Security of Federal Buildings

This is a guide to the issue of real property security of federal buildings.

Relevant Policies

The ARCHIVED - Government Security Policy states that employees under threat of violence must be safeguarded according to baseline security requirements and continuous security risk management. Assets must be safeguarded according to baseline security requirements and continuous security risk management. Continued delivery of services must be assured through baseline security requirements, including business continuity planning, and continuous security risk management. The core policy is supplemented by the operational security standards from the Treasury Board Secretariat, and these standards are complemented by technical documentation from the lead security departments.

As a subordinate policy requirement, government departments must establish and conduct a security program to apply and comply with the GSP. The PWGSC/PSPC (DP 051) - Departmental Security Program PolicyThis link is available only to clients with access to Publiservice, the Government of Canada extranet. indicates that it shall:

  1. protect sensitive information and assets under control of the department in accordance with the GSP and the associated security standards;
  2. protect the safety and security of departmental employees in accordance with the Canada Labour Code, the GSP and associated security standards;
  3. incorporate security requirements in all departmental planning and operations, including, but not limited to:
    1. construction or modification projects undertaken as a custodian department;
    2. contracts let as a contracting authority;
    3. information technology (IT) projects undertaken as the lead agency for common service telecommunications in government;
    4. report and investigate actual or suspected security violations and breaches, take necessary corrective action and maintain a record of all investigations and associated recommendations.

This departmental policy establishes the fundamental framework for a departmental security program within a distributed security structure. This policy applies to all employees of PSPC, including Special Operating Agencies (SOAs) as well as other personnel having authorized access to sensitive government information an assets in conjunction with government programs or contracts and other arrangements administered by the department.

As indicated in PSPC (DP 051) Departmental Security Program, PSPC has adopted a distributed security structure to implement a departmental security program in accordance with the GSP. Within this context, the Real Property Services Branch has been assigned overall responsibility for the corporate security program. This sister policy, PSPC (DP 052) Corporate Security ProgramThis link is available only to clients with access to Publiservice, the Government of Canada extranet. establishes the departmental framework and policy for physical security and the protection of important assets, including personnel and sensitive information.

The PSPC (DP 052) - Corporate Security Program Policy indicates that it shall:

  1. protect sensitive information and other assets under control of the department in accordance with the GSP and the associated security standards;
  2. protect the safety and security of departmental employees in accordance with the Canada Labour Code, the GSP and associated security standards;
  3. incorporate physical security requirements in all facilities administered as a custodian department;
  4. report and investigate actual or suspected security violations and breaches in respect of departmental information or assets, take necessary corrective action and maintain a record of all investigations and associated recommendations.

This policy applies to all employees of PSPC, including Special Operating Agencies (SOAs) and persons engaged under contract with the government.

Application

This TBS Government Security Policy applies to all departments listed in Schedule I, Schedule I.1 and Schedule II of the Financial Administration Act (FAA).

It also applies to:

  1. Any commission under the Inquiries Act that is designated by order of the Governor in Council as a department for the purposes of the FAA.
  2. The Canadian Forces with the proviso that any reference in this policy to employees does not include members of the Canadian Forces.

Certain agencies and crown corporations can enter into agreements with the Treasury Board of Canada Secretariat to adopt the requirements of this policy and apply them to their organization.

Operational Standards

The TBS Security Organization and Administration Standard supplements the core Government Security Policy. This standard describes the general approach that departments are expected to follow in protecting their personnel and managing protected and classified information and assets. Among the topics covered by the standard are threat and risk assessment and guard management.

The TBS Operational Standard or the Security of Information Act for the Security of Information Act supplements the core Government Security Policy. This standard concerns the narrow categories of "special operational information" and "persons permanently bound to secrecy" that were introduced by the Security of Information Act when it replaced the Official Secrets Act. When PSPC is the contracting authority for goods or services which involve access to "special operational information," the Deputy Minister may designate contractors as "persons permanently bound to secrecy."

The TBS Operational Security Standard on Physical Security supplements the core Government Security Policy. This standard describes the general approach that departments are expected to follow in planning physical safeguards for their personnel, visitors, and protected and classified information and assets. Among the topics covered by the standard are security design briefs for accommodation projects and methods of access control.

The ARCHIVED - TBS Personnel Security Standard supplements the core Government Security Policy. This standard identifies the procedures for screening personnel who require access to protected or classified information and assets. Although the standard remains in effect, it is necessary to consult Security Policy Implementation Notice 2002-07 for information on subsequent changes to personnel screening procedures.

The Treasury Board Secretariat's Operational Security Standard on Readiness Levels for Federal Government FacilitiesThis link is available only to clients with access to Publiservice, the Government of Canada extranet. supplements the core Government Security Policy. This standard sets out the levels of heightened security that may apply to government facilities as a result of national or international events.

The TBS Business Continuity Planning (BCP) Program supplements the core Government Security Policy. This standard describes the general approach that departments are expected to follow in business resumption planning, contingency planning, and planning for security during emergencies. Further direction is available in Departmental Policy 001, "Policy for Emergency Preparedness in Public Services and Procurement Canada."

The TBS Security and Contracting Management Standard supplements the core Government Security Policy. This standard explains how departments are expected to implement the GSP in the contracting process. Further direction is available in PSPC's Supply Manual.

The Treasury Board Secretariat's Information Technology Security Standard supplements the core Government Security Policy. This standard explains in general terms how departments are expected to ensure the security of information technology hardware and software, networks, telecommunications and other equipment that is interconnected, and facilities in which the equipment is housed. Further direction is available in DP 104 - Policy on Information Technology SecurityThis link is available only to clients with access to Publiservice, the Government of Canada extranet..

Technical Documentation

The PSPC Supply Manual has the force of departmental policy with respect to security requirements for contracts. In particular, it states that "[all] requisitions and contract amendments containing requirements for physical security, information technology security or personnel security screening must include the form TBS-SCT 350/103, Security Requirements Check List (SRCL )". The SRCL is one of the documents which "must be sent by the contracting officer to the Canadian and International Industrial Security Directorate (CIISD) for security arrangements." CIISD uses the SRCL to select contract clauses on security from the Standard Acquisition Clauses and Conditions Manual or draft new clauses as the need arises.

The following information must be sent by the contracting officer to the Canadian and International Industrial Security Directorate (CIISD) for security arrangements:

  1. copy of the requisition / amendment cover page;
  2. a copy of those portions of the requisition / amendment documentation which contain statements about security;
  3. an original or high quality, non-faxed copy of the SRCL form;
  4. a list of relevant security clauses from the Standard Acquisition Clauses and Conditions (SACC) Manual, Subsection 5F; and
  5. a short list of any identified, potential suppliers, if applicable.

The PSPC Industrial Security Manual explains the requirements of PSPC's Industrial Security Program, whose objective is to ensure that contractors follow the security measures identified for contracts involving access to protected or classified information and assets. This includes contracts for goods, services, construction, building services and leases. The Industrial Security Program is important with respect to real property management because of the widespread requirements that contractors hold at least feasibility reliability status for work at federal sites.

The Guide to the Preparation of Physical Security Briefs is published by the RCMP as a reference for applying the Treasury Board Secretariat's Physical Security Standard. The Guide describes the methods for preparing security site briefs (to be used when choosing a site for a facility) and security site briefs (to be used when planning physical safeguards for a facility). Of special interest to asset managers is Appendix B, "Basic Building Security Attributes for Custodians," which lists the physical safeguards that custodian departments are responsible for providing and funding.

Procurement

Under the National Master Standing Offer (NMSO) for Commissionaire Services, the Canadian Corps of Commissionaires has the right of first refusal for security guard contracts with the federal government. The responsibility of contracting with the Corps falls to PSPC, which is recognized by the Treasury Board as the contracting authority for commissionaire services required by federal departments and agencies. If the Corps declines a call-up against the NMSO, PSPC may initiate a call-up against standing offer from a private security agency.

Inquiries

For further technical inquiries on the physical security of buildings, please contact SNGP.NPMS@tpsgc-pwgsc.gc.ca.

Associated Documents

Best Practices

Legislation

PSPC Policies

Treasury Board Policies

Standards

Specifications

Toolkit