This
year is still new, but some expectations never change. One thing that you can
expect to do is either undergo a self-inspection, a DSS review or both
depending on the audit cycle. A DSS review could also be conducted in your
facility when applying for a facility security clearance (FCL). Since the DSS
review tests security countermeasures and makes determinations of vulnerability
and preparedness, it's best to focus on these areas as you prepare for the
visit.
Begin
with the self-inspection. Once you are set up with a security program, you what
to know the status and help determine whether or not your security posture is
where you expect it to be. In other words, are you able to protect classified
information at the level required. Begin with a pre-inspection to plan out your
actions. According to DSS, this can be conducted in six steps:
1)
Identify all security elements that apply. Cleared facilities are either
possessing or non-possessing. The common denominator is that there are security
elements common to ALL cleared companies and are covered by chapters 1-5 and
parts of chapter 6 of the National Industrial Security Program Operating
manual. These areas are: Facility and
Personnel Security Clearance (FCL and FCL), Access Requirement, Security
Education, Foreign Ownership Control and Influence (FOCI), and Classification
(original and derivative). Possessing facilities will have additional storage,
classified processing, NATO and or other considerations covered in the
remaining chapters of NISPOM.
Security
elements are referred to in statements of work, DD Forms 254, and other
contracts requirements. Be sure to prepare your self-inspection to cover all
security elements.
2)
Familiarize yourself with how your company's business is structured and
organized. Is the business a sole
proprietor? Then, easy, only one person makes the decisions. How about a
corporation such as limited liability corporations, S-Corp, C-Corp, partnership?
The business structure determines positions of employment, ownership, or
committee that have influence over classified information. Along with business
structure, the Key Management personnel are those identified senior employees
who have influence over classified contract performance. In many cases certain
FSOs, VP's, board members, and etc. make decisions that impact policy. The
policy may impact classified contracts. This KMP identification helps DSS
understand who has such decision making authority. If they are not cleared,
they will have to be otherwise exempted.
3)
Identify who you will need to talk to and what records you may want to review.
Regardless of whether or not your business has 1 or thousands of employees, FCL
requirements are conducted by someone. Be sure to identify who impacts
classified contracts, export compliance, performs on classified contracts and
determine what classified documents exist if at all on site and what documents
exist that reference classified contracts. These documents include classified
information receipting actions, DD Forms 254,
export licenses and etc.
4)
Prepare a list of questions and topics that need to be covered. Be sure to
include questions to test an employee's knowledge of NISOM training, access to
classified information, performance on classified contracts, foreign travel,
need to know enforcement and who the facility security officer is. The new
handbook provides lots of sample questions to help you out.
The
next few topics only deal with cleared facilities with classified storage
approval:
(5)
Understand the infrastructure supporting classified work requirements. This could include closed areas, GSA approved containers, classified processing, etc., and
(6)
Have knowledge of the processes involved in the classified programs at your
facility.
These are
all great suggestions based on the Self-Inspection Handbook. Go ahead, download
a copy and get started.
For more
information on security clearance and performing on classified contracts, get
your copy of DoD
Security Clearance and Contracts Guidebook by Red Bike Publishing
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment