When
Facility Security Officers and security specialist build security programs, we
tend to use tools to remind employees of their responsibilities. We use
security training to get the information out, enforce clean desk policies and post
reminders of classified information in progress. Each
tool notifies the holder of classified information that they are in possession
of classified information, to protect that information and properly dispose of it
when they are done. They can also be used to protect proprietary data, intellectual property and personnel information.
But sometimes even tools become mundane, no longer giving the impact they once did. Sometimes tools are misused, never giving the impact they were originally designed to give.
Let's look at a few tools from a risk management perspective with some "out of the box suggestions. What unique ways can you employee traditional security methods.
Security
training-Cleared employees performing on classified contracts for any length of
time are experts in the programs and technologies they are working on. They
probably know the classification guide back and forth and probably understand
how to protect it. Newly cleared employees may not understand it so well. It's
important for the FSO to understand these differences and train accordingly.
Out
of the box: Develop training to meet your employee needs based on your analysis
of capabilities. One way to do this is to survey employee experience level. You
might get supervisors and HR professionals involved.
Enforce
clean desk policy-Even experts can become complacent and perhaps forgetful.
Develop a policy that classified information should be used in a designated
area. This designated area could be an approved room or even the employee's
office. Cleared employees should understand that as such, only materials assigned
to the contract should be out so that there is no confusion of clearance or
need to know. At the end of the day, the program information gets locked up
properly.
Out
of the box: If classified information is centralized, use a sign out process to
track the removal of classified information. If a cleared employee accesses a
classified document, then that transaction can be annotated. The custodian will
also ensure the classified information is turned in prior to end of day, lunch
or other occasion. If there is no centralized storage or no custodian, the
document can still be annotated with a signature and linking the document to
the SF 702 (if container is opened, it's probably to take out or replace a
document.)
Post
reminders of classified information in progress-A desk tent or door handle
reminder helps. If a rushed employee has to take lunch, meet a spouse or attend
a last second meeting, they will be met with a notification that "Classified
Work in Progress", and dispose of it properly. Also, if the phone rings,
they'll remember to respond with "phone is up".
Out
of the box: If classified information is centralized, the custodian can issue
the desk tents or door hangers. When there is no centralized area or custodian,
the cleared employee would pick up a conveniently located reminder (near
security container).
You might already employ imaginative and unique ways. Tools not only provide training and reminders, but they can also be programmed to provide metrics for program improvement.
We'll have more examples in future posts and articles. However, for more information on security management and NISPOM see our book DoD Security Clearance and Contracts Guidebook.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM