Chapter 1: General introduction

On this page

• 1.1 Overview
• 1.2 Contract security administration
• 1.3 Other security elements
• 1.4 Publicity of security information
• 1.5 Cost
• 1.6 Additional information

1.1 Overview

This manual is a reference for organizations to understand the Government of Canada’s security standards, procedures and international commitments for working on government contracts, projects and programs with security requirements.

It details the requirements that organizations must follow for safeguarding government information and assets provided to, or produced by, organizations registered in Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP) and to all contracts, Canadian or foreign, for which PSPC is responsible. Procedures are also provided for the same activities related to allied foreign governments contracting through PSPC, such as multinational ventures where Canada is a partner.

Organizations awarded a government contract with security requirements or with a legitimate need to access protected or classified information must be registered and security screened at the appropriate level through PSPC’s CSP. Once registered, organizations must comply with the security requirements set out in this manual and with all other applicable security policies, standards and directives including, but not limited to the following:

1.2 Contract security administration

PSPC is authorized to administer contract security services by the Department of Public Works and Government Services Act and the Treasury Board Policy on Government Security (PGS), which includes the Standard on Security Screening, as well as the Policy on the CSP. These contract security services help safeguard protected, classified, as well as other sensitive Government of Canada and foreign information and assets. Included in the PGS is a Directive on Security Management, which provides detailed information on mandatory security controls, as well as the Directive on Identity Management, which provides details on managing identity in a manner that mitigates risks to personnel, organizational and national security. In accordance with the North Atlantic Treaty organization (NATO) policy and bilateral security instruments, PSPC’s CSP is also responsible to oversee the safeguarding of foreign classified information in contracting.

1.3 Other security elements

Granting a reliability status or security clearance (hereafter referred to as security status and/or security clearance) to an organization or individual is confirmation that they are eligible to access, and requires them to safeguard, a certain level of information or assets when they have a need to know (recipient needs access to perform his or her official duties). This means organizations must comply with the requirements in the Security of Information Act, and the Personal Information Protection and Electronic Documents Act.

1.4 Publicity of security information

The following security criteria apply to organizations registered in PSPC’s CSP and to all government contracts, projects or programs, Canadian or foreign, for which PSPC is responsible.

Having a security status or clearance is not a secret in and of itself, but there is an expectation of good judgment regarding sharing that information. Security status or clearance information must be adequately safeguarded to mitigate the risk that cleared organizations might become targets for security infiltration or terrorism activity.

• Organizations must not make public any specific information about their security status or clearance in any advertising or promotional activities such as on the organization’s website, in videos, social media or photos
• Employees of organizations must not make public their level of security status or clearance on business cards, curriculum vitae, or the Internet, including social media, as this could draw attention to the security status of the organization for which they work
• Any enquiries received by organizations concerning their security status should be directed to contact the Contract Security Program’s client service centre

General information about a contract can be released as this is already public knowledge, however organizations must:

• get clarification and/or written approval from the contracting authority before releasing information related to a contract
• not make public any specific information about the security requirements of a government contract

Protected or classified information cannot be made public or advertised in any manner.

1.5. Cost

PSPC does not charge applicants a fee to process organizational screenings and personnel security screening applications. As such, organizations registered in PSPC’s CSP are prohibited from charging fees to their sub-contractors and employees to obtain security clearances.

1.6 Additional information

Organizations can learn how to meet the requirements in this manual by visiting the PSPC’s Security requirements for contracting with the Government of Canada website.