Saturday, December 21, 2013

Tax Write-Offs For Security Professionals

Prepare for year-end taxes at the beginning of the year

Writing off expenses is incredibly helpful way to for a consultant or other self-employed security business entity to decrease the tax burden. As traditionally ethically minded professionals, we understand that we must pay what we owe. Understanding how to claim deductions or what to claim is a little trickier. However, it’s an important and sometimes time consuming part of doing business.

In all cases, consult the IRS and a tax accountant as often as necessary. I've found both resources very helpful and patient in leading me through what I thought were difficult questions. The challenge of collecting sales tax and reporting income tax is difficult at first, but it is part of doing business, and is a must for maintaining that business. Failure to do so could result in fines or worse. Doing the right thing will help you better sleep at night, and increase your business savvy.

What expenses can be “written off”

There are myriad expenses that self-employed professionals can right off. However, I would issue a word of caution: speak with the IRS, state and local sales tax representatives, and tax accountants. The laws are not always clear, so any research you do can only help to solidify your responsibilities while also dispelling any rumors you may be hearing concerning taxes.

I decided to increase my knowledge of what expenses I can write off after going to a new business orientation sponsored by our state and local tax office. The orientation was very helpful as it allowed me to ask specific questions concerning sales tax, who I should tax and how to do so. Though I initially engaged with fear and trepidation, I left with only some frustration about having to pay privilege business tax, but a whole lot of confidence in how to manage sales. This piqued my curiosity to discover what could actually be a write off expense to lower my tax burden. Since then, I've filed my sales taxes on time and with little difficulty and have learned what I can do to reduce my tax burden.

So, what can security professionals write-off?

Self-employed professionals can write of anything that justifiably supports the profit making business. Red Bike Publishing, my publishing company has many moving parts, which I have to maintain. Though I've written Get Rich in A Niche to teach publishing and marketing books for little or no expenses, there are costs that lead authors to book products that should be tracked and added as expenses during tax filing. These include research, business development, doing business, supplies, and equipment. The same write-offs may apply to those of you who are not self-employed, but work as full time company employees. Paying out of pocket to support career enhancement opportunities, training, business development, supporting charities or business development often qualifies as a tax deduction.

Certification

Certification is part of what may make your security business attractive. More and more security professionals are becoming certified. Certification requires preparation and final testing. The books, study resources, test fees, professional organization fees and other costs add up. However, these costs can be tax deductible in most circumstances.

Research

I currently have a book idea that is maturing. I've been working on it for about a year and soon will have enough experience and know how to present this idea as a book. The topic is exercise and how to prepare to be competitive in popular race events called mud runs. In this book I demonstrate how I was able to shave off six minutes from my performance over five kilometers of mud and obstacles. I also update http://Runinmud.blogspot.com, a blog that supports the upcoming book and is packed full of exercises. Hopefully this book and blog will help people in average physical condition improve their performance and increase their personal record. This type of book requires preparation, going to events and other research, and that research requires resources. I am keeping track of my fuel, room and other expenses required to make it to the events.

Similarly as a self-employed security professional, you could be involved in career building research, such as NISPOM or ITAR training. You might attend conferences to improve your skills and keep current with the latest industry information. This is a necessary expense to remain cutting edge and relevant as you provide products and services to your customers. They demand the best and you want to meet that demand.  You can write off the cost of research.


Business Development Costs

In effort to increase sales, you might have to advertise, join subscription services that manage your communication, set up a booth at a professional conference, join a professional organization or network to get the word out. These expenses do help generate revenue, but can be deducted as they also chew into your profit. Entertaining clients such as potential customers can be written off as well. You should document these events with dates and receipts and be prepared to show a relationship to your business. You might also account for the cost of attending conferences, giving out pamphlets, capability demonstrations and etc. Businesses need a point of sale and this includes website development and hosting. Also, shopping carts are needed for taking payments online and these also have associated fees. Business cards, marketing efforts, client dinners and other business developing and marketing costs should also be captured.

