The Insider Risk Assessment Tool

The Insider Risk Assessment Tool (IRAT) is a voluntary, easy to use, virtual self-assessment tool developed by Public Safety Canada (PS). It is specifically designed with Canadian critical infrastructure (CI) stakeholders in mind, to assess their organization’s security posture as it relates to insider risk.

Insider risk can be anyone with knowledge or access to an organization’s infrastructure who misuses that access to harm employees, customers, assets, reputation or interests.

Stakeholders who complete the IRAT will receive a detailed report which, when used in conjunction with the Enhancing Canada’s Critical Infrastructure Resilience to Insider Risk document, will provide participants with useful information and guidance to help increase their organization’s insider risk resiliency.

Who can use the IRAT

Individuals from Canadian CI organizations who are familiar with the existing physical and cyber security practices within their organization can participate in this assessment.

How it works

The IRAT begins with questions about recent incidents linked to insider risk within your organization. It continues with questions related to the three themes and eight security actions found in the insider risk guidance document.

Your responses are then evaluated and you are provided with insider risk resilience scores and ratings.

Participating organizations should ensure that personnel who are completing the IRAT have knowledge of how insider risk is mitigated within their organizations. Completing the IRAT takes approximately one hour.

After the self-assessment

Immediately after finishing the assessment, participants will receive a real-time, tailored report based on the answers submitted.

The report gives a score on the organization’s overall insider risk resilience, a score for each theme, and scores for each of the eight security actions.

How it helps your organization

In addition to the self-assessment scores, the IRAT report also provides guidance and advice designed to help improve your specific organization’s resilience to insider risk and overall security posture.

This information can be used to assess your organization’s current risk, and be used as a baseline should you wish to repeat the assessment in the future.

Participation in this assessment also helps PS gain a better understanding of the risks Canadian CI is vulnerable to by insiders. This data could influence future PS programs and policies, resulting in a more resilient Canadian CI community.

To request access to the IRAT

If you would like to complete the IRAT, or for more information, please contact us.

The results of this self-assessment will be made available only to designated members of Public Safety Canada who are responsible for program administration.

All self-assessment responses will be treated as confidential, but will remain subject to the provisions of the Access to Information Act.

With those obligations in mind, the self-assessment has been designed to avoid collecting identifying information such as names, organizations, email addresses or IP addresses.

Date modified: