Roles and responsibilities of a security officer
As a company security officer (CSO), you play a vital role in your organization's ability to meet the security requirements of federal government contracts.
You are the official point of contact with Public Services and Procurement Canada's Contract Security Program (CSP). You are accountable to the CSP on all contract security matters. Your work may be delegated in part to alternate company security officers (ACSOs).
In all of your work, you must comply with the Contract Security Manual (CSM) and the CSP's requirements.
On this page
Complying with contract security requirements
Maintain your organization's security clearance
The information you supply to obtain your organization's security clearance must be kept up to date. If changes are not reported and not addressed, your organization's security clearance will no longer be in good standing. This may impact your ability to bid on contracts. For example, you will be considered non-compliant if your organization's CSO leaves and a replacement is not appointed immediately.
As CSO, you are responsible for:
- appointing, briefing and training all ACSOs
- appointing, from among the appointed ACSOs, 1 officer to be the CSO in your absence
- informing the CSP of any
- changes to the key senior officials (KSOs) in the organization
- organizational changes (for example, legal status, ownership, physical move or new construction)
- maintaining, upgrading or reactivating your organization security clearance
- abide by your security agreement with PSPC (provided in the organization security screening package)
To report any change in your organization or in your KSOs, contact the Contract Security Program.
Screen your personnel
As CSO or ACSO, you are responsible for:
- identifying which employees need to access sensitive information and require a security screening
- initiating personnel screening requests
- conducting preliminary background checks, as required, on the Personnel screening, consent and authorization form (TBS/SCT 330-23E)
- briefing and training employees
- signing and keeping on file the Security screening certificate and briefing form (TBS/SCT 330-47)
- submitting requests for termination of security clearances
- safeguarding personnel security screening files according to the
Secure information and assets
Organizations are responsible to ensure the protection of sensitive government information and assets entrusted to them. Find out essential practices that build a culture of security so that information and assets are not compromised.
Aftercare
The initial security screening process reflects a person's eligibility at a specific time. However, the eligibility of a person’s security status or clearance may change over time.
Aftercare is an important maintenance requirement. This practice aims to provide additional confidence in an individual's continued reliability and loyalty.
In this section
- Security briefing
- Security awareness
- Updates and upgrades
- Reporting security concerns
- Reactivation
- Transfers and duplications
- Termination of employment
Security briefing
A security briefing is the last step of a security screening and the first step of aftercare. Security briefings are conducted at various times:
- before an individual takes up their duties (when required based on the update cycle)
- whenever a change occurs in security status or clearance
As CSO or ACSO, you must ensure all personnel with access to sensitive information and assets have been briefed on their security responsibilities.
Further reading on security briefings: Annex A: Guidelines on company security officer and alternate company security officer responsibilities—Section IV. Security briefings of the CSM
Security awareness
Security awareness is the practice of regularly reminding employees at all levels of their security responsibilities and briefing them on emerging issues, trends and concerns. Security awareness should be included in an organization's standard operating procedures.
The practice:
- provides individuals with the knowledge and tools necessary to protect information, assets and facilities
- is the most cost-effective solution for protecting sensitive government information, assets and work sites
- is essential for protecting an organization from economic and industrial espionage
As CSO or ACSO, it is important to regularly remind individuals of their security responsibilities and advise them of emerging issues and concerns.
Further reading on security awareness:
Updates and upgrades
The purpose of updating an individual's reliability status or security clearance is to:
- reassess the individual's reliability and loyalty
- account for potential changes of circumstances and behaviour
As CSO or ACSO, you are responsible for:
- updating the reliability status or security clearance of employees who have an ongoing requirement to access sensitive information, assets or work sites (you must submit this update before the individual’s existing security status or clearance expires)
- reporting changes of circumstances and behavior of any of your security screened employees
Find out how, when and where to report changes of circumstances and behavior of your security screened employees.
An upgrade is done when an individual requires a higher level of security clearance to participate in a government solicitation or contract with higher security requirements.
Personnel security screening processes: how to request a new reliability status or security clearance as well as how to update or upgrade an existing one.
Reporting security concerns
As CSO or ACSO you must promptly report security incidents, and suspicious security contacts and you must ensure that access to information and assets is limited to employees who:
- are security screened
- need to access and know information in order to perform their duties, referred to as a need-to-know principle
Learn more about:
Reactivation
As of October 4, 2021, a reliability status or security clearance that has been terminated can be reactivated if the individual has a valid requirement to access protected or classified information, assets or work sites.
Find out in more detail the conditions for reactivating a previously held reliability status or security clearance.
Transfers and duplications
Note
As of October 4, 2021, as CSO or ACSO, you can request a transfer or a duplication if the individual has a valid requirement to access protected or classified information, assets or work sites. You must also ensure the employee holds a valid reliability status or security clearance before requesting a transfer or duplication.
Learn when and how to transfer or duplicate a reliability status or a security clearance:
Termination of employment
Upon termination of employment, individuals with a reliability status or a security clearance must receive a formal debriefing. This is to remind them of their responsibilities to maintain the confidentiality of the sensitive information to which they have had access. The Security screening certificate and briefing form (TBS/SCT 330-47) will be used to record a termination and that the formal debriefing has been completed. It can be used as a guide to perform the formal debriefing.
How to complete the security screening certificate and briefing form.
North Atlantic Treaty Organization personnel clearances
Once an employee requiring North Atlantic Treaty Organization (NATO) clearance has been security screened, the CSO or ACSO is responsible for:
- contacting the Contract Security Program to request a NATO security briefing
- briefing the employee on their responsibilities
- emailing a signed copy of the briefing form to ssiotancertificat-issnatocertificates@tpsgc-pwgsc.gc.ca
- keeping the original signed NATO security briefing form with the employee's records
Learn more about North Atlantic Treaty Organization clearances for personnel.
Contract security
As CSO or ACSO, you are responsible for:
- reviewing and ensuring adherence to the security requirements as defined in the
- contract's Security requirements check list form (TBS/SCT 350-103)
- contract security clauses
- maintaining the organization's compliance with the security requirements of the CSP
- requesting approval for visits to secure sites
Subcontract security
As CSO or ACSO, you are responsible for:
- obtaining approval from the CSP before initiating a subcontract with security requirements
- leveraging the subcontracting simplification options when appropriate
- sponsoring subcontractors as required
- ensuring subcontractors meet security requirements as set out in the contract
- adding contract security clauses, issued by the CSP, to subcontracts
- submitting a copy of the awarded subcontract to the CSP
Learn more about subcontracting security requirements.
Accessing and safeguarding information and assets
As CSO or ACSO, you are responsible for:
- identifying and securing business locations where the organization will be working on government contracts with security requirements
- conducting annual inspections of these business locations and keeping records of these inspections for at least 3 years
- preparing security orders if your organization has been granted a designated organization screening or a facility security clearance
- learn about security orders for personnel
- securing your business location by ensuring protected and classified information and assets are properly safeguarded and handled
- learn about work site security requirements
- implementing information technology security, if required by a specific contract
- learn about information technology security requirements
- maintaining an inventory of protected and classified information and assets
- ensuring the secure transfer of classified and protected information and assets
- learn how to transfer sensitive information and assets
Training, support and resources
The CSP offers the following training, support and resources to CSOs and ACSOs:
More information
- Annex A: Guidelines on company security officer and alternate company security officer responsibilities of the CSM
- Standard on security screening, Appendix F—Aftercare: information on aftercare and security awareness