Organization security clearances—what type do you need?
The Contract Security Program can help your organization obtain the level of security clearance it needs to bid or work on government contracts.
The type of clearance you need is determined by the requirements of the contract, and will be listed in the request for proposal and the clauses of the contract.
Types of organization security clearances
Additional organization security clearances
The following safeguarding capabilities may be required for specific contracts:
- Document safeguarding capability
- Production capability
- Shredding capability and bulk storage capability
- Authority to process information technology
- Communications security and information security
- North Atlantic Treaty Organization clearances
Designated organization screening
A designated organization screening (DOS) allows organizations to get security screening for their personnel at the reliability status level.
In some cases, a DOS is required before you bid on a contract. This requirement will be stated in the request for proposal.
- Learn more about designated organization screening in the Industrial Security Manual
How to obtain a designated organization screening
Organizations obtain a DOS through the organization screening process.
Facility security clearance
Facility security clearance allows an organization to clear their personnel at the classified level in order to access classified information, assets and work sites. In some cases a facility security clearance is required before you bid on a contract.
It can be granted at the following levels:
- Confidential
- Secret
- Top Secret
- North Atlantic Treaty Organization (NATO) clearances
This clearance may also allow access to classified information and assets marked “Canadian Eyes Only”, “COMSEC” (communications security), and “NATO”.
- Learn more about facility security clearance in the Industrial Security Manual
How to obtain or upgrade a facility security clearance
Organizations obtain a facility security clearance through the organization screening process.
Document safeguarding capability
Document safeguarding capability authorizes an organization to store and handle protected or classified information or assets at their work site(s).
This clearance can be granted at the following levels:
- Protected A, B and C
- Confidential, Secret, Top Secret and NATO Confidential, COSMIC Top SecretFootnote 1
To obtain a document safeguarding capability, your organization must hold a designated organization screening or a facility security clearance.
This capability is site-specific. It is required for each of your work sites where you will be performing work with security requirements.
How to obtain document safeguarding capability
Organizations obtain document safeguarding capability through the organization security screening process, and by completing a successful site inspection by a field industrial security officer.
- Obtain security screening for your organization
- Learn how to upgrade document safeguarding capability
- Register for the webinar: Document safeguarding capability
Production capability
A clearance for production capability may be required if your organization builds, manufactures, repairs, modifies or works on sensitive products at your work site. It is contract specific.
How to obtain production capability
Organizations obtain production capability through the organization screening process, and by completing a successful site inspection by a field industrial security officer.
Shredding capability and bulk storage capability
Shredding capability and bulk storage capability are security designations that the program may grant to organizations who are required by contract to:
- destroy sensitive information or assets
- store bulk information or assets at their work site
How to obtain a shredding capability and bulk storage capability
Organizations obtain a shredding capability and bulk storage capability through the organization screening process, and by completing a successful inspection by a field security officer.
Authority to process information technology
Organizations must get authority to process information technology for contracts requiring information technology security. It may be granted to organizations storing, processing or transmitting sensitive information electronically for a specific contract.
How to obtain authority to process information technology
Organizations obtain authority to process information technology through the organization screening process, and by completing a successful inspection by an information technology security inspector with the program.
Information technology inspections
Information technology security inspections are performed after contract award—but before your organization begins processing or transmitting sensitive electronic information.
Your organization must get an Authority to Process Information Technology approval letter from the program before you begin processing or transmitting sensitive electronic information.
Communications security and information security
Organizations may need to get communications security (COMSEC) and information security (INFOSEC) for contracts requiring information technology security.
- COMSEC: a security requirement for safely storing, processing, transmitting and receiving telecommunications, such as a computer network
- INFOSEC: a special category of classified communication electronic security information
How to obtain communications security and information security
COMSEC and INFOSEC are granted by the Communications Security Establishment, Canada’s national cryptologic agency. The Contract Security Program conducts the physical security inspection related to COMSEC and INFOSEC.
North Atlantic Treaty Organization clearances
Organizations bidding on NATO opportunities must meet the security requirements listed in the contract.