Organization security clearances
Public Services and Procurement Canada's Contract Security Program (CSP) can help your organization obtain the level of security clearance it needs to participate in government solicitations and contracts. Explore the types of organization security clearances we offer and find out how to determine what type of clearance your organization needs to fulfill security requirements.
On this page
- Finding the clearance you need
- Types of organization security clearances
- Organization security safeguards
- Provisional security clearance
- Designated organization screening
- Facility security clearance
- Document safeguarding capability
- Production capability
- Shredding capability and bulk storage capability
- Authority to process information technology
- Communications security and information security
Finding the clearance you need
The type of clearance your organization needs depends on the security requirements of the solicitation or contract.
Find out about security requirements and when an organization needs security screening.
Types of organization security clearances
Organization security safeguards
The following safeguarding capabilities may be required for specific contracts:
Provisional security clearance
A provisional security clearance allows organizations to get security screenings for members of their bid preparation teams. This is so they can access protected or classified information or assets at the pre-solicitation or bid preparation stages of a procurement process.
Learn more about provisional security clearances in Chapter 3: Organization screening – Subsection 3.2.1 Types of organization clearances of the Contract Security Manual (CSM).
Obtaining a provisional security clearance
Organizations obtain a provisional security clearance through the organization screening process.
Please refer to obtain a security screening for your organization.
Designated organization screening
A designated organization screening (DOS) allows organizations to get security screening for their personnel at the reliability status level. This is so they can access protected information, assets and work sites.
Learn more about the DOS in Chapter 3: Organization screening – Subsection 3.2.1 Types of organization clearances of the CSM.
Obtaining a designated organization screening
Organizations obtain a DOS through the organization screening process.
Please refer to obtain a security screening for your organization.
Facility security clearance
A facility security clearance (FSC) allows an organization to clear their personnel at the classified level in order to access classified information, assets and work sites.
It can be granted at the following levels:
- Confidential
- Secret
- Top Secret
- North Atlantic Treaty Organization (NATO) clearances
This clearance may also allow access to classified information and assets marked "Canadian Eyes Only", "COMSEC" (communications security), and "NATO".
Organizations bidding on NATO opportunities must meet the security requirements listed in the contract.
- International contract security requirements
- Chapter 9: International Security of the CSM
- Bidding on North Atlantic Treaty Organization procurement initiatives
Learn more about the FSC in Chapter 3: Organization screening – Subsection 3.2.1 Types of organization clearances of the CSM.
Obtaining or upgrading a facility security clearance
Organizations obtain a FSC through the organization screening process.
- Please refer to obtain a security screening for your organization.
- Learn more about upgrading your organization security clearance.
Document safeguarding capability
Document safeguarding capability (DSC) authorizes an organization to store and handle protected or classified information or assets at their business locations.
This capability can be granted at the following levels:
- Protected A, B and C
- Confidential, Secret, Top Secret and NATO Confidential, Control of Secret Material in an International Command (COSMIC) Top SecretFootnote 1
To obtain a DSC, your organization must hold a DOS or a FSC.
This capability is site-specific and contract-specific. It is required for each business location where your organization will perform work with security requirements.
Learn more about DSC in Chapter 3: Organization screening – Subsection 3.2.2 Safeguards.
Obtaining document safeguarding capability
Organizations obtain DSC through the organization security screening process, and by completing a successful site inspection by a field industrial security officer (FISO).
Learn more about adding or upgrading a document safeguarding capability.
Request a pre-recorded version of the document safeguarding capability webinar.
Production capability
A production capability designation may be required if your organization builds, manufactures, repairs, modifies or works on sensitive products at your business location. It is contract specific.
Obtaining production capability
Organizations obtain production capability designation through the organization screening process, and by completing a successful site inspection by a FISO.
Learn more about work site security requirements.
Shredding capability and bulk storage capability
Shredding capability and bulk storage capability are security designations that the CSP may grant to organizations who are required by contract to:
- destroy sensitive information or assets
- store bulk information or assets at their business locations
Obtaining a shredding capability and bulk storage capability
Organizations obtain a shredding capability and bulk storage capability through the organization screening process, and by completing a successful inspection by a FISO.
Learn more about work site security requirements.
Authority to process information technology
Organizations must get authority to produce, process, store or transmit information electronically for contracts requiring information technology security. It may be granted to organizations producing, processing, storing or transmitting sensitive information electronically for a specific contract.
Learn more about information technology security requirements.
Obtaining authority to produce, process, store, or transmit information electronically
Organizations obtain authority to produce, process, store, or transmit information electronically through the organization screening process, and by completing a successful inspection by an information technology (IT) security inspector with the CSP.
Information technology inspections
IT security inspections are performed after contract award but before your organization begins producing, processing, storing or transmitting sensitive electronic information.
Your organization must get an Authority to process information technology approval letter from the CSP before you begin producing, processing, storing or transmitting sensitive electronic information.
Learn more about information technology security requirements.
Communications security and information security
Organizations may need to get communications security (COMSEC) and information security (INFOSEC) for contracts requiring IT security.
- COMSEC: a security requirement for storing, processing, transmitting and receiving telecommunications, such as a computer network
- INFOSEC: a special category of classified-communication electronic-security information
Obtaining communications security and information security
The Communications Security Establishment, Canada's national cryptologic agency, grants COMSEC and INFOSEC. The CSP conducts the physical security inspection related to COMSEC and INFOSEC.