Question:
Are procedures established to review classified holdings on a recurring basis for the purpose of maintaining classified inventories to the minimum required for classified operations?
Answer:
NISPOM 5-701. Contractors shall establish procedures for review of their classified holdings on a recurring basis to reduce these classified inventories to the minimum necessary for effective and efficient operations. Multiple copies, obsolete material, and classified waste shall be destroyed as soon as practical after it has served its purpose. Any appropriate downgrading and declassification actions shall be taken on a timely basis to reduce the volume and to lower the level of classified material being retained by the contractor. The Facility Security Officer should establish a process to periodically review classified holdings to determine what is necessary and what can be removed. This supports the NISPOM guidance of properly disposing of classified information when no longer needed. Disposition could mean destruction where approved, returning classified information to the customer, or requesting approval to maintain classified information beyond the required contractual need.
There is an urgency to reducing classified holdings that include contract end dates, classification duration, and the possibility of running out of storage space. The FSO should be aware of any of the criteria for each contract so that they can stay ahead of the requirements.
Some FSOs have established weekly, monthly and quarterly reviews. The review frequency for classified information at the SECRET level and below is not specifically dictated by NISPOM, but could be required in the DD Form 254 for the classified contract. Where not specified, the FSO could set the frequency depending on the personnel available and the size and type of inventory.
Where classified storage involves a small amount of electronic or physical products, the inventory can be pretty simple. For large holdings the FSO could use a more complicated schedule to commit personnel and resources to a more complicated task. An inventory management system such as Sims Software can be employed to separate classified holdings by contract number, type of classified holding, etc. to determine a regular schedule.
The FSO should not make the classified holding decisions alone. They should involve program management personnel working on the classified contract to ensure there is a good justification for disposition decisions. For example, a document may appear to be no longer necessary or many copies may exist which could lead to an uneducated decision to remove it. However, those working on the contract may have a reasonable requirement to maintain it and should be consulted before a decision is made.
A good first step is to look for low hanging fruit and seemingly easy disposition candidates. The most obvious is loss of classified contract or loss of facility clearance (FCL). In these cases the classified information must be destroyed or returned. Classified documents that have multiple copies or records indicating lack of use might indicate items that can be removed. In an organization with large classified holdings, these low hanging opportunities could result in a significant holding reduction. However, always verify before making the final decision.
Another easy task is to review classified holdings related to contract completion dates. In most cases, CDCs are authorized to retain classified information for two years after contract end date. An FSO can build these contract completion date related classified information into the review schedule. Where classified documents can be returned or destroyed, they should be destroyed or returned as authorized and as soon as possible. However, justification should be provided based on the classification level and with a description of the exact need for retaining the classified information. For example, TOP SECRET information must be identified by specific document. SECRET and below can be identified by general subject matter and number of documents.
A final bit of low hanging fruit is classified material not received under a specific contract. This includes classified information received with bid, proposal, or quoted. These should be destroyed within 180 days of a contract submission withdrawal or contract not being awarded. It also includes classified information accumulated at classified meetings or secondary distribution center and should be destroyed or returned within a year of receipt.
The FSO should also coordinate the participation of subject matter experts who understand classification duration, derivative classification, and security awareness training to ensure the appropriate action is taken. Documents should be declassified, downgraded, and destroyed as required and on time.
Where classified contracts required storing and working with classified information, there may be opportunities to acquire, accumulate, or reproduce growing amounts of classified material. This growth is expected and necessary. Classified holdings can grow significantly during the contract period of performance and the FSO should put in steps to evaluate the growing material and maintain what is absolutely necessary and dispose of what is not required. A regularly scheduled evaluation is required in NISPOM and should be implemented.
Steps for Evaluating classified holding:
1. Evaluate the contracts, work products, and DD Form 254s for classified storage requirements. Quantify those requirements.
2. Evaluate resources available to manage requirements and document who and what is required to manage classified storage.
3. Review classification duration and determine which classified material should be downgraded or declassified.
4. Review classified holdings to determine excess copies of existing documents.
5. Build a schedule for classified holding reviews and include security, subject matter experts, and those with need to know who can validate decisions.
Validation:
1. Demonstrate inventory on hand (information management system or other listing)
2. Provide list of classified contract subject matter experts and those able to validate classified disposition decisions (trained by FSO or representative)
3. Produce published review schedule
4. Provide disposition results (returns, destruction receipts and approvals
No comments:
Post a Comment