Quick answer
A Facility Security Clearance (FSC) is a formal determination by a national security authority that a company and its premises meet the physical, personnel, and information security standards required to store, process, or handle classified information up to a specified level.
A Facility Security Clearance (FSC) is the organisational-level security accreditation that a company must hold before it can work on contracts involving classified information. While a personnel security clearance vets individual employees, an FSC vets the organisation itself, confirming that its governance, premises, and systems are adequate to protect classified material.
What is a Facility Security Clearance?
An FSC is granted by the national security authority of the country in which the company is registered or operates. The clearance attests that the company has implemented and maintains a security management system appropriate to the classification level of the work it seeks to perform. This typically encompasses several domains.
Physical security covers the premises where classified work takes place: access controls, alarm systems, secure storage (safes, secure rooms), visitor management, and perimeter protection proportionate to the classification level.
Personnel security requires that employees who will access classified material hold appropriate individual clearances and are subject to ongoing security oversight, including reporting obligations for any changes to personal circumstances that could affect their vetting status.
Information and communications technology (ICT) security covers the systems used to process, store, or transmit classified data. Requirements may include use of approved encryption, network separation from unclassified systems, and audit logging.
Security governance requires the company to appoint a senior responsible individual (sometimes called a Security Controller or Facility Security Officer) who is accountable for maintaining compliance with the clearance conditions.
Under Directive 2009/81/EC, contracting authorities may require tenderers to hold an FSC as a selection criterion where the contract involves classified contracts or sensitive equipment. Authorities may also accept a commitment from the tenderer to obtain an FSC before contract award, where the national rules permit.
Why it matters for bidders
An FSC is the key that unlocks a company's ability to compete for classified defence and security contracts across Europe. Without it, a supplier cannot receive classified tender specifications, cannot attend classified briefings, and cannot legally perform work involving classified material.
Obtaining and maintaining an FSC is an investment. The initial accreditation requires resources to meet physical and procedural security requirements, and ongoing compliance involves annual security reviews, staff training, and updates to security documentation. However, an FSC also represents a durable barrier to entry that limits competition in classified markets to accredited suppliers.
Companies building a pipeline in defence markets should view FSC acquisition as a medium-term strategic investment rather than a per-contract administrative step. Engaging with the national security authority early, understanding the clearance tiers, and building the security infrastructure progressively allows a company to be ready when opportunities arise.
Example
A Belgian IT services firm seeks to compete for a NATO communications infrastructure contract. The contract specification requires tenderers to hold a NATO Secret facility clearance. The firm engages the Belgian National Security Authority (VSSE) to begin the FSC process. Over six months, the firm implements a classified document handling room, appoints a Security Officer, and submits its security management documentation. Once the FSC is granted, the firm can access the full tender pack and participate in classified technical discussions.
Frequently Asked Questions
Is an FSC granted by one EU country recognised in other EU member states?
Not automatically. EU member states have bilateral and multilateral security agreements that provide frameworks for mutual recognition, particularly within NATO. However, each country's national security authority decides whether to recognise a foreign FSC. Suppliers working across multiple European markets may need to engage with several national authorities or seek recognition through NATO channels.
How does an FSC differ from an ISO 27001 certification?
ISO 27001 is a commercial information security management standard that demonstrates good practice in managing information assets generally. An FSC is a government-issued accreditation specific to classified government information. The two are not equivalent: an ISO 27001 certificate does not satisfy an FSC requirement, though the security management practices required for ISO 27001 can be a useful foundation for building the systems needed for an FSC.
What happens if a company loses its FSC?
Loss of an FSC, through withdrawal or failure to renew, typically requires the company to cease work on classified elements of its existing contracts immediately. Contracts may be terminated or transferred, and the company will be excluded from new classified competitions until the FSC is restored. The reputational and commercial consequences can be severe, so maintaining ongoing compliance is critical.
How Bidovate helps
Bidovate puts Facility Security Clearance to work inside your capture and proposal workflow.
Tender discoverySee Bidovate in action
Book a demo and we will show you the platform using your actual contract data.
Related terms
Personnel Security Clearance
A Personnel Security Clearance (PSC) is a formal government determination that an individual has been vetted and is eligible to access classified information up to a specified level, based on assessments of their identity, background, reliability, and loyalty.
ViewSecurity Clearance (Procurement)
In the procurement context, a security clearance is a formal determination by a national security authority that an organisation or individual is eligible to access classified information or facilities up to a specified level, and is a mandatory prerequisite for participation in many defence and security contracts.
ViewClassified Contract
A classified contract is a public contract where the subject matter, performance, or documentation requires protection under national or international security classification rules, obliging both the contracting authority and the contractor to handle all associated information according to the relevant security regulations.
ViewDefence Procurement Directive (2009/81/EC)
Directive 2009/81/EC is the EU's specialised procurement law governing the award of contracts for military equipment, sensitive security equipment, and related works and services, balancing open competition with the confidentiality and security requirements unique to defence markets.
ViewSensitive Equipment
Sensitive equipment in the procurement context refers to goods, systems, or technologies that require special security handling, controlled access, or restricted trade because of their actual or potential application in defence, intelligence, critical infrastructure protection, or other security-relevant uses.
View