This document is intended for information and guidance purposes only. It describes the objectives and purpose of security awareness training as required by the Transportation of Dangerous by Rail Security Regulations (Regulations), and provides explanations and guidance to assist railway carriers or railway loaders in meeting the regulatory requirements for security awareness training.
The regulatory requirements outlined in the Regulations supersede what is written in this guidance document. As such, this document does not change, create, amend or permit deviations from the regulatory requirements.
On this page
- Introduction
- Overview of the security awareness training requirement
- Scope of application
- Who does the security awareness training requirement apply to?
- Who is required to receive security awareness training?
- Which topics must be included in a security awareness training program?
- When must security awareness training be provided?
- What happens if an employee does not have the required training?
- Scope of application
- Security awareness training records
- Program evaluation
- Where to find more information
- Annex A: Planning and developing a security awareness training program
- Security awareness training components
Introduction
What is security awareness?
Security awareness means engaging employees, contractors and relevant personnel to make them aware of their roles and responsibilities in relation to security matters. This includes increasing their awareness of their surroundings and familiarity with potential security issues, procedures and how they should respond to such situations.
What is security awareness training?
Security awareness training is a formal process for enhancing employees’ familiarity with security issues and making them more aware of their roles and responsibilities in relation to security matters. A security awareness training program contributes to the development of a strong security culture within a company, whereby relevant employees understand and accept their responsibility to contribute to the security of the organization. The goal of this training is to raise awareness to mitigate known risks related to terrorism, unlawful interference, or any potential threats and other security concerns (e.g. theft, vandalism and unwarranted surveillance). In doing so, security becomes a part of a company’s day-to-day activities to help contribute to a safe and secure transportation system.
What is the purpose of security awareness training?
The purpose of security awareness training is to:
- Increase an individual’s general understanding of the potential threats to, and vulnerabilities within, the rail transportation network and what actions can be taken to mitigate, control, prepare for, or respond to those threats and vulnerabilities;
- Prepare them for their responsibilities relative to security;
- Increase the level of familiarity with general security issues throughout the organization;
- Develop a strong security culture across all levels of the company; and
- Introduce the following concepts related to security awareness: prevention, mitigation, response and recovery.
Overview of the security awareness training requirement
This provision came into force for railway carriers on February 6, 2020 and for railway loaders on May 6, 2020.
Scope of application
Who does the security awareness training requirement apply to?
This requirement applies to railway carriers or railway loaders who meet the following definitions included in the Regulations:
Railway carrier means a person who has possession of dangerous goods for the purposes of transportation by railway vehicle on a main railway line, or for the purposes of storing them in the course of such transportation.
Railway loader means
- any person that operates a handling site, or
- any manufacturer or producer of dangerous goods that has possession of dangerous goods at a handling site for the purposes of loading them prior to, or unloading them after, transportation by rail.
Handling site means a facility connected to a railway line where a railway vehicle is placed for the loading or unloading of dangerous goods.
Who is required to receive security awareness training?
A person who is employed by or is acting directly or indirectly for a railway carrier or railway loader is required to receive security awareness training if the person:
- Offers for transport, handles or transports any of the dangerous goods by railway vehicle, in Canada; or
- Has duties, in Canada, regarding the security of the transportation of dangerous goods by railway vehicle but does not perform any of the duties referred to above. (This could include railway police, the rail security coordinator, or security officers occupying a position in an office environment)
The term “indirectly” is intended to capture persons who are not direct employees of the company. This could include third party contractors who offers for transport, handles or transports dangerous goods for the railway carrier or railway loader.
Which topics must be included in a security awareness training program?
When developing a security awareness training program, a railway carrier or railway loader should determine the type of training necessary to ensure that the required persons receive the appropriate training to fulfill their security-related responsibilities.
While additional topics may be included, the following topics must be included in the training program:
- Security risks posed by the dangerous goods that the railway carrier or railway loader offers for transport, handles or transports;
- Measures that are designed to enhance rail security; and
- Recognition of and response to potential threats and other security concerns.
Some examples of the above topics include, but are not limited to:
- Familiarizing employees with known general security risks identified by the company;
- Overview of employees’ roles and responsibilities; and
- How to detect, report and respond to potential security threats, suspicious behaviour or items, and security incidents.
When must security awareness training be provided?
Railway carriers or railway loaders must ensure that the security awareness training is provided:
- Before the person (referred to in paragraph 14(2)(a)) undertakes their security-related duties, unless the person has previously received equivalent training;
- Within six months of this requirement coming into force and before a person with duties referred to in paragraph 14(2)(b) undertakes their security related duties (unless the person has previously received equivalent training); and
- To all required persons, on a recurrent basis at least once every three years including any equivalent training received before the coming into force of this regulatory requirement.
Equivalent training may be assessed by Transport Canada on a case-by-case basis to determine whether the equivalent training meets the regulatory requirement.
What happens if an employee does not have the required training?
Supervision by a trained employee is required if a person with the duties referred to in paragraph 14(2)(b) has not received security awareness training. Until this person has received the training, they must perform their duties under the supervision of a person who has undergone that training.
Security awareness training records
What security awareness training records are required?
A railway carrier or railway loader must have a training record for each person who has received security awareness training.
The format of a company’s security awareness training records and the location of storage is at the discretion of the company. Records may be kept electronically, in paper format or through a combination of these means.
What must the security awareness training records include?
Security awareness training records must include:
- The person’s name and details of their most recent training session, as well as the following information:
- Date of the training;
- Duration of the training;
- Title of course;
- Delivery method; and
- Name of the training provider, if applicable.
- The name of the training provider refers to the individual or company that provided the training. For example this could be an employee of the railway carrier or railway loader whose responsibility it is to provide training or a contracted entity or third party training provider.
- The training record must also include the title and date of each training session that the person has received.
How long do records need to be maintained after an employee has left the organization?
Records must be retained for at least two years after the day on which the employee is no longer employed by or acting directly or indirectly for the railway carrier or railway loader.
Program evaluation
A company’s security awareness training program should be reviewed and evaluated regularly to confirm its effectiveness.
Examples of baseline measures that may assist in measuring the effectiveness and relevance of the security awareness training provided to employees, could include, for example:
- Employees can define suspicious behaviour and know what to do when suspicious behavior is identified;
- Employees can define suspicious objects and know what to do when suspicious objects are identified; and
- Employees know how to report an incident, suspicious behaviour or objects.
Where to find more information
For general information regarding Transport Canada’s rail security program visit: https://tc.canada.ca/en/rail-transportation/keeping-canada-s-surface-transportation-secure.
For general inquiries to headquarters email: TC.Railsecurity-sureteferroviaire.TC@tc.gc.ca.
Annex A: Planning and developing a security awareness training program
For additional information, please refer to the Code of Practice on Employee Training and Awareness for Rail and Urban Transit Security. A copy of the Code of Practice is available upon request at TC.Railsecurity-sureteferroviaire.TC@tc.gc.ca.
The information below is optional guidance on developing a security awareness training program that may be of value to some railway carriers and railway loaders.
A security awareness training program will vary based on the size and complexity of the company and its operations.
A security awareness training program may be stand-alone or integrated into a company’s other training and awareness programs. Security awareness training programs should be updated periodically to ensure they remain current and effective. Such programs should also include a regular evaluation of their successes, ongoing effectiveness and relevance. In addition, training and awareness programs should reflect operational needs, the company’s security context and the measures contained in its security plan, if applicable.
The following information stems from Transport Canada’s Codes of Practice that were developed in conjunction with rail and transit industry leaders under the voluntary Memorandum of Understanding on Railway Security between Transport Canada and the Railway Association of Canada. The material below is intended to provide railway carriers and railway loaders with information that may assist them in developing a security awareness training program. Companies may adopt aspects of this information in whole or in part, that best suits their particular security and operational needs.
Security awareness training programs can be developed and conducted using a five-phase cycle:
- Identifying needs and objectives;
- Designing and developing the program;
- Delivering the program;
- Evaluating the program; and
- Planning and implementing program improvements using the evaluation results.
Phase one – Identifying needs and objectives
To determine what training is required to ensure that employees are able to fulfill their security-related responsibilities, a railway carrier or railway loader should conduct a needs assessment, for example:
- The railway carrier or railway loader should assess and know the security risks and vulnerabilities facing its operations;
- Review its security plan (if applicable), policies and procedures to identify the security-related roles, responsibilities and tasks employees, contractors and other required persons are expected to fulfill to mitigate the vulnerabilities and impacts to their operations; and
- Review its existing security awareness training (if any) to identify any gaps between the training and awareness the required persons currently receive and the security-related tasks and responsibilities they are expected to fulfill.
For railway carriers and railway loaders with an existing security awareness training program, a performance review may be conducted to identify potential training or awareness shortcomings, for example:
- Review reports on security exercises (if applicable) or incidents to identify any shortcomings in employees’, contractors’ or other required persons performance during those accidents or incidents (e.g. did they fulfill their security-related roles and responsibilities); and
- Review security-related training records of the employees, contractors or other required persons involved in those exercises or incidents to determine if there is a link between any identified performance shortcomings and the security-related training they had received.
The results of the needs assessment can be used to establish the objectives of the security awareness training, which provide a framework for developing the training and serve as the basis for the evaluation criteria used to assess the training.
Phase two – Designing and developing the training
The design of a security awareness training program should reflect the needs and objectives identified in Phase one. Below are examples of tasks the training could include:
- Assembling a planning team;
- Developing training material and documentation;
- Identifying employees needing training and the relevant training to be provided;
- Determining what training information contractors, visitors and other persons (who have access to the property of railway carriers/railway loaders) need;
- Scheduling training sessions;
- Budgeting for training sessions;
- Developing assessment criteria and a method to confirm the effectiveness of the training received;
- Developing a method to track courses offered, participant attendance, frequency of refresher training courses, etc.;
- Determining who or which department is responsible for the training and how it will be documented/tracked;
- Identifying the training delivery methods;
- Identifying service providers if training is outsourced; and
- Identifying an evaluation criteria and methodology for the security awareness training.
When selecting a delivery method for the security awareness training, consideration should be given to factors, such as the availability of internal resources, objectives, costs, participants, frequency, geography and the nature of messages (e.g. detailed procedures vs. basic information).
Phase three – Delivering the training
Once security awareness training has been developed, delivery may take place using a variety of formats.
Delivery methods of a security awareness training program
Security awareness training may be delivered in the following formats to introduce the required persons to their working environment and outline their responsibilities:
- Orientation sessions;
- Presentations or videos;
- In-class instructions;
- Workshops;
- On-the-job training; and/or
- Computer-based training.
For structured on-the-job training, it should be noted that this requires more thought and preparation and it is important to have a system in place to determine whether trainees have gained the knowledge and skills required to do the job.
Additional tools for the training could include printed material (e.g. posters, flyers, newsletters, or bulletins) or videos that may serve as a primary awareness raising technique. All of the tools used in the training material should have clear and well-communicated messaging written in plain language.
Phase four – Evaluating the training
Security awareness training should include an application component (e.g. via an exercise or test) to provide relevant employees the opportunity to “learn by doing”. This will help employees understand their security responsibilities more thoroughly and help railway carriers or railway loaders verify employees’ familiarity with the content of the security awareness training received.
Using the assessment criteria created in Phase Two, railway carriers or railway loaders should periodically evaluate the results of their security awareness training to see if objectives were met. Lessons learned while evaluating the training should be developed to improve training effectiveness and inform the next iteration of the training planning phase.
Phase five – Planning and implementing training improvements using the evaluation results
After evaluating the results of the security awareness training, railway carriers or railway loaders should determine how they will address shortcomings and build on successes. Railway carriers or railway loaders should use the evaluation criteria to determine which training competencies require improvement. It is encouraged to continuously strive to improve and update the company’s security awareness training program.
Security awareness training components
A security awareness training program may include, but it is not limited to, information on detecting, reporting and responding to potential security threats, suspicious behavior or objects, security incidents and other security concerns.
- How to detect and identify:
- Potential security threats (e.g. unauthorized persons in restricted areas or evidence of);
- Suspicious behaviour (e.g. surveillance, photographs etc.);
- Suspicious objects (e.g. using the HOT principle – Hidden, Obviously suspicious, not Typical); and
- Security incidents.
- How to report on security threats, suspicious behaviour or objects and security incidents and concerns including:
- Who to contact and how to contact them (e.g. using emergency hotlines); and
- What key information should be reported (e.g. the Who, What, Where, When, Why, and How and the details of persons, objects or vehicles involved).
- How to respond to potential security threats, suspicious behaviour or objects and security incidents, for example:
- Following emergency response procedures with respect to evacuating and exit points, using emergency equipment, isolating dangerous areas and seeking assistance.