97. The network information officer designated by the Minister under section 8 of the Act respecting the governance and management of the information resources of public bodies and government enterprises (chapter G-1.03) defines with respect to the bodies, in exercising the functions devolved to the officer under section 10.1 of that Act and in keeping with the information governance rules referred to in section 90, special rules applicable to the management of the information held by the bodies that pertain to, among other things,(1) information security management and the guiding principles concerning security;
(2) the protection and confidentiality of information contained in any technological product or service;
(3) identity management with respect to the persons concerned by information and to the persons and groups that may use or receive communication of the information;
(4) access authorization management with respect to any technological product or service as well as methods for authenticating persons, in accordance with defined degrees of trust;
(5) the physical and logical security of infrastructures, the security of uses and communications of information, and integrated security risk management and incident management;
(6) the categorization of information; and
(7) the obligations concerning reporting on the security of technological products or services used by the bodies.