Directive on Security Screening
Ensures that security screening in the Government of Canada is conducted in a way that is effective, rigorous, consistent and fair, and enables greater transferability of security screening between departments.
Date modified: 2025-01-07
Supporting tools
Directive:
Mandatory procedures:
- Management of Personal Information for the Purpose of Security Screening
- Security Screening Activities
- Collective Evaluation of Security Screening Activities
- Resolution of Doubt and Review for Cause
- Security Screening Decisions and Notifications
- Granting, Ongoing Maintenance and Assurance of the Security Screening of an Individual
- Informing Individuals of their Rights of Review and Redress
- Chief Security Officers to Manage Temporary Access to Sensitive Information or Assets
More information
Policy:
Terminology:
Topic:
Hierarchy
Appendix G: Mandatory Procedures for Granting, Ongoing Maintenance and Assurance of the Security Screening of an Individual
G.1 Effective date
- G.1.1These procedures take effect on January 6, 2025.
- G.1.2These procedures replace the Standard on Security Screening: Appendix F – Aftercare dated October 20, 2014.
G.2 Procedures
- G.2.1These procedures provide details on the requirements set out in subsections 4.1.1 and 4.6.1 of the Directive on Security Screening.
- G.2.2The chief security officer and those with subordinate responsibilities must apply the mandatory procedures below as follows:
Security briefings
- G.2.2.1The security briefing must:
- G.2.2.1.1Involve the manager of the individual or security officials;
- G.2.2.1.2Inform the individual of their responsibilities under the Policy on Government Security, including at a minimum:
- Access permissions attached to their screening level;
- The security expectations related to their position, contract or other arrangement; and
- Shared security responsibilities within the organization;
- G.2.2.1.3Be completed before an individual is provided access to sensitive information and assets, including IT systems and facilities;
- G.2.2.1.4Be conducted in these circumstances:
- G.2.2.1.5Provide an opportunity for the individual to ask questions;
- G.2.2.1.6Include the signing of the Security Screening Certificate and Briefing Form by the individual; and
- G.2.2.1.6.1Be retained in the security screening file of the individual;
- G.2.2.2Inform CSIS when a security clearance is granted, via form CSIS 4195 Notification of Security Clearance;
Security awareness
- G.2.2.3Conduct security awareness, in accordance with Appendix H: Mandatory Procedures for Security Awareness and Training Control of the Directive on Security Management, at minimum, as an outcome of the granting and updating phases of the security screening life cycle; and
- G.2.2.3.1Inform individuals of the requirement to report changes in personal circumstances, including at minimum the following:
- Change in criminal record status;
- Involvement with law enforcement;
- Association with criminals; or
- A significant change in financial situation;
- G.2.2.3.2Inform individuals who work in security or intelligence organizations of the requirements to report additional changes in their personal or legal status, including a change in marital status; and
- G.2.2.3.3Inform managers how to report and to whom they are to report observed changes in behaviour of individuals for whom they are responsible;
- G.2.2.3.1Inform individuals of the requirement to report changes in personal circumstances, including at minimum the following:
Recurring activities
- G.2.2.4Review the security screening requirements of positions when new programs or activities are established or substantially modified and, at minimum, every five years; and:
- G.2.2.4.1Inform security screening service providers of any changes in requirements;
- G.2.2.5Conduct security screening activities for individual security screening files that meet the minimum frequencies, as prescribed in Annex G1;
Updates
- G.2.2.6Update the individual’s security screening prior to the end of their validity period, in addition to the conduct of recurring activities;
- G.2.2.7Re-examine the reliability or loyalty of an individual since the individual was last granted a security status or clearance:
- G.2.2.7.1Conduct the update process consistent with:
- G.2.2.7.2Evaluate whether changes in personal circumstances pose a security risk;
- G.2.2.7.3Determine the continued eligibility of an individual to hold a security status or clearance, based on the collective evaluation of security screening activities; and
- G.2.2.7.4Provide a security briefing to inform the individual of their security responsibilities consistent with subsections G.2.2.1 and G.2.2.3;
- G.2.2.8When an individual does not provide consent, withdraws consent or does not provide the required information, proceed in accordance with subsection B.2.2.5.2 of Appendix B: Mandatory Procedures for the Management of Personal Information for the Purpose of Security Screening;
- G.2.2.9Repeat any security screening activity where:
- G.2.2.9.1Required by the update cycle; or
- G.2.2.9.2There is reason to believe:
- The activities were conducted improperly; or
- There is no documentation on the file of the initial conduct of the screening activities;
Upgrades
- G.2.2.10When upgrading a valid security status or clearance to a higher level:
- G.2.2.10.1Conduct additional security screening activities and years of background information required for the new level in accordance with Annex A1 of Appendix A: Standard on Security Screening Model and Position Analysis;
- G.2.2.10.2Determine the eligibility of an individual to hold the new security status or clearance, based on the collective results of all security screening activities; and
- G.2.2.10.3Provide a security briefing to inform the individual of their security responsibilities consistent with subsections G.2.2.1 and G.2.2.3
- G.2.2.11Where an individual does not provide consent, withdraws consent or does not provide the required information, proceed in accordance with subsection B.2.2.5.1 of Appendix B: Mandatory Procedures for the Management of Personal Information for the Purpose of Security Screening;
Downgrades
- G.2.2.12When downgrading a valid status or clearance to a lower level:
- G.2.2.12.1Provide a security briefing to inform the individual of their security responsibilities consistent with subsections G.2.2.1 and G.2.2.3;
- G.2.2.12.1.1 Which includes informing individuals and managers that the individual may no longer access higher levels of sensitive information and assets, including IT systems and facilities;
- G.2.2.12.1Provide a security briefing to inform the individual of their security responsibilities consistent with subsections G.2.2.1 and G.2.2.3;
Security debriefing
- G.2.2.13The security debriefing must:
- G.2.2.13.1Be provided to individuals, prior to the end of employment or engagement with the department;
- G.2.2.13.2Advise individuals of their continued responsibilities to maintain the confidentiality of the sensitive information to which they had access; and
- G.2.2.13.3Use the Security Screening Certificate and Briefing Form to record:
- Completion of the debriefing; or
- Where it is impossible to debrief the individual;
- G.2.2.13.3.1 Be retained in the security screening file of the individual in accordance with subsection B.2.2.18 of Appendix B: Mandatory Procedures for the Management of Personal Information for the Purpose of Security Screening.
- G.2.2.1The security briefing must:
Annex G1: Minimum Frequency for the Recurring Update of Security Screening Activities
| Security screening activities | Minimum frequency | Security screening activities | Minimum frequency |
|---|---|---|---|
Reliability status
|
Not applicable |
Enhanced Reliability status
|
5 years |
Secret clearance
|
5 years |
Enhanced Secret clearance
|
5 years |
Top Secret clearance
|
3 years |
Enhanced Top Secret clearance
|
1 year |
Annex G2: Security Screening Activities and Associated Minimum Update Requirements
| Security screening activities | Update requirement | Security screening activities | Update requirement |
|---|---|---|---|
Reliability status
|
10 years |
Enhanced Reliability status: All activities for Reliability status plus:
|
10 years |
Secret clearance All activities for Reliability status plus:
|
10 years |
Enhanced Secret clearance All activities for Secret clearance plus:
|
10 years |
Top Secret clearance All activities for Secret clearance plus:
|
5 years |
Enhanced Top Secret clearance All activities for Top Secret clearance plus:
|
5 years |
Annex G3: Site Access Screening Activities and Associated Update Requirements
| Site Access screening activities | Update requirement |
|---|---|
Site Access status
|
10 years: May be updated more frequently when employment, engagement, assignment, contract or arrangement has lapsed for 12 months or more |
Site Access clearance All activities for Site Access status plus:
|
10 years: May be updated more frequently when employment, engagement, assignment, contract or arrangement has lapsed for 12 months or more |
Additional activities May be used in accordance with subsection A.2.2.10, “Position analysis for non-employees.” All activities for Site Access clearance plus:
|
10 years: May be updated more frequently when employment, engagement, assignment, contract or arrangement has lapsed for 12 months or more |
"Page details"
- Date modified: