Information Security Policy Toronto Police Service Flashcards
Purpose
This policy defines acceptable use of Toronto Police Service Information and Technology (TPS-IT) resources
to ensure the ——, integrity, and availability of information. The guiding principles are to prevent misuse or
loss of any information asset and to maintain member accountability for the —— of information assets.
confidentiality
protection
Scope
This policy applies to all ——–Users having access to any TPS-IT resources and all information contained
within those resources.
Authorized
Authorized User are all individuals who have been granted access to the Toronto Police Service’s IT resources.
This includes, but is not limited to,
permanent members ———- volunteers
temporary members ——– personnel affiliated with ———
contractors
consultants
third parties
Workplace Technology Device (WTD) is any computing end user device, typically with its own operating system, which can communicate to a ——. This includes, but is not limited to,
standard workstations mobile devices photocopiers/scanners
laptops/notebooks/tablets
——— fax machines
mobile workstations (MWS)
external media storage
devices (hard drives, USBs, etc.)
printers ——–and voice mail
handheld ticketing devices
network
monitors
telephones
Information and Technology (IT) Resource is any system, service, hardware, and network resources that are owned by, or supplied to Authorized Users by the Toronto Police Service. This includes, but is not limited to
———–and network devices
communication and business ———–
———–
Workplace Technology Devices
———-access
networks
applications
software
internet
Confidential Information is all police information, and is to be used for ——— business use only. This includes, but is
not limited to,
———- information
any other information collected, obtained or derived for or
from TPS records that must be kept confidential under the
Municipal Freedom of Information and Protection of Privacy
Act (MFIPPA), Police Services Act (PSA), Y———–, or any other applicable legislation.
official
privileged
youth Criminal Justice Act (YCJA)
———-Devices any ————-equipment and technology that is not issued or authorized by the
and Technology Service
Personal
telecommunication
- General
1.1 TPS-IT resources are the sole property of the Toronto Police Service (TPS). The TPS grants Authorized Users access to its TPS-IT resources to conduct official police business only.
1.2 Any records created and/or maintained on any TPS-IT resource are ——–of the Service and bound by
Service Governance and the TPS ————-.
1.3 Records may become accessible through criminal or —–court processes, by ——- or as requested under MFIPPA.
1.4 Authorized Users are responsible for complying government law and Service Governance when using TPS-IT
resources.
property
Records Retention By-Law
civil
subpoena
- General
1.5 Authorized Users who are granted access must adhere to the terms of use ———for external databases, owned and operated by partnering external agencies. Such systems included but are not limited
to, CPIC, MTO-ISS, ——-, MCM, etc.
1.6 Authorized Users must seek approval from the ——— prior to the acquisition of all new technology. (Please refer to Routine Order 2020.06.10-529 regarding the approval process for request submissions).
1.7 Authorized Users must first consult with the CIO’s Office prior to building any unit specific ——– or
repositories of information such as SharePoint, Excel, or MS Access.
1.8 Authorized Users must consult with the Information Security Unit prior to the implementation of any
technology changes that involve the new ———, use or disclosure of personal information.
agreements
OSOR
Chief Information Officer (CIO)
databases
collection
General
1.9 Any misuse of a TPS-IT resource or violation of this agreement shall be reported immediately to a ——,
———, or the ————–following the discovery of the misuse or violation,
in accordance with the Standards of Conduct, Section ——– Contravention of Service of Legislative Governance
and/or Misconduct.
1.10 Any unauthorized ——— of personal or confidential information collected on behalf of the TPS for police
business shall be reported immediately to a supervisor, Unit Commander, the ISO, or the Access & Privacy
Coordinator (only where the unauthorized release involved personal information) following the discovery of the breach, in accordance with TPS Procedures, Section 17-02 – Information Breaches.
supervisor
Unit Commander
Information Security Officer (ISO)
1.3
release
- Security of Computerized Systems and Information
2.1 Authorized Users are responsible for safeguarding and protecting police information, both electronic
and hardcopy. System access is assigned based on the job role or function performed to ensure sensitive
information is available to only authorized users. Password ———, or providing access to another
person, either deliberately or through failure to secure access, is prohibited. Hardcopies material must
be shredded or discarded inside TPS secure confidential blue bins, when no longer required.
2.2 Authorized Users are responsible for all activity while logged onto any TPS-IT resource. Devices must be
secured with a password-protected screensaver, and must be locked or logged off when left ——–
sharing
unattended
Security of Computerized Systems and Information
2.3 Authorized Users will ensure reasonable care is taken to protect TPS-IT resources from theft, ——-or
illegal access; and against systems designed to disrupt, damage or place excessive ——- on the resource.
2.4 Authorized Users who are issued a smartphone will ensure that operating system or application level ———
are applied in a timely manner.
2.5 Authorized Users will ensure that workplace technology devices and external media storage devices are
secure when not in use, as this type of portable equipment is especially vulnerable to ———. Portable
storage devices containing sensitive information should be ——–.
damage
load
updates
breaches
encrypted
Security of Computerized Systems and Information
2.6 Authorized Users’ offsite work location is to be considered an ——of the primary TPS work location. All
requirements set out in this policy also apply to members authorized to work remotely.
2.7 Authorized Users should use TPS issued equipment when conducting police business. Use of any electronic
devices on the TPS network is subject to the rules set out in this policy. The TPS may, when necessary to an
ongoing lawful investigation, ask to ——-relevant information in a personal device and make copies
of relevant information. Individuals who deny the TPS access may face ——– for failing to cooperate.
extension
examine
consequences
- Policy Compliance
3.1 TPS-IT resources and the information generated by, and contained within them, fall under the ownership of
the ———–. Therefore, while the TPS is aware of, and respects the privacy interests of those who use its IT resources, it is stressed that authorized users will be subject to a significantly ——– expectation of personal privacy when making use of TPS-IT resources.
Toronto Police Service
diminished
- Policy Non-Compliance
4.1 Attempt to ———- or circumvent the user-authentication or security functions of any computer, network or
account.
4.2 ——-account or password access to an unauthorized individual, including circumstances when a member
has had their access deactivated, ——-or terminated.
4.3 Unauthorized copying, ——, deletion, distortion, removal, concealment, modification or encryption
of messages, files, or other police data.
4.4 Use any program/script/command with the intent to interfere or ———with any computer system,
network or user’s session. Execute any form of network monitoring that will ——data, scan ports, or
attempt to circumvent the corporate ——–.
exploit
Provide
denied
destruction
tamper
intercept
firewall
