Home | Site Map | Contact Us Français

	Market intelligence

	Product demand research

	Market research

	Industry sector resources

	Doing business with foreign governments

	Business leads

	SourceCAN opportunity matching

	Opportunity advice

	Next steps online

	Sales support

	Reference service

	Joint sales presentation

	Letter of support

	Proposal preparation

	Contracting advice

	Contract negotiation

	Contract management

	International prime contractor solution

	DoD prime contractor solution

Security is Everybody’s Business

In today’s environment, security is everybody’s business. Whether you are a buyer or seller, the need for security products and services keeps increasing. Spending on information communication technology, including homeland security is in the billions of dollars worldwide. How does your company sell into the security marketplace? The answer is to be prepared.

Companies wanting to sell security products and services must be prepared in several ways. It’s a given that successful product development, marketing, sales and financing are essential to any organization. However, some key considerations to which many companies need to pay more attention are:

Standards;
Export controls;
Industrial security;
Company registration;
What problem does my product or service solve; and
Networking.

Regardless of what type of security product or service you have, buyers typically look for solutions that meet recognized international standards. In the computer security and cryptographic world, many standards exist. For example, three standards are:

ISO 15408 (Common Criteria for Information Technology Security Evaluation). Please refer to: www.commoncriteriaportal.org/
ISO/IEC 17799:2005 (Information technology - Security techniques - Code of practice for information security management). Please refer to: www.iso17799software.com/; and
FIPS 140-2 (Security Requirements for Cryptographic Modules). Please refer to: http://csrc.nist.gov/cryptval/.

In the United States, the Department of Defense (DoD) issued NSTISSP No. 11, a national security policy governing the acquisition of information assurance products by DoD. NSTISSP No. 11 is a must-read document for vendors who want to sell encryption or computer security products to DoD. Please refer to: http://niap.nist.gov/cc-scheme/nstissp11_factsheet.pdf.

Canadian government departments and agencies use the CSE and the PWGSC ITS Product Pre-qualification Program (IPPP) to identity security products suitable for use by the Government of Canada. Please refer to: ITS Product Pre-qualification Program (IPPP) .

In meeting the above-mentioned security standards, vendors open the door for potential sales in Canada and the U.S. as well as other countries that accept the same standards. Regardless of what type of security product you are developing or have, it is critical to know what standards may apply to it. For example, European Union countries and others may require your product to undergo a national process in order to obtain a safety and quality certification before it can be sold in those countries.

Export controls on information security products were liberalized several years ago. However, export controls permits are necessary to export many cryptographic products and related technology from Canada. In some cases a General Export Permit is available to assist the exporter. Checking with Canadian export authorities is a must and it is suggested that it be done early in product development to determine what restrictions, if any, may apply to the product. Products or technology destined for countries on the Canadian Area Control List require a permit. More information about Canadian export controls can be found at: http://www.dfait-maeci.gc.ca/trade/eicb/general/general-en.asp. One last point to consider about export controls-does your product require an import permit in the destination country?

The Canadian International Industrial Security Directorate (CIISD) of PWGSC administers Canadian industrial security in Canada. CIISD has two programs to support its mandate. One is the Industrial Security Program and the other is the Controlled Goods and Services Program. Additional information about both of these important programs can be found at: http://www.ciisd.gc.ca/text/main/toc-e.asp.

If you plan to sell to the U.S. government, your company needs to be registered. The Central Contractor Registration (CCR) is the main vendor database for the U.S. federal government. All vendors, including Canadian companies, wishing to conduct business with the U.S. government must be registered. Check out: www.ccc.ca/eng/bus_marketAccess_DoDprimeContractor.cfm.

When dealing with the U.S. Department of Defense your company may require access to critical unclassified technology. The Joint Certification Office (JCO) will assist you in accessing the information. More information about the JCO can be found at http://www.dlis.dla.mil/jcp/.

Your potential client will only buy your security product or service if they believe it will address a problem they have in their overall security environment. Today, buyers are looking for complete solutions to a problem. Expect them to ask how your product or service fits into the overall solution. Web sites such as: www.fcw.com or www.gcn.com help you to obtain background information on important security activities in the U.S. Information on specific U.S. government opportunities can be found by registering at: www.sourcecan.gc.ca, which is a joint Industry Canada and CCC initiative to support Canadian industry.

For additional assistance, CCC’s Security Team can be reached at: securityteam@ccc.ca.

Top