 |
| NISPOM Derivative Classification Training |
While
some cleared defense contractors perform non-technical services, other cleared
contractors conduct derivative classification in the performance of their
contracts.
Derivative classification in general terms includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products.
Here's the important part, no training; no work. Properly executed National Industrial Security Program Operating Manual (NISPOM) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities.
The NISPOM outlines requirements for derivative classification training. Where the original classification authority receives training on the classification decisions annually, NISPOM requires derivative classification training once every two years. According to the NISPOM, derivative classifiers train... in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years. According to the Defense Security Services (DSS), contractors must train their cleared employees by December 31, 2013. Those without this training are not authorized to perform the tasks.
One such training task ensures that the authorized employees apply proper markings to their products. Not only are classification markings required, but so is the documentation of who is actually performing the derivative classification. According to NISPOM paragraph 4-102d, cleared employees who are authorized to make derivative classification decisions are responsible for identifying themselves on the documents where they make those decisions. Identification instills discipline, control and accountability of derivative classification decisions.
Remember, only authorized cleared employees are assigned as derivative classifiers and they must be identified as such.
Proper identification occurs when authorized derivative classifiers apply their names and titles on the derived items. However, contractors can substitute using their names with some type of personal identifier that translates to an authorized name and position. The use of the personal identifier is usually allowed unless the government customer states otherwise. Trained and authorized derivative classifiers and facility security officers and staff can determine what government customer's requirements by reviewing the statement of work, DD Form 254, or other security and contracts requirements for further instruction. When in doubt, they can seek clarification and raise the question of personal identifier application through program channels.
Listen to our Podcast on Derivative Classifier Training
When the alternative identifier is used, the organization should develop a designator that aligns with a person’s name and position. If the government customer or anyone authorized to view the classified information has any questions, the creator can be identified from the list. The contractor should maintain this list for at least the as long as the cleared employee is with the business organization.
The contractor should consult the NISPOM for all training requirements and put a plan in place to develop and deliver the derivative classification training. After conducting the training, the contractor should document the event and include the training topic and the by name attendance list. The DSS will inspect training compliance during their inspection cycle.
Derivative classification in general terms includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products.
Here's the important part, no training; no work. Properly executed National Industrial Security Program Operating Manual (NISPOM) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities.
The NISPOM outlines requirements for derivative classification training. Where the original classification authority receives training on the classification decisions annually, NISPOM requires derivative classification training once every two years. According to the NISPOM, derivative classifiers train... in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years. According to the Defense Security Services (DSS), contractors must train their cleared employees by December 31, 2013. Those without this training are not authorized to perform the tasks.
One such training task ensures that the authorized employees apply proper markings to their products. Not only are classification markings required, but so is the documentation of who is actually performing the derivative classification. According to NISPOM paragraph 4-102d, cleared employees who are authorized to make derivative classification decisions are responsible for identifying themselves on the documents where they make those decisions. Identification instills discipline, control and accountability of derivative classification decisions.
Remember, only authorized cleared employees are assigned as derivative classifiers and they must be identified as such.
Proper identification occurs when authorized derivative classifiers apply their names and titles on the derived items. However, contractors can substitute using their names with some type of personal identifier that translates to an authorized name and position. The use of the personal identifier is usually allowed unless the government customer states otherwise. Trained and authorized derivative classifiers and facility security officers and staff can determine what government customer's requirements by reviewing the statement of work, DD Form 254, or other security and contracts requirements for further instruction. When in doubt, they can seek clarification and raise the question of personal identifier application through program channels.
Listen to our Podcast on Derivative Classifier Training
When the alternative identifier is used, the organization should develop a designator that aligns with a person’s name and position. If the government customer or anyone authorized to view the classified information has any questions, the creator can be identified from the list. The contractor should maintain this list for at least the as long as the cleared employee is with the business organization.
The contractor should consult the NISPOM for all training requirements and put a plan in place to develop and deliver the derivative classification training. After conducting the training, the contractor should document the event and include the training topic and the by name attendance list. The DSS will inspect training compliance during their inspection cycle.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment