Archived Web Page: Draft for Public Consultation: RD/GD-384: Site Access Security Clearance for High-Security Sites

Preface

Regulatory document RD/GD-384, Site Access Security Clearance for High-Security Sites, was developed to address key considerations for licensees of high-security sites and nuclear facilities who will be authorizing unescorted access to protected areas, as defined under the Nuclear Security Regulations.

This regulatory document sets out the guidance of the Canadian Nuclear Safety Commission (CNSC) for granting a site access security clearance. This document applies to all licensees who are considering authorizing or who have authorized a person to enter a protected area at a high-security site as defined in the Nuclear Security Regulations.

Table of Contents

1.0 Purpose

This document provides guidance regarding the process for granting a site access security clearance (SASC) for authorized unescorted entry to a protected area.

The SASC process helps ensure that unescorted persons entering protected areas would not pose a risk to facilities, their operation or personnel.

2.0 Scope

This document sets out the means of acquiring the minimum information that licensees should process before granting SASCs to individuals who require unescorted access to protected areas at high-security sites.

3.0 Relevant Legislation

The provisions of the Nuclear Safety and Control Act (NSCA) and Nuclear Security Regulations (NSR) relevant to this document include:

• Paragraph 9(a) of the NSCA, which provides that “the objects of the Commission are:  a) to regulate the development, production and use of nuclear energy and the production, possession and use of nuclear substances, prescribed equipment and prescribed information in order to:
  1. prevent unreasonable risk, to the environment and to the health and safety of persons, associated with that development, production, possession or use,
  2. prevent unreasonable risk to national security associated with that development, production, possession or use, and
  3. achieve conformity with measures of control and international obligations to which Canada has agreed;”
• Subsection 24(4) of the NSCA, which provides that “No licence may be issued, renewed, amended or replaced unless, in the opinion of the Commission, the applicant (a) is qualified to carry on the activity that the licence will authorize the licensee to carry on; and (b) will, in carrying on that activity, make adequate provision for the protection of the environment, the health and safety of persons and the maintenance of national security and measures required to implement international obligations to which Canada has agreed.”
• Subsection 24(5) of the NSCA states that “A licence may contain any term or condition that the Commission considers necessary for the purposes of this Act.”
• Section 17(1) of the NSR, which provides that “No person shall enter a protected area without physical proof of the recorded authorization of the licensee.”
• Subsection 17(1.1) of the NSR, which states that “In this section, ‘site access security clearance’ means a clearance granted by a licensee to a person based on a security assessment for site access security clearances referred to in the Personnel Security Standard or on an equivalent security assessment.”
• Subsection 17(1.2) of the NSR, which states that “A site access security clearance is valid for five years.”
• Subsection 17(2) of the NSR, which states that “Subject to section (3), a licensee shall, before issuing an authorization to enter a protected area to a person, prepare an identification report that contains the following information and documents:
  1. the person’s name and date and place of birth;
  2. documentary proof of the person’s lawful presence in Canada;
  3. the address of the person’s principal residence;
  4. a photograph depicting a frontal view of the person’s face;
  5. the person’s occupation; and
  6. a copy of the site access security clearance for that person.”
• Subsection 17(5) of the NSR, which states that “An authorization to enter a protected area may be issued for any term not exceeding five years and shall be subject to any term and conditions that are necessary to minimize the risk to the security of the area.”
• Subsection 17(6) of the NSR, which states that “Every licensee shall give to a person who has sought an authorization to enter a protected area, on the person’s request, a copy of any information or documents referred to in subsection (2) that the licensee possesses.”

4.0 Process for Granting a Site Access Security Clearance

Before granting an SASC, the licensee should carry out the following activities:

1. Process the SASC application in order to determine an applicant’s five-year traceable history, by collecting and assessing the following information:
   1. personal data, including history of residence, for the five years immediately preceding the SASC application, or, if the applicant is under 21 years of age, to age 16 years
   2. criminal records name check (CRNC) in accordance with Canadian Police Information Centre policy
   3. educational/professional qualifications
   4. employment history
   5. Canadian Security Intelligence Service (CSIS) indices check.
2. Carry out the requisite checks identified in the Policy on Government Security (PGS) – Personnel Security Standard Appendix C.
3. Verify all required information, either personally or via a trusted third party.
4. In cases of gaps in documentation or unpardonable indictable convictions, conduct a security interview.
5. Process and verify the necessary information for a CSIS security assessment before sending it to CSIS.

4.1 Report to the Canadian Nuclear Safety Commission

The licensee should inform the CNSC and provide justification, in the following circumstances where an SASC is granted:

• The applicant has not met the basic SASC requirements and the licensee is unable to resolve gaps subsequent to a security interview.
• CSIS provides the licensee with a Notice of Assessment indicating there is insufficient information (NOA - Inssuficient Info).
• CSIS identifies adverse information that may indicate a security risk.

5.0 Guidance for the Site Access Security Clearance Process

5.1 Site access security clearance application

Appendix A of this document identifies the necessary forms for an SASC application. These can be found on the Treasury Board of Canada Secretariat Web site in the Forms section.

These forms should be used for new requests as well as for updates and upgrades. All fields of the form applicable to an SASC should be completed in full.

The SASC application should include complete data for sections A to P of the Security Clearance Form (TBS/SCT 330-60E). Information to be recorded includes all email addresses and cellular telephone numbers, including the period when they were used.

In addition, the applicant should provide notarized/certified translation for all supporting documentation (e.g., educational certificate, CRNC, professional qualifications etc.) that is not in English or French.

A credit check may also be conducted for cause.

5.1.1 Less than five years traceable history in Canada

A person who has resided or worked in a country outside of Canada for a period of more than six months within the last five years should provide a CRNC for each country of previous residence. An individual who resided in a country where only local checks (e.g., immediate area in which the person resides) are completed should have a CRNC (or equivalent) completed for each area in which he or she resided. He or she should also have a CRNC completed by the country’s state government policing authorities.

Where there are no reciprocal arrangements between different policing authorities, the individual should obtain a CRNC from each policing authority. For example, in the case of an individual residing in the United States, a CRNC and fingerprint check should be conducted at the county, state, and federal levels by the Federal Bureau of Investigation’s National Crime Information Center.

Where CRNC information is unavailable or incomplete or an unpardonable indictable conviction exists, fingerprints should be verified through a police service agency (in the area of jurisdiction where the person has resided) or by a trusted third party.

5.1.2 Foreign nationals

A foreign national should provide identification (for example, work visa or passport) and proof of legal status in Canada, to be verified by the license. A foreign national should also provide, via a trusted third party, a CRNC from their country of origin. CRNCs should also be provided for all countries where a foreign national has resided during the past five years, including all areas and all police authorities within that country where the person resided.

A foreign national with a security clearance issued by NATO, the United Kingdom, New Zealand, Australia or the United States may have his or her security clearance accepted if the original or a verified copy of the security clearance certificate is provided. The certificate should include a current CRNC verified by the agency that issued the clearance or by a trusted third party.

5.2 Security assessment

5.2.1 Criminal activity assessment

Where a CRNC check conducted by the licensee or on behalf of the licensee is incomplete, fingerprints should be verified and a security interview for cause should be performed.

When an applicant has an unpardonable indictable conviction, the licensee should review the criminal history and assess the risk to personnel safety and/or security to the nuclear facility based on this information. The risk assessment should include an assessment of criminal convictions and subsequent checks conducted by law enforcement. It should also consider the nuclear facility’s operations, including what facility areas or nuclear material to which the individual may have access. A criminal conviction, including a self-declaration by the applicant, that identifies adverse information, will also require a security interview.

The applicant should authorize the licensee to conduct a CRNC of the person’s background for the preceding five years.

5.2.2 Personal data

The licensee should verify the person’s full name, date, and place of birth. The place of birth should include the city or town name, province (state) and country.

Verified original documentation should include, but not be limited to the following: birth certificate; passport (including travel history); valid work permit; permanent resident card; Canadian citizenship card or other government-issued photo identification. At least one piece of identification should contain a current facial view of the person.

5.2.3 Employment/education records

The licensee should verify the person’s education and/or professional qualifications (e.g., licence, degree, and diploma) and record them by way of a certified copy, which has been initialed and dated by the licensee and retained on file for audit purposes.

5.3 Security interview

A security interview should be conducted by an experienced, trained interviewer with requisite training and/or skills and who reports directly to the licensee’s security program authority. The interviewer should be appropriately trained in relevant areas, such as effective interviewing techniques and ways to detect deception.

Interviews should be conducted by two persons: the individual certified as the security interviewer and a second qualified individual who has been approved by the licensee’s security program authority.

A security interview should focus on the following, in order to determine if the person poses a risk to the facility, health and safety of persons and national security: the resolution of incomplete or questionable documentation; unpardonable indictable convictions; and past criminal activity and/or less than five consecutive years of traceable history.

The individual seeking an SASC is required to bring all documentation to the security interview. This material is to include original, or verified copies of all related documentation related to the SASC; e.g., proof of legal status, notarized or certified translation (if not in English or French) of all CRNCs, passport, visa, educational certificates/diplomas/degrees. The security interview may require a detailed analytical examination of information provided by the individual, or lack thereof, to verify reliability/authenticity where other means of verification are not available. The security interview may also include other verification tools, such as a polygraph test, to verify a person’s reliability as it relates to loyalty.

The results of the security interview should be documented and kept on file.

The licensee should have documented processes for evaluating the results following the interview (e.g., a review panel represented by senior security management and an independent senior licensee program authority). Furthermore, the licensee should identify a senior program authority who decides to grant/deny an SASC based on the results of the security interview and reliability and loyalty checks.

An individual may, based on the security interview, obtain limited unescorted site access that is subject to certain restrictions (e.g., limited hours of work; a stand-alone computer not connected to the facility network and with no Internet connection; or no access to prescribed information, prescribed equipment, nuclear material, nuclear material accounting, or classified information or assets). Restrictions should be recorded and subject to a documented review process conducted by the licensee.

5.4 Granting of a site access security clearance

5.4.1 Determinative assessment – security interview

If the security interview determines the individual does not pose a security risk, the licensee may grant an SASC without restrictions, if the CSIS assessment has not identified any adverse information. However, security restrictions (e.g., limitations on hours of work or access to certain areas of the licensed facility and nuclear material) may be imposed for an individual’s SASC being updated with CSIS over an extended period, and where CSIS has not identified adverse information that could indicate a risk to the health and safety of persons or to national security. Restrictions may be imposed based on the licensee’s own governance for risk tolerance/acceptance (e.g., if the CRNC reveals criminal charges before the courts, the licensee may require the individual to report all court dates/status and final disposition of charges to the licensee, etc.).

An individual should not be granted an SASC if it is determined after the security interview that he or she cannot meet SASC requirements and poses an unacceptable risk to safety or security of the nuclear facility or operations.

No person, including a foreign national, should be granted an SASC if he or she refuses to be interviewed or if the licensee or CSIS identifies any adverse information that is considered a risk to the health and safety of persons and to national security.

5.4.2 CSIS Notice of Assessment

CSIS will provide the licensee with a Notice of Assessment (NOA) indicating whether adverse information exists or if it holds no adverse information (NOA – No Adv Info) concerning the individual who requires an SASC. The SASC is valid for five years from the date of notification from CSIS, with the provision that the licensee or CSIS may review the SASC for cause at any time.

5.4.3 Report to the Canadian Nuclear Safety Commission

Measures taken by the licensee to mitigate security concerns and risk acceptance, as identified by circumstances defined in sections 5.4.1 and 5.4.2 of this document, may be subject to CNSC review to ensure they are in accordance with paragraph 9(a) of the NSCA and paragraph 12(1)(c) of the General Nuclear Safety and Control Regulations.

5.5 Site access security clearance renewal process

The licensee shall have an auditable SASC renewal process, which should include verification checks that ensure enough time to complete and consider all required indices and other assessments before the SASC expires. This will ensure that all relevant assessment information is reviewed or considered before an SASC is renewed, and that any adverse information that is uncovered will be available where an SASC is not renewed for valid reasons.

5.6 Transferability

A valid SASC is transferable between high-security sites that have documented processes in place for verification (e.g., printed and/or electronic copies of the SASC), retention, renewal, and cancellation.

5.7 Record retention

Verified copies of all documentation, dated and signed by the licensee, that supports the granting of an SASC should be retained on file for audit purposes. An SASC, including all associated documentation, should be subject to the licensee’s governance regarding retention and destruction.

Appendix A

The following forms, as amended from time to time, are required for an SASC application, and can be downloaded from the Treasury Board of Canada Secretariat Web site:

• Personnel Screening, Consent and Authorization Form (TBS/SCT 330-23E)
• Security Clearance Form (TBS/SCT 330-60E)
• Security Screening Certificate and Briefing Form (TBS/SCT 330-47)

Glossary

criminal records name check (CRNC)

A search used to determine if a person has a criminal record.  The search can be based on name and date of birth or – for much greater assurance – on fingerprints, for positive identification.

high-security site

A nuclear power plant or a nuclear facility where Category I or II nuclear material is processed, used or stored.

Notice of Assessment (NOA) – Insufficient Info

A Canadian Security Intelligence Service (CSIS) Notice of Assessment indicating that there is insufficient information for CSIS to provide a meaningful assessment on the applicant’s loyalty to Canada, usually due to lack of traceable history or residency.

NOA – No Adv Info

A CSIS Notice of Assessment indicating that there is no adverse information regarding an applicant’s loyalty to Canada.

protected area

An area surrounded by a barrier that meets the requirements of section 9 of the Nuclear Security Regulations.

trusted third party

A private organization in partnership with the Canadian Police Information Centre (or equivalent, such as the FBI) for the purposes of conducting name-based criminal record verifications.

unpardonable indictable conviction

A serious criminal conviction (such as murder) for which the convicted person has not sought or cannot obtain a pardon.

References

1. Policy on Government Security, 2009. Treasury Board of Canada Secretariat.