ARCHIVED – Chapter 3: Facility security clearances, Part I—Designated organization screening (protected)
Archived information
This information has been archived and replaced by the Contract Security Manual.
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived.
On this page
- 300. General
- 301. Care and custody of protected information and assets
- 302. Pre-contractual negotiations
- 303. Government of Canada security agreement
- 304. Types of designated organization screening
- 305. Status of designated organization screening
- 306. Period of validity
- 307. Site clearances within an organization
- Annexes
300. General
1. A designated organization screening (DOS) is an administrative determination that an organization is eligible, from a security viewpoint, for access to protected information and assets of the same or lower level as the clearance being granted.
Where an organization requires access to classified information and assets, refer to ARCHIVED - Part II—Facility security clearances (classified) of this chapter.
2. A DOS is required before an organization can be awarded contracts that have protected information or asset requirements.
- The company security officer (CSO) or alternate company security officer (ACSO) must be security screened to reliability status as part of the DOS
- For access to Protected C information or assets, the following additional security requirements may apply:
- certain individuals may be cleared in connection with a DOS at the Protected C level. These individuals are referred to as key senior officials (KSOs). They could include the CSO, owners, officers, directors (of the board), executives and partners who occupy positions that may enable them to adversely affect an organization's policies or practices in the performance of protected contacts
- refer to ARCHIVED - Annex 3-A: Designated organization screening requirements (protected information) in this chapter
- the organization is responsible for determining its KSOs and for reporting this information to the appropriate field industrial security officer (FISO) of the Public Services and Procurement Canada's (PSPC) Contract Security Program (CSP)
- PSPC reserves the right to challenge the organization's list of KSOs, and to call for amendments or exclusions to this list
- refer to ARCHIVED - Annex 3-B: Facility security clearance requirements (classified information) and ARCHIVED - Annex 3-C: Facility security clearance requirements (North Atlantic Treaty Organization classified information) in this chapter for specific levels of clearance required by KSOs, the CSO and employees requiring access, for each level and type of DOS
- certain individuals may be cleared in connection with a DOS at the Protected C level. These individuals are referred to as key senior officials (KSOs). They could include the CSO, owners, officers, directors (of the board), executives and partners who occupy positions that may enable them to adversely affect an organization's policies or practices in the performance of protected contacts
- The identification and the assessment of ownership may be conducted when an organization has a requirement to have Protected C document safeguarding capability (DSC). DSC authorizes an organization to store and handle protected information or assets at their work sites. The parent organization, if applicable, must also possess a DOS at the same level or it may be excluded from access to the Protected C information or assets held by the subsidiary organization.
- refer to section 352.1. Parent organizations in part II of this chapter for additional information
3. Reliability screening requests for other employees may be submitted concurrently with those of KSOs. However, they will not be authorized prior to the establishment of the DOS.
4. A DOS is based on an assessment of the following elements:
- the organization is not under adverse foreign influence (if applicable)
- the completion of reliability checks, as needed
- a PSPC review of the security measures for the care and custody of protected information and assets (when required)
5. PSPC's CSP will notify the organization in writing as to whether a DOS has been granted.
6. In cases where KSOs must be security screened, the CSO must maintain a current list of all KSOs and submit a copy to the PSPC's CSP each time the list is amended. The list must designate, by name and title, those KSOs who possess a reliability status and those being security screened for reliability status.
301. Care and custody of protected information and assets
The contractor's facility must meet the physical and administrative security requirements necessary for the performance of the work to be performed under the contract before a DOS with DSC will be granted.
Refer to ARCHIVED - Chapter 4: Facility safeguarding and ARCHIVED - Chapter 5: Handling and safeguarding of classified and protected information and assets of this manual. Specific guidance will also be provided by the field industrial security officer or the PSPC's CSP.
302. Pre-contractual negotiations
Pre-contractual negotiations involving protected information and assets may not be initiated with the organization until a DOS has been granted. This is also applicable where a cleared organization wishes to subcontract to another non-government organization.
303. Government of Canada security agreement
Prior to being granted a DOS, the organization must enter into an agreement with the Canadian government, whereby the cleared organization undertakes to:
- abide by the provisions of this manual, and such other security requirements as may form part of a contract awarded to the organization
- permit PSPC's CSP, or other government authorities at the request of PSPC, to enter their premises at any time for the purpose of conducting security inspections
- not seek reimbursement from the government for security costs, except as provided for in a contract
Refer to ARCHIVED - Annex 3-G: Public Services and Procurement Canada security agreement in this chapter.
304. Types of designated organization screening
1. There are 3 types of DOS:
- a. Personnel assigned (PA)
- This is the most basic type of DOS. It normally applies to those organizations involved in contracts for services as opposed to goods. A PA DOS will involve reliability checking of the organization's CSO and employees, and in certain cases, the KSOs. There is no requirement to evaluate the physical security status of the organization's facilities. A PA DOS does not authorize the organization to possess or store protected information and assets within its facilities.
- b. Document safeguarding capability (DSC)
- This type of DOS involves the security screening of the organization's CSO and employees, and, in certain cases, the KSOs. In addition, the physical security of the organization's facilities is assessed to ensure they meet the requirements for the safeguarding of protected government information and assets. A DSC for DOS will authorize the organization to possess and store protected information and assets at their facility.
- c. Production (PROD)
- This type of DOS includes the same elements of a DSC DOS. In addition, the security of the manufacturing, repairing, modifying or otherwise working on protected components or items is assessed to ensure they meet the government security requirements.
2. Each DOS may be authorized at one of the following levels: Protected A, Protected B or Protected C.
305. Status of designated organization screening
Organizations must refer to PSPC's CSP any requests from other organizations, other government departments or other governments to confirm their DOS.
306. Period of validity
1. A DOS granted by PSPC is not awarded in perpetuity. A DOS is granted for the performance of a specific contract, or on the basis of registration where it appears a firm may receive a contract award. A DOS lapses on completion of the last protected contract and/or confirmation that registration is not renewed. PSPC will advise the organization in writing when the DOS is about to be terminated, and will be given the opportunity to show cause for DOS continuation.
2. PSPC's CSP may suspend or revoke a DOS if the organization fails to maintain the required security standards.
307. Site clearances within an organization
1. A DOS is not site-specific. The head office of an industry organization is granted registration number “00.” Other sites will only be registered if there is a DSC requirement. Should other sites, belonging to the same organization, require a DOS with DSC, the other sites will be numbered consecutively (for example, “01,” “02,” “03,” and so on).
2. The CSO of a head office may submit applications for personnel security screenings for employees at all sites of the organization located within Canada.
Note: In those cases where an organization only has a requirement to safeguard protected personnel security clearance records to satisfy section 208. Reliability status records or section 258. Personnel security clearance records of chapter 2 of this manual, it is not necessary to establish site clearances at the locations where these records are kept. Organizations must ensure that such records are safeguarded in containers suitable for protected information. These containers may be subjected to inspection by field industrial security officers of PSPC's CSP.
Annexes
- ARCHIVED - Annex 3-A: Designated organization screening requirements (protected information)
- ARCHIVED - Annex 3-B: Facility security clearance requirements (classified information)
- ARCHIVED - Annex 3-C: Facility security clearance requirements (North Atlantic Treaty Organization classified information)
- ARCHIVED - Annex 3-D: Resolution of exemption of parent organization form
- ARCHIVED - Annex 3-E: Non-disclosure certificate form
- ARCHIVED - Annex 3-F: Subsidiary board resolution noting parent's exclusion and resolution to exclude parent organization form
- ARCHIVED - Annex 3-G: Public Services and Procurement Canada security agreement