Thursday, December 17, 2009

How to Receive Classified Information

Classified information can arrive to a cleared contractor in many different ways. Whether delivered via courier, mail carrier, overnight carrier, classified electronic means, and etc. the FSO should have a process in place to control and protect classified information from reception to dissemination or destruction. The FSO should establish procedures for the proper reception of classified material. The receiver of classified material plays a critical role in both safeguarding classified material as well as identifies security violations that the sender may have committed.
FSOs can control the introduction and dissemination of classified information with a centralized document control system. The NISPOM requires that a cleared contractor have an information management system in place to control classified information. This can be accomplished with a centralized system to facilitate the proper introduction and control of classified information entering the facility. This system requires visitors, couriers, mail carriers, overnight delivery companies, and other means of classified transmissions to perform under the FSO’s established procedures. Without such controls, classified information is vulnerable to unauthorized disclosure, loss, or compromise.
The centralized reception and dissemination provides the FSO with a tool for the positive control of classified information. In certain circumstances, cleared facilities may have multiple delivery docks and mailing addresses. Classified information should only be addressed and delivered to the established classified mailing address. A good practice is to have the classified address and centralized processing location co-located Simply put, uncontrolled introduction of classified information can lead to accountability problems, potential security violations and compromises of classified material. Addressing this at annual security awareness training is a good way to ensure cleared employees understand.

Outer Layer-The first step to receiving classified information is to examine the outer layer for evidence of tampering or compromise of classified material. The inspector should look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material.
Next, review the shipping label for full approved classified mailing address, return address and which does not identify any recipient by name. Discrepancies should be addressed with the sender. Additionally, there should be no classification markings on the outer layer of the item. Inner Layer -The inner layer is inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure. However, the inside wrapping contains the full address of the recipient as well as classification markings on the top, bottom, front and back. TOP SECRET and SECRET material should have a packing list or receipt of contents either on the outside or inside of the container. If no receipt is included, contact the sender. According to the NISPOM, CONFIDENTIAL information does not need a receipt included with the shipment. If a receipt is included, the signer should sign it and return it to the sender.
Compares the receipt against the label to ensure the item has been identified correctly. The receipt should contain information to direct the contents to the appropriate recipient. The properly filled out receipt identifies the sender, the addressee and correctly identifies the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, ensure it contains no classified information. If the receipt contains a classified title, contact the sender to see if it can be issued an unclassified title, reinvent an appropriate title, or prepare to store the receipt long term in an a GSA approved container because it is a classified item.
Once the material is received and the delivery inspected against the receipt, the FSO can input the information into a information management system. This database can be something as simple as logging the information into a notebook or through technology such as proprietary software sold on the market. Some companies and federal agencies have developed internal forms and examples are available on the internet. Once complete, put the classified information in the security container or other approved classified storage.

No comments: