Learn what “Shred to Comply” really means in Canadian government RFPs. This guide walks through security screening, Protected B protocols, and how Narwin helps vendors stay compliant.
As government procurement becomes more digitized, the rules around information sensitivity, storage, and destructionhave grown stricter — especially in Canadian federal contracting. Whether you’re bidding on a simple translation contract or a multi-year IT infrastructure project, data compliance is no longer a side note — it’s a mandatory threshold.
One key concept that has risen to prominence is “Shred to Comply.” It’s more than just a catchy phrase — it’s a cornerstone of how vendors must handle Protected information in accordance with Government of Canada security protocols.
This guide explains what Shred to Comply really means, outlines the full lifecycle of data protection in federal RFPs, and shows how tools like Narwin help vendors stay compliant from day one.
🔐 What Is “Shred to Comply”?
“Shred to Comply” is shorthand for a mandatory obligation in Canadian government contracts: vendors must securely destroy all Protected documents and information (digital and physical) once the contract ends — or when no longer required.
This is rooted in Government Security Policy and reinforced in the Standard Procurement Clauses and Conditions (SPCCs). You’ll see it written in solicitations as:
“The Contractor shall ensure that all Protected B information is shredded or securely destroyed upon completion of the contract in accordance with GC standards.”
In other words: if you’re handling Protected A, B, or C data, you’re also handling legal obligations around its access, storage, transfer, and destruction.
📚 Quick Glossary of Key Security Terms
- Protected A: Low injury potential (e.g., names, business titles)
- Protected B: Serious injury potential (e.g., personal information, medical records)
- Protected C: Extremely grave injury potential (e.g., national security)
- ITSG-33: Canadian cybersecurity standard outlining controls for systems handling sensitive government data.
- Contract Security Program (CSP): Federal program requiring suppliers to be registered and security-screened before working with sensitive data.
🔁 The Lifecycle of Data Sensitivity in Government RFPs
1. Pre-Bid Screening
Before bidding, suppliers must often register with the Contract Security Program (CSP). This includes:
- Company screening
- Facility clearance
- Individual security screening (reliability or secret level)
Narwin helps here by storing CSP requirements across departments and flagging which RFPs require screening or clearance documentation in the bid.
2. Bid Submission Stage
If the RFP involves Protected data, the solicitation will include clauses like:
- Security Requirements Check List (SRCL)
- Specific instructions on encryption, storage location, and data access
Common mistakes:
- Submitting via unsecured email
- Misidentifying what counts as “Protected B”
- Failing to include destruction plan language in your proposal
🔐 Narwin’s compliance module surfaces all security requirements during the Bid/No-Bid analysis and can guide your team to include compliant destruction and access protocols.
3. Contract Execution
During the contract, you’ll be expected to:
- Store all sensitive data within Canada
- Use encrypted channels for file sharing
- Limit access to cleared individuals only
- Keep audit logs of data access
Failure to follow these rules can result in termination, legal liability, and disqualification from future bids.
Narwin can track security tasks and flag when your storage or workflows fall outside compliance parameters — especially useful for teams managing multiple projects simultaneously.
4. Data Destruction (Shred to Comply)
Upon completion or termination of the contract, you must:
- Shred physical documents using cross-cut shredders approved for Protected B materials
- Securely erase digital files (in alignment with GC ITS standards)
- Provide written confirmation or certificates of destruction
You may also need to submit this confirmation with a final invoice.
🧾 Narwin’s document checklist ensures this stage is never missed — helping your team track destruction deadlines, compile evidence, and maintain audit trails.
🧠 Why Vendors Get This Wrong
Too often, vendors underestimate the weight of these clauses. But in 2025, data handling is being scrutinized at every stage of the procurement process. Even a small oversight — like emailing a Protected B document to an uncleared subcontractor — can cost your business access to future contracts.
And with cyber threats on the rise, departments are prioritizing vendors who demonstrate proactive information management.
📌 Real Example from PSPC Seminar Notes
According to the PSPC Seminar Notes on Bidding Opportunities (PDF), security and data sensitivity compliance are among the top three reasons bids are deemed non-responsive.
This includes:
- Failure to sign or complete the SRCL
- Lack of security clearance at time of bid
- Non-compliant data handling in proposals
Narwin helps mitigate these risks by ensuring every requirement is flagged, understood, and addressed at the drafting level — before the evaluator sees it.
🛡 How Narwin Supports Full Data Compliance
Here’s how Narwin keeps vendors secure and eligible:
| Compliance Task | How Narwin Helps |
|---|---|
| Detecting Protected Info | AI-powered extraction highlights where sensitive content is present |
| Flagging Security Clauses | Narwin tags clauses like SRCL, Protected B, and shredding conditions automatically |
| Auto-Suggesting Destruction Plans | Proposal templates include editable, compliant language for secure destruction |
| Tracking Security Deadlines | Alerts and checklists ensure no step — including “Shred to Comply” — is missed |
| Cross-checking Submissions | Review mode checks for unsecured formats or data references in attachments |
Final Word: Security Isn’t Optional — It’s Strategic
In today’s federal procurement landscape, Shred to Comply isn’t just a clause — it’s a culture. Vendors who take data sensitivity seriously earn credibility, repeat work, and long-term eligibility.
With AI tools like Narwin, you’re no longer stuck combing through PDFs or wondering if your proposal meets Protected B standards. Narwin acts as your compliance assistant, helping you meet — and often exceed — the government’s expectations.
Security is no longer a final checkbox. It’s your ticket to getting in the game.