Management Response and Action Plan (MRAP): Evaluation of Duty of Care Envelope, 2017-18 to 2022-23

Introduction

The Duty of Care (DoC) Envelope evaluation covered the period from 2017-18 to 2021-22 and included information and data pertaining to DoC implementation up to and including 2022-23, wherever possible. Data collection for the evaluation was completed in September 2023, evaluation recommendations were drafted in December 2023 and the MRAP was finalized in May 2024. Thanks to continued engagement with key DoC envelope stakeholders over the course of the evaluation, the evaluation team was made aware of several efforts by DoC responsibility centres (ACM, CFM, HCM and ZID, SCM, IFM) to address challenges in delivering DoC-funded initiatives. DoC responsibility centres demonstrated a high level of awareness and have worked internally to address the various shortcomings over the evaluation period. In addition, emerging evaluation data and analysis was shared with DoC decision-makers to inform adjustments to DoC planning and delivery in real time.

The evaluation report acknowledges the efforts made by these responsibility centres and the recommendations explicitly build on them. However, because of the evaluation timeline, not all of the new initiatives implemented after April 2022 were reflected in the evaluation report. Below is a summary of initiatives undertaken by responsibility centres between April 2022 to June 2024. As many of them are recent, their effectiveness in addressing the identified challenges is still in progress. The importance of monitoring these initiatives in response to the evaluation recommendations is reflected in the MRAP.

Capital Projects and Procurement: ACM has undertaken several efforts to enhance the delivery of major capital projects, including modernizing procurement processes. Efforts include the creation of the Project and Program Management Office and a service delivery portal to facilitate the integration of business lines and improve the consistency and effectiveness of project planning, delivery and tracking, including numerous upgrades to the infrastructure and assets of Canada’s international network of missions. SCM has also introduced new IT upgrades, including modernizing the network infrastructure.
Mission Readiness: CFM has improved mission readiness programs and consistency across the mission network by enhancing and expanding training exercises; developing common guidelines and tools for missions; and creating 21 net-new Readiness Program positions to further the reach of this critical program; additional positions were approved in the Spring of 2024 to roll out over the next two years.
Security Risk Assessments: Relevant branches have also improved GAC’s security risk-assessment-prioritized mitigation measures by implementing the “Strategic Plan for Mission Security Modernization”; aligning ACM and CFM project reporting mechanisms; modernizing GAC’s risk management methodology; renewing GAC’s security requirements; increasing the analysis and distribution of threat information outside the mission area; and creating positions to add intelligence threat assessment support. Moreover, GAC has initiated the design of a Mission Security Management system (MSMS) policy instrument which is designed to coalesce the siloed mission security functions into one functional system. CFM is also preparing for the launch of the Departmental Security Resource (DSR), which will contribute towards a comprehensive departmental security policy and guidance with clear safety and security responsibilities and accountabilities.

Further, as cyber security continues to be an increasing threat, particularly after the 2024 cyber incident, DoC governance is prioritizing funding for GAC’s response and future preparedness. In Spring 2024, an estimate of $25.3M (vote 1) and $3.1M (vote 5) in Cyber-related initiatives was approved.
Governance: CFM has already adapted to include broader representation in the governance structure, including the geographic branches, to increase the challenge function and to better align decisions with security risk assessments, and mission priorities. The departmental re-organization and new pan-geographic bureau will provide further opportunities to re-focus initiatives according to foreign policy guidelines.
Health and Safety: To further define and communicate the scope of departmental legal and policy obligations to protect its people, GAC proactively reached out to the Treasury Board Secretariat and confirmed their support with an expanded scope that includes health, safety and wellness. Efforts made by HCM and ZID from April 2022 to date, include conducting a comprehensive review of the Overseas Health Model, which focuses on identifying gaps in overseas health services; creating and facilitating new workshops on psychological health and a psychological support program for employees deployed to high-risk missions. In the Spring of 2024, a further consular officer wellness training project was approved as well as two major capital projects that address mission health and safety concerns.

Management Response and Action Plan (MRAP)

Recommendation 1: Security risk assessment and mitigation

CFM, in partnership with ACM, HCM, IFM, SCM, and in consultation with missions, should improve risk assessment models, methodologies, processes, systems and tools to effectively capture and assess the growing complexity of threats and vulnerabilities experienced across the mission network and across diverse groups (such as women, 2SLGBTQI+, people with disabilities, racialized and indigenous peoples), translate them into well-scoped, prioritized mitigation measures and identify the potential impact of residual risk.

Management response and commitment

Agree with this recommendation and will build upon recent work to enhance risk assessment models and methodologies to enhance the prioritization process. This includes the implementation of the “Strategic Plan for Mission Security Modernization” which aims to ensure GAC’s security prioritization is informed by robust data and enhance GAC’s ability to monitor and measure security mitigation initiatives; alignment of ACM and CFM mitigation initiatives and clear accountabilities; modernization of GAC’s risk management methodology; renewal of GAC’s security requirements; increased production and distribution of threat information for outside the mission area; and creation of positions for increased intelligence threat assessment support.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
1.1 Use the security working group to review and assess security mitigation measures and implement new updates to the Security Information Management System. Implement required connections to other systems, procedures and tools to maximize the usefulness of SIMS.	1.1 Data used to inform Security risk assessment and mitigation is analyzed using the best available technology. New security tools, guidance and requirements are tracked and implemented across the mission security spectrum. Ultimate outcome is to provide appropriate advice to decision makers.	1.1 CSD/CSR and CSD/CSS with support of CEP, AWO, INT, SIA, HWH	1.1 March 2026
1.2 Continue to improve the digital strategy. As part of this effort: Continue to implement the Harmonized Threat, Vulnerability and Risk Assessment (HTVRA) model and a benchmarked, standardized risk management training for staff. Procure and implement industry-proven and TBS standard risk e-tool (ASTRA); Continue to build common language to align with the specific project management requirements of infrastructure, systems and equipment implementation.	1.2 Risk alignment and prioritization between C, I and A branches are improved. Data collection capability is improved. Better understanding of security risks identified by missions. Cross-branch coordination on risk prioritization and assessment mechanisms is improved. Note: Baseline Threat Assessments for missions already include GBA Plus analysis	1.2 CSD/CSS with support of IND/INT CSR, AWO, SIA, HWH	1.2 January 2025
1.3 Ensure effective access to highly classified networks at missions based on organizational needs and threat assessments. Note: Expansion is required for GAC to engage on highly classified national and international security issues while ensuring sensitive information and systems are adequately protected and secured.	1.3 Expansion of High Security Zone (HQ) (25 workstations, 10 reading stations for departmental use and 1 additional level III boardroom). Creation of (Canadian Top-Secret Network) Disaster relief site, providing a redundancy to ensure that CTSN remains operational worldwide, in the event of an emergency affecting the Ottawa data centre. As well as addressing an important deficiency identified by Communications Security Establishment.	1.3 IND/INS in partnership with ARD, CSD, and SPD.	1.3 October 2025
1.4 Ensure risk assessment models for the protection of people of all diverse groups are aligned and integrated into the Occupational Health and Safety (OHS) Framework led by HCM. Integrate principles of the OHS Framework into existing risk assessment processes (including GBA Plus analysis) and reporting mechanisms.	1.4 Integrated Risk Management and Compliance: By incorporating the security component related to the protection of people into the OHS Framework, GAC ensures a holistic approach to risk management, including a better understanding to diverse groups of people. This allows for the identification and management of risks in accordance with the Canada Labour Code (CLC), preventing them from being addressed in a siloed manner. The ultimate outcome is that GAC is better equipped to monitor and fulfill its legal obligations under the CLC, ensuring a comprehensive and compliant approach to occupational health and safety.	1.4 HWD/HWH, with support from CSG, INT, CSS	1.4 September 2024

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

1.1

Use the security working group to review and assess security mitigation measures and implement new updates to the Security Information Management System.
Implement required connections to other systems, procedures and tools to maximize the usefulness of SIMS.

1.1

Data used to inform Security risk assessment and mitigation is analyzed using the best available technology.
New security tools, guidance and requirements are tracked and implemented across the mission security spectrum.
Ultimate outcome is to provide appropriate advice to decision makers.

1.1

CSD/CSR and CSD/CSS with support of CEP, AWO, INT, SIA, HWH

1.1 March 2026

1.2 Continue to improve the digital strategy.

As part of this effort:

Continue to implement the Harmonized Threat, Vulnerability and Risk Assessment (HTVRA) model and a benchmarked, standardized risk management training for staff.
Procure and implement industry-proven and TBS standard risk e-tool (ASTRA);
Continue to build common language to align with the specific project management requirements of infrastructure, systems and equipment implementation.

1.2

Risk alignment and prioritization between C, I and A branches are improved.
Data collection capability is improved.
Better understanding of security risks identified by missions.
Cross-branch coordination on risk prioritization and assessment mechanisms is improved.

Note: Baseline Threat Assessments for missions already include GBA Plus analysis

1.2

CSD/CSS with support of IND/INT CSR, AWO, SIA, HWH

1.2 January 2025

1.3

Ensure effective access to highly classified networks at missions based on organizational needs and threat assessments.

Note: Expansion is required for GAC to engage on highly classified national and international security issues while ensuring sensitive information and systems are adequately protected and secured.

1.3

Expansion of High Security Zone (HQ) (25 workstations, 10 reading stations for departmental use and 1 additional level III boardroom).
Creation of (Canadian Top-Secret Network)
Disaster relief site, providing a redundancy to ensure that CTSN remains operational worldwide, in the event of an emergency affecting the Ottawa data centre. As well as addressing an important deficiency identified by Communications Security Establishment.

1.3

IND/INS in partnership with ARD, CSD, and SPD.

1.3 October 2025

1.4

Ensure risk assessment models for the protection of people of all diverse groups are aligned and integrated into the Occupational Health and Safety (OHS) Framework led by HCM.
Integrate principles of the OHS Framework into existing risk assessment processes (including GBA Plus analysis) and reporting mechanisms.

1.4 Integrated Risk Management and Compliance:

By incorporating the security component related to the protection of people into the OHS Framework, GAC ensures a holistic approach to risk management, including a better understanding to diverse groups of people. This allows for the identification and management of risks in accordance with the Canada Labour Code (CLC), preventing them from being addressed in a siloed manner.
The ultimate outcome is that GAC is better equipped to monitor and fulfill its legal obligations under the CLC, ensuring a comprehensive and compliant approach to occupational health and safety.

1.4

HWD/HWH, with support from CSG, INT, CSS

1.4 September 2024

Recommendation 2: Decision-making and oversight

Building on the changes to SIPAB’s leadership, mandate and composition, CFM should strengthen the governance structure under the Global Security Framework to ensure effective prioritization and allocation of the DoC envelope’s resources in the remaining years of its mandate and to provide greater oversight of investments in high-risk and critical-risk missions.

Management response and commitment

Agree with this recommendation and will continue the ongoing positive changes designed to strengthen governance under the robust Global Security Framework.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
2.1 Continue to expand the governance reforms that began in 2022-2023 to ensure structure reflects the evolving security landscape, mission priorities, which aligns with GAC’s new L2 governance structure (2024); Annual review of SIPAB’s membership with a GBA Plus lens to ensure inclusivity and diverse perspectives. Ensure the Mission Security Management System (MSMS) is instituted to efficiently operationalize the GSF, link mission security risk tolerance and ownership with the prioritization of security investments. Optimize opportunities to augment simplicity and reduce red-tape while ensuring security-based prioritization. Continue to strengthen SIPAB’s role in prioritization, challenge function and ensuring robust resource allocation decisions. Augment mission engagement in the Governance structure, including the new Head of Mission governance committee.	2.1 Enhanced governance structure that maximizes the allocation of DoC funding and prioritizes initiatives based on the TBS supported expanded scope of DoC envelope's guiding principles Improved operationalization of Mission security priorities and accountabilities. Note: Department going through re-organization. Governance will evolve based on these changes.	2.1 CSD/CSG/CSS with the support and input of SIPAB Chairs and members	2.1 October 2024
2.2 Finalize the MSMS and Framework of Accountability to establish departmental mission security policies, common risk ownership definitions, tolerance mechanisms and acceptance levels for GAC’s global mission network. Continue to adopt a more robust mission security risk management methodology and risk tools to support the GSF under the MSMS. Continue to implement the “Top 20” initiative to stabilize the department’s priority security investment and risk management priorities. This phased initiative reprioritizes GAC’s outstanding security requirements. Map available resources (financial, human, technological) against identified risks and needs. Ensure transparency in resource allocation decisions and hold accountable those responsible for implementation. Continue the strategic coordination for the implementation of physical and operational security measures in accordance with DoC directives and ensure they are driven by risk as per the GSF.	2.2 Improved accountability and alignment of Doc policy and mission security risk decision making. Systemic pathway from assessment to implementation. Reduction of outstanding risks across the mission network Clear, repeatable and well documented process for establishing, measuring and understanding mission security risk tolerance. Clear, documented accountabilities where operating outside of mission security risk tolerances is required Accountable, agile and better documented prioritization and implementation procedures. Transparent, streamlined intra-branch project management processes.	2.2 CSD/CSS with the support of AWD, CSG, CSC, CSR, CET, SWD/SWC, SRD, and Chairs and members from SIPAB, SecCom and ADM Oversight Committee	2.2 September 2025
2.3 Ensure that the Global Security Framework is aligned with other existing and new governance structures. Implement MSMS and Mission Security Accountability Framework aligned to GSF and new governance structures to create an agile, systemized and accountable system of mission security governance.	2.3 Integration of new policies and procedures, ensuring that the department continues to meet its obligations under the Canada Labour Code	2.3 HWD/HWH, with the support of CSG and DCD	2.3 November 2024

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

2.1

Continue to expand the governance reforms that began in 2022-2023 to ensure structure reflects the evolving security landscape, mission priorities, which aligns with GAC’s new L2 governance structure (2024);
Annual review of SIPAB’s membership with a GBA Plus lens to ensure inclusivity and diverse perspectives.
Ensure the Mission Security Management System (MSMS) is instituted to efficiently operationalize the GSF, link mission security risk tolerance and ownership with the prioritization of security investments.
Optimize opportunities to augment simplicity and reduce red-tape while ensuring security-based prioritization.
Continue to strengthen SIPAB’s role in prioritization, challenge function and ensuring robust resource allocation decisions.
Augment mission engagement in the Governance structure, including the new Head of Mission governance committee.

2.1

Enhanced governance structure that maximizes the allocation of DoC funding and prioritizes initiatives based on the TBS supported expanded scope of DoC envelope's guiding principles
Improved operationalization of Mission security priorities and accountabilities.

Note: Department going through re-organization. Governance will evolve based on these changes.

2.1

CSD/CSG/CSS with the support and input of SIPAB Chairs and members

2.1 October 2024

2.2

Finalize the MSMS and Framework of Accountability to establish departmental mission security policies, common risk ownership definitions, tolerance mechanisms and acceptance levels for GAC’s global mission network.
Continue to adopt a more robust mission security risk management methodology and risk tools to support the GSF under the MSMS.
Continue to implement the “Top 20” initiative to stabilize the department’s priority security investment and risk management priorities. This phased initiative reprioritizes GAC’s outstanding security requirements.
Map available resources (financial, human, technological) against identified risks and needs.
Ensure transparency in resource allocation decisions and hold accountable those responsible for implementation.
Continue the strategic coordination for the implementation of physical and operational security measures in accordance with DoC directives and ensure they are driven by risk as per the GSF.

2.2

Improved accountability and alignment of Doc policy and mission security risk decision making.
Systemic pathway from assessment to implementation.
Reduction of outstanding risks across the mission network
Clear, repeatable and well documented process for establishing, measuring and understanding mission security risk tolerance.
Clear, documented accountabilities where operating outside of mission security risk tolerances is required
Accountable, agile and better documented prioritization and implementation procedures.
Transparent, streamlined intra-branch project management processes.

2.2

CSD/CSS with the support of AWD, CSG, CSC, CSR, CET, SWD/SWC, SRD, and Chairs and members from SIPAB, SecCom and ADM Oversight Committee

2.2 September 2025

2.3

Ensure that the Global Security Framework is aligned with other existing and new governance structures.
Implement MSMS and Mission Security Accountability Framework aligned to GSF and new governance structures to create an agile, systemized and accountable system of mission security governance.

2.3

Integration of new policies and procedures, ensuring that the department continues to meet its obligations under the Canada Labour Code

2.3

HWD/HWH, with the support of CSG and DCD

2.3 November 2024

Recommendation 3: Major projects, minor projects and security equipment and systems

ACM should monitor the impact of the recent structural, system and process changes made to improve the planning, implementation and tracking of DoC projects and take further course-corrections to address remaining challenges (including along the procurement/supply chain continuum), ensure timely project delivery (in particular for service line projects), meet DoC envelope commitments, and improve communication with other relevant branches and missions.

Management response and commitment

Agree with this recommendation. It is fundamental to learn from past delays in project and equipment delivery of DoC. GAC recognizes there is room for improved alignment between the processes employed by security and Real Property experts in prioritizing projects and investments. Recent efforts include the creation of the Project and Program Management Office, which has facilitated the integration of business lines and fostered consistent and effective planning and delivery; the roll-out of the to plan and manage real property activities delivered at missions on real time; and numerous upgrades to the mission network infrastructure and assets.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
3.1 Report, semi-annually, the results of its service line security projects, including on procurement, Chancery Electronic Security Systems (CESS) program, Personal Safety Radio Network (PSRN) program, Armoured Vehicle (AV) program and Security Equipment program to the appropriate governance oversight committee. Ensure transparency of reporting to clients and stakeholders as requested.	3.1 Improve communications with stakeholders on key security procurements and systems upgrades while finding solutions to improve delivery timelines and service quality. Improve procurement (as per the GAC security requirements) and deployment to missions across the network to provide critical security capacity. Align procurements with security requirements as defined by the department’s security function and the CSO.	3.1 AWD/AWS and CSD/CSS	3.1 May 2025
3.2 Grant relevant stakeholders at mission access to view live RP project updates through the Service Delivery Portal.	3.2 Service Delivery Portal enhanced (as of May 2023, a Mission module has been made available, and live project updates may be accessed through the Portal). A SharePoint site has been created to support onboarding, with access to Communications Products, User Guides, Personalized Dashboards and Interactive Reports.	3.2 ACM/ACO	3.2 April 2024
3.3 Create a dedicated IT Security team (AWSB) to implement and manage the CCTV program. Leverage mission capacity and/or employ a modular approach to CCTV system maintenance. Establish a CCTV governance structure, including procurement partners, to provide oversight to the global rollout of the program which will report regularly to the client and the appropriate governance oversight committee within Platform, and annually to SIPAB.	3.3 Provide oversight to the global rollout of the program which will report regularly to client as well as the appropriate governance oversight committee within Platform, and annually to SIPAB. CCTV program that meets the security requirements rolled out en mass to mission providing mission critical perimeter surveillance capacity.	3.3 AWD/AWS with the support of CSD/CSS	3.3 September 2024
3.4 Continue to report on a quarterly basis the health status (i.e., measures of on time, on scope, on budget) of all major Real Property projects, including procurement milestones.	3.4 Quarterly updates are provided via the Integrated Business Plan. Bi-monthly updates on project health statuses of projects >$1M are given to PPOC (Platform Portfolio Oversight Committee). IPMF (Investment and Project Management Framework) and SLPMF (Service Line Project Management Framework) monitoring dashboards enable real-time visualizations of project health status. An “Overall Health Guidance” document has been published whose aim will standardize the way in which health statues are reported.	3.4 ACM/ACO	3.4 June 2024
3.5 Invite stakeholders from relevant missions and procurement advisors to meetings of the Service Delivery Performance Advisory Board (SDPAB) to enhance the coordination of the planning and delivery of all property-related projects and activities.	3.5 Stakeholders from relevant Missions and procurement teams are regularly invited to Mission-specific SDPABs.	3.5 ACM/ACO	3.5 April 2024
3.6 Present to EXCO by end of 2024 on the Duty of Care envelope, including whether the overhaul of ACM is positively affecting delivery of DoC physical infrastructure projects and if not, what further changes are required.	3.6 GAC senior management will be confident that recent structural changes to Platform have enabled the division to better deliver its suite of physical infrastructure projects	3.6 ACM/ACO with support from ARQ	3.6 December 2024

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

3.1

Report, semi-annually, the results of its service line security projects, including on procurement, Chancery Electronic Security Systems (CESS) program, Personal Safety Radio Network (PSRN) program, Armoured Vehicle (AV) program and Security Equipment program to the appropriate governance oversight committee.
Ensure transparency of reporting to clients and stakeholders as requested.

3.1

Improve communications with stakeholders on key security procurements and systems upgrades while finding solutions to improve delivery timelines and service quality.
Improve procurement (as per the GAC security requirements) and deployment to missions across the network to provide critical security capacity.
Align procurements with security requirements as defined by the department’s security function and the CSO.

3.1

AWD/AWS and CSD/CSS

3.1 May 2025

3.2

Grant relevant stakeholders at mission access to view live RP project updates through the Service Delivery Portal.

3.2

Service Delivery Portal enhanced (as of May 2023, a Mission module has been made available, and live project updates may be accessed through the Portal).
A SharePoint site has been created to support onboarding, with access to Communications Products, User Guides, Personalized Dashboards and Interactive Reports.

3.2

ACM/ACO

3.2 April 2024

3.3

Create a dedicated IT Security team (AWSB) to implement and manage the CCTV program.
Leverage mission capacity and/or employ a modular approach to CCTV system maintenance.
Establish a CCTV governance structure, including procurement partners, to provide oversight to the global rollout of the program which will report regularly to the client and the appropriate governance oversight committee within Platform, and annually to SIPAB.

3.3

Provide oversight to the global rollout of the program which will report regularly to client as well as the appropriate governance oversight committee within Platform, and annually to SIPAB.
CCTV program that meets the security requirements rolled out en mass to mission providing mission critical perimeter surveillance capacity.

3.3

AWD/AWS with the support of CSD/CSS

3.3 September 2024

3.4

Continue to report on a quarterly basis the health status (i.e., measures of on time, on scope, on budget) of all major Real Property projects, including procurement milestones.

3.4

Quarterly updates are provided via the Integrated Business Plan.
Bi-monthly updates on project health statuses of projects >$1M are given to PPOC (Platform Portfolio Oversight Committee).
IPMF (Investment and Project Management Framework) and SLPMF (Service Line Project Management Framework) monitoring dashboards enable real-time visualizations of project health status.
An “Overall Health Guidance” document has been published whose aim will standardize the way in which health statues are reported.

3.4

ACM/ACO

3.4 June 2024

3.5

Invite stakeholders from relevant missions and procurement advisors to meetings of the Service Delivery Performance Advisory Board (SDPAB) to enhance the coordination of the planning and delivery of all property-related projects and activities.

3.5

Stakeholders from relevant Missions and procurement teams are regularly invited to Mission-specific SDPABs.

3.5

ACM/ACO

3.5 April 2024

3.6

Present to EXCO by end of 2024 on the Duty of Care envelope, including whether the overhaul of ACM is positively affecting delivery of DoC physical infrastructure projects and if not, what further changes are required.

3.6

GAC senior management will be confident that recent structural changes to Platform have enabled the division to better deliver its suite of physical infrastructure projects

3.6

ACM/ACO with support from ARQ

3.6 December 2024

Recommendation 4: Mission Readiness Teams

CFM, in consultation with HCM and missions, should develop a long-term strategy for the evolution of the mission readiness program, including for mission readiness team composition, training and staff assignments, to ensure appropriate alignment with mission safety and security needs, existing mission readiness team capacity and in consideration of available resources as well as apply GBA Plus lens. The strategy should ensure a balance between security and operational priorities to support inclusive and effective international cooperation while maintaining an appropriate standard of care.

Management response and commitment

Agree with this recommendation that the Readiness Program has been a success for emergency management and security at mission and should continue with a comprehensive long-term strategy for sustainability beyond this funding envelope. Recent efforts include enhancing/expanding existing trainings and launching new ones (e.g. new hybrid Regional Program Managers (RPM)-specific core training program and a new mandatory course for GAC employees: Introduction to Security and Cyber Security Essentials); developing of guidelines and tools for mission use; and creating additional RPM positions.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
4.1 Building on the work that was done in 2022-23 on Readiness Stewardship, cultivate and refine a long-term strategy for the Readiness program, incorporating a GBA Plus lens. As part of this effort: Analyze Readiness team position types, including strengths, weaknesses, and suitability, according to the threat environment. Assess Readiness team configurations based on mission type/size, area of responsibility, and overall risk, resources, and capacities. Examine options and begin preparations for a post Duty of Care resources (both at HQ and abroad) to support the program’s expansion and effectively meet mission Readiness needs.	4.1 A comprehensive long-term strategy, incorporating a GBA Plus lens that will evolve the Readiness Program to address the challenges of the future. The strategy includes but is not limited to the creation of new Readiness Program structural models to align with program growth projections, a plan for Readiness budget and a program growth costing model. RPM program deployment, responsibilities and accountabilities harmonized with MSMS to ensure informed and accountable security program management.	4.1 CSD/CSR with the support of CSG, CET, CSS, IND/INT, and INS, HFD/HFP, AFD/AFS	4.1 March 2026
4.2 Develop a strategy for Readiness assignments in hardship locations. Conduct outreach, offer info sessions, as well as work with HOMs to ensure thorough candidate vetting, and increase candidate capacity once confirmed through both virtual and in-person training.	4.2 A comprehensive long-term strategy for hardship locations, incorporating a GBA Plus lens, that will evolve the Readiness Program candidate capacity to address the challenges of the future. (see details above)	4.2 CSD/CSR with HFD/HFP	4.2 March 2026
4.3 Development of the Policy on the Management of Psychosocial Health in Conflict Zones, which includes a pilot-project with KYIV.	4.3 Enhance Psychosocial Support in high-risk missions to ensure that all employees operating in these challenging environments, including diverse groups, receive the appropriate psychosocial support. The ultimate outcome is a more resilient workforce that is better equipped to manage the psychosocial challenges of their roles while maintaining their health and well-being. This aligns with the department’s commitment to protecting the health of its employees and effectively delivering on its mandate, even in the most challenging environments.	4.3 HWD/HWH, with ZID/ZIB	4.3 Pilot-project: October 2024 Policy: March 2025
4.4 Continue to refine RPM training: Composition of the RPM Core training will be modified in 2024 to include 3 weeks of in-person training (an increase from 2 weeks in 2023) and 1 week of webinar training (a decrease from 2 weeks in 2023). Continue soliciting feedback and act upon lessons learned from the annual RPM core training sessions. Provide Readiness specialists abroad with yearly training and skills upgrade sessions to ensure up-to-date knowledge in a security and emergency management environment.	4.4 Enhance the RPM training program to ensure appropriate alignment with mission safety and security needs, existing mission readiness team capacity and in consideration of available resources and a GBA Plus lens. Accountable security program management.	4.4 CSD/CSR in collaboration with CET and CSS	4.4 June 2026
4.5 Continue to work with missions to examine effective program governance structures, tools, and products to support consistent and evidence-based program roll out and alignment with mission security and emergency management needs.	4.5 Improved Readiness guidance products, tools and templates to bolster effectiveness of Program Managers. RPM program tools, products and structures meet the requirements of the Mission Security Management System and Framework of Accountability to ensure informed and accountable management.	4.5 CSD/CSR with support of CSG, CET, CSS, AFS	4.5 March 2026
4.6 Examine strategies to address RPM’s health, safety, and well-being and proactively support the psychological health of Readiness specialists.	4.6 Develop a comprehensive strategy for Resilience in Readiness to support Program practitioners in effective balanced delivery of security, emergency and operational priorities. Develop and offer training to outgoing readiness officers and managers on psychological health and safety as well as responses to potentially traumatic events	4.6 CSD/CSR with CSG, ZID/ZIB, HWH	4.6 March 2026
4.7 Review Occupational health and safety training offered to employees at mission, including on psychological health. Delivery of psychological training to enhance resilience in the face of adverse conditions and traumatic events.	4.7 Compliance with GAC legal obligations under the CLC and proactive prevention of potential issues. Equip the workforce with the necessary knowledge and skills to identify and manage risks related to their tasks and work environment, including psychological risks. ZID will adapt and facilitate workshops on psychological health based on risks assessments performed by HWH. The ultimate outcome is a well-trained workforce that is capable of effectively preventing issues, leading to improved compliance with legal obligations and a safer, healthier work environment.	4.7 HWD/HWH and ZID/ZIB, with support from CSR	4.7 March 2026
4.8 Development of a Health-related Emergency Plan for missions to ensure they are ready to address any health emergencies. The plan includes first aid training, provision of first aid kits tailored to the identified risks, medical evacuation procedures, mental health first aid, and the identification of regional medical hubs.	4.8 Comprehensive preparedness for health emergencies that enables missions to respond effectively and promptly to health crises, thereby safeguarding the health and well-being of all staff. Enhancement of GAC’s ability to provide timely and appropriate medical support in emergency situations. The ultimate outcome is a mission workforce that is well-equipped and trained to manage all types of health emergencies (physical and mental), ensuring the safety and well-being of all staff. This aligns with the department’s goal of maintaining a robust, integrated, and legally compliant security and OHS program. This outcome ensures that the department remains committed to continuous improvement in its emergency preparedness practices and proactive in its approach to risk prevention.	4.8 HWD/HWH, with support from CSR, ZID/ZIB	4.8 March 2026

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

4.1

Building on the work that was done in 2022-23 on Readiness Stewardship, cultivate and refine a long-term strategy for the Readiness program, incorporating a GBA Plus lens.

As part of this effort:

Analyze Readiness team position types, including strengths, weaknesses, and suitability, according to the threat environment.
Assess Readiness team configurations based on mission type/size, area of responsibility, and overall risk, resources, and capacities.
Examine options and begin preparations for a post Duty of Care resources (both at HQ and abroad) to support the program’s expansion and effectively meet mission Readiness needs.

4.1

A comprehensive long-term strategy, incorporating a GBA Plus lens that will evolve the Readiness Program to address the challenges of the future. The strategy includes but is not limited to the creation of new Readiness Program structural models to align with program growth projections, a plan for Readiness budget and a program growth costing model.
RPM program deployment, responsibilities and accountabilities harmonized with MSMS to ensure informed and accountable security program management.

4.1

CSD/CSR with the support of CSG, CET, CSS, IND/INT, and INS, HFD/HFP, AFD/AFS

4.1 March 2026

4.2

Develop a strategy for Readiness assignments in hardship locations.
Conduct outreach, offer info sessions, as well as work with HOMs to ensure thorough candidate vetting, and increase candidate capacity once confirmed through both virtual and in-person training.

4.2

A comprehensive long-term strategy for hardship locations, incorporating a GBA Plus lens, that will evolve the Readiness Program candidate capacity to address the challenges of the future. (see details above)

4.2

CSD/CSR with HFD/HFP

4.2 March 2026

4.3

Development of the Policy on the Management of Psychosocial Health in Conflict Zones, which includes a pilot-project with KYIV.

4.3

Enhance Psychosocial Support in high-risk missions to ensure that all employees operating in these challenging environments, including diverse groups, receive the appropriate psychosocial support.
The ultimate outcome is a more resilient workforce that is better equipped to manage the psychosocial challenges of their roles while maintaining their health and well-being. This aligns with the department’s commitment to protecting the health of its employees and effectively delivering on its mandate, even in the most challenging environments.

4.3

HWD/HWH, with ZID/ZIB

4.3

Pilot-project: October 2024

Policy: March 2025

4.4

Continue to refine RPM training:

Composition of the RPM Core training will be modified in 2024 to include 3 weeks of in-person training (an increase from 2 weeks in 2023) and 1 week of webinar training (a decrease from 2 weeks in 2023).
Continue soliciting feedback and act upon lessons learned from the annual RPM core training sessions.
Provide Readiness specialists abroad with yearly training and skills upgrade sessions to ensure up-to-date knowledge in a security and emergency management environment.

4.4

Enhance the RPM training program to ensure appropriate alignment with mission safety and security needs, existing mission readiness team capacity and in consideration of available resources and a GBA Plus lens.
Accountable security program management.

4.4

CSD/CSR in collaboration with CET and CSS

4.4 June 2026

4.5

Continue to work with missions to examine effective program governance structures, tools, and products to support consistent and evidence-based program roll out and alignment with mission security and emergency management needs.

4.5

Improved Readiness guidance products, tools and templates to bolster effectiveness of Program Managers. RPM program tools, products and structures meet the requirements of the Mission Security Management System and Framework of Accountability to ensure informed and accountable management.

4.5

CSD/CSR with support of CSG, CET, CSS, AFS

4.5 March 2026

4.6

Examine strategies to address RPM’s health, safety, and well-being and proactively support the psychological health of Readiness specialists.

4.6

Develop a comprehensive strategy for Resilience in Readiness to support Program practitioners in effective balanced delivery of security, emergency and operational priorities.
Develop and offer training to outgoing readiness officers and managers on psychological health and safety as well as responses to potentially traumatic events

4.6

CSD/CSR with CSG, ZID/ZIB, HWH

4.6 March 2026

4.7

Review Occupational health and safety training offered to employees at mission, including on psychological health.
Delivery of psychological training to enhance resilience in the face of adverse conditions and traumatic events.

4.7

Compliance with GAC legal obligations under the CLC and proactive prevention of potential issues.
Equip the workforce with the necessary knowledge and skills to identify and manage risks related to their tasks and work environment, including psychological risks.
ZID will adapt and facilitate workshops on psychological health based on risks assessments performed by HWH.
The ultimate outcome is a well-trained workforce that is capable of effectively preventing issues, leading to improved compliance with legal obligations and a safer, healthier work environment.

4.7

HWD/HWH and ZID/ZIB, with support from CSR

4.7 March 2026

4.8

Development of a Health-related Emergency Plan for missions to ensure they are ready to address any health emergencies. The plan includes first aid training, provision of first aid kits tailored to the identified risks, medical evacuation procedures, mental health first aid, and the identification of regional medical hubs.

4.8

Comprehensive preparedness for health emergencies that enables missions to respond effectively and promptly to health crises, thereby safeguarding the health and well-being of all staff. Enhancement of GAC’s ability to provide timely and appropriate medical support in emergency situations.
The ultimate outcome is a mission workforce that is well-equipped and trained to manage all types of health emergencies (physical and mental), ensuring the safety and well-being of all staff. This aligns with the department’s goal of maintaining a robust, integrated, and legally compliant security and OHS program.
This outcome ensures that the department remains committed to continuous improvement in its emergency preparedness practices and proactive in its approach to risk prevention.

4.8

HWD/HWH, with support from CSR, ZID/ZIB

4.8 March 2026

Recommendation 5: Clarity of safety and security responsibilities and accountabilities

CFM, in consultation with ACM, HCM, IFM, SCM, geographic branches and USS, should leverage and build upon existing relevant frameworks to develop a comprehensive departmental security policy and guidance that articulates up-to-date authorities, responsibilities and accountabilities of organizational units, departmental officials and governing bodies involved in safety and security investments and programming at Canada’s missions abroad, including accountabilities for accepting unmitigated or residual risk.

Management response and commitment

Agree with the recommendation to build upon the existing robust security policy framework by strengthening and confirming focal points and enhancing accessibility to policy direction across the department. Recent efforts include the ongoing migration to a new Departmental Security Resource (DSR) and preparation for its launch, and the development of the Mission Security Management system (MSMS) policy instrument which has been designed to coalesce the siloed mission security functions into one functional system.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
5.1 Enhance accessibility to, and awareness of, security policy guidance through the ongoing migration to a new Departmental Security Resource (DSR) (a SharePoint comms site). The DSR will include mission security standard operating procedures, supplemental products, and work instructions. As part of regular review and development of policy guidance, update and further articulate roles, responsibilities, and accountabilities. This includes finalizing the Mission Security Framework of Accountability. In addition, IND will contribute, where it pertains to highly classified information, towards C-branch’s work to a develop a comprehensive departmental security policy including accountabilities.	5.1 Security responsibilities and accountabilities are clearly defined and documented, and comprehensive security and duty of care guidance is easily accessible because of the transition of existing security content to the Departmental Security Resources and subsequent analysis to identify and fill policy and guidance gap areas. Clear and scalable baseline expectation for security operations abroad which will contribute to a more holistic and sustainable system of mission security program management, security risk management and investment. Policy and cross-branch implementation and reporting procedures are integrated into a single policy eco-system resulting in in data informed and documented decisions. These efforts will help strengthen the department's readiness operations, duty of care responsibilities and investments.	5.1 CSD/CSG with CFM divisions, ACM, HCM, IFM, SCM and JUS	5.1 March 2025

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

5.1

Enhance accessibility to, and awareness of, security policy guidance through the ongoing migration to a new Departmental Security Resource (DSR) (a SharePoint comms site). The DSR will include mission security standard operating procedures, supplemental products, and work instructions.

As part of regular review and development of policy guidance, update and further articulate roles, responsibilities, and accountabilities. This includes finalizing the Mission Security Framework of Accountability.

In addition, IND will contribute, where it pertains to highly classified information, towards C-branch’s work to a develop a comprehensive departmental security policy including accountabilities.

5.1

Security responsibilities and accountabilities are clearly defined and documented, and comprehensive security and duty of care guidance is easily accessible because of the transition of existing security content to the Departmental Security Resources and subsequent analysis to identify and fill policy and guidance gap areas.
Clear and scalable baseline expectation for security operations abroad which will contribute to a more holistic and sustainable system of mission security program management, security risk management and investment.
Policy and cross-branch implementation and reporting procedures are integrated into a single policy eco-system resulting in in data informed and documented decisions.
These efforts will help strengthen the department's readiness operations, duty of care responsibilities and investments.

5.1

CSD/CSG with CFM divisions, ACM, HCM, IFM, SCM and JUS

5.1 March 2025

Recommendation 6: Scope of GAC’s duty of care obligations and resourcing strategy

To inform planning for the next iteration of departmental mission security investments and programming beyond the 2016 DoC MC timeframe (2017-18 to 2026-27):

CFM, in partnership with ACM, HCM, IFM, JFM, SCM and geographic branches, should define, document, and communicate the full scope of departmental responsibilities to protect people, information and assets at missions abroad, taking into consideration the needs of diverse stakeholder groups, including but not limited to women, 2SLGBTQI+, people with disabilities, racialized and indigenous peoples and mission security contexts.
CFM, in partnership with ACM, HCM, IFM and SCM, should develop resourcing strategies to implement effective and sustainable solutions to protect infrastructure, information and people abroad, based on an assessment of the gaps in GAC’s ability to meet its responsibilities and the capacity of departmental teams to implement solutions.

Management response and commitment

Agree with this recommendation to further define and communicate the scope of the departmental legal and policy obligations to protect people, including Canada-based staff, dependants, and Locally Engaged Staff.
Agree with the recommendation to build upon the successes and best practices to inform the next phase of DoC resourcing.

Actions	Expected Deliverables / Outcomes	Responsibility Centres (Bureau/Division)	Target Dates
6.1 Finalize a thorough assessment of existing legal and policy requirements related to duty of care, while considering the specific needs of different stakeholders (e.g., CBS, LES, contractors), and the unique security contexts of missions. This involves the contribution of ZIB to ensure that psychological health is a cross-cutting component of GAC’s scope of DoC. Continue to develop standard operating procedures to implement DoC policy and develop a clear and concise communication strategy to disseminate duty of care obligations to all relevant parties, including mission personnel, management, and external partners, are aware of their responsibilities. Clarify the distinction between the Duty of Care envelope and the larger Duty of Care legal concept and its application within GAC’s operational context.	6.1 Informed Duty of Care Compliance - A comprehensive understanding of GAC’s obligations, which considers the specific needs of different stakeholders and the unique security contexts of missions, will enable GAC to better fulfill its duty of care. This aligns with the department’s goal of protecting people, information, and assets at missions abroad. This aligns with the department’s goal of ensuring that everyone involved in its missions is well-informed and capable of fulfilling their responsibilities under the duty of care. Gap areas with respect to overall duty of care obligations – both in terms of security and OH&S – and the funding and resources provided through the Duty of Care funding envelope are clearly identified. Mission Security Management System (MSMS) and Mission Security Framework of Accountability informed with GAC’s Duty of Care policies.	6.1 An HWD/HWH-led initiative in partnership with ZID, CSG, CSS, ACM, IFM, JFM, SCM and geographic branches	6.1 March 2025
6.2 Continue to identify priorities for resourcing based upon risk analysis and the evolving security situation including using the Mission Security Management System (MSMS), an analytical process for assessing the operational context of GAC missions and identifying the risk level of threats that may affect GAC personnel, information and assets. Develop a long-term resourcing strategy, including the potential need for a new budget ask and/or policy cover to address identified priorities.	6.2 A functional and fully implemented MSMS that is interoperable with/and supports GAC’s Duty of Care policy Standardized mission security responses (accountable, reliable, cost effective, agile and responsive manner), across the mission network. Systemized cross branch planning mechanism, informed and accountable through the MSMS, meeting the evolving challenges of the global security context.	6.2 CSD/CSS in partnership with ACM, HCM, IFM, JFM, SCM and geographic branches	6.2 March 2026
6.3 Explore the possibility of identifying clear requirements for positions abroad, called “bona fide operational requirements”, particularly in hardship locations where the health system may be inadequate, or emergency response, including medevac, may be delayed.	6.3 Effective Personnel Placement and Health Protection: The right individuals are placed in appropriate roles. The ultimate outcome is a workforce that is not only well-suited to their roles but also capable of performing their duties effectively while maintaining their health. This approach aligns with the department’s mandate and commitment to safeguarding the health and well-being of its employees, especially in challenging environments.	6.3 HWD/HWH, with HFD/HFP, HWL, CSR	6.3 March 2026

Actions

Expected Deliverables / Outcomes

Responsibility Centres
(Bureau/Division)

Target Dates

6.1

Finalize a thorough assessment of existing legal and policy requirements related to duty of care, while considering the specific needs of different stakeholders (e.g., CBS, LES, contractors), and the unique security contexts of missions. This involves the contribution of ZIB to ensure that psychological health is a cross-cutting component of GAC’s scope of DoC.
Continue to develop standard operating procedures to implement DoC policy and develop a clear and concise communication strategy to disseminate duty of care obligations to all relevant parties, including mission personnel, management, and external partners, are aware of their responsibilities.
Clarify the distinction between the Duty of Care envelope and the larger Duty of Care legal concept and its application within GAC’s operational context.

6.1

Informed Duty of Care Compliance - A comprehensive understanding of GAC’s obligations, which considers the specific needs of different stakeholders and the unique security contexts of missions, will enable GAC to better fulfill its duty of care. This aligns with the department’s goal of protecting people, information, and assets at missions abroad.
This aligns with the department’s goal of ensuring that everyone involved in its missions is well-informed and capable of fulfilling their responsibilities under the duty of care.
Gap areas with respect to overall duty of care obligations – both in terms of security and OH&S – and the funding and resources provided through the Duty of Care funding envelope are clearly identified.
Mission Security Management System (MSMS) and Mission Security Framework of Accountability informed with GAC’s Duty of Care policies.

6.1

An HWD/HWH-led initiative in partnership with ZID, CSG, CSS, ACM, IFM, JFM, SCM and geographic branches

6.1 March 2025

6.2

Continue to identify priorities for resourcing based upon risk analysis and the evolving security situation including using the Mission Security Management System (MSMS), an analytical process for assessing the operational context of GAC missions and identifying the risk level of threats that may affect GAC personnel, information and assets.
Develop a long-term resourcing strategy, including the potential need for a new budget ask and/or policy cover to address identified priorities.

6.2

A functional and fully implemented MSMS that is interoperable with/and supports GAC’s Duty of Care policy
Standardized mission security responses (accountable, reliable, cost effective, agile and responsive manner), across the mission network.
Systemized cross branch planning mechanism, informed and accountable through the MSMS, meeting the evolving challenges of the global security context.

6.2

CSD/CSS in partnership with ACM, HCM, IFM, JFM, SCM and geographic branches

6.2 March 2026

6.3

Explore the possibility of identifying clear requirements for positions abroad, called “bona fide operational requirements”, particularly in hardship locations where the health system may be inadequate, or emergency response, including medevac, may be delayed.

6.3

Effective Personnel Placement and Health Protection:

The right individuals are placed in appropriate roles. The ultimate outcome is a workforce that is not only well-suited to their roles but also capable of performing their duties effectively while maintaining their health. This approach aligns with the department’s mandate and commitment to safeguarding the health and well-being of its employees, especially in challenging environments.

6.3 HWD/HWH, with HFD/HFP, HWL, CSR

6.3 March 2026

Date modified:: 2024-12-24

抖淫视频

Language selection

Search

Management Response and Action Plan (MRAP): Evaluation of Duty of Care Envelope, 2017-18 to 2022-23

Introduction

Management Response and Action Plan (MRAP)