The review also pointed to long-standing issues regarding the RCMP’s information technology security.
“Unlike the majority of other government departments and agencies, security awareness training is not mandatory at the RCMP. The security review team was unable to determine the rationale for this clear gap,” the report said.
Beaulac said security awareness training is now mandatory and is taught on a regular basis.
“We’re trusted with a lot of information and we have to make sure we’re doing things to the best of our abilities to protect that information and use it properly,” he said.
Departmental security has been tightened since the Ortis incident, said Beaulac. No longer scattered across multiple sections, the departmental security program is now a standalone unit that reports directly to a deputy commissioner.
“As we face our challenges, security is now at the table, and it’s a huge change for us,” he said.
The report’s authors made 43 recommendations, some of which were redacted in the copy obtained by CBC News.
The committee called on the RCMP to establish a new policy centre on insider threats, consult with the Department of Justice on how to conduct random physical security checks and limit the number of zones in RCMP buildings with access to classified networks and printing locations.
“The vast majority of employees of the RCMP are dedicated and loyal but, as Ortis’s alleged actions demonstrate, we can no longer trust without regularly verifying,” says the report.
“The recommendations will, hopefully, either prevent this from happening [or] allow the RCMP to be able to catch these malicious actors earlier.”
