| Date of issue | December 2005 |
| Supersession | May 2004 |
| Issuing Authority | Director, Finance and Administration |
| Enquiries | Manager, Administration |
Appendix B: - Staffing a Position (based on information provided by the Manager)
The CIHR must ensure that individuals with access to government information and assets privileged access to critical systems are reliable and trustworthy. For national security, it must also ensure the individual's loyalty to Canada in order to protect itself from foreign intelligence gathering and terrorism. Special care must be taken to ensure the continued reliability and loyalty of individuals, and prevent malicious activity and unauthorized disclosure of classified and protected information or damage affected on critical systems by a disaffected individual in a position of trust.
To ensure security on the personnel level, the Government of Canada employs screening and clearance procedures. The cornerstone of any good security program is to limit access to information and assets to those individuals with a need to know. Using this principle, an individual requires a screening or clearance according to the level of information and assets privileged access to critical systems required for the performance of her or his job.
1.1 As a minimum, Reliability Status is a condition of employment at CIHR
1.2 To establish a security-screening requirement, each role profile must describe the type of information and assets assets and privileged access to critical systems accessible to and used by the incumbent.
CIHR is committed to support the national interest and the Government of Canada's business objectives by safeguarding employees and assets and assuring the continued delivery of services. The objective of this policy is to determine the trustworthiness and loyalty of those who must access classified or designated information and assets and have privileged access to critical systems. The Government Security Policy (GSP) states that the purpose of the Reliability Status and Security Screening procedures is to determine the trustworthiness and loyalty of those who must access classified and designated information and assets and have privileged access critical systems privileged access to critical systems.
3.1 Treasury Board's Government Security Policy
3.2 Treasury Board's Personnel Security Standard
This policy applies to all employees of CIHR, indeterminate and term employees, contractors, students, co-op students, volunteers and persons seconded from other organizations where they are engaged to work for CIHR. Also included are individuals employed by the 13 virtual Institutes who have access to CIHR documents and assets.
4.1 Requirements for appointments, assignments or secondments
4.1.1 Staff appointed to a position requiring only a Reliability Status cannot start work until the Status has been granted. CIHR may send the candidate a conditional letter of offer, however, the candidate cannot begin work until the Reliability Status is granted (if fingerprints are required, this may take anywhere from 2 days to 4 months).
4.1.2 Staff requiring Security Clearance (i.e. Secret, Top Secret) must be security screened to the required level before starting work in any assignment, appointment, secondment or deployment.
5.1 Managers are directly responsible for:
5.1.1 Identifying the sensitivity of the information, assets and privileged access to critical systems to which each Institute position will encounter.
5.1.2 Ensuring that no employee, contractor or temp help is hired without being screened and granted at least his or her Reliability Status by the Security Section.
5.2 CIHR Institute Scientific Directors are directly responsible for:
5.2.1 Identifying the sensitivity of the information, assets and privileged access to critical systems to which each position will encounter and inform CIHR Security Section to obtain the proper Security requirement for the position.
5.2.2 Verifying the following information:
5.2.3 Ensuring that no employee contractor or temp help requiring a Reliability Status or Security Clearance is hired without being screened and granted his or her Reliability Status or Security Clearance (as required) by the Security Section.
5.2.4 Co-ordinating the Security Screening process.
5.3 Human Resources is responsible for:
5.3.1 Verifying the following information for new hires:
5.3.2 Ensuring that the Consent /Reliability Status and, if required, the Security Clearance Form are filled out at the interview.
5.3.3 Ensuring that no employee is hired without being screened and granted at least his or her Reliability Status or Security Clearance (as required) by the Security Section.
5.3.4 Co-ordinating the Security Screening process.
5.4 Security Section is responsible for:
5.4.1 Determining the security requirements of each position (in their area of authority) based on the sensitivity of the information, assets and privileged access to critical systems to which the incumbent has access.
5.4.2 Determining the security requirements of a position not only applies to indeterminate positions, but to the following as well:
Note: Parent or Guardian consent is mandatory if the incumbent has not reached the Age of majority:
5.4.3 Advising managers of the level of security status/assessment for a specific position.
5.4.4 Processing requests for security screenings, including conducting criminal records, name checks, credit checks and Security Clearances.
5.4.5 Advising HR in writing of the candidate's results of the Reliability Status and/or Security Clearance results.
5.4.6 Informing the candidates of Reliability Status and Security Clearance results.
5.4.7 Giving advice and making recommendations to the President in cases of denial or when revoking a Security Clearance.
5.4.8 Maintaining security records of employees.
5.4.9 Ensuring that Reliability Status and Security Clearances are updated before they expire.
5.4.10 The Security Section will update the security screening of:
5.5 President is the only individual with the authorization of denying or revoking a Security Clearance.
5.6 CIHR Staff must inform the Departmental Security Officer (DSO) of any issues affecting their status or clearance:
5.7 Reliability Status: Who is responsible to:
5.8 Security Clearance: Who is responsible to:
6.1 Staffing a position (see Appendix B)
Classified Information: Information is "Classified" if its disclosure could harm the "national interest". The "national interest" concerns defense and maintenance of the social, political and economic stability to Canada. When information is classified in the national interest, a further judgment is needed to determine the classification level. The level depends on the gravity of the detrimental effects that might reasonably be expected to occur from the compromise.
The levels of classification are:
Credit Checks: Credit checks are required only for individuals who have access to certain amounts of cash, negotiable instruments or other extremely valuable items, who are involved in the awarding of contracts, or who require a Secret Clearance. Credit checks are also performed on Contractors. You will be advised if your position requires a credit check. If the Security Section does not tick off the "credit check" box on the Consent to Disclosure of Information form, no such check will be performed.
Critical Services: service whose compromise in terms of availability or integrity would result in a high degree of injury to the health, safety, security or economic well-being of Canadians, or to the efficient functioning of the Government of Canada" and critical assets as "assets supporting a critical service". Assets include networks and systems. Critical services and associated assets are normally identified through the Business Impact analysis (BIA) mentioned in section 3.2 of the Business Continuity Planning Program. The departmental BIA should therefore help identify critical systems
Critical Systems: Systems required to perform critical services.
Designated Information: Information is "Protected" or "Designated" if its disclosure could harm interests other than the "national interest".
The three levels are:
For Cause is a determination that there is sufficient reason to review, revoke, suspend or downgrade a reliability status or a security clearance. In the context of a security assessment, a determination whether more in-depth verifications are required.
Foreign National is an individual who is not a Canadian citizen, is not a landed immigrant and does not possess a working permit for Canada.
National Interest concerns the defence and maintenance of the social, political and economic stability of Canada.
Need-to-know is the need for someone to access and know information in order to perform his or her duties
Reliability Status: A Reliability Status is the minimum required for a person who works for the Government of Canada, either directly or on contract. Persons working with designated information and assets, including a CIHR Network account, require a Reliability Status. Because of the nature of our business at CIHR, we all require a Reliability Status as a minimum. This Status is valid for 10 years.
Security Clearances: Security Clearances are necessary for individuals who deal with classified information or have privileged access to critical systems. The Canadian Institutes of Health Research processes a small amount of classified information; therefore, a limited number of our staff requires Security Clearances.
Secret and Top Secret Security Clearances are assigned to positions rather than individuals. The incumbents of these positions undergo a Security Clearance, and when such an incumbent changes to a position that does not require a Clearance, the Clearance should be cancelled in order to keep the number of Clearances at a manageable level. A cancelled Clearance is not a reflection on the person's character, but simply a change required because of the change in position.
Security Screening Certificate and Briefing Form: The Security Briefing and Declaration form is a generic form to be read and signed by all persons receiving a Security Clearance or Reliability Status. The form outlines their responsibilities and level of security.
6.1.1 Security Section is responsible for determining the security requirements of each position in their area of authority based on the sensitivity of the information, assets and critical systems to which the incumbent has access.
6.1.2 Security requirements for all positions must be clearly indicated on the job opportunity (competition) posters, role profiles and all other such forms of notice.
6.1.3 HR will have the appropriate forms filled out by the candidates.
6.1.4 Security Section will conduct the Reliability Status, Security Clearance and Credit Check process based on the forms (originals only) provided by HR and signed by the candidate.
6.1.5 Security screening results are transferable from department to department
6.1.6 Security Section will notify HR in writing of the results of the Reliability Status and Security Screening.
6.1.7 No one can be hired without a written notification from the Security Section.
6.1.8 Candidates for security screening must receive, in writing, either:
