5.15. Verifying compliance with security requirements

Attention! We're Moving! This fall, the Supply Manual will be moving to the CanadaBuys website. Check out the new landing page for the Supply Manual.

  1. Before contract award, the contracting officer must verify with the Contract Security Program (CSP) that the proposed contractor meets the security requirements of the bid solicitation. This verification can be done by contacting the CSP’s Client Service Centre. The request to the CSP for a security status should include the full legal name and address of the proposed bidder, the address of location of the work performance (if applicable), as well as the required security levels stipulated in the bid solicitation document. If the supplier has the appropriate security clearance, the contracting officer must sign the Security Requirements Check List (SRCL) at block 16 and include the fully signed SRCL as an annex in the resulting contract. In the case of call-ups against a standing offer or contracts against a supply arrangement, it is the responsibility of the technical authority to verify that the contractor meets the security requirements.
    IMPORTANT: When security capabilities such as document safeguarding, IT (including cloud computing), Production and/or COMSEC are required, seek assurance of these specific security types from the CSP as they are contract-specific.
    IMPORTANT: Before contract award, the contracting officer must also verify with the CSP’s International Industrial Security Directorate (IISD) (tpsgc.dgsssiprojetintl-dobissintlproject.pwgsc@tpsgc-pwgsc.gc.ca) that the proposed contractor meets Canada’s international security commitments for contracts with foreign-based suppliers or when the contracted work requires access to international organizations (e.g., NATO) or foreign classified information, assets or sites (see 4.30.25 Security and international contracts).
  2. During the period of the contract, the client must ensure that all contractors or subcontractor personnel who will have access to any classified or protected information, assets or sensitive work sites, or to government systems, including information accessible in a cloud service provider portal, are identified as working under the contract and that their security status has been verified with the CSP. The contracting officer will assist in this process, as required.
  3. When security clearances are mandatory, they must be obtained before the commencement of any work. However, it is recognized that there may be circumstances under which, for reasons of urgency, the contracting officer, client department’s Chief Security Officer (CSO) and technical/project authority can consult the CSP to obtain advice and guidance on the development of an acceptable risk mitigation strategy so work can commence before the security clearance process is completed.
  4. If, at any time during the period of the contract, the contracting officer becomes aware that a subcontractor, whose security status has not been verified with the CSP, will require access to any classified or protected information, assets or sensitive work sites, the contracting officer must consult with the CSP to ensure the necessary subcontract SRCLs are submitted and as well verify that the subcontractor meets the security requirements.