IM/IT Standards Frequently Asked Questions


Standards & Policies

What is the difference between an IM/IT Standard and Information Security Policy or Core Policy?

A policy is a statement of intent, whereas a standard is a convention or requirement. As an example, a policy may state that "you must encrypt sensitive traffic" and a corresponding standard may specify to use "128-bit SSL encryption".

Contact for questions related to Information Security Policy or IM/IT Standards
Contact for questions relating to Chapter 12 of Core Policy.

What if I am unable to comply with a standard or policy?

In some cases, agencies are unable to comply with a standard or policy or require more time to come into compliance. In this instance, they must submit an Exemption Request.

Before submitting, please review the Exemption FAQs. Once you have reviewed the FAQs, you can submit your Exemption Request.

How are standards developed?

The Office of the Chief Information Officer (OCIO) is responsible for leading the development, maintenance and communication of government-wide IM/IT architectures and standards. Details about this process can be found in the Standards Development Lifecycle document (currently being reviewed).

Where can I get previous versions of standards?

Current standards are online. However, over time, standards can become obsolete.
Contact us to request copies of previous versions.



What is the difference between exemptions to IM/IT Standards and exemptions to Information Security Policy or Chapter 12 of Core Policy?

The submission process is the same for an exemption to a standard or a policy. OCIO staff work collaboratively to process every Exemption Request.

How do I know if I need an exemption?

To determine if you need an exemption you may refer to this guide. If you are still unsure, please contact us.

What will I need to include with my exemption?

With your Request for Exemption, please include: 

Who can submit an exemption? What approvals do I need?

Only core government staff can submit an exemption; however, they can do it on behalf of contractors. You will need to include approval from your Ministry Information Security Officer and Ministry Chief Information Officer.

After submitting an exemption, how can I find the status?

After submitting your Exemption Request, you can log in to track it or you can contact us.

How long will it take to process my exemption?

Exemption Request processing times will vary depending on the complexity of the request. We are working on streamlining his process and will update this page during the process.