Chapter 5: Facility protection

Document navigation for "Contract Security Manual"

Use this chapter in conjunction with Annex B: Guidelines for facility protection.

On this page

5.1 Overview

Properly protecting a facility means having a system of physical security that detects and responds to actual or attempted unauthorized access using physical, procedural and psychological barriers.

Given enough time, almost any physical security measure can be compromised. Therefore, protective measures must be based on the time required for a response unit or person to arrive at the scene. Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP) can help develop a facility protection plan, which will form part of an overall effective security program.

An organization that has a designated organization screening (DOS) or facility security clearance (FSC), with an additional capability authorization, such as document safeguarding capability (DSC) (Subsection 3.2.2: Safeguards) must protect its facility from compromise and unauthorized access.

Organizations must effectively use restricted zones by implementing appropriate security procedures such as:

5.2 Physical security

Organizations should consult PSPC’s CSP at an early stage when building, buying, leasing or renovating facilities for which a site clearance will be required. Physical security systems must comply with provincial and municipal regulations and codes, such as fire, construction and electrical.

Secure zones

Organizations holding a DSC must have a proper number of progressively restrictive zones to control access to protected and classified information and assets. These include a:

  • public zone
  • reception zone
  • operations zone
  • security zone
  • high-security zone

Annex B: II. Types of secure zones provides further information about the types of secure zones.

Zones must have a recognizable perimeter that defines the boundaries, which will be established in consultation with the field industrial security officer (FISO).

Physical security measures are more effective if they are adapted to normal operations as much as possible. Properly locating and defining secure zones helps with functional use as well as access control.

5.3 External areas and perimeters

PSPC’s CSP will also assist with the specific requirements for external areas and perimeters such as:

An organization with DSC may need a security control centre at each site to monitor and control the security equipment and systems. It can be operated by the facility, by a commercial agency under contract, or a combination to provide full-time coverage. The security monitoring system must have the capability to operate independently of other facility monitoring systems.

5.4 Access control of secure zones

Organizations must use established entry points to channel employees and visitors, verify identities and stop a visitor from entering until properly recorded and accompanied by an employee. A number of measures must be taken to control access to secure zones such as:

The organization cannot access, possess, handle or store protected and classified information at the site until PSPC’s CSP has notified it in writing that the required security level has been granted.

Further details about these requirements and what the field industrial security officer will be reviewing during the site inspection are in Annex B: Guidelines for facility protection.

Document navigation for "Contract Security Manual"

Date modified: