Other: Standing Committee on Government Operations and Estimates—June 2, 2021

Document navigation for "Standing Committee on Government Operations and Estimates: June 2, 2021"

Contract security for visa application centres

Context

Media and members of Parliament (MPs) have raised the security of personal information at Canadian visa application centres (VAC) and its main supplier VFS Global being affiliated with China.

Suggested response

If pressed on PSPC’s responsibilities:

If pressed on the verification process:

If pressed on the ownership of subcontractors within Chinese VACs:

Background

The contract on VAC was awarded to VFS Global in February 2018 and the initial contract period will expire October 31, 2023 with an option to extend the contract by up to 3 additional years. A privacy impact assessment was conducted by IRCC to assess the risk of the contract. On August 20, 2018, VFS Global subcontracted their Beijing facility to Beijing Shuangxiong, the same subcontractor identified in the previous 2013 contract on VAC.

A personnel security verification was completed for each employee working at the visa centre in Beijing as per the provisions of the contract. This is an ongoing activity that began in 2013. The verification is done before employment starts at any visa centre. This requirement was included in both the 2013 contract and the 2018 contract. As per the provisions of the contract, VFS Global is responsible for verifying the reliability and trustworthiness of all employees at the visa centre in Beijing and employees working in support of the centre prior to employment. Assurances are provided to PSPC and IRCC that these checks have been completed, and are being kept informed of any findings that would affect the employees’ security status.

Prior to the contract award, the contractor provided site specific security plans that were reviewed and approved through a rigid evaluation process. All visa application centres are required to provide a threat and risk assessment to address any additional security and privacy mitigations that may be required. Annual security plans for each visa application centre are submitted and reviewed by PSPC Contract Security Program. All building plans are reviewed and approved by the Contract Security Program in conjunction with IRCC. Compliance visits are carried out regularly to ensure that all privacy and security requirements of the contract are being met.

All computers at each visa application centre including the self-serve workstations, have strict contract requirements to purge all information. There is no biometric information stored on any visa application centre computer; the information is transmitted to Canada. Any other personal information collected by the VAC (for example, name and phone number related to an appointment) must be erased or destroyed (purged) within 30 calendar days after services rendered to the applicant are complete. The contractor subcontracted its IT requirement to companies located in Canada who have been vetted and inspected by PSPC Contract Security Program.

All privacy and security incidents are reported to IRCC and PSPC for review and immediate resolution. Every year, oversight contract compliance visits of VACs are conducted by IRCC visa officers/biometric officers working in the field in partnership with the PSPC Contract Security Program. All visit reports were shared with PSPC for comment and to ensure compliance with security aspects of the contract. In addition, the last review of the Annual Security Report submitted by the contractor was conducted in December 2020 for all VACs located in China. Compliance on-site visits were conducted by IRCC in 2019 for 11 sites in Mainland China (Beijing, Chongqing, Chengdu, Shenyang, Nanjing, Kunming, Shanghai, Jinan, Hangzhou, Wuhan and Guangzhou). In 2021, so far, on-site visits were conducted by IRCC at Beijing and Guangzhou. VFS Global and their subcontractors have been compliant with all the security requirements set out in the 2018 VAC contract.

Document navigation for "Standing Committee on Government Operations and Estimates: June 2, 2021"

Date modified: