of disclosing, versus retaining, information about vulnerabilities found in various kinds of technology. NSIRA has scoped CSIS into the review to better understand the nature of any involvement CSIS may or may not have in the EMF and related topics. While information from CSIS may be relevant to this review, CSIS is not expected to be a major focus of this review.
This review is being conducted pursuant to section 8 of the NSIRA Act. The NSIRA Act grants NSIRA full and timely access to all information held by reviewed departments and agencies, including classified and privileged information, except for cabinet confidences.
Please identify any specific contacts you deem relevant for the subjects addressed by this review. Our review team will soon be in contact with your agency with requests for information. These are likely to include an introductory briefing, and may include requests for documents, written explanations, and other information NSIRA determines to be of relevance to this review.
I thank you in advance for your cooperation and support to the independent review process, which is key to the transparency and accountability we provide to Canadians on behalf of the Government of Canada.
Sincerely,
John Davies
Executive Director, NSIRA Secretariat
Date of submission: September 27, 2023
Date of Online Publication: July 25, 2025
Mike Duheme
Commissioner, Royal Canadian Mounted Police
Subject: Notification of NSIRA’s Review of CSE’s Vulnerabilities Equities Process
Dear Commissioner Duheme,
I am writing on behalf of the Members of the National Security and Intelligence Review Agency (NSIRA) to inform you that NSIRA has initiated a review of CSE’s vulnerabilities equities process, known by CSE as the Equities Management Framework (EMF).
This review will examine how CSE manages and governs equities in the context of weighing the benefits and risks of disclosing, versus retaining, information about vulnerabilities found in various kinds of technology. NSIRA has scoped RCMP into the review to better understand the nature of any involvement RCMP may or may not have in the EMF and related topics. While information from RCMP may be relevant to this review, RCMP is not expected to be a major focus of this review.
This review is being conducted pursuant to section 8 of the NSIRA Act. The NSIRA Act grants NSIRA full and timely access to all information held by reviewed departments and agencies, including classified and privileged information, except for cabinet confidences.
Please identify any specific contacts you deem relevant for the subjects addressed by this review. Our review team will soon be in contact with your agency with requests for information. These are likely to include an introductory briefing, and may include requests for documents, written explanations, and other information NSIRA determines to be of relevance to this review.
I thank you in advance for your cooperation and support to the independent review process, which is key to the transparency and accountability we provide to Canadians on behalf of the Government of Canada.
Sincerely,
John Davies
Executive Director, NSIRA Secretariat