Wednesday, August 13, 2008

Facility Security Officers (FSO) and Compliance

The Facility Security Officer’s successful program depends on developing relationships with employees, managers and executives to facilitate execution of company policies, necessary security awareness training, willful employee self-admittance of security infractions or change of status, and proactive action toward expired, existing and future classified contracts. Any of the above mentioned success measures is difficult to obtain in a changing employee and contract environment, but is simplified through employee and executive buy-in.

One of the most important traits an FSO should possess, aside from technical competence, is the ability to gain executive, manager and work force buy-in. This buy-in is critical for integrating the security plan into all business units and company operations. For example, one major cause of security violations is the introduction or removal of classified material into or from a company without proper accountability. This is in contradiction to DoD regulations requiring that classified information in any form should be logged into the company accountability and stored properly according to the classification level. An FSO can train and write policy but without the enterprise’s full cooperation, will find it difficult to enforce.

A well integrated security plan will ensure that all units within an enterprise notify the FSO of any change in disposition of classified material storage. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with the FSO and keep the FSO informed of expired, current, and future contract opportunities and responsibilities. The coordination will allow the FSO to be proactive and better support the company classified mission. Having a security program integrated into all aspects of the company produces award winning situations and dramatically reduces security violations.

An obviously important task that an FSO directing the security program faces is the successful accomplishment while supporting the company’s primary mission; to make money. The FSO owes allegiance to protecting nation’s secrets, but will not be able to do so if the company profits go straight into the security budget. In times past, FSO’s could recommend and receive support toward the security programs with little justification. Management viewed security as a necessary evil necessary for achieving the goal of conducting classified business with the government.

Find out more in our next posting or visit www.ispcert.com for more information and valuable training resources

No comments: