Workspace Monitoring

Monitor Usage

The workspace lead or delegated personnel must review workspace usage to identify inappropriate usage and report to the FSDH team if unusual usage is noticed. The FSDH team can support when in doubt but will not regularly monitor the workspaces for unusual usage.

If the FSDH team identifies unauthorized or inappropriate usage of FSDH workspaces, it will investigate and report the incident to SSC IT security and other relevant teams for further corrective measures.

Monitoring and Auditing a Workspace

The workspace lead and administrators must monitor account usage periodically and ensure all accounts meet the relevant policies and guidelines. They are also responsible for conducting regular audits within the workspace to ensure all security, ATIP, privacy, accessibility and legal policies are followed. Workspace leads should consult with their Departmental IT Security authorities to ensure compliance with Information system audit management requirements established by the Directive on Security Management (Directive on Security Management- Canada.ca - B.2.3.8)

The workspace lead is responsible for ensuring that a process is in place to ensure quick detection and reaction to information spillage events (for instance, when sensitive information is mistakenly uploaded to an unclassified workspace). Workspace leads should consult with their Departmental IT Security Authorities to ensure such an event is tracked and responded to in accordance with Departmental Incident Response Processes.

Incident Detection & Response

The workspace lead is responsible for reporting any security incident, such as unauthorized access, a breach of the workspace, or information spillage. The Workspace lead is also responsible for coordinating incident reporting with their internal Departmental Incident Response Authorities in accordance with established procedures. The workspace lead should consult with their Departmental IT Security Authorities to ensure incidents are tracked and reacted to in accordance with Departmental Incident Response Processes.

The workspace lead works with their departmental IT security team to contain and investigate the incident and apply all necessary corrective action. Once the incident is contained, the workspace lead works with SSC and the departmental security team to conduct a post-incident review.

For more information, please consult the Portal and Workspace Incident Response guidance.