Sign In

As threats to Information Technology security become more sophisticated and continue to pose a significant risk to the Government of Saskatchewan's business, it is important for all of us to realize and accept that information security is everyone's responsibility. To ensure the privacy and accuracy of the information entrusted to us, we must all comply with the security policies and procedures for managing information in a secure manner.

To increase our awareness of information security concepts and learn more about Government's information security resources, policies, standards, and specifications, we are all encouraged to review the information available on this site. A good starting point for all of us is the IT Security Handbook.

Information Security Branch

The Information Security branch within the IT Division (ITD) of the Ministry of Central Services is responsible for managing all things related to IT security including, though not necessarily limited to:

  • Providing interpretation and enforcement of the information security policy and standards;
  • Providing information security education and awareness;
  • Responding to information security Incidents;
  • Performing Threat Risk Assessments (TRAs) for IT-related business initiatives throughout Government;
  • Providing security assessment and overall security requirements oversight for IT-related Solution and Services Procurements;
  • Providing information security advice and guidance for business areas;
  • Evaluating new threats and vulnerabilities.

Detailed security resources, policy, standards, and specifications are listed under "Related Documents " section at the bottom of this page.

You may also jump to information pertaining to specific topics here:

Should you require additional information, have questions regarding any of the information presented on this site, or you have suggestions or requests related to information on this site, please contact Information Security Branch at

Reporting an incident

If a security-related event or incident is observed, immediately report it to the IT Service Desk.

ITD Service Desk
Phone: 306-787-5000*
*Please note that this number requires 10-digit dialing. 

Such events may include, though are not necessarily limited to:

  • Accidentally opening a malicious or phishing link or attachment;
  • Suspecting that a virus or other malicious code has infected your PC;
  • Suspecting that your user credentials have been compromised;
  • Observing behavior from your PC that could be considered out of the ordinary;
  • Discovering print outs of sensitive information left on a printer or fax machine;
  • Observing unauthorized disclosure of government information;
  • Observing unauthorized access to government information or facilities;
  • Discovering that user credentials have been shared with more than just the authorized user of an account;
  • Any circumstance in which your instincts tell you something pertaining to the security of information is wrong!

When in doubt, err on the side of caution and report suspicious activity or circumstances to the Ministry Security Officer. A list of Ministry Security Officers is provided in the Security Officers List.

Protection from spam and phishing

Unfortunately, even with firewalls and other protections in place, spam can get through. Sometimes, spam containing malicious links or attachments is received by employees in their mailboxes. We can all do our part to help prevent viruses or other malware by not opening suspicious links and attachments in emails.

Phishing, the act of trying to obtain confidential information or money from users, has become increasingly common and those using phishing tactics are becoming increasingly sophisticated. These tactics often include an email that appears to be from a legitimate source such as your bank, one of our vendors, or other common companies. Tactics will also include utilizing current world or local events to entice users to click on links or open attachments.

In some cases, phishing campaigns may even use a email or other familiar accounts. If you think you may have a suspicious email from or other familiar account, try phoning the sender before clicking any links or opening any attachments to confirm it was sent by the sender. If you cannot confirm this, do not open it. Delete the email from your inbox and delete it permanently from the deleted items folder.

There is additional information in the IT Security Handbook pertaining to identifying and reporting suspicious email.

Information security policies

When in doubt, reference the policy. Policies are in place to help us govern IT security issues and make the best possible decisions when it comes to protecting government data. Government's Information Security Policy is intended to help safeguard the confidentiality, integrity, and availability of the government's information and systems. Users are bound by this policy and should understand and abide by it. 

In the "Related Documents " section below, under the "Policy" heading, is a list of the Government of Saskatchewan's Information Security Policies. These are administered by the Information Security Branch.

Other documents which users should be familiar with include:

  • IT Acceptable Usage Policy: The IT Acceptable Usage Policy and its appendices are administered by the Public Service Commission.
  • Social Media Policy: This policy governs the publication of and commentary on social media platforms by employees of the Government of Saskatchewan and its ministries. This policy is administered by the Digital Strategy and Operations Branch of the Ministry of SaskBuilds and Procurement.

Information classification

Information Classification is used to determine the appropriate classification of data for government information and is an exercise that should be completed by the Information Owner before any IT-related initiative. Information Owners should be familiar with A Guide for Information Protection Classification and use the Statement of Sensitivity to determine if data is considered Public, Class C, Class B or Class A and whether the integrity and availability are at a High, Medium, or Low level.

Different security measures are required depending on the classification determined by the Information Owner in the Statement of Sensitivity.

Security assessments

Completing a security assessment is an important component of any project. If you are involved in a new government IT initiative, work on an IT project handling sensitive information, or your project involves external hosting of data, you need to think about the Confidentiality, Integrity, and Availability of information and, specifically, how the information will be protected from unauthorized access, loss, or modification. 

A Threat Risk Assessment (TRA) is required for all IT projects. A TRA can be initiated by submitting a ServiceNow service request to Security Ops or through the project coordinator.

Security assessments will be presented to project teams and business stakeholders and any risks identified as a result of the assessment must be addressed to the satisfaction of Government’s Security Governance Committee.

Ministry Security Officers

Security Officers work closely with the Information Security Branch to assist with matters of Information Security throughout the Government of Saskatchewan. Security Officers are responsible for promoting security awareness and compliance with information security policies and tracking information security risks and mitigation within their ministry or agency.

If you have a question related to the security of your data or electronic information, you may contact your designated Security Officer. A list of Security Officers is provided in Security Officers List.

As always, if you observe an information security incident, immediately report it to the IT Service Desk.

ITD Service Desk
Phone: 306-787-5000*
*Please note that this number requires 10-digit dialing. 

Contact information

If you have any questions or require more information please contact:

Information Security branch

Phone 306-798-3550*
*Please note that this number requires 10-digit dialing. 
Business hours are Monday to Friday 8 a.m. to 5 p.m. 

Report an Incident
To report an Information Security Incident, immediately contact: 

ITD Service Desk
Phone: 306-787-5000*
*Please note that this number requires 10-digit dialing. 

Examples of an IT security incident include clicking on a phishing link or opening a malicious attachment in an email. When in doubt, immediately report IT security incidents to ensure the public's data remains secure.

 Related Documents