Important: The GCConnex decommission will not affect GCCollab or GCWiki. Thank you and happy collaborating!

Security in Contracts

From wiki
Jump to navigation Jump to search

Health Canada Logo.png

Home Mysource Link

Security in Contracts

As directed by the Treasury Board Secretariat (TB) Security and Contracting Management Standard (page has been archived) and the Personnel Security Standard, all contractors assigned to a Government of Canada contract must undergo a security screening process where their duties will permit them access to sensitive information, assets or worksites.

Security Requirements for Canadian Suppliers(Intranet to be deleted)
  1. The Contractor/Offeror must, at all times during the performance of the Contract/Standing Offer/Supply Arrangement, hold a valid Designated Organization Screening (DOS), issued by the Canadian Industrial Security Directorate (CISD), Public Works and Government Services Canada (PWGSC).
  2. The Contractor/Offeror personnel requiring access to sensitive work site(s) must each hold a valid Reliability Status, granted or approved by CISD/PWGSC.
  3. Subcontracts which contain security requirements are not to be awarded without the prior written permission of CISD/PWGSC.
  4. The Contractor/Offeror must comply with the provisions of the:
    1. Security Requirements Check List
    2. Industrial Security Manual (Latest Edition).
Security Requirements for United States Suppliers (intranet to be deleted)
  1. All CLASSIFIED information/assets, furnished to the Contractor/Offeror or produced by the Contractor/Offeror, shall be safeguarded as follows:
    1. the recipient Contractor/Offeror shall not disclose the CLASSIFIED information to a third party government, person or firm, or representative thereof, without the prior written consent of the Government of Canada. Such consent shall be sought from the recipient's National Security Authority/Designated Security Authority (NSA/DSA). The DSA for industrial matters in Canada is the Director, Canadian and International Industrial Security Directorate (CIISD), Public Works and Government Services Canada (PWGSC).
    2. the recipient Contractor/Offeror shall provide the CLASSIFIED information a degree of Safeguarding no less stringent than that provided by the Government of Canada in accordance with United States national security regulations and as prescribed by the United States its NSA/DSA.
      1. The Offeror must, at all times during the performance of the Standing Offer, hold a valid Facility Security Clearance at the level of SECRET, with approved Document Safeguarding at the level of CONFIDENTIAL, issued by the competent national authority and confirmed by the UNITED STATES NSA/DSA.
    3. the recipient Contractor/Offeror shall not use the CLASSIFIED information/assets for any purpose other than for the performance of the Contract/SO/SA without the prior written approval of the Government of Canada. This approval must be obtained by contacting the Canadian DSA for industrial matters in Canada; and
    4. such information/assets shall be released only to personnel, who have a need-to-know for the performance of the Contract/Standing Offer and who have a security clearance at a level appropriate to the classification of the information/assets, granted by their respective NSA/DSA.
    5. CLASSIFIED information/assets provided or generated pursuant to this Contract/SO/SA shall be transferred only through government-to-government channels (in Canada, this is CIISD/PWGSC) or as specified in writing by the NSA/DSA of the concerned government.
  2. CLASSIFIED information/assets generated pursuant to this Contract/SO/SA, by the Government of Canada, shall be marked by the recipient Contractor/Offeror with its government's equivalent security classification.
  3. All CLASSIFIED information/assets generated pursuant to this Contract/SO/SA shall be assigned a security classification in accordance with the security classification specifications provided on the Security Requirements Check List (SRCL) EN578-055605/F, described in Annex "A".
  4. The Contractor/Offeror shall immediately report to its respective NSA/DSA all cases in which it is known or there is reason to suspect that CLASSIFIED information/assets furnished to or generated for pursuant this Contract/SO/SA have been lost or disclosed to unauthorized persons.
  5. Upon completion of the Work, the Contractor/Offeror shall return to the Government of Canada, via government-to- government channels, all CLASSIFIED information/assets furnished to or produced by the Contractor/Offeror pursuant to this Contract/SO/SA, including all CLASSIFIED information/assets released to or produced by its subcontractors.
  6. The Contractor/Offeror visiting government or industrial facilities will submit a Request for Visit form through their respective NSA/DSA
  7. Classified information/assets provided or generated pursuant to this Contract./SO/SA shall not be further provided to another potential contractor/Offeror or subcontractor unless:
    1. written assurance is obtained from the recipient's NSA/DSA to the effect that the potential contractor/Offeror or subcontractor has been approved for access to CLASSIFIED information by the NSA/DSA; and
    2. written consent is obtained from the Contracting Authority (CIISD/PWGSC) for the prime contract, if the potential subcontractor is located in a third country.
  8. All CLASSIFIED information/assets provided or generated under this Contract/SO/SA will continue to be safeguarded in the event of withdrawal by the recipient party or upon termination of the Contract/SO/SA, in accordance with national regulations.
  9. The Contractor/Offeror shall contact their Industrial Security Authority in order to comply with the provisions of the Bilateral Industrial Security Memorandum of Understanding signed with Canada in relation to equivalencies for CLASSIFIED Information and/or assets.
  10. The recipient Contractor/Offeror shall also insert the above paragraphs in all subcontracts that involve access to CLASSIFIED information/assets provided or generated under this Contract/SO/SA
U.S. TABLE OF EQUIVALENCY
CANADA U.S.
PROTECTED "A" TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S.
PROTECTED "B" TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S.
SECRET SECRET

The Security Management Division (SMD) works with PWGSC to verify the security screening of the business entity and all its employees assigned to the contract, to the highest level of security categorization that will be accessed throughout the entire contract.

PWGSC developed Security Requirements Check List (SRCL) that must be used to determine security requirements for a contract process. You must:

  • select the language of choice;
  • agree to CISD’s Terms and Conditions of Use;
  • the Login screen appears next; however you must first be Registered as an authorised user by clicking upon the “SRCL Registration” link under quick links.  It may take up to 24 hours to receive the User ID and Password from CISD;
  • registration entails providing your name, job title, phone numbers and e-mail address. Most importantly, you must identify HC or PHAC as your Government Department (this ensures that your SRCL requests are properly routed to the authorised officers within HC/PHAC Security Management Division); and
  • submit your registration.

The SRCL is also required for Supply Arrangements or call-ups against Standing Offers when a security requirement is necessitated. Many Supply Arrangements and Standing Offers already contain pre-approved SRCLs that Cost Centre Managers are encouraged to use. (Security still advises on the proper clauses based on the tool MAMD will use)

A fillable PDF form link may be used only when the On-Line SRCL site is unavailable.

Please consult with Security Management Division (SMD or your local Security Coordinator whenever:

  • you are planning to issue a Request for Proposal (RFP) or Request for Information (RFI),
  • you are planning to issue a short form or long form contract,
  • you are planning to issue a Call-Up Against a Standing Offer,
  • you are planning to use a Supply Arrangement,
  • you need to verify the security credentials of a proposed supplier, or
  • a contractor and/or their employees or sub-contractors
    1. require access to sensitive information or assets;
    2. when safeguarding of sensitive information or assets will occur at the contractor’s facility; or,
    3. if a Reliability Status/Security Clearance is required for access (unescorted) to Restricted Area.

For more information, please consult: