Category 5 of the NISP Enhancement Program is titled: Self Inspection. Here, a cleared contractor's FSO documents a self inspection as part of a continuous security program evaluation. This is simply a health check of the established security program designed to safeguard classified information. The Defense Security Services (DSS) recommends that the cleared contractor’s Facility Security Officer (FSO) share the inspection results with their industrial security representative to keep communication open as well as address any issues that might be resolved prior to the scheduled DSS annual review.
The self inspection should be designed to evaluate all National Industrial Security Program Operating Manual (NISPOM) areas the cleared contractor operates under. At a minimum, each facility should inspect its compliance with NISPOM Chapters 1-5 and parts of Chapter 6. These chapters cover general security, personnel and facility clearances, FSO roles and responsibilities, required training, classified contracts, classified discussions and working with classified information and apply to every cleared facility in varying degrees. FSOs should determine how and if their facilities fall under the remaining chapters. Here are 5 ways to conduct and award winning self inspection:
1. Download the Self Inspection Handbook from http://www.dss.mil/. The handbook reflects questions based on NISPOM requirements. This is the resource for your inspections
2. Review the inspection criteria and determine which apply to your facility. The questions are thorough, but are limited to yes/no answers. You can further define metrics to dig deeper into issues and take notes to create a more comprehensive evaluation. Be sure to document the inspection.
3. Schedule to completely inspect applicable areas (should be conducted annually and within six months of a DSS review). Allow adequate time to complete the inspection and resolve issues as soon as possible. Allow time to have an after action review and develop a plan of action to fix, fine tune or develop new and effective processes.
4. Involve others. The self inspection does not need to be conducted by the FSO and there is value in delegating this responsibility to subordinates or sharing it with other business units. Correct on the spot deficiencies and take notes on processes or procedures that are successful or need improvement. Benefits include:
a. An Industrial Security Professional candidate can use the self inspection as a platform for increasing their NISPOM knowledge with real world application
b. Security employees can expand their knowledge base outside of their day to day disciplines (ie,a personnel security employee can inspect information security and vice versa)
c. An FSO can gain a better understanding of the security program by managing an inspection instead of conducting the inspection. A team concept and new points of view is incredibly valuable
d. Engineers, program managers and others working on classified contracts can provide more insight into the mechanics of the security program. Invite them to take ownership of the security program either by conducting an inspection themselves or advising on the results. They can provide the “impact” or answer the “what if” related issues brought up by the yes/no questions.
e. If you have cleared quality control, Six Sigma or other lean process team employees, invite them to participate. Since most security functions charge to overhead, costs directly impact the organization. Processes and procedures can be streamlined that directly impact paper, postage, storage, man hours and other costs.
5. Collect data and conduct an after action review. If you employed the team concept, invite everyone involved. The purpose; share results and improve the security program. Review results and provide a way ahead for implementing improvements. Once complete, provide a report available to employees and shareholders. This report should provide metrics:
a. for implemented processes that save money and improve security
b. procedures developed to fix a security shortfall. This should include training and plan to institutionalize the changes
c. recognizing those that have gone above and beyond. This should be by name or department where efforts reflect good results. Be sure to include efforts of inspecting members.
An award winning self inspection involves the entire team. Those inspected should understand their role within the security program as well as the importance of preparing and participating in the inspection. The FSO should coordinate the inspection and involve others in the process and use findings to improve the program. Reports should be generated to both identify the best performers as well as show metrics of how the inspection impacted the cleared contractor organization.
For more information on conducting self inspections, see DoD Security Clearance and Contracts Guidebook.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
No comments:
Post a Comment