|
2.77
Recommendation. Communications
Security Establishment Canada should ensure that all contract security
requirements related to firm clearances are met prior to awarding the
contract.
|
CSEC response: Agreed. Communications Security Establishment Canada acknowledges
the audit’s finding that CSEC met all requirements of government policy. With
respect to the additional requirements that CSEC put in place over and above
the policy, CSEC accepts the findings of the Auditor General, although
additional risk mitigation measures were put in place. CSEC’s guidelines have
been amended accordingly.
Update:
CSEC has amended its Security Guide template from which relevant security
clauses are included in a Security Guide for a specific contract. This has
eliminated any ambiguity over the security screening requirements of the
contractor and the company with which he/she is affiliated. CSEC continues
to use appropriate and accepted risk mitigation measures to ensure the
delivery of critical operations and support to operations while maintaining a
security posture that is compliant with GC policies.
|