Parliamentary Committee Notes: Procurement Security

PROC – Foreign Interference
Date: January 31, 2023
Classification: Unclassified
Fully releasable (ATIP)? Yes
Branch / Agency: NCSB

Proposed Response:

• The Government takes the need to protect government procurement of sensitive goods and services from potential hostile state actors very seriously.
• To mitigate against these concerns there are very strict Government of Canada-wide policies and procedures that require each department or agency to proactively identify specific security requirements related to a proposed procurement.
• Security needs are taken into account in the earliest stages of the contracting process to identify risks from a Government of Canada perspective.
• As the lead for procurement security, Public Services and Procurement Canada provides guidance to departments on contractual clauses with regard to security and ensures that contractors comply with the security requirements identified.
• Public Safety's role is to offer guidance, particularly related to policy on national security and national cyber security matters.
• PS has worked collaboratively with PSPC and others to raise awareness of procurement-based threats to national security through chief security officers across departments and agencies.
• This is part of our ongoing commitment to ensure that Government of Canada departments and agencies are properly aware of, and supported in, their efforts to manage potential national security concerns.

Background:

As the central purchaser for the Government of Canada, Public Services and Procurement Canada (PSPC) manages the procurement of goods and services based on the requirements set out by the client department. PSPC also provides support and guidance on matters relating to contract security when such requirements are identified.

Under the Policy on Government Security, PSPC plays a key role and works diligently with other departments and agencies, as well as with suppliers, to ensure compliance with all requirements associated with the various security and integrity polices and regulations.

Client departments are responsible for identifying security requirements that need to be considered as part of the definition for the good, service or construction procurement requirement.

More specifically, the departmental Chief Security Officer (CSO) and the project lead are responsible for properly completing a Security Requirement Checklist (SRCL) that formally documents the necessary security requirements that are identified. Once completed, the SRCL is sent to PSPC which then issues relevant contract security clauses based on the information provided.

The PSPC Contract Security Program then ensures that contractors comply with the security requirements provided by the client department for safeguarding, transmitting, disclosing, destroying, removing and modifying government sensitive information/assets.

PSPC is available at early stages and throughout the procurement process to provide technical advice and guidance on how to properly complete all required documentation, including the SRCL. When requested, PSPC may also provide advice and guidance to client departments on how to identify key risks

To improve the awareness of procurement-based national security threats in the short-term, PS a risk awareness bulletin (November 2020), co-developed with TBS and PSPC, which advised departments through their respective CSO offices on procurement-based risks to national security, as well as the processes and procedures already in place with respect to security in procurement.

Contacts:

Prepared by: NCSB-NSOD
Approved by: Sébastien Aubertin-Giguère, Acting Senior Assistant Deputy Minister, NCSB, 613-614-4715

Date modified:

2023-09-26