Phase 2 of changes to the security screening process

Find information regarding the changes to Public Services and Procurement Canada's (PSPC) Contract Security Program (CSP) security screening process.

On this page

Background

In this section

Change to the eligibility criteria for organization security screening

A 5-year analysis of the CSP security processing volumes revealed that close to 90% of organizations screened by the CSP have not been associated with a contract or subcontract with security requirements. Processing volumes for personnel security screening, on the other hand, revealed that less than 20% of individuals screened by the CSP worked on a contract or a subcontract with security requirements during that same 5-year period.

This significant effort to screen organizations who are not in need of a clearance puts needless pressure on the Government of Canada's security infrastructure. It creates unnecessary screening delays, weakens the security posture of Canadian industry and ultimately increases the risk that organizations pose to sensitive government information and assets

Benefits of this change to eligible organizations

By refocussing organization security screening activities on active participants in a procurement process, the expected benefits are:

  • faster processing of organization security screenings
  • better support to industry in the delivery of important services and activities for the benefit of Canadians
  • reduced burden on industry, particularly on company security officers (CSOs) and alternates
  • a streamlined subcontracting process with increased flexibilities to diversify supply chains and reduce costs
  • contribute to enhance the competitiveness and marketability of Canadian industry in foreign defence and security markets

How this approach compares with what other countries are doing

Universally, security clearances are granted on a need-to-know or need-to-access basis only. The security screening process is in fact only initiated upon confirmation of a demonstrated requirement, such as a valid contract or a demonstrated “need to know”. Over 30 like-minded foreign partners conduct their clearances this way.

This approach enables other countries to have better service standards than the CSP. It also makes their industry more competitive in foreign markets. Aligning the CSP's rigorous security screening process with the approach of our international partners will provide for a better industrial security program that is more flexible and focused.

Changes that came into effect on May 2, 2022

As of May 2, 2022, the CSP:

Federal procurement process

In this section

Federal procurements that are subject to these changes

The above-mentioned changes apply to all federal procurements for goods, services and construction where the CSP's contract security services are used.

Changes affecting organizations bidding on solicitations with security requirements

As of May 2, 2022, organizations bidding on government solicitations with security requirements are required to complete and provide an application for registration (AFR) form as part of their bid response (for example, their proposal).

Organizations responding to a RFSO and a RFSA with security requirements are also required to complete and provide the AFR as part of their response. In their RFSO and RFSA, PSPC's Acquisitions Program requires that organizations submit the AFR form as part of their response to the tender. Once PSPC issues a standing offer (SO) or a supply arrangement (SA) to an organization, this organization is not required to submit an AFR each time they bid on a solicitation to obtain a call-up or a contract under this PSPC-issued method of supply.

Requirements to hold an organization security screening at bid closing

As a result of these changes, organizations only need to meet security requirements during the bid solicitation process if they are required to access sensitive documents to prepare their bid submission. If access to sensitive information is only required to execute the contract, government procurement officers must give bidders until the date of contract award to obtain their organization security clearance.

This puts all potential bidders on the same level playing field and provides a more competitive business environment. It ensures that, regardless of whether or not they have a clearance with the CSP, organizations of all sizes are eligible to bid on government tenders with security requirements.

Provisional security clearances

In this section

Accessing protected or classified material in the course of a pre-solicitation and/or bid preparation

On May 2, 2022, the CSP introduced a new provisional security clearance to provide a faster and less burdensome screening process for potential bidders requiring access to sensitive information prior to bidding (for example, to access classified requests for proposals).

This new clearance allows potential bidders to have a few individuals cleared prior to bid submission. Confirmed respondents to the associated solicitation are then invited to complete the organization screening process to obtain a designated organization screening (DOS) or facility security clearance (FSC) with the CSP, in line with the new eligibility criteria.

How organizations can request a provisional security clearance

To request a provisional security clearance, organizations must:

  • approach the procurement officer overseeing the solicitation
  • demonstrate their interest in participating
  • request a security screening if they do not already hold the appropriate level of clearance
  • provide the procurement officer with a complete AFR form

The procurement officer will then contact the CSP to request a provisional security clearance on the organization's behalf.

Process to obtain a provisional security clearance

When the CSP receives a valid request from a procurement officer, the CSP conducts an organization assessment, and requests the following documentation from the organization:

  • a company security officer appointment and acknowledgment and undertaking form to appoint a CSO
  • personnel security screening forms for the CSO and for the individuals that have been identified for the bidding team
  • signed security agreement
  • personnel security screening forms for 1 key senior official (KSO) (for classified level screenings only)

If the requirement is at the protected level, the CSO and individuals of the bidding team are required in accordance with the Treasury Board of Canada Secretariat (TBS) Standard on security screening to:

If the requirement is at the classified level, the CSO, the KSO and the individuals of the bidding team are required in accordance with the TBS Standard on security screening to:

For all levels of provisional security clearances, the organization must reference the list of scenarios that are accepted as justification to process personnel security screening requests.

In section A of the personnel screening, consent and authorization form for the CSO, and if applicable, the KSO, the organization must reference scenario 3: a security screening request for a KSO, CSO or alternate company security officer (ACSO).

In section A of the personnel screening, consent and authorization form for the individuals of the bidding team, depending on the type of pre-solicitation they are participating in, the organization must reference one of the following scenarios:

  • scenario 6: a letter of interest requiring a status or clearance
  • scenario 7: industry engagement where protected/classified information is shared
  • scenario 8: a classified meeting/industry engagement in the context of the establishment of a procurement process, such as a bidders' conference
  • scenario 9: a request for information where protected/classified information is shared
  • scenario 10: an invitation to qualify with protected/classified information shared
  • scenario 11: a request for proposal with protected/classified information shared

For more information on the reliability status and security clearance process for personnel, visit personnel security screening processes.

Validity of provisional security clearances

Provisional security clearances are valid for the duration of the bid solicitation stage only. The reliability status or security clearances of the CSO, KSO (as applicable) and individuals of the bidding teams are also only valid for the duration of the solicitation stage. However, if the organization submits a bid response, the CSP allows the organization to retain the CSO's, and if applicable, the KSO's personnel screening. All other personnel screenings get closed-out.

Foreign organizations eligibility for a provisional security clearance

Foreign organizations are not eligible for a provisional security clearance. Foreign organizations requiring access to Canadian classified information at the pre-solicitation and/or bid preparation phase(s) continue to require a FSC granted by their respective national designated security authority and confirmed by the CSP with their foreign counterparts.

If a foreign organization requires access to Canadian protected information at the pre-solicitation and/or bid preparation phase(s), the CSP continues to assess their eligibility for an alternative solution. If eligible, the CSP requests documentation (for example, criminal record checks, credit checks) from the foreign organization in order to assess the risk associated to the handling, processing and safeguarding of the Canadian protected information.

Organization security screening process

In this section

Changes affecting the organization security screening process

As of May 2, 2022, all organizations bidding on a competitive solicitation or responding to a RFSO or a RFSA with security requirements posted on or after May 2, 2022 are required to submit a complete AFR form with their bid or response.

A complete AFR form means that:

  • all mandatory blocks of information have been filled out
  • the form is signed and dated

Incomplete AFR forms:

  • are not processed by the CSP
  • may lead to the rejection of the organization's bid

As of May 2, 2022, organizations being awarded a sole source contract with security requirements are also required to complete the AFR form and submit it to the procurement officer responsible for the contract.

Upon receipt of the AFR form(s) and confirmation from the contracting department that the organization submitted a bid response or will be awarded a sole source contract, the CSP initiates the organization security screening process and contacts the organization directly to request additional screening documentation.

Organization security screening of unsuccessful bidders

As of May 2, 2022, bidders that are not awarded a contract with security requirements remain eligible for a security clearance and are permitted to complete the organization security screening process, even if they are unsuccessful.

Requirements for screened organizations bidding on new solicitations with security requirements

Organizations that are already screened by the CSP and that are bidding on a new solicitation or responding to a new RFSO or RFSA security requirements will need to complete the AFR form as part of their response.

To reduce the administrative burden, organizations bidding on a solicitation or responding to a RFSO or a RFSA with security requirements should save the information from their previously completed AFR form. At the next solicitation, these organizations will only need to amend the form (if information has changed from their previous response), resign it and date it before submitting it with their bids (or response).

Changes affecting organizations that were sponsored for screening prior to May 2, 2022

Requests for private sector organization screening received prior to May 2, 2022 and that are still pending as of that date are being reassessed by the CSP to ensure they meet the new eligible criteria. When a request is no longer eligible, the CSP closes it.

Refer to the changes that came into effect on May 2, 2022, for the list of eligibility criteria for organization security screenings.

Improvements to organization security screening timelines

By eliminating the broad security screening of suppliers and implementing a more targeted approach, the CSP expects the following improvement in processing times for simple organization security screening requests.

These shorter processing times are not new service standards; they are targets set by the CSP to measure its performance. Now that the CSP has implemented the changes, it is monitoring service levels against these targets to assess the effectiveness of the change. If a decline in service levels is observed, the CSP will adjust its approach accordingly. If an improvement in service levels is observed and sustained, the CSP will review its service standards and update them to reflect the new reality.

Validity of organization security clearances

In this section

New validity period for organization clearances granted on or after May 2, 2022

Organization security clearances granted on or after May 2, 2022 are valid for:

  • 2 years for DOS
  • 1 year for FSC

At the end of this period, the CSP terminates the organization's security clearance if the organization is not participating in another procurement process or executing a contract or subcontract with security requirements.

The following organizations should not worry about having their organization security clearance terminated, even if they do not have any active contracts or subcontracts:

  • organizations that actively bid on government solicitations or respond to a RFSO and a RFSA with security requirements with a completed AFR form
  • organizations that hold a PSPC-issued SO or SA

The security clearance of these organizations remains active as long as they continue to bid on government solicitations, respond to a RFSO and a RFSA, or hold a PSPC-issued SO or SA with security requirements (the latter situation is under review by PSPC).

Changes affecting organizations already screened by the Contract Security Program

These changes do not immediately impact organizations that have been granted a DOS or FSC prior to May 2, 2022. When the DOS or FSC is due for renewal, the CSP assesses if there is a need to maintain the clearance by confirming if the organization is involved in a solicitation process, or has been awarded a contract or subcontract with security requirements.

When the CSP is not able to validate that the organization has a requirement to renew their organization clearance, it terminates the clearance in accordance with the:

Reactivating an organization clearance after it has been terminated by the Contract Security Program

Once terminated, an organization's security clearance is eligible for reactivation if the organization is engaged in another solicitation process (and submits a complete AFR form with their proposal) or is awarded a contract or subcontract with security requirements within:

  • 2 years of the termination date for DOS and reliability status
  • 1 year of the termination date for FSC at the Secret/Top Secret/NATO levels and equivalent personnel security clearances

This reactivation window aligns with the TBS Standard on Security Screening and with Canada's international and NATO obligations.

How organizations can reactivate their security clearance with the Contract Security Program

If the CSP terminated an organization's security clearance because the organization did not submit a proposal against a solicitation with security requirements within the timelines indicated above, the organization can reactivate its clearance by bidding on a government solicitation with security requirements with a completed AFR form.

To reactivate an organization screening, the procurement officer overseeing the solicitation must submit a security screening request to the CSP. Upon receipt, the CSP validates the organization's information and requests additional screening documentation from the organization as needed.

When there are no changes to the organization's key people, the CSP requests the Personnel screening, consent and authorization form (TBS/SCT 330-23E) for the CSO and if applicable, for the KSOs, to reactivate their reliability status or security clearance. Depending on the date their reliability status or security clearance was closed-out, the CSO and KSO may need to undergo a new fingerprint check.

More information on personnel security screening reactivations and mandatory fingerprinting:

Organization security clearance renewal process

When an organization bids on a government solicitation with security requirements, the CSP reviews the submitted AFR form to renew an organization security clearance and ensures that the organization security clearance level aligns with their contractual security obligations. When the organization is under a long term contract, the CSP contacts the CSO, as required, to ensure the clearance remains valid.

Physical and information technology security inspection process

In this section

Changes affecting organizations that require a document safeguarding capability or the authority to process information technology

Organizations requiring one or more security safeguards like document safeguarding capability (DSC), production capability, and authority to process information technology (IT), are invited to undergo a physical security inspection during the bid evaluation stage. This is referred to as a bid inspection.

During the bid inspection, bidders are made aware of the recommendations and corrective measures they have to implement to obtain a DSC. From there, it is up to the bidders to decide if they want to make the required changes to their facilities, either before contract award or once they have secured the contract. Once the successful bidder has been identified, the CSP completes the inspection and grants them a DSC.

The authority to process IT is already contract-specific and triggered after contract award. The IT security inspections continue to be conducted on the successful bidder only, once physical security requirements are met and once all IT assets utilized by the supplier to create the contract deliverables are installed and configured.

The implementation of recommendations and corrective measures during the bid evaluation stage

Implementing the CSP's recommendations and corrective measures can represent a significant investment that bidders may not be willing or able to make before contract award. However, the CSP strongly encourages bidders to make the necessary changes to their facilities following their bid inspection. This allows the CSP to complete the inspection process for successful bidders in a much timelier manner, and to initiate in parallel, the IT security inspection process (if applicable). It also ensures the timely awarding of contracts with DSC requirements and prevents delays in the delivery of goods and services.

Changes affecting an organization's document safeguarding capability

These changes do not immediately affect organizations that have been granted a DSC, or that were sponsored for a DSC prior to May 2, 2022. However, organizations that do not hold an active contract or subcontract with physical security requirements as of May 2, 2022 are not be permitted to renew their DSC.

When the DOS or FSC of these organizations is due for renewal, the CSP assesses the need for the organization to maintain their security clearance. When the CSP is not able to validate the requirement for a DOS or FSC, it terminates the organization's security clearance and their DSC, in accordance with the:

Process for organizations required to retain sensitive information and assets after a contract completion

Organizations with a DSC that are contractually required to retain protected or classified information/assets at their work site(s) after the contract is completed/expired, are permitted to maintain their DSC and organization security clearance for the duration of the retention period. At the end of the retention period, when the protected or classified information has been returned to the client department, or destroyed at the CSP's request, the CSP terminates the DSC, unless the organization has a new contractual requirement to safeguard protected or classified information/assets at their work site(s).

Subcontracting process

In this section

Changes affecting the subcontracting process

Organizations that have been awarded a contract or subcontract with security requirements can continue to sponsor their subcontractors for an organization clearance by completing the:

Upon receipt of these forms, the CSP continues to perform the necessary organization and personnel security screenings on legitimate subcontractors with a valid security requirement to assist the prime contractor in delivering its contractual obligations.

Improvements to the subcontracting process for contractors

To reduce the burden on industry, the CSP reviewed its subcontracting process to explore ideas toward a simpler and more flexible process for contractors. Starting May 2, 2022, organizations can leverage one or more of the following options to request security screenings for their respective subcontractors. These new options replace the subcontractor compliance measure for independent contractors/individual business entities that was communicated to organizations on June 26, 2014.

Option 1

Prime contractor requests and holds personnel security screenings for employees of their subcontractors. For more information:

Option 2

Prime contractor collects the organization security screening forms from their subcontractors, reviews them for quality assurance and submits them to the CSP for processing. For more information:

Obligations to leverage subcontracting options

The organization is not obligated to leverage these options. Organizations can continue to follow the current subcontracting process if the new options do not suit their particular circumstances. These options were developed to improve security screening timelines for subcontractors, diversify supply chains and address challenges associated with short bid validity periods, seasonal workforces and labour shortages.

Leveraging both subcontracting options for the same subcontractor

Organizations can absolutely leverage both options for the same subcontracting organization.

When organizations should leverage the first subcontracting option

This option can be used by organizations (prime contractors and subcontractors) that subcontract work to sole proprietors or small organizations, where only a small number of individual resources are required. Organizations are to use their judgment and refrain from using this option to screen a large number of subcontractor resources.

The resources must also reside in Canada. As such, requesting foreign security clearances is not allowed under this option. Other conditions apply:

  • protected or classified information and assets cannot be received or stored at the subcontracting organization's business location
  • work on the subcontract can only be performed at the government work site or at the prime contractor's business location if it is authorized for DSC

How to leverage the first subcontracting option

To leverage option 1, CSO and ACSO must follow the CSP's personnel security screening processes and as required, request a reliability status or security clearance for individuals of the subcontracting organization.

In section A of the Personnel screening, consent and authorization form (TBS/SCT 330-23E), CSOs and ACSOs must justify the security requirement using the list of scenarios that are accepted as justification to process personnel security screening requests. In this case, the CSO or ACSO would reference scenario 2: work performed on an active contract or subcontract with security requirements.

When using this option, CSOs and ACSOs are, per their duties, responsible for resources of the subcontracting organization, who they may not know as well as their own employees. The CSO or ACSO requesting the personnel screenings must assume the responsibility of conducting background checks on the individuals and performing aftercare, just like they would for any other employee of their organization.

When organizations should leverage the second subcontracting option

Prime contractors can use this option when:

  • they do not accept the responsibility and liability of requesting and holding personnel security screenings for employees of their subcontractor(s)
  • the requirements of their subcontract(s) do not meet the conditions of option one
  • they are willing and able to support their subcontractor(s) to complete organization screening forms

Furthermore, the subcontractor(s) must:

  • be willing and able to invest time to obtain their own security clearance
  • provide their agreement in writing to the prime contractor to allow the prime to collect and share their forms with the CSP

Requirements to request subcontract security clauses from the Contract Security Program when leveraging the second subcontracting option

Before leveraging option 2, the prime contractor must continue to seek approval of their subcontract(s) by completing a Security requirements check list form (TBS/SCT 350-103) for each subcontract and submitting the form(s) to the CSP by email at tpsgc.ssilvers-isssrcl.pwgsc@tpsgc-pwgsc.gc.ca.

Upon receipt, the CSP issues security clauses to the prime contractor. Per the current subcontracting process, the prime contractor must insert the CSP's clauses into their subcontract(s) and to submit a copy of their awarded subcontract(s) to the CSP by email at tpsgc.ssicontrats-isscontracts.pwgsc@tpsgc-pwgsc.gc.ca.

How to leverage the second subcontracting option

To leverage option 2, the prime contractor's CSO or ACSO must use their expertise in CSP requirements and processes to assist their subcontractors with the completion and submission of a full organization security screening package. This package contains the following forms:

  • CSP AFR form, with supporting documentation
  • Company security officer appointment and acknowledgment and undertaking form
  • Alternate company security officer appointment and acknowledgment and undertaking form (if applicable) 
  • Personnel screening, consent and authorization form (TBS/SCT 330-23E) used to request a reliability status for the CSO
  • Security clearance form (TBS/SCT 330-60E) used to request Secret and/or Top Secret clearances for the CSO and KSOs (in addition to the personnel screening, consent and authorization form)
  • security agreement

The CSO or ACSO of the prime contractor is responsible for providing these forms to their subcontractors. Once the subcontractor has completed the forms, they must submit their package to the CSO or ACSO of the prime contractor. Upon receipt, the CSO or ACSO must review the forms to ensure they are complete and accompanied with the necessary supporting documentation, before submitting them to the CSP by email at tpsgc.ssiinscription-issregistration.pwgsc@tpsgc-pwgsc.gc.ca.

When the CSP receives the screening package from the prime contractor, it works directly with the subcontracting organization to process their organization clearance. While the screening process is underway, the subcontracting organization is responsible for keeping their prime contractor updated on the status of their request. To obtain status updates, the subcontracting organization can contact the Contract Security Program's client service centre.

To obtain copies of the CSP forms, prime contractors can contact the Contract Security Program's client service centre.

Sponsoring a subcontractor under a Public Services and Procurement Canada issued standing offer or supply arrangement

Organizations that have been issued a SO or a SA but that have not been issued a call-up or awarded a contract against these pre-competed methods of supply are not permitted to sponsor a subcontractor. SOs and SAs are not contracts and therefore do not meet the eligibility criteria for subcontractor screening.

Organizations that have been issued a SO or a SA may only sponsor a subcontractor once they have been issued a call-up against the SO or awarded a contract under the SA.

Access to online industrial security services

In this section

Existing organizations that use online industrial security services

As of May 2, 2022, CSOs and ACSOs who currently use online industrial security services (OLISS) are permitted to maintain their account for as long as their organization's security clearance remains valid and required. OLISS access for these organizations is only removed when their security clearance is terminated.

The CSP reminds all existing organizations with OLISS access of who is eligible for a personnel security screening and that they are precluded from submitting personnel security screening requests without a valid requirement. Submitting a personnel security screening request without a valid requirement could compromise the CSO's or ACSO's personnel security status or clearance, as well as the organization's compliance with the CSP.

Providing online industrial security services access to new organizations as of May 2, 2022

In the case of new organizations that obtain a DOS or FSC on or after May 2, 2022, access to OLISS is given to all bidders and contract holders. These organizations are invited to register for OLISS. However, CSOs and ACSOs are not authorized to submit personnel security requests until a contract is awarded and the request can be justified in accordance with guidance provided to CSOs/ACSOs.

The use of online industrial security services for provisional security clearances

Organizations that require a provisional security clearance, once approved, may be given temporary access to the OLISS to request personnel security screening for their bid preparation team, if more than 2 individuals are required. Access to OLISS is removed after these submissions.

Consult the process to obtain a provisional security clearance for more information.

<
Date modified: