Talent Development Centre

Tag Archives: security

All Talent Development Centre posts for Canadian technology contractors relating to security and security clearances.

2017: The Year of Encryption Everywhere (Infographic)

Security is far from a “rising trend” in 2017 — it’s a fact that has now ruled the internet for years and is not going anywhere. One thing we can be certain of is that as hackers get more sophisticated, so too must our security, and specifically encryption.

According to this infographic from the SSLShop, 2017 is going to see the most encryption yet, due to a number of factors, including Google’s upcoming browser features. If you’re involved in any website or security projects, have a look to see what you can expect in the coming months. Is there anything you can add or would reject from the list?

2017 The Year Of Encryption Everywhere #Infographic

The Top Threats to Mobile Security (Infographic)

There’s a good chance you leverage your smartphone for all sorts of reasons beyond just a telephone. Independent contractors often use their mobile devices to stay organized, connect with colleagues and clients through social media, search and apply for jobs, and a whole variety of leisure activities.

As convenient and helpful as our smartphones are, they can also be quite vulnerable if you fail to take the right steps to protect yourself. That’s why Vasco created this infographic. Have a read  to learn more about the most common mobile menaces and get some tips to prevent them.
Top Threats to Mobile Security and What you Can do to Prevent Them #infographicYou can also find more infographics at Visualistan

2015 in Review: Working in the Federal Government

2015 in Review: Working in the Federal GovernmentIndependent contractors who have worked with government clients know that the experience can be completely different from working in the private sector. There are often more processes and longer timelines, with various hoops to jump through.

In the past year, David O’Brien, Eagle’s Vice-President of Government Services, has shared a few important pieces on this topic, specifically with the Federal Government. If you’re in the National Capital Region and haven’t already seen some of these posts, have a look:

How Thieves Use Social Media To Rob You (Infographic)

Are you planning any travel in the next couple weeks? Make sure your home is safe while you’re away. Social media makes it easier for us all to connect with friends and family, and in many cases, gives us resources to improve our work. Unfortunately, it also gives burglars an advantage in their work!

Before you post your holiday adventures on social media, take a look at this infographic from Distinctive Doors. It shares some eye-opening facts and statistics.

Organization Security Screening & Federal Contractors

David O'Brien By David O’Brien,
Vice-President, Government Services at Eagle

Private Sector Organization Screening (PSOS) – Answers to IT independent contractors’ frequently asked questions

Private Sector Organization Screening (PSOS) - Answers to independent contractors' frequently asked questionsA little over a year ago, I posted about the Canadian Industrial Security Directorate’s (CISD – a division of PWGSC) requirement for all independent contractors doing business with the Feds to clear their incorporated entities under the Private Sector Organization Screen (PSOS). Since then, many contractors at Eagle have been through the process and we all learned more about it, including some of the common questions. Here are the answers to some of the questions we hear, as well as a few tips to help you through the PSOS process:

Wait, what’s happening?

Independent contractors working in the Federal Government have always been required to get personnel security screening at some level (ex. Reliability Status, Secret Clearance, etc.). These clearances were completed by the organizations through whom they were subcontracting. For example, when contractors work through Eagle, we either submit a request for a new personnel clearance or duplicate their current one. Regardless of what happens, Eagle ends up “owning” the clearance and, at least in the eyes of CISD, the contractor is considered part of Eagle’s personnel (even though that is not the case). Eagle is able to submit and own security clearances because we have a Facility Security Clearance (FSC), meaning Eagle, as a corporation, is security cleared.

In 2012, CISD implemented a new process. Rather than incorporated independent contractors having a personnel clearance owned by many different organizations, they are instead required to gain clearance for their own corporation. Once that is complete, their corporation will hold their personnel clearance.

What’s the process to get this done?

Upon signing your new subcontract, the prime contractor (often a staffing agency) is responsible for ensuring both your corporation and the personnel completing the work (you) hold the proper clearance. If your corporation is not already cleared, the prime contractor will be responsible for “sponsoring” your corporation to receive the appropriate clearance.

The prime contractor will complete the necessary paper work to initiate the process and submit it to PWGSC.  Once that paper work is processed (usually a couple weeks), you will receive an email from PWGSC containing some forms.

You will need to complete and submit the forms within 30 days. After which, PWGSC may come back to you with some more questions and request a brief interview. You can find the complete step-by-step process here.

What security level will I be cleared to?

Security fingerprintYour corporation will either require Designated Organization Screening (DOS) or Facility Security Clearance (FSC).  This will depend on the security requirement of your contract. If you’re only required to hold Reliability Status, you will be cleared for DOS. If you require Classified, Secret or Top Secret Security Clearance, you would require FSC.

In some cases, a contractor’s corporation may already hold one status but require a higher level for the new contract. In this case, the prime contractor would have to sponsor the corporation for an upgrade.

How can I get started?

You cannot be sponsored for PSOS unless you are on an active contract that requires security clearance.

How long will it take?

The process varies, but we’re hearing from contractors who have already completed it that it takes approximately 1 year.

How can I prepare?

If you are expecting to start the process soon, you can prepare by gathering some of the information that will be asked in the initial Application for Registration, including:

  • Business Procurement Number – this is a mandatory requirement to do business with the Federal Government. As long as you have an HST number, you can get your PBN here.
  • The owners of the corporation and their ownership percentage – For an independent contractor, this is usually just themselves and, in some cases, their spouse or a business partner.
  • Company Security Officer (CSO) and Alternate Company Security Officer (ACSO) – The CSO would be the independent contractor (you). The ACSO is only required if you have more than one employee.
  • Any Key Senior Officials (KSOs – owners, officers, directors) – Again, this is usually just the independent contractor and maybe one other person.
  • Security Clearances for the CSO, ASCOs, KSOs, and any personnel who will be performing work – In many cases, you will wear all of these hats. You also probably already have the necessary clearance. If you are in a situation described above where you have another ACSO or KSO and they are not cleared, contact your agency to see if they can help get that process started immediately.
  • Review the other forms that will come your way – some of the initial forms that PWGSC sends you can be found online, including:

Will I need to go through the entire personnel security clearance process again?

No. If you already have a valid personnel security clearance, you will only need to complete the Personnel Security Screening Form. At the top, in Section A, you would select “Transfer” so your personnel clearance would be brought over to your corporation after it gets cleared.

How will this change the way I do business?

There will be very few changes in how you do business, although you will see some benefits such as:

  • You will no longer have to duplicate your clearance every time you start working with a new agency
  • You will be able to work directly with PWGSC to issue your own security clearance renewals and ensure it does not expire.
  • You will no longer be considered “Personnel” of your agency, which helps further separate you from being an employee in the eyes of the CRA

Will it affect my current contract?

Your current contract will not be affected by the PSOS process. According to CISD regulations, a subcontract should not begin until PSOS is complete; however, PWGSC recognizes that this would have significant impact on business and are allowing a transition period. Your contract will be allowed to start using your personnel clearance owned by your agency.

What if I decide not to do this?

As noted above, there is a grace period to get your corporation cleared; however, that will not last forever. If you choose to ignore the forms and not clear your organization, eventually you will not be able to work on Federal Government contracts that require security clearance.

Hopefully this helps clear things up for you. If you do have any other questions, or would like to share your personal experience with the PSOS process and some tips for getting through it, please feel free to do so in the comments below.

Update on the Federal Security Clearance Process

David O'Brien By David O’Brien,
Vice-President, Government Services at Eagle

NACCBI believe it’s important to be involved and contribute to advancing the interests of the industry for the betterment of both clients and competitors, in addition to Eagle. To that end, in addition to my ‘day job’ at Eagle, I serve as the local Chapter President of the NACCB, our industry association that represents those interests and, here in Ottawa specifically, the majority of that focus audience is with the Federal Government. We are instrumental and very active in representing the IT Services industry in issues like Procurement and Contract Vehicles, CRA Employee- Employer concerns and, of most concern of late, Security and Federal Government Security Clearances. The Security Clearance process for independent contractors and vendors in Ottawa has become a very slow and cumbersome process, so much so that many contracts are delayed in being awarded and often cancelled altogether due only to the Security Process.

While all around Ottawa and the Federal Government there is consolidation, see Shared Services Canada, consolidation of Procurement vehicles and a National Procurement strategy, Security has gone the opposite way by becoming more complex and with different departments rendering and implementing their own Security Clearance processes. CISD, the organization that is responsible for Security Clearances, has recently engaged industry associations like NAACCB on a regular basis. To that end I would like to share some of their updates:

  • Here's an Update on the Federal Government Security Clearance ProcessThe new CISD Call Centre is in place and claims to have reduced delays and sped up their Clearances times against their own target metrics. For a simple clearance, ie. Reliability, CISD targets the process to be completed in 7 days or less and they hit that target 73% of the time on a target of 85%.
  • Complex Clearances ( ie. Secret Clearance) their target is to have 85% of applications completed in 120 days or less and they exceed that at 95%.
  • Overall backlog of requests have been reduced from 28000 to 18000.
  • PSOS (Private Sector Organization Screening), which all independent incorporated contractors must have in addition to their Personal Security Clearance, has increased 40 %. Contractors need to begin this process ASAP if they wish to be awarded Federal Government contracts.
  • With so many inaccuracies in forms (up to 95 %), CISD is receptive to a webinar on how to obtain a Security Clearance as well as a YouTube instruction.
  • Finally, beginning this summer fingerprints will be required for all Security Clearances and this requirement will be implemented over the next 2 years.

Hope this helps and stay tuned for further updates!

Delays in Federal Government Security Clearances

David O'Brien By David O’Brien,
Vice-President, Government Services at Eagle

The Process IS Improving… Here’s How

While systems, technologies , networks , email platforms, back-offices and procurement within the Federal Government are all moving towards consolidation to provide savings among other positive outcomes, it seems Security and Security Clearances required with the Feds move in quite the opposite direction. In fact, they’re becoming ever more complex for vendors and contractors alike. With the nature of Security as an overall topic, we don’t expect it to become easier any time soon.

Person holding clockCISD, the division of Public Works responsible for Industrial Security in the Government, have suffered with limited resources and budget to keep up with the increasing demand and complexity. As a result, many contracts and projects are delayed and, in many cases cancelled, while waiting for Security Clearances. Delays and backlogs are unfortunately the order of the day. Vendors and, of course, Independent Contractors have suffered immensely as a result and frustration with the delays is pervasive, including many client departments.

The other very significant development has been the advent of the requirement that Independent Contractors not only hold Personal Security Clearance but in addition, their incorporated companies must similarly be registered and cleared to the same level. This is referred to as a Private Sector Organization Screening or PSOS.

So what’s new and news on both of these fronts?

First, on the overall delays and backlog issues in the everyday effort to obtain, duplicate and transfer Clearances, CISD has recognized the issue and made commitments at four levels.

  1. Process- Poor Timelines: Back-log teams have been deployed to improve turn around times and fix back logs. As a result, Reliability Clearance is largely up to date.
  2. Online Application System (OLISS): An old, slow system is set to be updated in its entirety in the next year.
  3. Call Centre: Wait times are very significant and a new system will be in place in the next year.
  4. Communication: CISD has committed to a better communication plan with industry on process changes, renewal information etc.

As for the PSOS process which requires all independent contractors to go through in order to win government contracts , CISD has committed to a process whereby once a contractor together with their sponsoring organization submits the registration request, an “establishing” letter will go out to both parties, giving them 30 days to acknowledge and submit the required information and documents. If the organization doesn’t respond, a second email will go out, giving them 10 days to respond. If there is still no response, then the file will be closed. If incomplete or inaccurate information is provided, it will be returned and the whole process will have to be restarted.

There is an expected transition period for all contractors to get this PSOS but rest assured it will be mandatory to win Federal Government business in the future.

There it is — not exciting stuff but it is the reality of Ottawa (and excuse me for all the acronyms) and the wonderful world of Security that goes hand-in-hand with it! If you have any other questions around regarding Security Clearances or the PSOS process, please leave them in the comment section below and we’ll get you your answers as quickly as possible.

Changes with Federal Government Security Clearances

David O'Brien By David O’Brien,
Vice-President, Government Services at Eagle

Working with the Feds requires an understanding of complex contract vehicles, understanding RFPs, SOWs, working with Proposal Teams and Recruiters in filling out matrices, longer than private sector time to close cycles, understanding bureaucracy and perhaps most uniquely Federal Government Security Clearance.

Security fingerprintIt goes without saying that in this day and age Security is of utmost critical importance for every organization and certainly with the Feds who deal with real cyber threats daily that are of National Security importance and may have adverse effects on Public Safety. It’s for this reason that Security will not get any easier, is not going away and in fact may be more onerous and complex for all of us in the years to come.

Currently in order to do business with Feds, Independent Contractors (ICs) have to be cleared generally at one of 3 basic levels: Reliability, Secret or Top Secret (and while there are a myriad of other levels and differences these are the most common with Secret being the most common of the three). Today the vast majority of ICs who hold Security Clearance with Feds do so at a personal level, in other words they are screened and cleared personally as John Q. Public.  This is a Personal Security Clearance (PSC).

Earlier this spring the Canadian Industrial Security Directorate (CISD) introduced to Industry Representative Associations like the National Association of Computer Consulting Businesses (NACCB) that effective immediately, Independents who are incorporated must additionally clear their incorporation or business entities under the Private Sector Organization Screening (PSOS) in addition to their PSC to qualify for government contracts. A PSOS means that their John Q Public Inc. must be cleared.  This clearance will require information on the structure and ownership of their incorporation, appointing a Chief Security Officer (CSO), Personal Screening for CSOs, a signed Security Agreement and signed CSO Attestation Forms.

As you may guess it will take some time and effort on the part of ICs, the agencies who work with them and CISD.  Currently there is a huge backlog of regular Security applications, renewals and duplications. The PSOS requirement will be added to this workload with already limited dedicated resources at CISD.

In the industry consultation with the Feds, they have made it clear that this requirement has been in place since 2012, however, it has not been enforced until now. The Feds have agreed it is likely a substantial undertaking and they will be absolutely reasonable in implementing it through a transition period they anticipate will happen over the next couple of years.

There is no doubt this will be a bit of a challenge but ICs should begin the process right away to avoid any disruption to your business. The bottom line is that in order to win business and be awarded contracts you will have to hold a PSOS.

So what is the good news in all this? What there is good news?! Yep. I believe there are some definite benefits in all this.

First and foremost you and your business will be fully registered with CISD and can continue to compete for contracts with the Feds. In addition you and your business will be able to hold your own Security without having a sponsoring entity hold it for you eliminating the need for “duplications”’ every time you bid or are awarded a contract. Finally and maybe most significantly, fully clearing and registering your Business entity is another strong indicator that you are running a business as an independent contractor which provides further evidence that you are not an employee in the eyes of the Canada Revenue Agency (CRA).