I spend a lot of time writing about the security
clearance process and how to protect classified information. I write the
security clearance process with the newly cleared or yet to be cleared defense contractors
in mind. The latter, I write for established contractors as they maintain their
classified contracts.
Though I’ve covered it in DoD
Security Clearance and Contracts Guidebook, I’ve not yet published an article
about what happens after you get the new facility security clearance (FCL.) Once
the security clearance is awarded and you begin to work on classified information, your responsibility
is to establish the security program and protect classified information the way
you promised your government customer you would. Soon enough, your industrial
security representative from Defense Security Services (DSS) will be by to
verify those security practices.
Preparation for the visit begins with understanding your
responsibility to prepare the facility to safeguard classified information.
This can be done through building policy and infrastructure. The least expensive
but most time consuming preparation is with policy development. Writing
procedures, processes and publishing to build security conscious DNA within an
a cleared enterprise is fundamental. Many security programs, especially
non-possessing (no maintaining classified information on site) can sustain with
policy alone providing they have the appropriate security awareness training. For
example, a written policy explaining education, access procedures, reporting
requirements and other National Industrial Security Program Operating Manual (NISPOM)
considerations enforced with comprehensive training can lead a cleared facility
to success.
However, possessing facilities would need the additional
and more expensive infrastructure considerations. These include technical
controls for enforcing need to know and access to classified information,
constructing sensitive compartmented information facilities (SCIF), closed
areas, and GSA security containers. Though the security clearance process does
not directly charge the cleared contractor, meeting NISPOM requirements for
protecting classified information does. Make sure you understand contractual
requirements in the statement of work, contract, DD Form 254 and those
proscribed in the NISPOM.
Once you establish your best way forward and implement
the security policy and infrastructure, it’s time to inspect it and ensure that
you are able to protect the classified information as required. DSS has an
excellent Self-inspection Handbook for NISP
Contractors on their
website that can not only prepare you for establishing an award winning
security program, but will lead you through a security program validation
process in preparation for the DSS review. Use the handbook and all the
information and tips inside to get prepared to receive and protect classified information.
Find more information for protection classified information in:
*****
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .
He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures.
He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment