Department of Justice Guidelines on Security for Domestic Legal Agents: Protected Information and Assets
The Treasury Board (TB) Policy on Government Security requires Government of Canada departments and agencies to appropriately safeguard sensitive (Protected and Classified) information and assets under their control, an obligation that extends to information and assets under the control of government contractors, including law practitionersFootnote 1 acting as legal agents of the Minister of Justice and Attorney General of Canada (the AGC). Legal agentsFootnote 2 must undergo organization screening and individuals, with a need to know, must undergo individual security screening in order to access sensitive government information, assets and secure work sites. In addition, legal agents may be required to undergo screening to ensure appropriate physical and information technology (IT) security measures have been implemented in order to access, produce and safeguard sensitive information and assets on their premises.
The Department of Justice (the Department) is responsible for providing security screening services with respect to legal agents. Organization, individual, physical and IT safeguarding screenings granted by the Department are strictly in relation to legal agent appointments by the AGC.
The security measures outlined in these guidelines take into consideration that solicitor-client privilege, provincial and territorial rules of conduct and law practice insurance compliance guidelines imposed upon law practitioners, regulate legal agents and require them to implement security and document safeguarding measures in the conduct of their practice.
The Guidelines on Security for Domestic Legal Agents (the Guidelines), set out the security requirements pertaining to the access, production and safeguarding of ProtectedFootnote 3 (Protected A and B) government information, assets and work sites. It prescribes the legal agent’s responsibilities and the procedures to be applied in implementing and maintaining appropriate security measures. The purpose of these measures is to prevent unauthorized disclosure, access, destruction, removal, modification or interruption of Protected information and assets provided to or produced by the legal agent in connection with a legal agent appointment, in keeping with the TB Policy on Government Security, TB Directive on Departmental Security Management and the TB Security and Contracting Management Standard.
The organization and physical security requirements for legal agents are designed in accordance with the infrastructure generally found with larger-scale firms. Where a legal agent conducts its practice as a sole practitioner, or as a smaller-scale firm, or where a legal agent’s screening requirements involve multiple work sites or premises, the security requirements may be tailored accordingly by the Department.
The Department will initiate contact with legal agents where security screening is required and will provide detailed instructions and assistance on the processes and the associated documentation requirements.
Definitions are found in Annex A.
4. Organization Screening
4.1 Designated Organization Screening (DOS)
A Designated Organization Screening (DOS) is a Government of Canada determination that a firm and its individuals who have been security screened to Reliability StatusFootnote 4, and have a need to know pursuant to a legal agent appointment, may have access to Protected information, assets and secure work sites.
4.2 Company Security Officer (CSO) and Alternate Company Security Officer (ACSO)
As part of the DOS process, the firm’s Managing Partner must identify and appoint a Company Security Officer (CSO) and an Alternate Company Security Officer (ACSO)Footnote 5.
The CSO is responsible for implementing and managing the firm’s system of security controls and safeguards and for ensuring that the firm remains in compliance with all security requirements throughout the tenure of an appointment. The CSO is to act as the primary point of contact with the Department on all security related matters and is responsible for facilitating individual and organization-related security screenings. The specific roles and responsibilities of the CSO are referenced throughout these guidelines and summarized in Annex B.
The CSO and ACSO(s) must be individuals who have the authority to make decisions on security matters and ensure compliance on behalf of the firm. In addition, the CSO and ACSO(s) must be Canadian citizens or permanent residents.
The ACSO is responsible for carrying out the duties of the CSO as required.
In the event the CSO leaves the firm, the ACSO assumes all responsibilities for security until such time as the Managing Partner appoints a new CSO, which should be as soon as possible.
4.3 Process to Obtain a DOS
To initiate the DOS process, the Managing Partner must submit a completed Request for Designated Organization Screening (DOS) Form (DOJ-LASEC 01) disclosing basic information about the firm’s ownership and legal structure, and appointing a CSO and ACSO(s) as required.
As part of this process, the individuals appointed as CSO and ACSO require security screening to Reliability Status, at a minimum. The process to follow in obtaining the required individual security screening, or facilitating the validation and transfer of an existing Government of Canada-granted security screening, is described in section 5.2 and 5.4 below.
The Department notifies the firm in writing, once the DOS has been granted.
4.4 Validation of an Existing DOS
Where a legal agent firm holds a valid DOS granted by Public Services and Procurement Canada (PSPC)Footnote 6, the Department may accept it, and issue a Department of Justice-granted DOS, rather than redo the screening process.
To facilitate validation of an existing DOS, the Department will require a copy of the letter granting the DOS and may require other documentation. These requirements will be communicated to the legal agent as required.
4.5 Maintaining Compliance
A Department of Justice-granted DOS remains valid on the condition that:
- the CSO and ACSO(s), maintain a Reliability Status screening; and,
- the firm remains in compliance with all security requirements stipulated in these guidelines and by the Department in the context of a legal agent appointment.
The CSO must immediately notify the Department of any changes in the firm’s ownership, legal structure or address, or changes to the CSO or ACSO(s). The CSO must ensure that a Request for Designated Organization Screening (DOS) Form is completed and submitted to report any such changes.
The CSO must maintain on file, all documentation related to the granting and maintenance of a DOS.
4.6 DOS Renewal Cycle
A DOS granted by the Department, is subject to renewal every five (5) years from the date of issuance. The onus is on the legal agent to notify the Department of its interest in renewing its DOS.
To request a renewal, the CSO must submit a completed Request for Designated Organization Screening (DOS) Form prior to the renewal date.
The Department notifies the firm in writing, once the DOS renewal has been granted.
- Date modified: