Security Requirement Check List (SRCL)

When your procurement involves access to classified information, sensitive government facilities, or protected assets, you'll need to complete a Security Requirements Check List (SRCL). This standardized form—officially Treasury Board Form 350-103—documents exactly what security clearances and safeguarding capabilities your contractors must have before they can touch the work. Skip it or get it wrong, and you'll face delays at contract award or worse, compliance issues down the line.

How It Works

The project authority kicks things off by filling out the form, identifying whether personnel need Reliability Status, Secret clearance, Top Secret clearance, or just Site Access. Your organization's security officer then reviews and approves these requirements. According to the official form instructions, the contracting security authority—typically your department's contract security team—ensures suppliers actually meet what you've specified.

Here's the catch: the procurement officer can't sign box 16 on that form or award the contract until the supplier demonstrates compliance with every security requirement listed. You need to verify supplier security status first. PSPC's Contract Security Program Call Centre (1-866-368-4646 or ssi-iss@tpsgc-pwgsc.gc.ca) can confirm whether a supplier holds the necessary clearances.

In practice, you'll find 31 pre-developed Common SRCLs available for standardized professional services procurements. These templates cover typical scenarios and save you from reinventing the wheel each time. When you're dealing with IT systems or technology supply chains, the Technology Supply Chain Guidelines (TSCG-01) from the Canadian Centre for Cyber Security requires you to complete the SRCL alongside selecting appropriate contract security clauses. If multiple screening levels apply to different personnel on the same contract, you'll need to provide a security classification guide spelling out who needs what.

Key Considerations

• Timing matters. Start the SRCL process early. Security clearances can take months to obtain, and suppliers can't begin work requiring clearances until they're granted. Your procurement timeline needs to account for this.

• Your Chief Security Officer is accountable. As noted in Parliamentary Committee briefing materials, the departmental CSO and project lead share responsibility for properly completing the form. Don't treat this as a procurement-only task.

• The form drives contract clauses. Whatever you specify on the SRCL flows directly into your security requirements contract clauses. Inconsistencies between the two create compliance headaches and potential legal disputes.

• Facility clearances aren't automatic. If contractors need to work in your secure spaces or store classified materials at their location, you're looking at facility security clearances on top of personnel screening—a separate process with its own timelines and requirements.

Related Terms

Personnel Security Screening, Contract Security Program, Controlled Goods Program, Security Classification Guide

Sources

• Treasury Board of Canada Secretariat - Security Requirements Check List (Form 350-103)

• Public Services and Procurement Canada - Common Security Requirement Check Lists

• Canadian Centre for Cyber Security - Technology Supply Chain Guidelines (TSCG-01)

Bottom line: treat the SRCL as a planning document, not paperwork. Get your security officer involved from day one of defining your requirement, not when you're ready to solicit bids.