Chapter 5: Facility protection
Use this chapter in conjunction with Annex B: Guidelines for facility protection.
On this page
Properly protecting a facility means having a system of physical security that detects and responds to actual or attempted unauthorized access using physical, procedural and psychological barriers.
Given enough time, almost any physical security measure can be compromised. Therefore, protective measures must be based on the time required for a response unit or person to arrive at the scene. Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP) can help develop a facility protection plan, which will form part of an overall effective security program.
An organization that has a designated organization screening (DOS) or facility security clearance (FSC), with an additional capability authorization, such as document safeguarding capability (DSC) (Subsection 3.2.2: Safeguards) must protect its facility from compromise and unauthorized access.
Organizations must effectively use restricted zones by implementing appropriate security procedures such as:
- storing and treating information and assets in the appropriate security zones
- controlling access to classified information in a document registry
- ensuring that all individuals working in security zones are security assessed to the appropriate level
- segregating information sufficiently so that only those individuals with a need to know will be able to access the information
- escorting visitors
- securing protected and classified information and assets when leaving the work area
- using precautions when discussing protected or classified information
- placing equipment, such as containers and shredders, where they can be used without leaving protected and classified information and assets unattended
- preparing and handling Protected C information and assets in a security zone or, if required, in a high-security zone
- physical security zones in accordance with the federal Directive on Security Management
5.2 Physical security
Organizations should consult PSPC’s CSP at an early stage when building, buying, leasing or renovating facilities for which a site clearance will be required. Physical security systems must comply with provincial and municipal regulations and codes, such as fire, construction and electrical.
Organizations holding a DSC must have a proper number of progressively restrictive zones to control access to protected and classified information and assets. These include a:
- public zone
- reception zone
- operations zone
- security zone
- high-security zone
Annex B: II. Types of secure zones provides further information about the types of secure zones.
Zones must have a recognizable perimeter that defines the boundaries, which will be established in consultation with the field industrial security officer (FISO).
Physical security measures are more effective if they are adapted to normal operations as much as possible. Properly locating and defining secure zones helps with functional use as well as access control.
5.3 External areas and perimeters
PSPC’s CSP will also assist with the specific requirements for external areas and perimeters such as:
- fences and free-standing walls
- landscaping and parking lots
- external security lighting
- access doors; windows; other perimeter openings
- emergency exits
An organization with DSC may need a security control centre at each site to monitor and control the security equipment and systems. It can be operated by the facility, by a commercial agency under contract, or a combination to provide full-time coverage. The security monitoring system must have the capability to operate independently of other facility monitoring systems.
5.4 Access control of secure zones
Organizations must use established entry points to channel employees and visitors, verify identities and stop a visitor from entering until properly recorded and accompanied by an employee. A number of measures must be taken to control access to secure zones such as:
- personnel identification
- electronic access control
- electronic intrusion detection
- closed-circuit television
- interior access controls
- service spaces
The organization cannot access, possess, handle or store protected and classified information at the site until PSPC’s CSP has notified it in writing that the required security level has been granted.
Further details about these requirements and what the field industrial security officer will be reviewing during the site inspection are in Annex B: Guidelines for facility protection.
- Date modified: