Directive on Security Screening

Ensures that security screening in the Government of Canada is conducted in a way that is effective, rigorous, consistent and fair, and enables greater transferability of security screening between departments.
Date modified: 2025-01-07

Supporting tools

Directive:

Mandatory procedures:

More information

Policy:

Terminology:

Topic:

Hierarchy
View complete hierarchy

Archives

This directive replaces:

View all inactive instruments
Print-friendly XML

Appendix I: Mandatory Procedures for Chief Security Officers to Manage Temporary Access to Sensitive Information or Assets

I.1 Effective date

  • I.1.1These procedures take effect on January 6, 2025.

I.2 Procedures

  • I.2.1These procedures provide details on the requirements set out in subsections 4.1.1.2 and 4.6.1 of the Directive on Security Screening.
  • I.2.2Mandatory procedures for chief security officers are as follows:

    Decision to provide temporary access to sensitive information or assets

    • I.2.2.1Do not consider a decision to provide temporary access when it is expected that access will be required for longer than four months;
    • I.2.2.2Do not consider a decision to provide temporary access as a substitute to security screen individuals at the level required by the position;
    • I.2.2.3Consider a decision to provide the individual with temporary access to sensitive information and assets, including IT systems or facilities:
      • I.2.2.3.1Where there is an operational requirement for this individual that cannot be performed by another with a valid security screening at the required level; and
      • I.2.2.3.2Where a risk assessment demonstrates that the need to provide the individual with temporary access outweighs the risk associated with providing the individual access
    • I.2.2.4Impose restrictions that detail limits to accessing sensitive information and assets, including IT systems or facilities to which the temporary access provision includes;

    Notification of a decision to provide temporary access

    • I.2.2.5Notify the individual of the decision to provide temporary access to sensitive information and assets, including IT systems and facilities through a security briefing, including:
      • I.2.2.5.1The duration of the access; and
      • I.2.2.5.2The provisions of the access;
    • I.2.2.6For the agreement of temporary access:
      • I.2.2.6.1Obtain the signature of the individual receiving access;
      • I.2.2.6.2Obtain the signature of the custodian of the information to be accessed;
      • I.2.2.6.3Sign the agreement; and
      • I.2.2.6.4Include the agreement in the security screening file of the individual;

    Notification of a decision to remove temporary access

    • I.2.2.7Debrief the individual following the removal of temporary access, including:
      • I.2.2.7.1Advise the individual of their continued responsibilities to maintain the confidentiality of the sensitive information to which they had access;
      • I.2.2.7.2Include a copy of the signed agreement in the security screening file of the individual; and
      • I.2.2.7.3Retain evidence of the debriefing in the security screening file of the individual;

    Managing temporary access of the individual

    • I.2.2.8When temporary access is granted:
      • I.2.2.8.1Prevent the individual from accessing:
        1. Compartmented information;
        2. Enhanced Top Secret information;
        3. Protected C information
        4. Information for which access is restricted in accordance with international agreements or special caveats;
        5. Cabinet documents as defined within the Government of Canada, the Privy Council Office or the Policy on the Security of Cabinet Confidences;
        6. Sensitive information from other governments and levels of government; and
        7. Sensitive information, assets, IT systems and facilities from other departments without their documented approval
      • I.2.2.8.2Maintain positive control of access to sensitive information and assets, including IT systems and facilities to which the temporary access provision includes.
Report a problem or mistake on this page
Date modified: