Roles and responsibilities of a company security officer

As a company security officer (CSO), you play a vital role in your organization's ability to meet the security requirements of federal government contracts.

You are the official point of contact with Public Services and Procurement Canada's Contract Security Program (CSP). You are accountable to the CSP on all contract security matters. Your work may be delegated in part to alternate company security officers (ACSOs).

In all of your work, you must comply with the Contract Security Manual (CSM) and the CSP's requirements.

Complying with contract security requirements

Maintain your organization's security clearance

The information you supply to obtain your organization's clearance must be kept up to date. If changes are not reported and not addressed, your organization's clearance will no longer be in good standing. This may impact your ability to bid on contracts. For example, you will be considered non-compliant if your organization's CSO leaves and a replacement is not appointed immediately.

As CSO, you are responsible for:

  • appointing, briefing and training all ACSOs
  • appointing, from among the appointed ACSOs, 1 officer to be the CSO in your absence
  • informing the CSP of any
    • changes to the key senior officials (KSOs) in the organization
    • organizational changes (for example, legal status, ownership, physical move or new construction)
  • maintaining, upgrading or reactivating your organization security clearance
  • abide by your security agreement with PSPC (provided in the organization security screening package)

To report any change in your organization or in your KSOs, contact the Contract Security Program.

Screen your personnel

As CSO or ACSO, you are responsible for:

Secure information and assets

Organizations are responsible to ensure the protection of sensitive government information and assets entrusted to them. Find out essential practices that build a culture of security so that information and assets are not compromised.

Aftercare

The initial security screening process reflects a person's eligibility at a specific time. However, the eligibility of a person’s security status or clearance may change over time.

Aftercare is an important maintenance requirement. This practice aims to provide additional confidence in an individual's continued reliability and loyalty.

In this section
Security briefing

A security briefing is the last step of a security screening and the first step of aftercare. Security briefings are conducted at various times:

  • before an individual takes up their duties (when required based on the update cycle)
  • whenever a change occurs in security status or clearance

As CSO or ACSO, you must ensure all personnel with access to sensitive information and assets have been briefed on their security responsibilities.

Further reading on security briefings

Annex A: Guidelines on company security officer and alternate company security officer responsibilities—Section IV. Security briefings of the CSM

Security awareness

Security awareness is the practice of regularly reminding employees at all levels of their security responsibilities and briefing them on emerging issues, trends and concerns. Security awareness should be included in an organization's standard operating procedures.

The practice:

  • provides individuals with the knowledge and tools necessary to protect information, assets and facilities
  • is the most cost-effective solution for protecting sensitive government information, assets and work sites
  • is essential for protecting an organization from economic and industrial espionage

As CSO or ACSO, it is important to regularly remind individuals of their security responsibilities and advise them of emerging issues and concerns.

Further reading on security awareness

Updates and upgrades

The purpose of updating an individual's reliability status or security clearance is to:

As CSO or ACSO, you are responsible for:

  • updating the reliability status or security clearance of employees who have an ongoing requirement to access sensitive information, assets or work sites (you must submit this update before the individual’s existing status or clearance expires)
  • reporting changes of circumstances and behavior of any of your security screened employees

Find out how, when and where to report changes of circumstances and behavior of your security screened employees.

An upgrade is done when an individual requires a higher level of security clearance to participate in a government solicitation or contract with higher security requirements.

Personnel security screening processes: how to request a new reliability status or security clearance as well as how to update or upgrade an existing one.

Reporting security concerns

As CSO or ACSO you must promptly report security incidents, and suspicious security contacts and you must ensure that access to information and assets is limited to employees who:

  • are security screened
  • need to access and know information in order to perform their duties, referred to as a need-to-know principale

Learn more about:

Reactivation

As of October 4, 2021, a reliability status or security clearance that has been terminated can be reactivated if the individual has a valid requirement to access protected or classified information, assets or work sites.

Find out in more detail the conditions for reactivating a previously held status or clearance.

Transfers and duplications

Note

As of October 4, 2021, as CSO or ACSO, you can request a transfer or a duplication if the individual has a valid requirement to access protected or classified information, assets or work sites. You must also ensure the employee holds a valid reliability status or security clearance before requesting a transfer or duplication.

Learn when and how to transfer or duplicate a reliability status or a security clearance:

Termination of employment

Upon termination of employment, individuals with a reliability status or a security clearance must receive a formal debriefing. This is to remind them of their responsibilities to maintain the confidentiality of the sensitive information to which they have had access. The Security screening certificate and briefing form (TBS/SCT 330-47) will be used to record a termination and that the formal debriefing has been completed. It can be used as a guide to perform the formal debriefing.

How to complete the security screening certificate and briefing form.

North Atlantic Treaty Organization personnel clearances

Once an employee requiring North Atlantic Treaty Organization (NATO) clearance has been security screened, the CSO or ACSO is responsible for:

Learn more about North Atlantic Treaty Organization clearances for personnel.

Contract security

As CSO or ACSO, you are responsible for:

Subcontract security

As CSO or ACSO, you are responsible for:

Learn more about subcontracting security requirements.

Accessing and safeguarding information and assets

As CSO or ACSO, you are responsible for:

Training, support and resources

The CSP offers the following training, support and resources to CSOs and ACSOs:

More information

Date modified: