How business enterprises can apply for security clearance (NOS)

Business enterprises which intend to operate in sectors involving the access to classified information or special security measures must receive security clearance by the Ufficio centrale per la sicurezza (UCSe) [Central Office for Secrecy] of the Dipartimento informazioni per la sicurezza (DIS) [Security Intelligence Department].
 
There are two types of security clearance:

• NOSP - nulla osta di sicurezza preventivo [preventive security clearance]
• NOSC- nulla osta di sicurezza complessivo [overall security clearance]

The preliminary procedure to issue security clearance is completed within twelve months from the date the DIS received the application, and may be extended up to further six months if it is particularly complex.
Security clearance is valid for ten years.
 
Applications for renewal must be submitted at least twelve months before expiration.
 

NOSP - Nulla osta di sicurezza preventivo [preventive security clearance]
 
What it is
The NOSP - nulla osta di sicurezza preventivo [preventive security clearance] is the clearance authorizing the business entity (either company, sole proprietorship, consortium or cooperative) to:

• tender for contracts involving works and supply of classified goods and services that "are classified" or that "can be done with special security measures", or to negotiations for the execution of "classified" studies or works

 
Who may apply
NOSP clearance must be requested by the owner or legal representative of the business entity.
 
How to apply
The application must be sent to:

Presidenza del Consiglio dei ministri
Dipartimento Informazioni per la Sicurezza
Via di Santa Susanna 15
I–00187 Roma (Italy)

along with the following documents:

• application written on business letterhead paper and signed by the legal representative (Form no. 1)
• 2 copies of the application form (Form no. 3)
• a valid unabridged trade register certification issued by the competent Chamber of Commerce, with a note indicating the authorization ("nullaosta") envisaged by Law no. 575/1965
• valid certificates of judicial records and of pending criminal charges (issued by the competent Court) for all the persons legally authorized to represent the business entity (or the self-certification provided for by Decree of the President of the Republic no. 445/2000)
• a photocopy of the identification document of the legal representative of the business entity

Moreover, security clearance for natural persons (known under the Italian acronym "NOS") is necessary for all the legal representatives and any person who may assist them (no more than three persons in addition to legal representatives)
 
The issue of such clearance is subject to verifying that the person to be cleared is reliable and loyal to the Italian Republic, the Constitution and its values, as well as strictly observing secrecy.
 
The natural persons subject to vetting must be informed about the vetting process. They must also be advised that if they do not agree to vetting, they will not be allowed to perform the functions for which it is required. Applicants must give their written consent to vetting.
 
The following documents must be attached to the security clearance application:

• applicant's consent to the vetting procedure required to issue NOS security clearance (Form no. 4)
• a questionnaire, filled out in all applicable sections, (Form no. 5). Filling out section VII is not required

 
Requirements
The business entity must set up a "restricted area" and have suitable security equipment, whose features will be indicated during an inspection to be agreed upon with the UCSe.
 

[ back to top ]

 
NOSC - Nulla osta di sicurezza complessivo [overall security clearance]
 
What it is
NOSC - nulla osta di sicurezza complessivo [overall security clearance] is the clearance authorizing the business entity to execute the classified works or supply the classified goods or services involved in the contract awarded to such business entity.
 
The business entity awarded a contract for classified goods or services may subcontract portions of such contract to another cleared business entity, subject to prior authorization by the DIS and the contractor.
 
 
How to apply
The owner or legal representative of the business entity must submit an application (Form no. 2) to:

Presidenza del Consiglio dei ministri
Dipartimento Informazioni per la Sicurezza
Via di Santa Susanna 15
I–00187 Roma (Italy)

providing the following data:

• details regarding the contract awarded
• the name of the contractor
• the type of classified works to be carried out, their relative secrecy classification levels, and security qualification if required
• the place where the works will be carried out

 
NOSC cleared business entities may tender for contracts involving works and supply of goods and services that are "classified" or that "can be done with special security measures".

[ back to top ]

 
NOS security clearance for natural persons working for business entities
 
What it is
If a business entity that has already been granted NOSP or NOSC security clearance needs to employ one or more persons (either employers or external consultants) for activites involving classified information, it must submit for each of them an application for NOS security clearance for natural persons.
 
Who may apply
In this case, the application for NOS security clearance may be submitted only by either the owner, legal representative or security officer of the business entity (either company, sole proprietorship, consortium or cooperative) that has already been granted NOSP or NOSC security clearance.
The application for NOS security clearance may not be directly submitted by the person concerned (employers or external consultants).

Freelancers, either single or associated, who are to be put in charge of designing, managing or testing works, are not allowed to apply for NOS security clearance personally. On submitting the tender for contract involving the participation of freelancers, the contractor must apply for NOS security clearance for freelancers.
 

How to apply
The application must be written on letterhead based on Form no. 6 and sent to:

Presidenza del Consiglio dei ministri
Dipartimento Informazioni per la Sicurezza
Via di Santa Susanna 15
I-00187 Roma (Italy)

The application must contain: 

• the applicant's consent to the vetting procedure required to issue NOS security clearance (Form no. 4)
• questionnaire (Form no. 5) filled out clearly, specifying always the grounds for the application
  Please note that sending the questionnaire filled out without the cover letter on the business entity’s letterhead is not sufficient to start the security clearance procedure

The application must be submitted for each single employer to be cleared. Group applications are not allowed.

[ back to top ]

Certification for ADP systems [EAD]

If a business entity needs to process classified information with automatic systems, it must submit an application to certify such ADP (automatic data processing) systems.
 
Who must apply
The application for certification must be submitted by the legal representative of the business entity.
 
How to apply
The legal representative must submit the application indicating an ADP Security Officer and a substitute (Form no. 7) to:

Presidenza del Consiglio dei ministri
Dipartimento Informazioni per la Sicurezza
Via di Santa Susanna 15
I–00187 Roma (Italy)
 
The ADP Security Officer is responsible for overseeing, coordinating and controlling all the activities involving the security of classified information processed with ADP systems.
 
At a later stage, the business entity must contact the UCSe for further details concerning the physical, technical and procedural security of the ADP system project and submit all the documents required for the certification process.
 
The UCSe inspects the documents submitted and, if compliant with the provisions of law in force, it issues the approval certification.
 
Once the system is approved, the business entity can set up the system and, once the procedure is completed, it must inform the DIS that the system is ready for an inspection for compliance with the project approved.
 
If the outcome of the technical inspection is positive, the National Security Authority issues an approval certification that authorizes the business entity to process classified information with the certified ADP system.
 
 

[ back to top ]

COMSEC clearance
 
COMSEC (Communication Security) applies to equipment, devices, pubblications and documents regarding the security of classified communications.
In order to bid for contracts involving COMSEC goods and/or services, contracting entities require COMSEC clearance from the business entity.
 
COMSEC clearance is granted to business entities who have already been granted NOSC and ADP certification based on an application stating the reasons for the request.
In order to submit the documents required for the clearance procedure, the business entity must contact:

Presidenza del Consiglio dei ministri
Dipartimento Informazioni per la Sicurezza
Via di Santa Susanna 15
I–00187 Roma (Italy)

[ back to top ]