Company security officer responsibilities: International contract security requirements
Communiqué: October 27, 2020
As the COVID-19 pandemic progresses, the security of sensitive government information and assets remains a priority, in both Canada and abroad.
With many contractors continuing to work from home, Public Services and Procurement Canada’s (PSPC) Contact Security Program would like to remind all company security officers and alternate company security officers of their responsibilities related to international contracting:
- Organizations must obtain approval from the Contract Security Program before entering into a subcontract with a foreign organization or individual requiring access to protected or classified information or assets outside of Canada
- Organizations must not under any circumstance allow employees working remotely to access protected or classified information from a residence located outside of Canada
- Organizations must not under any circumstance allow employees to work on foreign classified, North Atlantic Treaty Organization (NATO) classified and communications security (COMSEC) information and assets from home or from an uninspected work location, in Canada or abroad
Additional requirements for foreign and North Atlantic Treaty Organization classified information
As part of Canada’s international and NATO obligations, PSPC’s Contract Security Program acts as the document registry for foreign and NATO classified information entrusted to Canadian contractors, and is responsible for controlling access to such information in the private sector.
To ensure compliance with bilateral security instruments and the NATO Security Policy, organizations required to safeguard foreign and NATO classified information at their worksite(s) must comply with the following requirements:
- Organizations must safeguard foreign and NATO classified documents and electronic media in a separate secure cabinet or vault located in an appropriate secure zone approved by the Contract Security Program
- Organizations must establish a Company Control Point on their premise which is responsible for the receipt, accounting, handling, distribution and destruction of foreign and NATO classified information controlled by the Contract Security Program
- Each organization’s Company Control Point must control the internal distribution of foreign and NATO classified information to employees and keep records, such as the employee’s name, date of loan and return, title and security classification level of the document held on that Control Point’s accountability
- Organizations must obtain approval and guidance from the Contract Security Program before reproducing, translating, destroying or transmitting foreign and NATO classified information
For guidance on international contract security requirements, or to seek approval from the Contract Security Program for an international request, organizations may send an email to tpsgc.dgsssiprojetintl-dobissintlproject.pwgsc@tpsgc-pwgsc.gc.ca or contact the Contract Security Program's client service centre.
Thank you for your cooperation. Together, we can ensure the safety and well-being of Canadians and of our trusted partners.