ARCHIVED – Chapter 11: International security issues
Archived information
This information has been archived and replaced by the Contract Security Manual.
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived.
On this page
- 1100. General
- 1101. Roles and responsibilities
- 1102. Foreign disclosure policy
- 1103. Bilateral security agreements
- 1104. Multinational armaments cooperative programs with North Atlantic Treaty Organization allies
- 1105. Handling and safeguarding of foreign classified information and assets
- 1106. Protected information
- 1107. Restricted information
- 1108. Security requirements for contracts awarded to foreign interests
1100. General
This chapter contains information on Canadian foreign disclosure policies and regulations and international security agreements and arrangements executed between the Government of Canada and allied governments, concerning the exchange and safeguarding of protected and classified information and assets.
1101. Roles and responsibilities
Under the Policy on Government Security, Public Services and Procurement Canada (PSPC) is responsible, for:
- providing leadership, advice and guidance for matters related to contract security
- supporting and fulfilling government-wide functions for issuing personal record identifiers (PRI) to departments and agencies and individual agency numbers (IAN) to agencies outside the federal public service, and maintaining the PRI and IAN systems
- providing emergency procurement and emergency accommodation, and providing security services to help ensure the protection of sensitive information entrusted to Canadian and foreign industry
- providing internal enterprise services for contract security, base building security for general-purpose office facilities under its custodial responsibility, and Information Technology (IT) security in support of providing and managing certain government-wide applications
- serving as the government's national authority for industrial security, and in this capacity, serving as Canada's Designated Security Authority for North Atlantic Treaty Organization (NATO)
1102. Foreign disclosure policy
- Organizations involved in the Canadian PSPC's Contract Security Program (CSP) that wish to exchange information and assets with a foreign government or private sector organization must contact the PSPC's CSP which will determine whether the:
- information may be released to the foreign government
- disclosure is in compliance with Canadian foreign disclosure policies and regulations
- information can be adequately safeguarded by the foreign participant
- Decisions to disclose information and assets to foreign interests are based on a determination that release is in support of an authorized Canadian government program
- Prior to release of protected and/or classified information or assets to foreign interests, PSPC's CSP must request and receive a security assurance from the responsible foreign government (for example, the level of facility security clearance (FSC) held by the recipient organization)
- When the disclosure parameters cannot readily be determined from past records, contractual documentation or a security requirements checklist (SRCL), PSPC's CSP may have to consult with other Canadian government entities (for example, Department of National Defence (DND) or major Crown project offices) to obtain a foreign disclosure decision. In such cases, it is prudent for the contractor to contact IISD well in advance of any proposed exchange or release, as foreign disclosure reviews may take up to 30 days for staff of the various agencies and departments to reach a decision
- In addition to the above, PSPC's CSP must receive proof that the dispatching organization has complied with Canada's Export and Import Permits Act (EIPA) before initiating a government-to-government exchange. As proof, PSPC's CSP will accept a:
- copy of an approved export permit
- letter from the Export Controls Division, Global Affairs Canada to the effect that a licence is not required
- a letter from the organization certifying that the transaction does not require a licence under the Export and Import Permits Act or that a licence is not required because of prior Canadian government approval, for example:
- Canadian government approved contract
- PSPC/DND subcontracting approval
- a letter of authorization from PSPC/DND
- other Canadian government organization authorizing release
- Export permits and advice or information about the EIPA may be obtained by contacting:
Export Controls Division
Special Trade Relations Bureau
Global Affairs Canada
P.O. Box 481, Station A
Ottawa ON K1A OG2 - Transfer of national or international information and assets by Canadian industry to a foreign entity (government or private sector) must be undertaken through PSPC's government-to-government channels, unless otherwise agreed to by PSPC (for example, exceptions may apply to protected material). It is important to note that most government-to-government exchanges of information and assets are carried out using the diplomatic bag service of Global Affairs Canada. This being the case, contractors who have specific delivery deadlines should contact PSPC's document control unit to determine the diplomatic mail schedule for the country in question. In the case of transmissions to the United States only, PSPC makes use of Canada Post's priority service to expedite transmissions whenever possible (weight restrictions apply). When these methods of transport would result in unacceptable delays to a contract, program or project, the company security officer (CSO) may contact PSPC's CSP to request an alternate method of transmission, such as hand carriage by an organization employee
- The CSO must strictly control the disclosure of national or international information to a foreign person employed by a Canadian contractor. Persons holding Canadian, with limitations clearances, may be given access to Canadian information and assets and/or information and assets from their country of nationality. Information belonging to a third nation may not be released to these individuals without the prior written approval of the originating nation, through PSPC
- Disclosure of information to foreign visitors is prohibited unless disclosure authority has been obtained from PSPC in the form of an approved visit request (refer to ARCHIVED - Chapter 6: Classified requests for visit protocol for Canadian-based industry of this manual) or other authorizing document
1103. Bilateral security agreements
- Bilateral security agreements are negotiated with foreign governments. This chapter contains the principle requirements embodied in these agreements
- A general security agreement, negotiated through diplomatic channels, states that each party to the agreement will afford information substantially the same degree of security safeguarding afforded it by the releasing government. It contains provisions concerning limits on the use of this information, including third party transfers and proprietary rights. It provides for the reporting of compromises of information and assets and for visits by security authorities of participating governments
- PSPC negotiates the industrial security agreement on behalf of Canadian industry, normally as an annex to the general security agreement with a foreign government. It contains security procedures for contracts and government-approved arrangements involving access to information and assets. It also includes provisions for information handling, security classification guidance, security requirements clauses, visits and the exchange of security assurances, and it designates a responsible agency to administer the agreement (PSPC's CSP in Canada)
- When a Canadian organization becomes involved in a program or contract covered by an industrial security agreement, PSPC's CSP will identify the special security protocols, if any, which must be observed for the particular contract or program
1104. Multinational armament cooperative programs with North Atlantic Treaty Organization allies
- In order to facilitate the exchange of information and assets required by industry, for multinational cooperative programs, Canadian industrial security authorities have agreed, with NATO member nations, to use standard security practices and procedures for Multinational Armaments Cooperative Programs that are not under NATO security jurisdiction. In some respects, these practices and procedures may differ from the requirements set forth in this manual
- For additional information concerning these procedures, contractors participating in a multinational program involving NATO member nations are encouraged to contact the international security visits and document control division of PSPC's CSP by email: ssivisites-.issvisits@tpsgc-pwgsc.gc.ca
- PSPC's CSP represents Canada on the Multinational Industrial Security Working Group (MISWG) which is responsible for negotiating and developing international standard security practices and procedures. This group meets twice a year in various NATO member nations. The procedures and practices approved by this committee are sometimes referred to as "MISWG documents"
- Each nation's designated security authority (DSA) is responsible for the application of approved standardized procedures on a specific program or project. In Canada, there are two DSAs for Multinational Armaments Cooperative Programs. PSPC's CSP is the designated security authority for security matters involving private sector personnel and organizations and Department of National Defence / Division of security (DSECUR) is the designated security authority for security matters involving Canadian military personnel and establishments
- Industry should notify PSPC's CSP with concerns, or when they experience security-related problems in Multinational Cooperative Programs
- Where a Canadian organization must fulfill certain obligations, under an international security protocol, PSPC's CSP will contact the CSO and identify the detailed requirements which must be met in each case
1105. Handling and safeguarding of foreign classified information and assets
Foreign government classified information or assets at the Confidential, Secret or Top Secret level must be safeguarded in the same manner as Canadian classified information and assets of an equivalent level, unless advised otherwise by PSPC's CSP (for information on how to safeguard foreign unclassified but special information or assets, contact your field industrial security officer (FISO)).
1106. Protected information
The private sector must not release Canadian protected information and assets to other countries without written authorization from PSPC. Foreign governments and organizations must be informed of the level of safeguarding required for protected information and assets, by way of contract security clauses, or through written instructions approved by PSPC's CSP.
1107. Restricted information
Foreign restricted
The <<RESTRICTED>> classification no longer exists in Canada, however many allied governments still use this classification. Canada must safeguard foreign restricted information and assets in accordance with international industrial security agreements. Unless otherwise advised by PSPC's CSP, organizations which are in possession of foreign restricted information and materiel must safeguard this information in the same manner as Canadian Protected A. Additional safeguarding procedures are as follows:
- PSPC's CSP must provide prior approval before foreign restricted information is released to any government, person or institution of another country
- restricted information may only be accessed by persons whose access is considered to be necessary in connection with a government or multinational program, project or contract
- the CSO must inform all recipients of foreign restricted information and assets of their responsibility for safeguarding the information and assets
- NATO restricted information requires additional safeguards
- to avoid confusion, organizations must indicate the country of origin of foreign restricted information and assets, in brackets, beside the classification, for example, <<RESTRICTED (Italy)>>, <<RESTRICTED (France)>>
Information or assets previously classified as Canadian restricted
- Organizations which are in possession of Canadian documents bearing the classification <<RESTRICTED>> should request an official reclassification of the documentation through PSPC's CSP, to determine if and how it should be safeguarded under existing Canadian government security policies and regulations. Pending an official reclassification, formerly restricted Canadian information and assets must be safeguarded in the same manner as Protected A information and assets
- Foreign recipients of formerly restricted Canadian information and assets must continue to handle and safeguard such information and assets in accordance with existing bilateral and multinational security agreements or arrangements unless otherwise advised by the Government of Canada
1108. Security requirements for contracts awarded to foreign interests
- In addition to the requirements specified in ARCHIVED - Chapter 7: Classified and protected contracts of this manual, the following requirements apply to the awarding of contracts to organizations outside of Canada holding a valid FSC in their nation:
- when a contractor obtains PSPC approval to award a subcontract, or enters into other direct commercial arrangements involving information and assets with a foreign contractor, the contractor must incorporate security requirements clauses in the contract document and provide security classification guidance for the Canadian information, through the use of a Security requirements checklist (SRCL) (refer to ARCHIVED - Chapter 7: Classified and protected contracts of this manual)
- The following security clauses must be incorporated in all contracts or subcontracts awarded to organizations outside of Canada:
- all protected and classified information and assets, furnished or generated pursuant to this contract, must be safeguarded as follows:
- the recipient must not release the information and assets to a third-country government, person or organization, without the prior written approval of the Canadian government
- the recipient must afford the information and assets a degree of safeguarding equivalent to that afforded to it in Canada
- the recipient must not use the information and assets for other than the intended purpose without prior written approval of the Canadian government
- information and assets furnished or generated pursuant to this contract, must be transferred through government channels or other channels specified in writing by national security authorities. It may only be released to persons who have an appropriate security authorization and an official need-to-know in the performance of the contract
- information and assets furnished under this contract must be marked by the receiving government authority with their government's equivalent security classification markings
- information and material generated under this contract must be assigned a security classification, as specified by the contract security classification specifications provided with this contract
- the contractor must promptly report to its government's security authorities all cases, in which it is known or there is reason to believe that information and assets furnished or generated pursuant to this contract has been lost or disclosed to unauthorized persons
- information and assets furnished or generated pursuant to this contract, must not be provided to another contractor or subcontractor unless:
- the potential contractor or subcontractor has been approved for access to the information and assets by industrial security authorities
- if located in a third country, prior written consent is obtained from the Canadian government
- upon completion of the contract, all information and assets furnished or generated pursuant to the contract, must be returned to the Canadian contractor
- all protected and classified information and assets, furnished or generated pursuant to this contract, must be safeguarded as follows: