Catego for public organizations

Asset categorization is an obligation for public bodies in Quebec. This exercise is defined in the « GUIDE D’APPLICATION CONCERNANT LES RÈGLES ENCADRANT LA GOUVERNANCE À L’ÉGARD DES RENSEIGNEMENTS PERSONNELS ” available on Conseil du trésor

This four-step approach covers the planning, organization, implementation and evaluation of data governance rules.

The Quebec government’s approach covers data governance in its entirety, and involves setting up a personal information inventory, which to quote the document must respect the following elements:

A public body must establish and maintain an up-to-date inventory of its personal information files (section 76 of the Access Act).

Content elements:

  • Establish personal information banks in accordance with section 71 of the Access Act;
  • Create an inventory of personal information banks in accordance with section 76 of the Access Act;
  • Maintain the files and the inventory of files.

This management of personal information inventories provides a framework for previous documents produced by the Conseil du trésor on the implementation of asset categorization.

The categorization register provides a detailed description of categorization objects. It includes their main attributes, such as wording, administrative unit responsible, user process, holder, location6</sup , CID impact level, categorization date, references to impact level allocation documents, etc.

The management of this register is generally entrusted to one person within the organization, i.e. the categorization register holder. This person is responsible for :

recording categorization results;
keeping the register up to date and ensuring that its contents are consistent;
ensuring the security and validity of the register; granting access authorizations to the register;
periodically check with information holders to ensure that the impact levels
impact levels assigned to the assets under their responsibility are still valid.

 

– 6. The location of a categorization object may be a filing cabinet, a server or other.

Information resources: Recommended practice in information security

Catego.info's approach covers both elements, allowing you to computerize your categorization and maintain an inventory / files on the processing of personal information.
 
What's more, catego.info integrates various registers linked to your categorization, enabling you to note incidents, risks and requests for derogation that comply with the Government of Quebec's approach to the legal framework surrounding this management of personal data.

Consulting services

Setting up a data categorization and personal data management exercise is a challenge for public organizations. Although many automated tools can be used to classify data, it is important to bring raw data down to a level of governance that enables the implementation of a long-term action plan.

Request a demo

Our team will be happy to demonstrate our platform and how it can help your organization comply with current legislation.