What has
changed?
According to NISPOM Change 1, the
cleared defense contractor has the responsibility to provide training for
cleared employees who make derivative classification decisions. Where NISPOM used to state that training is the
FSO’s responsibility, Change 1 omits the FSO as the responsible party and
identifies only the contractor entity. Mere oversight or purposeful instruction?
This designation represents an
important distinction. Now the FSO can strengthen their role in the enterprise
and ship from administrator to leader. It is great opportunity for the FSO to
shift the training responsibility from performance to oversight.
Who
should perform the training?
At a technical level, the derivative
classification training is best provided by the subject matter experts actually
performing on classified
contracts, programs and projects.
For example, an experienced FSO or
designated trainer with a strong security background may be the best choice for
the initial
security briefing. Initial security training covers the National Industrial
Security Program and how to protect classified information in general. However,
a security specialist or FSO may not be the best trainer as they may not
understand intimate details of the contract requirements. In that setting, who
then is best able to train a derivative classification decision maker, than the
supervisor, chief engineer, program manager or other person performing the
technical work?
Remember that NISPOM Change 1
identifies derivative information as …classification of information based on
guidance, which may be either a source document or classification guide.
In essence, a derivative classifier
is a cleared employee (engineer, program manager, technician, etc.) creating a
document, end item, service or other function where they are performing based
on a statement of work, DD Form 254, as
instructed by customer and with classification guidance based on marked source
documents or as provided in a security classification guide. This is a
technical performance issue. If a cleared employee wears dual hats as a subject
matter technical expert and FSO, they may be right for the training. However,
if not, then the training could be the responsibility of the subject matter
technical expert.
Why
is this important?
The subject matter technical expert
can give real world technical examples as well as hands on NISPOM training. This
removes the training from a lecture to performance oriented training, providing
the cleared employee with a fantastic opportunity to understand what is
required of them as a derivative classifier.
The FSO, in turn, could focus on
documenting the training for both compliance and enhancement. Here are three
recommended responsibilities by position to reflect NISPOM Change 1:
FSO
responsibility:
- Require from
managers a list of cleared
employees authorized to
make derivative classification decisions. This list can also act as
justification for clearances and as a base line for future training.
- Provide guidance to
the subject matter experts to instruct identified cleared employees on the
derivative classification responsibilities:
- To identify
themselves by name and position, or by personal identifier, on documents
they derivatively classify.
- To practice
observing and respecting original classification decisions.
- To carry forward
the pertinent classification markings to any newly created documents.
- To provide a
listing of source material declassification instructions to reflect the
longest period of classification among multiple sources as well as list
the multiple sources.
- To train derivative
classifiers at least once every 2 years covering classification levels,
duration of classification, identification and markings, classification
prohibitions and limitations, sanctions, classification challenges,
security classification guides, and information sharing.
- To refrain from
conducting derivative classification until they receive training.
- Provide employees
with derivative classification decison access to relevant classification
guidance.
Subject
matter expert trainer responsibility:
Perform derivative classifier training for identified cleared
employees that tie Change 1
requirements as identified by the FSO, to classified contract performance
standards. This training should include:
- Demonstrate how to
read, understand and apply original classification decisions to derived
products, providing date or event of declassification and source
materials.
- Provide information
on classification levels, duration of classification, identification and markings,
classification prohibitions and limitations, sanctions, classification
challenges, security classification guides, and information sharing as it
relates to the classified
contract or project.
Supervisor
responsibility:
- Quality control and
discipline of employee requirements-Supervisors are responsible for team
development, performance and accountability. Training and performance can
be tied to annual reviews and salaries. They are clearly the ones that
ensure employees are performing to standard. Leaders provide incentives
and discipline measures.
- Identification of
derived classification-Supervisors set the standard. Where the FSO teaches
the National Industrial Security Program policies and procedures, the
leaders instruct how to identify what needs to be protected. Technical
documents, statements of work, DD Forms 254, security classification
guides and other instructions provide the reference. Technically
proficient leaders know what to identify and how to do so and help
employees understand their own responsibilities.
- Marking of
derivative classification-Once derivative information is identified, and
training is conducted, supervisors can hold teams accountable for
performance.
- Training-Supervisors
don’t have to give the training, but they can require and enforce
training. Once completed, they ensure proper documentation is provided to
the FSO.
Implementing a security program to
protect classified information is the FSO’s responsibility. However, they don’t
have to do everything themselves. The enterprise is built upon teamwork and
there are plenty of capable people who can get the job done.
Find out more of derivative classifier training at http://www.redbikepublishing.com/training/nispom-derivative-classifier-training/
No comments:
Post a Comment