Difference between revisions of "Security in Contracts"
(Created page with "File:Health Canada Logo.png</div> <div> {| style="text-align:center; font-weight:bold; border-collapse: collapse;" |- | style="border-left:2px solid white; background-col...") |
|||
Line 8: | Line 8: | ||
|} | |} | ||
</div> | </div> | ||
+ | |||
+ | = Security in Contracts = | ||
+ | As directed by the Treasury Board Secretariat (TB) ''[http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12332 Security and Contracting Management Standard] '''(page has been archived)''''' and the ''[http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=28115 Personnel Security Standard]'', '''all''' contractors assigned to a Government of Canada contract must undergo a security screening process where their duties will permit them access to sensitive information, assets or worksites. | ||
+ | |||
+ | ====== [https://mysource.hc-sc.gc.ca/en/ss/programs-and-services/financial-operations/procurement-and-contracting/security-contracts-1 Security Requirements for Canadian Suppliers](Intranet to be deleted) ====== | ||
+ | |||
+ | # The Contractor/Offeror must, at all times during the performance of the Contract/Standing Offer/Supply Arrangement, hold a valid Designated Organization Screening (DOS), issued by the Canadian Industrial Security Directorate (CISD), Public Works and Government Services Canada (PWGSC). | ||
+ | # The Contractor/Offeror personnel requiring access to sensitive work site(s) must '''each''' hold a valid Reliability Status, granted or approved by CISD/PWGSC. | ||
+ | # Subcontracts which contain security requirements are '''not''' to be awarded without the prior written permission of CISD/PWGSC. | ||
+ | # The Contractor/Offeror must comply with the provisions of the: | ||
+ | ## Security Requirements Check List | ||
+ | ## Industrial Security Manual (Latest Edition). | ||
+ | |||
+ | ====== [https://mysource.hc-sc.gc.ca/en/ss/programs-and-services/financial-operations/procurement-and-contracting/security-contracts-2 Security Requirements for United States Suppliers] (intranet to be deleted) ====== | ||
+ | |||
+ | # All CLASSIFIED information/assets, furnished to the Contractor/Offeror or produced by the Contractor/Offeror, shall be safeguarded as follows: | ||
+ | ## the recipient Contractor/Offeror shall not disclose the CLASSIFIED information to a third party government, person or firm, or representative thereof, without the prior written consent of the Government of Canada. Such consent shall be sought from the recipient's National Security Authority/Designated Security Authority (NSA/DSA). The DSA for industrial matters in Canada is the Director, Canadian and International Industrial Security Directorate (CIISD), Public Works and Government Services Canada (PWGSC). | ||
+ | ## the recipient Contractor/Offeror shall provide the CLASSIFIED information a degree of Safeguarding no less stringent than that provided by the Government of Canada in accordance with United States national security regulations and as prescribed by the United States its NSA/DSA. | ||
+ | ### The Offeror must, at all times during the performance of the Standing Offer, hold a valid Facility Security Clearance at the level of SECRET, with approved Document Safeguarding at the level of CONFIDENTIAL, issued by the competent national authority and confirmed by the UNITED STATES NSA/DSA. | ||
+ | ## the recipient Contractor/Offeror shall not use the CLASSIFIED information/assets for any purpose other than for the performance of the Contract/SO/SA without the prior written approval of the Government of Canada. This approval must be obtained by contacting the Canadian DSA for industrial matters in Canada; and | ||
+ | ## such information/assets shall be released only to personnel, who have a need-to-know for the performance of the Contract/Standing Offer and who have a security clearance at a level appropriate to the classification of the information/assets, granted by their respective NSA/DSA. | ||
+ | ## CLASSIFIED information/assets provided or generated pursuant to this Contract/SO/SA shall be transferred only through government-to-government channels (in Canada, this is CIISD/PWGSC) or as specified in writing by the NSA/DSA of the concerned government. | ||
+ | # CLASSIFIED information/assets generated pursuant to this Contract/SO/SA, by the Government of Canada, shall be marked by the recipient Contractor/Offeror with its government's equivalent security classification. | ||
+ | # All CLASSIFIED information/assets generated pursuant to this Contract/SO/SA shall be assigned a security classification in accordance with the security classification specifications provided on the Security Requirements Check List (SRCL) EN578-055605/F, described in Annex "A". | ||
+ | # The Contractor/Offeror shall immediately report to its respective NSA/DSA all cases in which it is known or there is reason to suspect that CLASSIFIED information/assets furnished to or generated for pursuant this Contract/SO/SA have been lost or disclosed to unauthorized persons. | ||
+ | # Upon completion of the Work, the Contractor/Offeror shall return to the Government of Canada, via government-to- government channels, all CLASSIFIED information/assets furnished to or produced by the Contractor/Offeror pursuant to this Contract/SO/SA, including all CLASSIFIED information/assets released to or produced by its subcontractors. | ||
+ | # The Contractor/Offeror visiting government or industrial facilities will submit a Request for Visit form through their respective NSA/DSA | ||
+ | # Classified information/assets provided or generated pursuant to this Contract./SO/SA shall not be further provided to another potential contractor/Offeror or subcontractor unless: | ||
+ | ## written assurance is obtained from the recipient's NSA/DSA to the effect that the potential contractor/Offeror or subcontractor has been approved for access to CLASSIFIED information by the NSA/DSA; and | ||
+ | ## written consent is obtained from the Contracting Authority (CIISD/PWGSC) for the prime contract, if the potential subcontractor is located in a third country. | ||
+ | # All CLASSIFIED information/assets provided or generated under this Contract/SO/SA will continue to be safeguarded in the event of withdrawal by the recipient party or upon termination of the Contract/SO/SA, in accordance with national regulations. | ||
+ | # The Contractor/Offeror shall contact their Industrial Security Authority in order to comply with the provisions of the Bilateral Industrial Security Memorandum of Understanding signed with Canada in relation to equivalencies for CLASSIFIED Information and/or assets. | ||
+ | # The recipient Contractor/Offeror shall also insert the above paragraphs in all subcontracts that involve access to CLASSIFIED information/assets provided or generated under this Contract/SO/SA | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+U.S. TABLE OF EQUIVALENCY | ||
+ | !CANADA | ||
+ | !U.S. | ||
+ | |- | ||
+ | |PROTECTED "A" | ||
+ | |TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S. | ||
+ | |- | ||
+ | |PROTECTED "B" | ||
+ | |TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S. | ||
+ | |- | ||
+ | |SECRET | ||
+ | |SECRET | ||
+ | |} | ||
+ | The Security Management Division (SMD) works with PWGSC to verify the security screening of the business entity and all its employees assigned to the contract, to the highest level of security categorization that will be accessed throughout the entire contract. | ||
+ | |||
+ | PWGSC developed [https://www.tbs-sct.gc.ca/tbsf-fsct/350-103-eng.asp Security Requirements Check List (SRCL)] that '''must be used''' to determine security requirements for a contract process. You must: | ||
+ | |||
+ | * select the language of choice; | ||
+ | * agree to CISD’s Terms and Conditions of Use; | ||
+ | * the Login screen appears next; however you must first be Registered as an authorised user by clicking upon the “SRCL Registration” link under quick links. It may take up to 24 hours to receive the User ID and Password from CISD; | ||
+ | * registration entails providing your name, job title, phone numbers and e-mail address. Most importantly, you must identify HC or PHAC as your Government Department (this ensures that your SRCL requests are properly routed to the authorised officers within HC/PHAC Security Management Division); and | ||
+ | * submit your registration. | ||
+ | |||
+ | The SRCL is also required for Supply Arrangements or call-ups against Standing Offers when a security requirement is necessitated. Many Supply Arrangements and Standing Offers already contain pre-approved SRCLs that Cost Centre Managers are encouraged to use. (Security still advises on the proper clauses based on the tool MAMD will use) | ||
+ | |||
+ | A fillable [http://www.tbs-sct.gc.ca/tbsf-fsct/350-103-eng.asp PDF form] link may be used only when the On-Line SRCL site is unavailable. | ||
+ | |||
+ | Please consult with Security Management Division (SMD or your local Security Coordinator whenever: | ||
+ | |||
+ | * you are planning to issue a Request for Proposal (RFP) or Request for Information (RFI), | ||
+ | * you are planning to issue a short form or long form contract, | ||
+ | * you are planning to issue a Call-Up Against a Standing Offer, | ||
+ | * you are planning to use a Supply Arrangement, | ||
+ | * you need to verify the security credentials of a proposed supplier, or | ||
+ | * a contractor and/or their employees or sub-contractors | ||
+ | *# require access to sensitive information or assets; | ||
+ | *# when safeguarding of sensitive information or assets will occur at the contractor’s facility; or, | ||
+ | *# if a Reliability Status/Security Clearance is required for access (unescorted) to Restricted Area. | ||
+ | |||
+ | For more information, please consult: | ||
+ | |||
+ | * [https://mysource.hc-sc.gc.ca/sites/default/files/4.4.3.contract_security_faqs.pdf Contract Security Frequently Asked Questions] | ||
+ | * [https://mysource.hc-sc.gc.ca/en/node/5128 Security in Contracting Guide] | ||
+ | * [https://mysource.hc-sc.gc.ca/en/ss/programs-and-services/financial-operations/procurement-and-contracting/security-contracts-3 Integrity Regime] |
Latest revision as of 11:06, 2 May 2024
Security in Contracts
As directed by the Treasury Board Secretariat (TB) Security and Contracting Management Standard (page has been archived) and the Personnel Security Standard, all contractors assigned to a Government of Canada contract must undergo a security screening process where their duties will permit them access to sensitive information, assets or worksites.
Security Requirements for Canadian Suppliers(Intranet to be deleted)
- The Contractor/Offeror must, at all times during the performance of the Contract/Standing Offer/Supply Arrangement, hold a valid Designated Organization Screening (DOS), issued by the Canadian Industrial Security Directorate (CISD), Public Works and Government Services Canada (PWGSC).
- The Contractor/Offeror personnel requiring access to sensitive work site(s) must each hold a valid Reliability Status, granted or approved by CISD/PWGSC.
- Subcontracts which contain security requirements are not to be awarded without the prior written permission of CISD/PWGSC.
- The Contractor/Offeror must comply with the provisions of the:
- Security Requirements Check List
- Industrial Security Manual (Latest Edition).
Security Requirements for United States Suppliers (intranet to be deleted)
- All CLASSIFIED information/assets, furnished to the Contractor/Offeror or produced by the Contractor/Offeror, shall be safeguarded as follows:
- the recipient Contractor/Offeror shall not disclose the CLASSIFIED information to a third party government, person or firm, or representative thereof, without the prior written consent of the Government of Canada. Such consent shall be sought from the recipient's National Security Authority/Designated Security Authority (NSA/DSA). The DSA for industrial matters in Canada is the Director, Canadian and International Industrial Security Directorate (CIISD), Public Works and Government Services Canada (PWGSC).
- the recipient Contractor/Offeror shall provide the CLASSIFIED information a degree of Safeguarding no less stringent than that provided by the Government of Canada in accordance with United States national security regulations and as prescribed by the United States its NSA/DSA.
- The Offeror must, at all times during the performance of the Standing Offer, hold a valid Facility Security Clearance at the level of SECRET, with approved Document Safeguarding at the level of CONFIDENTIAL, issued by the competent national authority and confirmed by the UNITED STATES NSA/DSA.
- the recipient Contractor/Offeror shall not use the CLASSIFIED information/assets for any purpose other than for the performance of the Contract/SO/SA without the prior written approval of the Government of Canada. This approval must be obtained by contacting the Canadian DSA for industrial matters in Canada; and
- such information/assets shall be released only to personnel, who have a need-to-know for the performance of the Contract/Standing Offer and who have a security clearance at a level appropriate to the classification of the information/assets, granted by their respective NSA/DSA.
- CLASSIFIED information/assets provided or generated pursuant to this Contract/SO/SA shall be transferred only through government-to-government channels (in Canada, this is CIISD/PWGSC) or as specified in writing by the NSA/DSA of the concerned government.
- CLASSIFIED information/assets generated pursuant to this Contract/SO/SA, by the Government of Canada, shall be marked by the recipient Contractor/Offeror with its government's equivalent security classification.
- All CLASSIFIED information/assets generated pursuant to this Contract/SO/SA shall be assigned a security classification in accordance with the security classification specifications provided on the Security Requirements Check List (SRCL) EN578-055605/F, described in Annex "A".
- The Contractor/Offeror shall immediately report to its respective NSA/DSA all cases in which it is known or there is reason to suspect that CLASSIFIED information/assets furnished to or generated for pursuant this Contract/SO/SA have been lost or disclosed to unauthorized persons.
- Upon completion of the Work, the Contractor/Offeror shall return to the Government of Canada, via government-to- government channels, all CLASSIFIED information/assets furnished to or produced by the Contractor/Offeror pursuant to this Contract/SO/SA, including all CLASSIFIED information/assets released to or produced by its subcontractors.
- The Contractor/Offeror visiting government or industrial facilities will submit a Request for Visit form through their respective NSA/DSA
- Classified information/assets provided or generated pursuant to this Contract./SO/SA shall not be further provided to another potential contractor/Offeror or subcontractor unless:
- written assurance is obtained from the recipient's NSA/DSA to the effect that the potential contractor/Offeror or subcontractor has been approved for access to CLASSIFIED information by the NSA/DSA; and
- written consent is obtained from the Contracting Authority (CIISD/PWGSC) for the prime contract, if the potential subcontractor is located in a third country.
- All CLASSIFIED information/assets provided or generated under this Contract/SO/SA will continue to be safeguarded in the event of withdrawal by the recipient party or upon termination of the Contract/SO/SA, in accordance with national regulations.
- The Contractor/Offeror shall contact their Industrial Security Authority in order to comply with the provisions of the Bilateral Industrial Security Memorandum of Understanding signed with Canada in relation to equivalencies for CLASSIFIED Information and/or assets.
- The recipient Contractor/Offeror shall also insert the above paragraphs in all subcontracts that involve access to CLASSIFIED information/assets provided or generated under this Contract/SO/SA
CANADA | U.S. |
---|---|
PROTECTED "A" | TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S. |
PROTECTED "B" | TO BE TREATED AS CONFIDENTIAL WHILE IN THE U.S. |
SECRET | SECRET |
The Security Management Division (SMD) works with PWGSC to verify the security screening of the business entity and all its employees assigned to the contract, to the highest level of security categorization that will be accessed throughout the entire contract.
PWGSC developed Security Requirements Check List (SRCL) that must be used to determine security requirements for a contract process. You must:
- select the language of choice;
- agree to CISD’s Terms and Conditions of Use;
- the Login screen appears next; however you must first be Registered as an authorised user by clicking upon the “SRCL Registration” link under quick links. It may take up to 24 hours to receive the User ID and Password from CISD;
- registration entails providing your name, job title, phone numbers and e-mail address. Most importantly, you must identify HC or PHAC as your Government Department (this ensures that your SRCL requests are properly routed to the authorised officers within HC/PHAC Security Management Division); and
- submit your registration.
The SRCL is also required for Supply Arrangements or call-ups against Standing Offers when a security requirement is necessitated. Many Supply Arrangements and Standing Offers already contain pre-approved SRCLs that Cost Centre Managers are encouraged to use. (Security still advises on the proper clauses based on the tool MAMD will use)
A fillable PDF form link may be used only when the On-Line SRCL site is unavailable.
Please consult with Security Management Division (SMD or your local Security Coordinator whenever:
- you are planning to issue a Request for Proposal (RFP) or Request for Information (RFI),
- you are planning to issue a short form or long form contract,
- you are planning to issue a Call-Up Against a Standing Offer,
- you are planning to use a Supply Arrangement,
- you need to verify the security credentials of a proposed supplier, or
- a contractor and/or their employees or sub-contractors
- require access to sensitive information or assets;
- when safeguarding of sensitive information or assets will occur at the contractor’s facility; or,
- if a Reliability Status/Security Clearance is required for access (unescorted) to Restricted Area.
For more information, please consult: