Accueil · Normes · ITSG-33 — Canadian Centre for Cyber Security IT Security Risk Management

Norme · ITSG-33

ITSG-33 — Canadian Centre for Cyber Security IT Security Risk Management

IT Security Guidance Publication 33 (ITSG-33) — IT Security Risk Management: A Lifecycle Approach — is the foundational risk-management framework for the Government of Canada, published by the Canadian Centre for Cyber Security (a part of the Communications Security Establishment). Federal departments procuring ITAD services typically reference ITSG-33 in their RFPs. For Maxicom federal-department engagements, ITSG-33 alignment is the operational baseline.

Demander un devis sous 2 h Contact

ITSG-33 scope and application

ITSG-33 applies to all federal departments and agencies procuring IT services where cyber risk is in scope. ITAD engagements are in scope. The framework references NIST SP 800-53 controls plus Canadian-government-specific controls; the catalogue is harmonised with U.S. federal practice for cross-border interoperability.

Operator vetting under ITSG-33

ITSG-33 requires personnel security commensurate with the data classification handled. Federal Maxicom engagements use cleared operators (Reliability or Secret clearance per engagement), background-checked, NDA-bound, escort-trained. Per-engagement cleared-operator pool documented.

Federal department engagement profile

Federal departments produce predictable retiring volumes through Public Services and Procurement Canada (PSPC) procurement vehicles. Programme-level engagement model. NDA-bound. Witness destruction standard. On-site or cleared-area destruction protocols.

Treasury Board IT Asset Disposition Policy

Treasury Board of Canada Secretariat issues IT Asset Disposition guidance that complements ITSG-33. Asset categorisation, sanitisation, environmental disposition. Maxicom certificates reference both ITSG-33 and the Treasury Board guidance for federal engagements.

Révisé par le bureau de conformité Maxicom. Dernière mise à jour April 2026.

Opère selon NIST 800-88 · LPRPDE · BSIF B-13 · Norme NAID · IEEE 2883-2022

References

Références faisant autorité

Sources primaires pour les normes citées sur cette page.

Questions fréquentes

Are your operators cleared for federal Canadian engagements?

Yes — Reliability or Secret clearance per engagement profile. Cleared-operator pool documented; per-engagement assignment.

How does ITSG-33 compose with PIPEDA?

PIPEDA applies to personal information regardless of whether ITSG-33 also applies; ITSG-33 covers the broader cyber risk management. Both compose; Maxicom certificates satisfy both.

What about classified-material destruction?

On-site cleared-area destruction with witness; per-asset certificate; chain-of-custody under cleared protocols. Specific to engagement classification level.

Une photo du rack fonctionne. Un tableur fonctionne mieux. Règlement en CAD, contre bon de commande.

Vendre l'informatique — Démarrer une demande — 90 secondes → Demander un service WhatsApp +1 437-996-2283

purchase@maxicom.ca · selon le mandat