In the National Industrial Security Program Operating Manual
(NISPOM) world, cleared contractors know to perform training to better equip
cleared employees to protect classified information. This training comes under
many different names and programs; annual security awareness training, annual
refresher training, initial security training and required security briefings
among others. Some of the phrases are
interchangeable. For example, where the NISPOM requires annual security
refresher training, FSOs may conduct “annual refresher training” or similarly
worded training events.
The point is, regardless of the event title, cleared
contractors should conduct training to standards listed in NISPOM Chapter 3 and
defend the training with proper documentation. The training execution is left to
the contractor as long as the required elements are in place. As a refresher,
these elements are:
1.
Reinforce topics provided during the initial
security briefing
a.
A threat awareness briefing.
b.
A defensive security briefing.
c.
An overview of the security classification
system.
d.
Employee reporting obligations and
requirements.
e.
Security procedures and duties
applicable to the employee's job.
2.
Keep cleared employees informed of
appropriate changes in security regulations.
Here
is another effective and easy to implement training tool.
Employed effectively outside of NISPOM circles,
Security Education Training and Awareness (SETA) is training format used
primarily in IT and non DoD formats. This is a simple and easy to implement
training format that can be applied to NISPOM training.
Concerning the role of providing training, the facilitator
should ask the question? “What skills do I have to offer?” In other words, how does the trainer put
together a training program to educate engineers, human resources, program
managers and other cleared employees? How do they marry up the need to provide
skills, develop processes and put Administrative, Technical, and Functional
controls in place to implement a good security program?
Think SETA and employ it enterprise wide:
1.
Security-The program developed and implemented
to protect classified information
2.
Education- Determine what information the enterprise
requires to support the security program
3.
Training – Apply that education. Determine what
matters to make enterprise successful at protecting the classified information
4.
Awareness- What regulations and policies (national
and company levels) does the enterprise need to know?
The end state is to incorporate all of this into the NISPOM required training.
The training should include all elements identified in the NISPOM and applied
to all the business unit needs. One size doesn’t fit all where training is
concerned. The NISPOM requirements are a guide and allow the flexibility of
tailoring the training to meet individual and enterprise needs. Employing SETA
principles can lead to a more productive training session.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
No comments:
Post a Comment