Although Public Services and Procurement Canada (PSPC)  announced in June that changes to the Contract Security Program (CSP) screening process were to come in to effect on September 1, efforts by industry have led to a pause of the roll-out of some changes. As of the date of publication of this bulletin, changes for personnel security screenings we discuss below are still slated for October 4 implementation.
The changes have the potential to significantly impact current registrants, pending requests for registration, and prospective bidders and subcontractors.
We highlight the most significant changes proposed, and raise considerations for federal contractors and subcontracts, below.
Removal of “Blanket” Organizational and Personnel Clearances
- A renewal or upgrade of reliability status or a security clearance will only be conducted by the CSP if it is required to participate in a procurement process or if the organization is awarded a contract, subcontract or lease with security requirements. Organizations cannot otherwise request new personnel security screenings or reactivate, duplicate, transfer, update or upgrade existing personnel security clearances.
- If a designated organization screening (DOS) or facility security clearance (FSC) is due for renewal, the CSP will determine whether there is a need to continue the clearances before renewing (e.g. a bid has been submitted or clearances are required for existing contracts, subcontracts, or leases). If continuation is not required, the organization’s registration and the associated personnel screenings that are no longer required will be terminated.
Under the current process, organizations and individuals received security clearances for a specified period of time (depending upon the level of clearance sought and granted). This “blanket” approach ensures companies can move personnel between federal opportunities and contracts as required, and is particularly useful to small and medium sized business, who may not have the human resources and corporate infrastructure necessary to undertake the intensive data gathering exercise required in a ‘contract-by-contract’ clearance approach (not only for clearance requests, but also to track clearances against active opportunities and contracts).
Even if a company is able to dedicate resources to “redo” clearances for each contract, there is the further issue of subcontractors. Under the current approach, prime contractors must “sponsor” any subcontractors into the security clearance process. The ‘contract-by-contract’ approach will lead to further delays, as the prime contractor must obtain its own clearance before it can sponsor its subcontractors for each contract.
On top of the time and resource burden for industry, this new approach may have an unintended impact for the federal government. The contractor – and the government customer – must now wait for new clearances (which can take months) before they can move personnel, expand or modify work scope on projects, or begin new projects. Providing a buffer for security clearances will become a requirement for any project time line. Since the clearance process is conducted by PSPC, the time required to wait for clearances is likely to become part of the costs incurred by and charged to the federal government.
Personnel – Justification Before Clearances Will Be Required (Still Slated for October 4th)
Section A of the personnel screening, consent and authorization form is going to be amended. Company Security Officers (CSOs) will be required to provide justification for personnel security clearance requests for each contract. Any personnel security clearance request that is not justified or cannot be validated will be rejected.
It is not clear from information made available thus far whether CSOs will have to submit multiple forms for personnel who may be required to work on more than one contract at a time. Current CSP information indicates that clearance should be requested for the contract that the employee will be allocating the greatest amount of time to. However, this approach will contradict the shift towards ‘contract-by-contract’ clearances, and may result in individuals not having clearance for all other contracts or a complete loss of clearance if the contract for which they’ve been cleared ends sooner than any other contract the individual is also working on and the CSP cancels their clearance because it has no record of the other contracts.
- Bidders no longer need to hold a valid security clearance at the time of bid submission.
- If a bidder requires access to protected or classified information to prepare their bid, they will receive a provisional security clearance. This is not a complete security clearance, and is only valid for the bid solicitation stage. Bidders must identify their clearance requirements to the Contracting Authority. At least one key senior official will require clearance, as well as those members of the bid team to have a “need to know” with respect to the protected or classified information.
- Bidders will be required to register with the CSP or upgrade or renew their existing clearance once the bid receiving unit receives confirmation that their bid is technically compliant.
This last scenario is an interesting twist in federal procurement. Bid evaluation typically follows a structured approach – first the technical bid is evaluated, then the financial bid. Bidders are often not notified of the outcome of the solicitation process until contract award has been made. Bidders may now be alerted to outcome of the technical evaluation in advance of the conclusion of the full bid evaluation process, when they are required (or, for that matter, if they are not notified that they are required) to register with the CSP or obtain upgraded or renewed security clearances.
Foreign bidders cannot obtain a provisional clearance. If a foreign bidder requires access to protected or classified information for the purposes of bidding, it must still hold a facility security clearance granted by their respective national Designated Security Authority capable of validation by the CSP.
Query whether the requirement that foreign bidders must have a full security clearance in order to bid – when Canadian bidders do not until much later - is a technical requirement that creates an obstacle to trade under Canada’s international trade agreements.
Changes to the CSP Registration Process
All bidders will be required to complete and submit an Application for Registration (AFR) form with their bids.
If an organization is already registered in the CSP, then once their bid is determined to be compliant the AFR will be reviewed against the industrial security database to ensure the organization meets security requirements of the new contract, or to determine what additional information is required in order to grant, upgrade or renew the bidder’s clearance prior to contract award. As noted earlier, if additional information is requested from a bidder, this may alert them in advance that their bid is (or is not) technically compliant.
Changes to Contracts that Have Physical and Information Technology (IT) Security Inspection Requirements
Organizations that require one or more security safeguards (i.e., document safeguarding capability (DSC), production capability, IT systems assessment and approval), will now undergo the physical security inspection during the bid evaluation stage, once their organization security clearance has been granted, upgraded or renewed. Organizations must implement any DSC requirements before contract award. It is not clear whether this will be a condition precedent to contract award and, if so, how long the organization will have to implement the DSC requirements.
Security inspections will be conducted for IT systems once the physical security requirements of the contract have been met and once all IT assets utilized by the organization to create the contract deliverables have been installed and configured.
Stay Tuned for More Changes
PSPC has now engaged with industry to review the this future policy direction.