Defense
contractor? So What. Cleared Contractor?
What does it really mean? Just because an entity does business with the
government or is cleared for classified work, doesn’t mean they are at the same
level of performance as legacy organizations. It’s tempting to assume that
every cleared contractor Facility Security Officer (FSO) as “appointed” by the
National Industrial Security Program Operating Manual (NISPOM) attends
professional organization meetings, are Industrial
Security Professional (ISP) Certified and fully comprehend International
Traffic In Arms Regulations (ITAR). But, it’s just
not so.
Not
all defense contractors are created equally. Cleared defense contractors may be
approved to possess classified information on location with storage approval.
Others may not have storage approval, but cleared to provide security
clearances for classified performance at customer or other off site locations.
Large defense contractors may have an entire staff devoted to the protection of
classified information, physical security, operations security, contracts
security, special access and etc. Small contractors may have similar responsibilities,
but operate with just a few employees with one appointed as FSO.
With
all the differences, let’s talk about common ground. Several cleared
contractors can have contractual relationships. They can be bound in a
relationship by classified contracts. For example, a cleared contractor can be
a prime contractor with supporting sub contractors. In this example, Highup,
Inc is in a contractual relationship with a government customer. HighUp, Inc.
builds satellites, but subcontracts engineer support and payload providers. Box,
Inc. provides specialty payload storage for Highup, Inc. and Engineerthis, Inc
provides analysis and feasibility studies.
Box,
Inc. and Engineerthis, Inc. are small companies consisting of five or fewer
employees. Box Inc. just got approved for a facility clearance and Engineerthis,
Inc has had one for only a year. Both are performing well, but are struggling
with security requirements. They both have “appointed” FSOs who have taken
required Defense Security Service classes and FSO
certification training. However, application of the NISP is still a mystery.
Highup,
Inc can make a difference by providing guidance and assistance. Instead of
leaving the two subcontractors to their own devices, the prime can help protect
national security, proprietary information and keep technical information out
of the public domain through coaching or spelling out requirements.
Here
are several ways to do so:
1.
Establish requirements in the contract. The prime contractor can simplify the
subcontractors requirements by spelling out classified performance expectations
in the statement of work and the DD Form 254. Specifically: Discuss the
classification level of work, classified information and equipment as
applicable. Describe where work will be performed and how to protect it while
performed. Help the subcontractor understand their responsibilities per NISPOM.
Spell out how classified information will be stored, transported, destroyed and
discussed.
2.
Invite the appointed FSO to NISPOM
training. Many professional organizations have workshops; why shouldn’t
contractor have own. Workshops are very good venues for discussion and
demonstrating how to wrap and mail classified information, how to designate
restricted areas or protect classified discussions. Don’t assume that everyone
will already know how to do this.
3.
Invite the appointed FSO to professional organization meetings and training. You
may already be active members of a professional organization and can show a
good return on investment that the other organizations may not be able to
understand. The smaller organizations may feel there is no return on investment
to give up research and development time to participate in a security function. They may be able to provide a compelling
reason for the others to join them.
It’s
tempting to assume that everyone understands all requirements of performing
business with the government and protecting classified information. However, it’s
not always the case. When possible, go the extra mile to help an inexperience contractor
to improve their understanding of working under NISPOM requirements.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
No comments:
Post a Comment