Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Passenger Rail Transportation Security Regulations (SOR/2020-222)

Regulations are current to 2023-01-25 and last amended on 2022-01-06. Previous Versions

PART 5Security Plan

Marginal note:Security plan — objectives

  •  (1) A passenger company, other than a small passenger company, must have and implement a security plan that contains measures to be taken to prevent, detect, mitigate, respond to and recover from acts or attempted acts of unlawful interference with passenger rail transportation.

  • Marginal note:Strategy

    (2) In order to meet the objectives of subsection (1), the security plan must set out

    • (a) a risk management strategy that addresses the risks prioritized as medium or higher in the company’s most recent security risk assessment and all other risks that require remedial action; and

    • (b) additional safeguards that are intended to mitigate heightened risk conditions in a graduated manner.

  • Marginal note:Requirements

    (3) The security plan must

    • (a) be in writing;

    • (b) identify, by job title, a senior manager responsible for the plan’s overall development, approval and implementation;

    • (c) describe the organizational structure, identify the departments that are responsible for implementing the plan or any portion of it and identify each position whose incumbent is responsible for implementing the plan or any portion of it;

    • (d) describe the security duties of each identified department and position;

    • (e) set out a process for notifying each person who is responsible for implementing the plan or any portion of it when the plan or that portion of it must be implemented;

    • (f) set out a program for the security awareness training required under section 2 and the components of the security plan training referred to in section 8, including a method to ensure that persons who undergo the security plan training acquire the knowledge and skills required under subsection 8(3);

    • (g) set out a process with respect to security risk assessments required under section 6, including

      • (i) a procedure for conducting security risk assessments, and

      • (ii) a method for assessing and prioritizing the risk;

    • (h) set out a process with respect to remedial actions that are part of the risk management strategy referred to in subsection (2), including

      • (i) a method for identifying security risks that require remedial action, and

      • (ii) a method for implementing remedial actions and for evaluating their effectiveness;

    • (i) set out a process for selecting and implementing additional safeguards required under paragraph (2)(b);

    • (j) describe the remedial actions, including their effectiveness in reducing or eliminating the risks, and the additional safeguards that are part of the risk management strategy referred to in subsection (2);

    • (k) set out the process with respect to security inspections referred to in subsection 5(2);

    • (l) set out a process with respect to security exercises referred to in section 9, including procedures for conducting security exercises;

    • (m) set out a process for responding to threats and other security concerns, including procedures for communicating and coordinating with the host company, if applicable;

    • (n) set out a process for reporting threats and other security concerns;

    • (o) set out a process for reviewing the security plan;

    • (p) include the report on the most recent security risk assessment required under section 6; and

    • (q) set out a policy on limiting access to security-sensitive information and set out measures for the sharing, storing and destruction of that information.

  • Marginal note:Implementation — remedial actions and safeguards

    (4) A passenger company, other than a small passenger company, must implement the remedial actions and additional safeguards referred to in subsection (2), in accordance with the security plan.

  • Marginal note:Timelines — remedial actions

    (5) A passenger company, other than a small passenger company, must establish timelines for implementing each remedial action and for evaluating its effectiveness in reducing or eliminating the risks.

  • Marginal note:Effectiveness — remedial actions

    (6) A passenger company, other than a small passenger company, must evaluate the effectiveness of each remedial action that has been implemented in reducing or eliminating the risks.

  • Marginal note:New remedial action

    (7) If the remedial action is not effective in reducing or eliminating some of the risks, the passenger company must identify additional remedial actions or a new remedial action to address those risks.

  • Marginal note:Security plan management

    (8) A passenger company, other than a small passenger company, must

    • (a) make available to each person who is responsible for implementing the security plan the portions of the security plan that are relevant to the duties of that person;

    • (b) review the security plan at least once every 12 months after the day on which this section comes into force;

    • (c) amend the security plan if it does not reflect the most recent security risk assessment;

    • (d) amend the security plan if deficiencies that could adversely impact the security of passenger rail transportation are identified in the security plan, including those identified during the security exercises;

    • (e) conduct a comprehensive review of the security plan within three years after the day on which this section comes into force and subsequently within three years from the date of completion of the last comprehensive review;

    • (f) notify the persons referred to in paragraph (a) of any amendments to the relevant portions of the security plan; and

    • (g) provide a copy of the security plan to the Minister within 30 days after the day on which this section comes into force or after a comprehensive review is conducted under subsection (e), and a copy of the amended portions of the security plan within 30 days after an amendment is made under paragraph (c) or (d).

Marginal note:Security plan training

  •  (1) A passenger company, other than a small passenger company, must ensure that the following persons employed by, or acting on behalf of, the company undergo training on the components of the security plan referred to in paragraphs 7(3)(c) to (e), (g), (m), (n) and (q), and any other components that are relevant to the person’s duties:

    • (a) persons responsible for the development and implementation of the plan or any portion of it; and

    • (b) any other person with duties referred to in paragraph 7(3)(d) and for whom the training is considered necessary to ensure the effective implementation of the security plan.

  • Marginal note:Provision of training

    (2) A passenger company, other than a small passenger company, must ensure that the training is provided to those persons

    • (a) within 90 days after the day on which this section comes into force, unless those persons have received equivalent training on the security plan before that day;

    • (b) within 90 days after the day on which those persons initially assume the duties referred to in subsection (1), if their duties are assigned after the day on which this section comes into force; and

    • (c) on a recurrent basis at least once every three years after the day on which those persons completed their previous training, including any equivalent training on the security plan received before the day on which this section comes into force.

  • Marginal note:Knowledge and skills

    (3) A passenger company, other than a small passenger company, must ensure that persons, on completion of the training, have acquired the knowledge and skills required to carry out the duties referred to in subsection (1).

  • Marginal note:Supervision

    (4) A passenger company, other than a small passenger company, must ensure that, until those persons complete the training, they perform their duties under the close supervision of a person who has completed the training on the overall security plan.

  • Marginal note:Training on amended plan

    (5) A passenger company, other than a small passenger company, that amends its security plan in a way that significantly affects the security duties of a person referred to in subsection (1) must ensure that, within 30 days after the day on which the amendments are implemented, the person is provided with training on the amendments.

  • Marginal note:Training records

    (6) A passenger company, other than a small passenger company, must keep a training record for each person who has undergone the security plan training and must ensure that the record

    • (a) is kept up to date;

    • (b) contains the person’s name and details of the most recent training they received under subsections (1) and (5), including the date, duration and title of the training and the components of the security plan that were covered;

    • (c) contains the title and the date of any previous security plan training taken by the person; and

    • (d) is retained for at least two years after the day on which the person ceases to be employed by, or ceases to act on behalf of, that company.

  • Marginal note:Retention of training materials

    (7) A passenger company, other than a small passenger company, must ensure that a copy of the most recent training materials is kept.

PART 6Security Exercises

Marginal note:Operations-based security exercise

  •  (1) A passenger company, other than a small passenger company, must carry out, at least once every five years after the day on which section 7 comes into force or, in the case of a passenger company created after the day on which section 7 comes into force, within five years after the day of its creation, an operations-based security exercise that is designed to address acts or attempted acts of unlawful interference with passenger rail transportation and that tests

    • (a) the effectiveness of the security plan and its implementation with respect to

      • (i) the elements of the risk management strategy that are relevant to the scenario selected for the exercise,

      • (ii) the additional safeguards set out in the security plan that are relevant to the scenario selected for the exercise, and

      • (iii) the process for responding to threats and other security concerns; and

    • (b) the proficiency of persons in performing security duties that are relevant to the scenario selected for the exercise.

  • Marginal note:Deemed — security exercises

    (2) The implementation of safeguards in response to a heightened risk condition may be considered an operations-based security exercise if it tests

    • (a) the effectiveness of the security plan and its implementation with respect to

      • (i) the elements of the risk management strategy that are relevant to the heightened risk condition,

      • (ii) the additional security safeguards set out in the security plan that are relevant to the heightened risk condition, and

      • (iii) the process for responding to the heightened risk condition; and

    • (b) the proficiency of persons in performing security duties that are relevant to responding to the heightened risk condition.

  • Marginal note:Notice

    (3) A passenger company, other than a small passenger company, must give the Minister 45 days’ notice of any operations-based security exercise that it plans to carry out.

  • Marginal note:Discussion-based security exercise

    (4) A passenger company, other than a small passenger company, must carry out a discussion-based security exercise at least once every year after the day on which section 7 comes into force or, in the case of a passenger company created after the day on which section 7 comes into force, from the day of its creation, in order to address acts or attempted acts of unlawful interference with passenger rail transportation and that tests the effectiveness of the security plan with respect to

    • (a) the elements of the risk management strategy that are relevant to the scenario selected for the exercise;

    • (b) the additional safeguards set out in the security plan that are relevant to the scenario selected for the exercise; and

    • (c) the process for responding to security threats or other security concerns.

  • Marginal note:Notice

    (5) A passenger company, other than a small passenger company, must give the Minister 45 days’ notice of any discussion-based security exercise that it plans to carry out.

  • Marginal note:Deemed

    (6) An operations-based security exercise carried out under subsection (1) or referred to in subsection (2) is considered to be a discussion-based security exercise.

  • Marginal note:Participants

    (7) A passenger company, other than a small passenger company, must ensure, to the extent possible, that persons with security duties that are relevant to the scenario selected for the exercise participate in the exercise referred to in subsection (1) or (4). In addition, the company must invite host companies and law enforcement and emergency response agencies to participate in the exercise, if their participation is relevant to the scenario.

  • Marginal note:Records

    (8) A passenger company, other than a small passenger company, must create a record of each exercise carried out under subsections (1), (2) and (4) within 30 days after the date of the exercise and must ensure that the record contains the following information:

    • (a) the date of the exercise;

    • (b) the names of participants;

    • (c) a list of the companies and agencies that were invited;

    • (d) a description of the exercise scenario or, in the case of the exercise referred to in subsection (2), a description of the heightened risk condition;

    • (e) a description of the results of the exercise with respect to the elements tested in accordance with subsection (1), (2) or (4), as applicable; and

    • (f) a description of potential actions to address deficiencies that were identified during the exercise and that could adversely impact the security of passenger rail transportation.

  • Marginal note:Retention period

    (9) A passenger company, other than a small passenger company, must ensure the record of each exercise is retained for three years after the date of the exercise.

  • Marginal note:Actions

    (10) A passenger company, other than a small passenger company, must implement any action to address deficiencies that were identified during the exercise and that could adversely impact the security of passenger rail transportation.

Coming into Force

Marginal note:Registration

  •  (1) Subject to subsections (2) to (4), these Regulations come into force on the day on which they are registered.

  • Marginal note:Three months after registration

    (2) Sections 2 and 5 come into force on the day that, in the third month after the month in which these Regulations are registered, has the same calendar number as the day on which they are registered or, if that third month has no day with that number, the last day of that third month.

  • Marginal note:Nine months after registration

    (3) Sections 6 and 7 come into force on the day that, in the ninth month after the month in which these Regulations are registered, has the same calendar number as the day on which they are registered or, if that ninth month has no day with that number, the last day of that ninth month.

  • Marginal note:Fifteen months after registration

    (4) Sections 8 and 9 come into force on the day that, in the fifteenth month after the month in which these Regulations are registered, has the same calendar number as the day on which they are registered or, if that fifteenth month has no day with that number, the last day of that fifteenth month.

 
Date modified: