Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Monday, December 29, 2008
Not another required training event
You’ve no doubt read the NISPOM and other federally regulated security requirements addressing training. These regulations list the topics to be covered (as a minimum) and how often they are to be given. Some of you may have worked in organizations where the security manager followed the guidance to the letter…that’s it. So, once a year cleared employees amble into the briefing room to attend “required training”.
“Why do I have to attend another security training event?” they ask.
“Because regulations state…,” you begin to respond.
STOP! Don’t complete the answer until you read the rest of this. Take a deep breath and save your credibility.
One of the primary reasons security training fails is our inability to demonstrate how the training affects the bottom line. Sure, we know the regulations and the impact of not conducting training. However, our primary training objective is to increase security awareness and include employees in the security program. Contrary to most training programs, the focus should not be on passing the annual DSS review.
The successful security manager understands the importance of running a program where all employees take part in protecting the company, employees and national security. Implementing a security program to protect classified information need not be the responsibility of a lone ranger as is often the situation. Developing key relationships through training and interaction facilitate extending security’s influence. Under a successful program contracts, HR, engineering, program management and other departments function as eyes, ears and muscle. They are security’s force multipliers stretching the effectiveness of the security department.
Security managers are expected to conduct annual training and file reports as required by the NISPOM for industry or applicable security regulations for other contractors and federal agencies. Instead of conducting training just to meet compliance, the training process can be an effective relationship building opportunity. An opportunity to protect classified material; detect attempts at espionage and other security violations; and report incidents, violations and status changes affecting personnel and facility clearances. In a good synergistic relationships the training manager will not face the question, “why do I have to attend another training event”. Instead employees may ask, “What’s on the agenda?” as they look forward to contributing to the security program.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment