On November 12, 2020, Public Services and Procurement Canada (PSPC) published a new Contract Security Manual (CSM) that details the security standards, procedures and international commitments that private sector organizations must adhere to when bidding and working on sensitive Government of Canada contracts.
The CSM sets out the requirements applicable to private sector organizations registered with the PSPC’s Contract Security Program (CSP). Organizations that are awarded a federal contract with security requirements, or that otherwise have a legitimate need to access sensitive government information, must be registered with CSP and comply with the CSM.
For the most part, the CSM purports to be a rewrite of the previously issued Industrial Security Manual (ISM), and is intended to be a more concise and understandable version of the manual in response to feedback from industry and other stakeholders. However, there are some notable changes. In particular, the CSM includes clarifications as to which key senior officials (KSOs) are required to be individually security screened or provide a foreign security assurance in connection with organization-level security clearances. Whereas the ISM provided for an open-ended definition of individuals who “could” be included as KSOs, the CSM specifies that KSOs are company security officers, owners, and any officers, directors, executives and/or partners who occupy positions of control or influence over a company. The ISM also stated that KSOs were those who held positions that enabled them to “adversely affect an organization’s policies or practices in the performance of protected contracts,” whereas the CSM defines KSOs with respect to control or influence over a company more generally. This reflects PSPC’s more expansive recent treatment of KSOs.
The CSM supersedes the ISM and will apply to all organizations registered with the CSP. The ISM may still apply for contracts dated prior to August 12, 2020, and is available as archived content on PSPC’s website.