The vendor required to provide personnel security screening application (PSSA) will meet jus-specific software, hosting, storage and landscape requirements and support agency human resources and security clearance business needs.
- Commercially available secured software-as-a-service (SaaS) solution to manage and automate security screening processes.
- The system must include all required steps as per the treasury board (tb) directive on security screening for each supported clearance or status level, including the implementation and integration of a digital fingerprinting solution.
- Security screening requirements are determined by the duties to be performed and by the sensitivity of information, assets or facilities to be accessed, and in accordance with the position analysis tool and guidance issued by treasury board secretariat.
- Standard screening is conducted for all duties or positions in the federal government and for other individuals with whom there is a need to share or provide access to sensitive or classified information, assets or facilities, when responsibilities do not relate to security and intelligence functions.
- Enhanced screening
• When duties or positions involve, or directly support, security and intelligence (S&I) functions, including access to sensitive law enforcement or intelligence-related operational information, (i.e., sources or methodologies);
• When duties or positions involve direct joint operational activity with S&I departments or agencies;
• When duties or positions involve the provision of services to S&I departments or agencies which include management of, or access to, an aggregate of S&I information; or
• When duties or positions, and related access to sensitive information, create a high risk that an individual may be influenced by criminal or ideologically motivated persons or organizations.
- Workflow optimization
• The system must allow an applicant to save partially complete data and be able to return to complete the data entry later.
• The system must inform an applicant when data entry is incomplete and identify what information is missing.
• The system must inform an applicant when data entry is entered incorrectly and identify where the errors are occurring.
• The system must only collect the information required for the desired security screening level.
• The system must pre-populate previously entered data for updates and upgrades for cases already in the system and allow for revisions.
• Reframe as the system must provide address validation functionality equivalent to country post’s address complete.
• The system must validate residence and employment data as it is entered by an applicant to identify if date ranges have gaps or overlaps.
• If gaps or overlaps are identified these must be flagged for justification and review.
• The system must identify and flag possible duplicates of cases and individuals.
- Workflow management
• The system must track and log activities that occur within the system for a specific case. 6.2.2.4.2 the system must display the log activities for a specific case.
• The system must allow verification items to be assigned to users or teams.
• The system must allow assignment of priority for cases.
• The system must allow for a security officer to view and sort their verifications by priority.
• The system must allow a security officer to filter cases according to cases assigned to them or their team.
• The system must allow a security officer to claim verifications assigned to their team.
• The system must identify cases which have not been assigned.
• The system must allow a security officer to search for a specific case using a personal record identifier (PRI), if available, date of birth, or name.
• The system must allow a security coordinator to search for an applicant’s result using a personal record identifier (PRI) if available, date of birth, or name.
• The system must flag potential concerns to security officers.
• The contractor, in collaboration with jus, must develop, configure and approve business rules for potential flags.
- Workflow help
• The system must provide error handling and identify missing information for mandatory fields.
• The system must provide an integrated user-guide.
• The system must provide an applicant integrated tips and instructions supporting data entry.
• The ability for the system to provide a help function like the windows f1 function providing specific support for the step in the process where the user is currently located.
• The ability for the system to provide “hover” support to users where a user can leave their mouse over a field to obtain information related to that field.
• The ability for the system to allow custom support instructions when error checking is performed.
• The ability for the system to provide a security coordinator integrated tips and instructions supporting completion of their workflows.
• User support should be provided for all user privileges within the system.
- System communications
• The system must provide a secure means for internal (within the system) communication.
• The ability for the system to provide automatic notifications via internal communication and email:
o Reminding users (all roles, as appropriate) of uncompleted verifications;
o Reminding users of upcoming renewals; and
o Notifying roles of completion or assignment of verifications.
• The system must store templates (email and internal) for communication to security coordinators and applicants.
• The system must allow a user to edit the communication template before sending.
- PSSA logging
1. The ability for the system to support two types of logs
• General logs (login information, user permission changes, etc.).
• Clearance file logs (actions taken related to the clearance for an individual).
• All clearance logs must be accessible by security advisors, supervisors and manager when viewing a file.
2. Log retention period
• General logs must be preserved for a period of two (2) years.
• Clearance file logs must be preserved until the individual’s file is removed from the system.
3. All user actions must be logged including:
• Timestamp.
• Unique identifier of user performing the action.
• Unique identifier identifying the application on which the action has been performed.
• Action performed including data field and content if the action involves changing information.
4. All successful logins must be logged including:
• Timestamp.
• Unique identifier of user logging in.
• IP address of device used to login.
5. Filtering must be available when viewing logs by:
• User who performed the action.
• Application identifier.
• Data fields.
- Contract Period/Term: 1 year
