Symbol of the Government of Canada

Public Services and Procurement Canada

1.65. Policy on government security

  1. The objective of the Policy on Government Security, as it pertains to contracting, is to ensure that sensitive information and assets of the government are properly protected when entrusted to industry. The role of Public Works and Government Services Canada (PWGSC) in this process is to ensure that individuals and organizations that will have access to or will possess sensitive information and assets have first received the necessary security screening or clearance through the Canadian Industrial Security Directorate (CISD), PWGSC.
  2. PWGSC's Industrial Security Sector (ISS) is the lead in the public service to administer the Contract Security Program (CSP). The CSP is intended to ensure protection of Canadian and foreign government sensitive assets/information entrusted to industry for contracts administered by PWGSC and, on request, for contracts administered by other government departments. PWGSC’s CISD is responsible to security screen private sector organizations and personnel requiring access to sensitive government information and assets. The Program also identifies the appropriate security terms and conditions to be included in each contract and ensures that contractors comply with the security requirements provided by the client department for safeguarding, disclosing, destroying, removing, modifying and interruption of government sensitive information/assets.
  3. As of April 1, 2011, the CSP is under a cost recovery regime. It will cost recover from federal departments and agencies for contract-related security services it provides.
  4. The current approved charging model is an allocation model based on the proportion of all contracts with security provisions accounted for by each client organization. An historic rolling average is calculated over a two-year period commencing three years prior to the year for which they are being charged (e.g. for the fiscal year 2012-2013, the reference period is 2010-2011 and 2011-2012). A weighting factor is used to equalize contract complexity.
  5. The total CSP budgeted costs are then allocated to the client organizations based on their pro-rated share as calculated above. The result is that a client department’s current year charge is based on the rolling average of the last 2 fiscal years contract activity for that client department. There is a Memorandum of Understanding (MOU) in place between PWGSC and each of the client departments describing the services to be provided.
  6. The project authority and the departmental security officer are responsible for ensuring that their department adheres to the Policy and that provisions are made for any suppliers used to provide goods or services to ensure that they also meet the applicable security requirements.
  7. CISD is responsible for the following services:
    1. provide the appropriate security clauses to be inserted into solicitation and contractual documents, as required, when a Security Requirements Check List (SRCL) has been used to identify the needs;
    2. provide appropriate security clearance to any companies that are awarded sensitive contracts in order to meet the security requirements and ensure that they maintain their security clearance during the period of the contract;
    3. ensure that inspections are undertaken and regularly renewed at the company facilities if required; and
    4. carry out the security screening of the contractor's personnel as required by the provisions of the contract.
    Note that contracts may still have a security requirement, even though the contractual documents themselves are not designated as PROTECTED/CLASSIFIED.
  8. Upon request, CISD also handles the security requirements of contracts awarded by other government departments under their own contracting authority;
  9. The Policy is issued by Treasury Board under the authority derived from government decision and section 7 of the Financial Administration Act.
  10. Each federal department is responsible for protecting sensitive information and assets under its control not only in its own operations but also throughout the bidding, negotiating, awarding, carrying out, and terminating of any contracts it manages. In contracting, the SRCL is used by PWGSC and client departments to define their security requirements in a contract. See 2.50 Industrial Security Requirements, 3.55 Industrial Security Requirements (Personnel or Organization)and 7.55 Industrial Security Requirements for more information on security.
    Note: The Canadian Industrial Security Directorate will not do a risk assessment; it will provide the results of their screening to the contracting officers/client departments, which will make the proper decision concerning the contracts. CISD will not approve/disapprove the decision. It is not its role.