Directive on Security Screening

Ensures that security screening in the Government of Canada is conducted in a way that is effective, rigorous, consistent and fair, and enables greater transferability of security screening between departments.
Date modified: 2025-01-07

Supporting tools

Directive:

Mandatory procedures:

More information

Policy:

Terminology:

Topic:

Hierarchy
View complete hierarchy

Archives

This directive replaces:

View all inactive instruments
Print-friendly XML

Appendix B: Mandatory Procedures for Management of Personal Information for the Purpose of Security Screening

B.1 Effective date

  • B.1.1These procedures take effect on January 6, 2025.

B.2 Procedures

  • B.2.1These procedures provide details on the requirements set out in subsections 4.1.1.1, 4.1.1.4, 4.1.1.5, 4.1.1.6, 4.6.1, 4.6.3 and 4.6.4 of the Directive on Security Screening.
  • B.2.2Mandatory procedures are as follows:

    Safeguarding of personal information

    Collection and creation of personal information: personal information banks

    Security screening forms and models

    • B.2.2.3Collect personal information using Treasury Board of Canada Secretariat prescribed forms and models.

    Consent regarding collection, use and disclosure

    • B.2.2.4In accordance with the Directive on Privacy Practices, before information is collected, used or disclosed, obtain informed consent:
      • B.2.2.4.1Of the individual; or
      • B.2.2.4.2Of the legal parent or guardian when conducting security screening for individuals under the age of 18.

    Failure to provide consent or information

    • B.2.2.5When an individual does not provide consent, withdraws consent or does not provide the required information for security screening, cease screening activities and:
      • B.2.2.5.1When the security screening action is for an initial or upgraded security screening:
        • B.2.2.5.1.1Inform the individual that:
          1. Security screening cannot proceed without consent or the required information; and
          2. Failure to provide consent and the required information will result in the individual no longer being considered for appointment, employment, contract, assignment or other arrangement;
        • B.2.2.5.1.2Administratively cancel the screening process until consent and the required information are obtained; and
        • B.2.2.5.1.3Where security screening is being conducted in support of a contract, inform the contracting authority;
      • B.2.2.5.2When the security screening action is for an update:
        • B.2.2.5.2.1Inform and consult with the manager of the individual;
        • B.2.2.5.2.2Evaluate the risk associated with the individual remaining in their position; and
        • B.2.2.5.2.3Where the individual does not provide the required information and the update:
          1. Cannot proceed as a result of the missing information; or
          2. Cannot be completed before the status or clearance exceeds its validity period; and
          3. Presents an unacceptable security risk to the department or the Government of Canada:
          • B.2.2.5.2.3.1Consult with human resources management or inform the contracting authority; and
          • B.2.2.5.2.3.2Suspend the status or clearance and initiate a review for cause; or
        • B.2.2.5.2.4Where an individual does not provide consent or withdraws consent:
          • B.2.2.5.2.4.1Document refusal of the individual to provide consent and notify them of the consequences of not providing consent;
          • B.2.2.5.2.4.2Suspend the status or clearance of the individual; and
          • B.2.2.5.2.4.3Revoke the status or clearance of the individual 30 days after suspension if consent has not been obtained within that time.

    Security screening file management

    • B.2.2.6Create and maintain a file (record) for each individual who undergoes security screening that contains relevant personal information, including:
      • B.2.2.6.1Completed original digital or paper copies of security screening forms and questionnaires;
      • B.2.2.6.2Relevant results of all security screening activities, verifications, inquiries and assessments, with each of these dated;
      • B.2.2.6.3Analysis of results and any advice or recommendations to support decision-making;
      • B.2.2.6.4Decisions to grant, grant with conditions, deny, revoke, suspend pending investigation, or administratively cancel a security status or clearance; and
      • B.2.2.6.5Relevant information related to any conditions, temporary access, review for cause, or investigation, and any ensuing decisions.
    • B.2.2.7Update security screening files when:
      1. A change is reported in the personal circumstances of the individual, including at minimum any of the following:
        1. Change in criminal record status;
        2. Involvement with law enforcement;
        3. Association with criminals;
        4. A significant change in financial situation; or
        5. Where an individual works in security or intelligence organizations, additional changes in their personal or legal status;
      2. There is a change in a security status or clearance of the individual;
      3. The security status or clearance of the individual is subject to review for cause; or
      4. A decision is made with respect to the above.
    • B.2.2.8Ensure that any results of department-specific inquiries conducted against departmental data sources and indices are included in the security screening file of an individual only when it is used to resolve doubt.
    • B.2.2.9Remove from security screening files and dispose of information related to criminal offences for which the individual received a record suspension.

    Transfer of security screening files

    • B.2.2.10Make available the security screening file of the individual to facilitate the temporary or permanent movement of:
      • B.2.2.10.1An individual within or between departments; or
      • B.2.2.10.2A contractor between contracts;
    • B.2.2.11Transfer the security screening file of an individual:
      • B.2.2.11.1Upon request and in a timely manner;
      • B.2.2.11.2When they move permanently to another department;
      • B.2.2.11.3In accordance with requirements for reactivation and expiry;
      • B.2.2.11.4Except for:
        • B.2.2.11.4.1 Any classified CSIS security assessment, which must be returned to CSIS:
          • B.2.2.11.4.1.1 Advise the chief security officer of the receiving department of the existence of the assessment; and
        • B.2.2.11.4.2  A record of discharge under section 730 of the Criminal Code must not be:
          1. Transferred to another department, including acknowledgement of the existence of the record; and
          2. Disclosed, including the fact that the discharge occurred, unless prior approval of the Minister of Public Safety is received if:
            1. More than one year has elapsed since the individual was discharged absolutely; or
            2. More than three years have elapsed since the individual was discharged on the conditions prescribed in a probation order.
    • B.2.2.12Upon receipt of a transferred security screening file:
      • B.2.2.12.1Update security screening activities where:
        1. The results exceed the validity period;
        2. There is evidence to suggest that the security screening was not previously done in accordance with this directive;
        3. There are conditions attached to the status or clearance;
        4. Results of criminal record checks, law enforcement records checks or security assessments have been removed from the file; or
        5. There is adverse information on file that may represent a security risk to the receiving department; and
      • B.2.2.12.2Record the rationale for not accepting a current status or clearance within a transferred security screening file, and redo the security screening of the individual.
    • B.2.2.13Upon transfer of the security clearance of an individual, notify CSIS via form CSIS 4160 Notification of Change in Security Clearance.

    Deactivation and reactivation

    • B.2.2.14Deactivate a valid security status or clearance when:
      • B.2.2.14.1An employee has:
        1. Retired or otherwise terminated employment; or
        2. Taken an authorized absence from the Government of Canada longer than:
          1. Two years for a status; or
          2. One year for a clearance; or
        3. Taken an unauthorized absence from the Government of Canada longer than 30 days; or
      • B.2.2.14.2A contractor or other individual has been removed from the contract or other arrangement; or
      • B.2.2.14.3The contract or other arrangement has been completed, cancelled or terminated.
    • B.2.2.15Reactivate the security status or clearance:
      • B.2.2.15.1Only within the original validity period; and
      • B.2.2.15.2If an employee returns to active employment and is no more than:
        1. Two years removed from having possessed a valid security status; or
        2. One year removed from having possessed a valid security clearance; or
      • B.2.2.15.3If a contractor or other individual is no more than:
        1. Two years removed from having possessed a valid security status;
        2. One year removed from having possessed a valid security clearance; or
        3. One year removed from having possessed a valid Site Access status or clearance.
    • B.2.2.16When reactivating a status or a clearance:
      • B.2.2.16.1Revalidate identity information;
      • B.2.2.16.2Require individuals to account for their activities during the period of absence and the circumstances surrounding their departure;
      • B.2.2.16.3Do not extend the validity period; and
      • B.2.2.16.4Do not reactivate a security status or clearance and repeat the security screening when:
        • B.2.2.16.4.1 The circumstances surrounding the departure involve:
          1. Review for cause;
          2. Suspension pending an investigation;
          3. An outstanding resolution of doubt; or
          4. Disciplinary reasons; or
        • B.2.2.16.4.2 There is adverse information or conditions on file; or
        • B.2.2.16.4.3 The status or clearance has exceeded its validity period.
    • B.2.2.17Administratively cancel a security status or clearance or Site Access status or clearance once the reactivation period for the individual has elapsed and there has been no activity on the file.

    File retention and disposition

    • B.2.2.18Retain security screening files of individuals contained in:
      • B.2.2.18.1Standard Personal Information Bank PSU 917 (Security Screening) for a minimum of two years following the departure of the individual from the federal public service:
        • B.2.2.18.1.1 Prevent security screening files of individuals who have left the employment of the federal public service from being transferred to the departmental Personnel Records Centre or to any Regional Service Centre of Library and Archives Canada; and
      • B.2.2.18.2Standard Personal Information Bank PSU 917 (Security Screening) who have been denied or had revoked a security status or clearance for a minimum of 10 years following their departure from the federal public service.

"Page details"

Date modified: