Chapter 9: International security
On this page
- 9.1 Overview
- 9.2 Bilateral security instruments
- 9.3 Foreign disclosure
- 9.4 Protected information
- 9.5 International alternative solutions
- 9.6 Foreign classified information and assets
- 9.7 Foreign information at the Restricted level
- 9.8 Security requirements for contracts awarded to foreign organizations
- 9.9 Program/project security instructions
9.1 Overview
The Government of Canada must occasionally use foreign contractors and increasingly complex supply chains to access specialized skills and technologies. Similarly, Canadian contractors may be a supplier of an allied foreign government or international organization. The Government of Canada, allied governments and international organizations must ensure their respective sensitive information is adequately handled and safeguarded using common international standards when shared among themselves.
9.1.1 Canadian designated security authority
As per Canada’s international commitments, a Designated Security Authority (DSA) must be identified to provide direction and assistance to government and industry on industrial security matters related to the exchange of classified information with foreign entities. In Canada, the DSA is part of Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP). In some countries the National Security Authority (NSA) may be acting as the DSA.
9.2 Bilateral security instruments
The Canadian DSA negotiates a number of bilateral security instruments (arrangements, memoranda of understanding, agreements) to facilitate the exchanging and safeguarding of protected and classified information and assets that have been provided to contractors. Consequently, the Canadian DSA identifies the security requirements to safeguard protected and classified information that a Canadian or foreign organization must abide by when it becomes involved in any stage of a contract covered by a bilateral security instrument.
In Canada, the DSA is responsible to negotiate bilateral security instruments that:
- enable Canadian industry to access classified contracts with foreign governments and international organizations
- allow Canadian industry to compete internationally and encourages foreign investment
- administer safeguarding measures for all pre-contracting phases, as well as projects, programs, contracts/subcontracts with foreign countries and international organizations related to the exchange of protected or classified information
- include provisions to define the scope; designate the security authority(ies) to administer and implement the instrument; define security classification level equivalencies of classified and protected information; define protection and handling of classified and protected information; define process to exchange security assurances; define how contract security requirements are transmitted; define process for visits of personnel and transportation of documents and freight; define loss or compromise of classified and protected information; and additional mitigation strategies
9.3 Foreign disclosure
Organizations must get approval from the Canadian DSA to exchange or transfer protected and classified information and assets with a foreign entity or to receive foreign government or international organization classified information. A foreign security assurance confirms that a foreign organization and its personnel meet the security requirements of a solicitation request, contract or subcontract. To obtain a foreign security assurance, organizations must contact the Canadian DSA by email at dgsssiprojetintl-dobissintlproject@tpsgc-pwgsc.gc.ca, who will determine if the information can be released to, and safeguarded by, the foreign organization or government. Please note that foreign disclosure reviews may take several months depending on the information to be disclosed.
Canadian industry transferring national or international information and assets to a foreign entity (government or private sector) must go through the Canadian DSA unless otherwise approved. Most government-to-government exchanges of information and assets use approved courier services. Therefore, organizations who have shipments must contact the Canadian DSA by email at dgsssiprojetintl-dobissintlproject@tpsgc-pwgsc.gc.ca for approval of the shipment. When these methods of transport would result in unacceptable delays to a contract/program/project, the company security officer (CSO) or alternate company security officer (ACSO) can request an alternate method of transmission, such as hand carriage by an organization’s employee from the Canadian DSA.
Information belonging to a third nation cannot be released to individuals holding foreign clearances without the prior written approval of the originating nation through the Canadian DSA. Therefore, disclosing national or international information to a foreign person employed by a Canadian organization must be first approved by the Canadian DSA and strictly controlled by the CSO or ACSO.
Disclosing information to foreign visitors is prohibited unless disclosure authority has been obtained from PSPC’s CSP through an approved visit clearance (Chapter 8: Visits to secure sites) or other authorizing document.
The release of protected and classified information or assets to foreign countries and international organizations must comply with Canada's international bilateral security instruments and foreign legislation, and must be approved by the Canadian DSA.
To request approval for any of the above exchanges of information, or for more information, please contact the Canadian DSA by email at dgsssiprojetintl-dobissintlproject@tpsgc-pwgsc.gc.ca.
9.4 Protected information
Organizations must have written authorization from the Canadian DSA before releasing Canadian protected information and assets to other countries. The Canadian DSA will provide the level of safeguarding required for protected information and assets through contract security clauses or written instructions.
9.5 International alternative solutions
In some cases, when there is no bilateral security instrument covering protected information, customized international alternative solutions may be used to help safeguard Canadian protected information handled abroad during Government of Canada contracting.
With international alternative solutions, the Government of Canada may award contracts and subcontracts at Protected A or Protected B levels to suppliers located in a limited set of countries with appropriate security and privacy legislation and framework; similarly, Canadian organizations may consider certain foreign suppliers in their bids and subcontracts. The suitability of an alternative solutions approach is always considered on a case-by-case basis and is at the exclusive discretion of PSPC’s CSP.
More information on whether international alternative solutions are possible is available on the International alternative solutions webpage.
9.6 Foreign classified information and assets
Foreign government and international organization classified information or assets that are Confidential, Secret or Top Secret must be safeguarded in the same manner as Canadian classified information and assets of an equivalent level as defined in the respective bilateral security instrument, unless advised otherwise by the Canadian DSA (Chapter 6: Handling and safeguarding information and assets). Security measures to handle and safeguard foreign classified information are stipulated in the contract clauses.
9.7 Foreign information at the Restricted level
The Restricted classification no longer exists in Canada, however many allied governments and international organizations still use this classification and Canada is obligated to safeguard it consistent with bilateral security instruments. Industries awarded a foreign government contract at the Restricted classification must contact the Canadian DSA by email at dgsssiprojetintl-dobissintlproject@tpsgc-pwgsc.gc.ca for further guidance as the security measures will normally be included in their contract clauses from the foreign DSA. Organizations must also comply with the following additional safeguarding procedures:
- the Canadian DSA must approve the release of foreign Restricted information to any government, person or institution of another country
- access to Restricted information must only be given to individuals who require access in connection with a government or multinational program/project/contract
- the CSO or ACSO must inform all recipients of foreign Restricted information and assets of their responsibility for safeguarding the information and assets
- to avoid confusion, organizations must indicate the country of origin of foreign Restricted information and assets, along with the classification, for example, Restricted (Italy)
9.8 Security requirements for contracts awarded to foreign organizations
In addition to the requirements specified in (Chapter 2: Contracts with security requirements), when awarding contracts, including subcontracts, to organizations outside of Canada holding a valid facility security clearance (FSC) in their nation (foreign contractor), organizations are required to:
- get the Canadian DSA approval for the contract and/or sub-contract; and
- include security requirements clauses in the contract and security classification guidance for the Canadian information, provided by PSPC’s CSP
9.9 Program/project security instructions
To enable the exchange of information and assets required by governments and industry for multinational cooperative programs, nations participating the program or project may agree to use practices and procedures that differ from the requirements in this manual and from bilateral security instruments. In such cases, these requirements, practices and procedures will be detailed in a Program/Project Security Instruction approved by all participants. For Canada, the Canadian DSA will approve it.