Cost of Doing Business

Website maintenance, email, newsletter services, advertisement, supplies, printing costs are just a few costs authors and book sellers may face.

Supplies

Paper, pens, pencils, markers and other expendables associate with your writing should be annotated. These expenses should be tracked and documented for tax returns. Most professionals write and store files on the computer. A related expense is printer ink, so don't forget to add it. Fuel is also an expense for business related errands. Be sure to have a log that lists the distance driven and a date at the minimum. The IRS will give a cost per mile credit of 56.5 cents per mile.

Equipment

Computers, printers, and publishing services are some relevant costs with getting a book to market. These are usually sunken costs that go into preparing a book for market. These expenses can be claimed for tax purposes both as an expense and as depreciation. Some printers have built in capability to fax, copy and scan. Be sure to keep receipts for any equipment that you use for book publishing purposes. Post office box fees should be itemized as well.



It's hard enough to make a living writing for a living or running any other type of business. Expenses add up quickly and taxes should be filed on time. The good news is that much of your hard spent expenses can be itemized for tax deduction. This article discusses but a few expenses you might write off. Be sure to check local laws as well as those that allow for deductions. It's worth the effort.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Security Self-Employed Business Structure and Sales Tax

When working on your business, be sure to make time for administrative tasks. Many of these tasks include filing quarterly estimated taxes. This quarterly estimated tax depends on your total income all your sources of income including full time jobs and businesses. This tax is also figuring FICA, Medicare and any profits your business earns (total sales minus expenses).  This applies for full time self-employment and if you have a side business in addition to a full time job

Managing taxes is sometimes and easier endeavor when filing as a sole proprietary entity, especially where state jurisdictions are concerned. Limited Liability Corporations (LLC) or other corporate entities are more complex and administrative tasks will pull you from your primary business role. In addition to consulting or providing other security products and services, you will have to handle mundane but important administrative responsibilities. So, as you form an LLC or other incorporated entity, do your research up front. For example, I just recently converted my business into an LLC. Red Bike Publishing, LLC has a new structure and is expected to maintain that structure according to our state sales tax laws. Tax and business entity rules vary according to where the business is formed as each state has its own requirements. In my state, a business must pay $100 per year, regardless of whether or not the business makes any money. This is called the business privilege tax (BPT). Yes, it's a tax assessed for allowing my company to perform business here.

Red Bike Publishing, LLC only has to pay $100 per year because it does not exceed the multimillion dollar sales threshold. If we did make that kind of money, we would have to pay $200 per year or a percentage of revenue, at least that's how the tax office justified it.  Also, LLCs and incorporated business entities must file sales taxes monthly or face a penalty, regardless of whether or not the business actually makes sales within the state. File late and a $50 penalty is incurred. It is the business' responsibility to track sales and collect local and state taxes. For internet businesses like Red Bike Publishing, LLC, our sales are out of state, but we still have to file “$0.00” or face penalties and fines.

Red Bike Publishing as a sole proprietor did not have to worry about the BPT. But as soon as the corporation was formed, Red Bike Publishing, LLC not only owed the tax, but also owed two months of late fees since it took two months to get records back from the state and set up an online tax account. By the time we filed our first $0 sales tax return, we owed almost $200 in fines. Fortunately the state was understanding and agreeable to waive the late fees. Another comparison is that LLCs are also responsible for filing property tax on all office equipment and supplies on hand; not a requirement for sole proprietorships.

When to charge sales tax

Any time you do business providing a service or product, you should pay sales tax to the local and state government. However, if your business is an online business, you may only have to pay sales tax to the local and state governments of where your business is addressed. Since this is not one size fits all law, get advice from your state about setting up an internet business. This is what Red Bike Publishing, LLC has done. When we sell products online, we make arrangement to pay state and local government sales tax for sales going to customers within the state and local government jurisdiction where our business is registered. Those in other states do not get charged sales tax.

As a self-employed entity, you might be established to conduct business in state and pay the privilege of doing business tax. Even though you might not have physical store, your responsibility is to collect state and local taxes from local customers and those located in state.  For example, you might be set up to sell security cameras. Customers within your state and local area must pay sales tax. To apply appropriate sales tax, simply select the sales tax options on your online shopping carts or other payment collection options. Some shopping cart software will allow you to charge varying rates based on selected zip codes. For example, for anyone in my area of zip codes who buys my security books online, I must charge county tax, city and state tax. Anyone from outside of the local area, but within the state, is only required to pay state tax. Anyone purchasing from outside of the state do not pay sales taxes.

However, if your products also include performing a service in another state, you will have to charge taxes for that state. For example, if you sell security cameras installation services online, but travel to another state to do the installation, you will have to apply the appropriate sales tax to where the service is performed. It’s tricky to figure out, so be sure to know state tax laws.  In another example, I asked state tax employees about providing security training in another state and whether or not I would have to charge sales tax for that state.  For example, if I travel to Los Angeles, California to teach NISPOM training I would need to charge sales tax to applicable students.


For those of you experienced in self-employment, this may not be news to you. I hope this has been a refresher. For those of you new to self employment or are contemplating such a move, make sure you are prepared. There is a lot of opportunity for security related business. Just make sure you do the research to avoid fines, penalties and sleepless nights.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, December 17, 2013

NCMS’ Industrial Security Professional (ISP®) Certification Achieves ANSI Accreditation

NCMS’ Industrial Security Professional (ISP®) Certification Achieves ANSI Accreditation Wayne, PA, 23 October, 2013: Leonard Moss, Jr., President of The Society of Industrial Security Professionals (known as NCMS), announced today that NCMS’ Industrial Security Professional (ISP®) Certification has earned accreditation from the American National Standards Institute Personnel Certification Accreditation Program.

The ISP® Certification is available to qualified candidates who work within the U.S. National Industrial Security Program (NISP). The intent of the ISP® designation is to
award professional certification and recognition to qualified candidates who demonstrate the knowledge, skills, and abilities their profession demands. The basis for the examination is primarily the National Industrial Security Program Operating Manual (NISPOM), the supplements, and other information security concomitant rules and regulations to include Operations Security, proprietary information, etc. Successfully completing the examination signifies the overall competence of the candidate on NISPOM requirements, so current and prospective employers will have a recognized criterion to evaluate their performance.

“ANSI commends NCMS for achieving accreditation and demonstrating its commitment to the continual improvement of its certification program,” said Dr. Roy Swift, Senior Director of Personnel Credentialing Accreditation Programs at ANSI. “Accreditation by ANSI demonstrates compliance to a rigorous internationally recognized  accreditation process and creates a valuable market distinction for these NCMS credentials.”

This ANSI accreditation process – based on the ANSI/ISO/IEC 17024 standard – is designed to increase the integrity, confidence, and mobility of certified professionals.
Since the launch of ANSI’s Personnel Certification Accreditation Program in 2003, the Institute has accredited 43 personnel certification bodies across a range of industry
sectors involving more than 5 million workers.

ANSI’s personnel certification accreditation program was the first such program in the United States to fulfill the requirements of ISO/IEC 17011, Conformity assessment ‐
General requirements for accreditation bodies accrediting conformity assessment bodies, which represents the global benchmark for accreditation body practice. Accordingly, ANSI’s accreditation program is recognized as a world‐renowned leader in personnel credentialing.

Tuesday, November 26, 2013

Which has the heaviest weight, professional certification or a college degree?

I’ve been asked the question several times and the answer I usual provide is: “it depends.”

Many job announcements in the industrial security / security specialist / facility security officer (FSO) career field list the duties to be performed, and then jumps into qualifications. The job descriptions center on working within a security program designed to protect classified information at a department of defense or other department or agency and their supporting contractor location. The qualifications usually require a minimum of a predetermined number of years’ performing security tasks and a four year degree. Most of the time the four year degree can be substituted for demonstrated experience. Rarely if ever is demonstrated job performance able to be substituted.

So, in this scenario, I would answer that the certification weighs heavier than the college degree.

As an example, let’s look at an applicant for a new FSO position. She is a veteran who had received an honorable discharge after four years of service. While on active duty, she was awarded a security clearance and performed duties requiring her to protect classified information. Additionally, she wrote local policy to protect classified information and received glowing comments of her successful security program during Inspector General audits. These comments were translated to positive bullets in on the spot awards and performance evaluations.

Once discharged, she accepted a job with a cleared defense contractor. For the next three years she supported and learned from an experienced FSO while managing personnel security tasks, assisting in the SCIF, and running the information security program. These challenges gave her the confidence to register for and take the Industrial Security Professional Certification exam. She also applied for a new facility security officer position opening at another cleared contractor facility across town. Though in night school, she hasn’t yet earned her degree. However, her military and contractor experience and ISP Certification credentials make her a competitive candidate for the job.  


The value of skilled job performance paired with ISP Certification demonstrates the ability to develop and implement security practices to protect classified information. Hiring managers are looking for candidates who are ready to go to work. These candidates must be able to show they are ready to do the job asked of them. 

There are a variety of certifications that help demonstrate the skills: FSO Certification, Security Fundamentals Professional Certification, Certified Protection Professional, ISP Certification and more. Always sharpen your skills and continuously prepare yourself for the next move. Sometimes that dream assignment becomes available. Your skill combined with timing and opportunity can make it a reality.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, November 20, 2013

Try these ISP Certification Questions


With proper preparation, you can pass this test. If you are serious about advancing in your field, get ISP certified. Some are reluctant to take the test, but they just need the confidence earned through practice. Here's a way to get 440 practice questions.

First, to meet minimum test requirements an applicant should have five years experience working in the NISPOM environment. If that’s you, then you are a technical expert and know the business of protecting classified information.

Second, study this book to practice, practice, and practice. It can help you prepare for the test.

Using practice tests to augment your ISP exam preparation will help. This book is the only one featuring four complete test length practice exams available for the ISP Certification.

It teaches insightful study tips designed to show you how to: form study groups, network, seek out opportunities, learn your way around the NISPOM and includes four exam length practice tests. According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

Again, this is the most important resource offering the largest volume and most comprehensive study questions available.


Try these questions to see how you do:




1. During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.

a. GCA

b. Contractor

c. CSA

d. State Department

e. DGR

2. Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:

a. Tamper resistant enclosure

b. Fastened to a structure

c. Protected by tamper alarm

d. Activated retinal scan

e. None of the above



3. Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.

a. Eradicating

b. Removing

c. Examining

d. Releasing

e. Exposing



4. TOP SECRET control officials shall be designated to _____________ TOP SECRET information.

a. Transmit, maintain access and accountability records for, and receive

b. Create, classify, brief, document

c. Receive, create, classify, disseminate

d. Request, assign, account, disseminate

e. Receive, transmit, classify, document






Scroll down for answers:






1.      During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.
a.            GCA
b.            Contractor (NISPOM 10-507)
c.             CSA
d.            State Department
e.             DGR
2.      Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:
a.            Tamper resistant enclosure
b.            Fastened to a structure
c.             Protected by tamper alarm (NISPOM 5-313f)
d.            Activated retinal scan
e.             None of the above
  
3.      Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.
a.            Eradicating
b.            Removing (NISPOM 8-301b)
c.             Examining
d.            Releasing
e.             Exposing

4.      TOP SECRET control officials shall be designated to _____________ TOP SECRET information.
a.            Transmit, maintain access and accountability records for, and receive (NISPOM 5-201a)
b.            Create, classify, brief, document
c.             Receive, create, classify, disseminate
d.            Request, assign, account, disseminate

e.             Receive, transmit, classify, document

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Saturday, November 9, 2013

The Industrial Security Letter

Have you ever found yourself trying to quickly find Defense Security Service (DSS) interpretation of NISPOM guidance? Mining this information has been difficult, but no longer. DSS has just added a tool to their website that covers industrial security letters. This tool takes the guesswork out of how many ISLs exists, NISPOM reference, ISL subject, status and a hyperlink to the actual ISL. Now you can easily pull up the table crosswalk your copy of the NISPOM to the applicable ISL. Here's the link:  http://www.dss.mil/isp/fac_clear/download_nispom.html

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Authorized Derivative Classifiers-Identify Yourselves

NISPOM Derivative Classification Training
While some cleared defense contractors perform non-technical services, other cleared contractors conduct derivative classification in the performance of their contracts. Derivative classification in general terms includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products.

Here's the important part, no training; no work. Properly executed National Industrial Security Program Operating Manual (NISPOM) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities.

The NISPOM outlines requirements for derivative classification training. Where the original classification authority receives training on the classification decisions annually, NISPOM requires derivative classification training once every two years. According to the NISPOM, derivative classifiers train... in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years.  According to the Defense Security Services (DSS), contractors must train their cleared employees by December 31, 2013. Those without this training are not authorized to perform the tasks.

One such training task ensures that the authorized employees apply proper markings to their products. Not only are classification markings required, but so is the documentation of who is actually performing the derivative classification. According to NISPOM paragraph 4-102d, cleared employees who are authorized to make derivative classification decisions are responsible for identifying themselves on the documents where they make those decisions. Identification instills discipline, control and accountability of derivative classification decisions. 
Remember, only authorized cleared employees are assigned as derivative classifiers and they must be identified as such.

Proper identification occurs when authorized derivative classifiers apply their names and titles on the derived items. However, contractors can substitute using their names with some type of personal identifier that translates to an authorized name and position. The use of the personal identifier is usually allowed unless the government customer states otherwise. Trained and authorized derivative classifiers and facility security officers and staff can determine what government customer's requirements by reviewing the statement of work, DD Form 254, or other security and contracts requirements for further instruction. When in doubt, they can seek clarification and raise the question of personal identifier application through program channels.

When the alternative identifier is used, the organization should develop a designator that aligns with a person’s name and position. If the government customer or anyone authorized to view the classified information has any questions, the creator can be identified from the list. The contractor should maintain this list for at least the as long as the cleared employee is with the business organization.

The contractor should consult the NISPOM for all training requirements and put a plan in place to develop and deliver the derivative classification training. After conducting the training, the contractor should document the event and include the training topic and the by name attendance list. The DSS will inspect training compliance during their inspection cycle.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, October 22, 2013

Try these ISP Certification Test Questions


1.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL1?
a.            Trans 1 
b.            Trans 2
c.             Trans 3, 4
d.            Trans 5
e.             Trans 6

2.      Which entity is required to review and revise Contract Security Classification Specification when change occurs?
a.            CSO
b.            GCA 
c.             CSA
d.            FSO
e.             GSA

3.      Which are appropriate page markings for a document classified at the SECRET level?
a.            SECRET, TOP SECRET, SENSITIVE, CONFIDENTIAL
b.            CONFIDENTIAL, SECRET, UNCLASSIFIED 
c.             CONFIDENTIAL, FOUO, TOP SECRET
d.            UNCLASSIFIED, FOUO, SENSITIVE
e.             All the above






Scroll down for answers





1.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL1?
a.            Trans 1 (NISPOM Chapter 8 Table 5)
b.            Trans 2
c.             Trans 3, 4
d.            Trans 5
e.             Trans 6

2.      Which entity is required to review and revise Contract Security Classification Specification when change occurs?
a.            CSO
b.            GCA (NISPOM 4-103b)
c.             CSA
d.            FSO
e.             GSA

3.      Which are appropriate page markings for a document classified at the SECRET level?
a.            SECRET, TOP SECRET, SENSITIVE, CONFIDENTIAL
b.            CONFIDENTIAL, SECRET, UNCLASSIFIED (NISPOM 4-204)
c.             CONFIDENTIAL, FOUO, TOP SECRET
d.            UNCLASSIFIED, FOUO, SENSITIVE
e.             All the above



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, October 16, 2013

New ITAR Guidelines

The unofficial ITAR has been updated. The three affected parts are: Part 120, Part 123 and Part 126. Some of the changes include paragraphs that were formerly categorized as "reserved". The changes equal 20 additional pages to a 5 x 6 book publication of the ITAR. That's pretty significant. In fact Part 126.16 is such a paragraph formerly marked as "reserved" and now is filled with 5500 words of text.

Let's take a look at the exemption to the Defense Trade Cooperation Treaty between the United States and Australia. This paragraph defines transfer, export, retransfer, reexport, Australian Community, United States Community and other relevant terms. It also explains which exports qualify for licensing exemptions. Though the information addresses transfer of export controlled items between the US and Australia, this article is written to  provide a rule of thumb in handling all cases of export controlled information, articles and services.

Paragraph 126.16 also addresses the export of Defense Articles both classified and unclassified. For example, it reminds us that "U.S.-origin classified defense articles or defense services may be exported only pursuant to a written request, directive, or contract from the U.S. Department of Defense that provides for the export of the classified defense article(s) or defense service(s)."

Paragraph 126.16 j. further identifies the required markings based on the classification level of the export and refers to the National Industrial Security Program Operating Manual (NISPOM).

The lesson here is for government and contractors to properly identify defense articles and information, proprietary data, classified information, technical data, where it resides. Without proper identification and protection, an unauthorized export could occur. The unauthorized activity could be mistakenly exporting an item as exempt from licensing where a license is actually required. Another example would be providing export controlled information in a briefing when non-US persons should be excluded from that briefing and so on.

To prevent unauthorized exports, follow the simple rule of thumb. The government identifies and properly marks the information as government owned, controlled, for official use only, critical technology and etc. The contractor is bound to heed the protection requirements. This includes contract sensitive, research and development, plans, drawings and other government program items. The contractor must also identify customer furnished equipment and treat any contract related items, by products and etc. with the same level of sensitivity as identified by the government and other contractors.

The next step would be selecting countermeasures such as: marking the items, limiting access to US persons, or even enforcing need to know should be established to limit any chance of unauthorized export, "deemed" or otherwise. Confusion over whether or not something is exportable, whether or not a license is required or the items are exempt is eliminated when employees can easily identify what is export controlled.


For a printed copy of ITAR and the NISPOM, visit www.redbikepublishing.com






 Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Thursday, October 10, 2013

The Standard Form (SF) 312 is revised

NISOM
The Standard Form (SF) 312 is revised

In July 2013 the SF 312, Classified Information Nondisclosure Agreement, was updated to reflect language from the 2011 Public Law 112-74, Financial Services and General Government Appropriations Act and 2012 Public Law 112-199, Whistle blower Protection Enhancement Act (WPEA).

The WPEA (law) lays out protection in place for those employees who report instances of fraud, waste and abuse and the language is being added to many forms include non-disclosure agreement. Cleared employees are required to report adverse information concerning themselves and other cleared employees. This adverse information is anything that would question a person’s loyalty and ability to protect classified material. Additionally, cleared employees should report any information concerning changes in protective measures at a cleared facility that would indicate classified information would not be adequately protected as originally intended.

So, why is the WPEA language included?

Reporting adverse information is a requirement of all cleared employees who observe questionable practices concerning an employee’s ability to protect classified information. Though a daunting task, reporting this information is an expectation levied on cleared employees. Adverse information reporting is part of the continuous evaluation process and used to determine whether or not a cleared person is still trustworthy of having access to classified information.

The WPEA language might seem out of scope for a document requiring the continuous protection of classified information. However, this language is not a warning to employees reminding them of an obligation, but a legal requirement for employers to protect employees who report instances of fraud, waste and abuse. This reporting applies to derivative information reporting, classification challenges and etc. Fraud, waste and abuse issues can be reported on processes, machinery, costs and etc used within a national security structure. An employee can better report what might be classified information concerning fraud, waste and abuse within the classified channels. Without this language, an employee may not know how report such instances.

So now what?

Include this language while providing NISPOM training. Train your employees on the SF 312, security awareness, security refresher and other training. Need ideas, check this out.



The revised SF 312 dated 7-2013 is posted in the General Services Administration (GSA) forms library on their website and can be directly downloaded here. There is no requirement to resign and execute a new SF 312, previously executed forms are still valid.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

marcus evans ITAR Compliance WEST Conference

Executives from the Aerospace, Defense, Satellite and Similar Industries to Share Best Practices and Lessons Learned at the marcus evans ITAR Compliance WEST Conference 

Navigating the Complexities of the Changing Compliance Structure through Improved Operational Communication, Language Interpretation and Jurisdictional Understanding 

San Diego, CA– September 27, 2013– marcus evans, the world’s largest event management group, will host the ITAR Compliance WEST Conference, November 18-20, 2013 in San Diego, CA. Executives across the Aerospace, Defense, Satellite and similar industries will share their thoughts and practices for compliance with the ever-evolving export regulations. DRS Technologies, Raytheon, Northrop Grumman, Virgin Galactic, Lockheed Martin Space Systems Company, Maxim Integrated and many other will be discussing their challenges and efforts with past and future upcoming reforms efforts.

October 15, 2013, new rules are expected to go into effect changing the current status of exports. Positive steps have been made to increase efficiency and ease the impact of these recent and ever changing regulations and the marcus evans ITAR Compliance WEST Conference will tackle the latest obstacles and pressing issues in the industry while highlighting how organizations stay competitive in today’s global atmosphere. 

Attending this marcus evans conference will enable executives to: 
- Manage the transition from ITAR to EAR and review recent changes to the Export Control Reform Initiative 

- Develop new compliance structure methods and data sharing techniques - Grasp new definitions and language found in the recently released regulations 

- Review prior violations and corrections and identify best practices 

- Explore upcoming regulation releases and what the future holds for ITAR Compliance

For more information on this conference or to get a complete list of speakers or sessions, please visit http://www.marcusevans-conferences-northamerican.com/ICW2013_PRelease or email Tyler Kelch, Media & PR Coordinator, tylerke@marcusevansch.com

About marcus evans 

marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, October 2, 2013

How to get ready for the DSS Inspection

NISPOM
As mentioned in an earlier article, NISPOM Change 1 requires Derivative Classification Training and Record keeping Guidance. This guidance requires that the cleared contractor provide cleared personnel with initial Derivative Classification Training and follow up and at least once every 2 years. The training topics are vital to the cleared contractor performing on classified contracts.  Properly trained employees reduce the risk of unauthorized disclosure of classified information.

Currently this training can be put in place at the cleared contractor’s initiative. The sooner training is implemented the better. The Defense Security Services will be publishing an Industrial Security Letter (ISL) that provides instruction for conducting training including a “trained by” date to meet the requirements of the recent NISPOM changes. Why not begin the training now and be prepared for success before DSS gives the deadline for conducting training. Remember, if not trained, cleared employees cannot perform on classified work requiring derivative classification. That’s a lot of missed.

Remember that DSS is in the business of auditing. They are more than capable of both helping a company succeed with good training and working relationships, but they are also just as equipped to find security violations. Failure to protect classified information is a security violation. Failures are often caused by mismarked materials.

For example, after reviewing requirements of a DD Form 254 and statement of work, the industrial security representative discovers that derivative classification work has been occurring since the contract award a year prior. However, training records indicate that the derivative classification training had only been conducted in the last two weeks (while preparing for the inspection).  It wouldn’t be hard to deduce that there is a possible security violation and perhaps a review of classified inventory is in order.

So, how can you prepare to meet this challenge? 

Cleared contractors can refer to NISPOM paragraph 4-102 and develop training based on the directed subjects. Document that training and schedule follow-up training in two years. A good practice is to provide a copy of the training with training signatures or certificates. That way DSS can determine who was trained and whether or not the derivative classification training conformed to NISPOM Change 1.

No time to write training?

You can find training though professional organizations, at the DSS website or here




Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".