Chapter 3: Facility security clearances, Part I—Designated organization screening (protected)

On this page

300. General

  1. A designated organization screening (DOS) is an administrative determination that an organization is eligible, from a security viewpoint, for access to protected information and assets of the same or lower level as the clearance being granted.

    Where an organization requires access to classified information and assets, refer to Part II—Facility security clearances (classified) of this chapter.

  2. A DOS is required before an organization can be awarded contracts that have protected information or asset requirements.
    1. The company security officer (CSO) or alternate company security officer (ACSO) must be security screened to reliability status as part of the DOS.
    2. For access to Protected C information or assets, the following additional security requirements may apply:
    3. The identification and the assessment of ownership may be conducted when an organization has a requirement to have Protected C document safeguarding capability. Document safeguarding capability authorizes an organization to store and handle protected information or assets at their work sites. The parent organization, if applicable, must also possess a DOS at the same level or it may be excluded from access to the Protected C information or assets held by the subsidiary organization.
  3. Reliability screening requests for other employees may be submitted concurrently with those of KSOs. However, they will not be authorized prior to the establishment of the DOS.
  4. A DOS is based on an assessment of the following elements:
    1. the organization is not under adverse foreign influence (if applicable)
    2. the completion of reliability checks, as needed
    3. a CISD review of the security measures for the care and custody of protected information and assets (when required)
  5. The Director of CISD will notify the organization in writing as to whether a DOS has been granted.
  6. In cases where KSOs must be security screened, the CSO must maintain a current list of all KSOs and submit a copy to the CISD each time the list is amended. The list must designate, by name and title, those KSOs who possess a reliability status and those being security screened for reliability status.

301. Care and custody of protected information and assets

The contractor's facility must meet the physical and administrative security requirements necessary for the performance of the work to be performed under the contract before a DOS with document safeguarding capability will be granted.

Refer to Chapter 4: Facility safeguarding and Chapter 5: Handling and safeguarding of classified and protected information and assets of this manual. Specific guidance will also be provided by the field industrial security officer with CISD or the Contract Security Program officer.

302. Pre-contractual negotiations

Pre-contractual negotiations involving protected information and assets may not be initiated with the organization until a DOS has been granted. This is also applicable where a cleared organization wishes to subcontract to another non-government organization.

303. Government of Canada security agreement

Prior to being granted a DOS, the organization must enter into an agreement with the Canadian government, whereby the cleared organization undertakes to:

  1. abide by the provisions of this manual, and such other security requirements as may form part of a contract awarded to the organization
  2. permit CISD, or other government authorities at the request of CISD, to enter their premises at any time for the purpose of conducting security inspections
  3. not seek reimbursement from the government for security costs, except as provided for in a contract

Refer to Annex 3-G: Public Services and Procurement Canada security agreement in this chapter.

304. Types of designated organization screening

  1. There are 3 types of DOS:

    a. Personnel assigned (PA)
    This is the most basic type of DOS. It normally applies to those organizations involved in contracts for services as opposed to goods. A PA DOS will involve reliability checking of the organization's CSO and employees, and in certain cases, the KSOs. There is no requirement to evaluate the physical security status of the organization's facilities. A PA DOS does not authorize the organization to possess or store protected information and assets within its facilities.
    b. Document safeguarding capability (DSC)
    This type of DOS involves the security screening of the organization's CSO and employees, and, in certain cases, the KSOs. In addition, the physical security of the organization's facilities is assessed to ensure they meet the requirements for the safeguarding of protected government information and assets. A DSC DOS will authorize the organization to possess and store protected information and assets at their facility.
    c. Production (PROD)
    This type of DOS includes the same elements of a DSC DOS. In addition, the security of the manufacturing, repairing, modifying or otherwise working on protected components or items is assessed to ensure they meet the government security requirements.
  2. Each DOS may be authorized at one of the following levels: Protected A, Protected B or Protected C.

305. Status of designated organization screening

Organizations must refer to CISD any requests from other organizations, other government departments or other governments to confirm their DOS.

306. Period of validity

  1. A DOS granted by CISD is not awarded in perpetuity. A DOS is granted for the performance of a specific contract, or on the basis of registration where it appears a firm may receive a contract award. A DOS lapses on completion of the last protected contract and/or confirmation that registration is not renewed. CISD will advise the organization in writing when the DOS is about to be terminated, and will be given the opportunity to show cause for DOS continuation.
  2. CISD may suspend or revoke a DOS if the organization fails to maintain the required security standards.

307. Site clearances within an organization

  1. A DOS is not site-specific. The head office of an industry organization is granted registration number “00.” Other sites will only be registered if there is a document safeguarding requirement. Should other sites, belonging to the same organization, require a DOS with document safeguarding, the other sites will be numbered consecutively (for example, “01,” “02,” “03,” and so on).
  2. The CSO of a head office may submit applications for personnel security screenings for employees at all sites of the organization located within Canada.

    Note: In those cases where an organization only has a requirement to safeguard protected personnel security clearance records to satisfy section 208. Reliability status records or section 258. Personnel security clearance records of chapter 2 of this manual, it is not necessary to establish site clearances at the locations where these records are kept. Organizations must ensure that such records are safeguarded in containers suitable for protected information. These containers may be subjected to inspection by field industrial security officers with CISD.


Date modified: