Annex E: Guidelines for requests for visits

Document navigation for "Contract Security Manual"

Use this annex in conjunction with the Chapter 8: Visits to secure sites of the Contract Security Manual (CSM).

On this page

  1. Requirements for requests for visits
    1. Domestic visits
      1. Canadian private sector organization to private sector organization visits
      2. Canadian private sector organizations to Canadian government visits
      3. Canadian government to Canadian private sector organization visits
    2. International visits
  2. Types of visits
  3. Responsibilities
    1. Host organization responsibilities
    2. Visiting organization responsibilities

I. Requirements for requests for visits

There are different requirements for obtaining approval for requests for visits (RFV), depending on the category.

A. Domestic visits

1. Canadian private sector organization to private sector organization visits

  • a) Company security officers (CSO)s of registered Canadian private sector organizations can submit RFVs directly to other Canadian private sector organizations for employees who have a Canadian personnel security clearance at the required level. However, Public Services and Procurement Canada’ s (PSPC) Contract Security Program (CSP) must process requests for visits involving:
    • foreign nationals, even though they may hold Canadian personnel security clearances
    • access to, or disclosure of, classified information requiring special access authorization, for example:
      • communications security (COMSEC)
      • foreign classified information
      • North Atlantic treaty Organization (NATO)
      • other special-access or limited-access programs
  • b) Procedures for processing these RFVs:
    • organizations must complete the Request for visit form, plus confirm with the requesting CSO that their organization holds a valid facility security clearance (FSC). CSOs should ensure that each visit has a unique identification or serial number
    • the host organization must receive the RFV at least 15 days before the intended visit:
      • in exceptional or emergency cases, visit arrangements can be made by telephone, provided all details are confirmed in writing
      • visitors cannot, under any circumstances, hand carry their own visit requests to the place being visited
    • if either the originating or host CSO is uncertain about the nature of the visit or the FSC of the other organization, they must contact the Contract Security Program’s client service centre to verify this information
    • any loss or lowering of FSC by either organization must immediately be disclosed to the CSO of the other organization
    • the CSO initiating the request must immediately notify the host organization of any change in a visitor's status, which requires terminating the visit authorization
    • the CSO of the host organization can approve the request if all necessary conditions are met and notify the requesting CSO, either orally or in writing. If the visit is not approved, the CSO must also promptly notify the requesting CSO

2. Canadian private sector organizations to Canadian government visits

The Request for visit form must be completed and submitted to PSPC’s CSP. Information on Submitting the request for visit form is available on PSPC’s CSP website.

3. Canadian government to Canadian private sector organization visits

  • a) CSOs of registered Canadian organizations can process requests from departmental chief security officers of government departments and agencies for visits by their employees who hold Canadian personnel security clearances at the required level and have a legitimate need to discuss their classified contracts
  • b) Procedures for processing these requests for visits:
    • requests must be submitted using the Request for visit form CSOs should ask chief security officers to use the request form and ensure that each visit has a unique identification or serial number
    • the RFV form may be submitted by email, mail, fax or courier. Information on submitting the request for visit form is available on PSPC’s website
    • the host private sector organization must receive the RFV at least 15 days before the intended visit:
      visitors cannot, under any circumstances, hand carry their own visit requests to the place being visited
    • if the host private sector organization’s CSO is uncertain about the nature of the visit or the personnel security clearances of the proposed visitors, they must verify this information by contacting the Contract Security Program’s Client service centre
    • the Chief Security Officer must immediately notify the host organization CSO of any change in a visitor's status, which requires terminating the visit authorization
    • the CSO of the host organization can approve the request if all necessary conditions are met and notify the requesting Chief Security Officer, either orally or in writing. If the request is not approved, the CSO must also promptly notify the requesting Chief Security Officer and inform PSPC’s CSP

B. International visits

These visits include Canada to foreign locations and the foreign locations to Canada. The visiting organizations must get approval from their own country's designated security authority by completing and submitting the Request for visit form.

Information on Submitting the request for visit form for international visits is available on PSPC’s CSP website.

II. Types of visits

One time, recurring and emergency visits

A one-time visit is for a specified, continuous period of time up to one year. A recurring visit is for a series of visits over an extended period of time, normally up to one year. An emergency request is for events of an urgent nature.

Project/program security instruction specific visits

Requirements for this category of visits are determined on a case-by-case basis. PSPC’s CSP will notify Canadian private sector organizations of applicable procedures, if and when required.

III. Responsibilities

A. Host organization responsibilities

Organizations hosting classified visits are responsible for ensuring that no unauthorized disclosure occurs during the visit. Organizations cannot grant access to information classified higher than the level in the visit authorization, regardless of the level of the visitor's personnel security clearance. CSOs must ensure that the procedures are observed.

Identification and control of visitors

Organizations being visited must have an approved RFV, either from PSPC’s CSP or the host CSO for Canadian organization to organization visits. The host CSO must verify that the organization requesting the visit has an FSC at the required level. This verification may be based on an existing contractual relationship involving classified information of the same or higher level or PSPC’s CSP confirmation. Once the requesting organization's FSC status has been determined, the organization's CSO certification of each proposed visitor's personnel security clearance may be accepted.

The visitor's identity must be positively verified with photo identification before classified information is disclosed. If there is any question as to the validity of a visit request or identity of the visitor, organizations must contact the contract Security Program’s client service centre for confirmation.

Host organizations must ensure that visitors only have access to classified information consistent with the authorized purpose of the visit. Foreign national visitors, whether from abroad or from Canadian organizations, must not have access except as provided for by the terms of the visit authorization. Foreign nationals must be escorted when given access to classified information consistent with the terms of the visit authorization and when in areas where classified information may be accessible. The escort should be a responsible, appropriately cleared employee who has been briefed regarding the visitor's access limitations or restrictions.

Classified material cannot be released to the visitor for removal from the host organization, except as provided for in Chapter 6.8: Transfer of information and assets of this manual.

Visitor records

Organizations must maintain a record of all individuals who visit the facility to access classified information. This record should be separate from the records of unclassified visits.

Records of authorized visits that have taken place must be kept by the host organization for a minimum of 2 years and can be randomly inspected by PSPC’s CSP during that period.

A separate set of visitor records must be kept for NATO visits (Chapter 10: International organizations of this manual).

B. Visiting organization responsibilities

Visiting organizations must ensure that the:

  • host organization is given proper notification of and has approved the visit
  • recommendation of a minimum of 30 days’ notice for visits to foreign countries is respected
  • host organization is aware of the purpose and classification level of the visit
  • two organizations agree on the administrative arrangements for the visit
  • visitors are fully briefed on the specific classified information and level authorized for disclosure during the visit, particularly during foreign visits
  • visitors only disclose classified information to host organizations that have the applicable level of clearance and a need-to-know
  • visitors transporting classified materiel must have the pre-approval of PSPC’s CSP, observe the proper procedures, and ensure classified material is not left at the host organization except as specifically authorized (Chapter 6: Handling and safeguarding information and assets of this manual
  • visit arrangements are confirmed before departure

Document navigation for "Contract Security Manual"

Report a problem on this page
Date modified: