Tuesday, May 22, 2012

Why Cleared Contractors and FSOs Should Perform Self Inspections

 I could write the same old same old about government and National Industrial Security Operating Manual (NISPOM) requirements. However, such hammering would overshadow a great opportunity. Sure the NISPOM requires that cleared contractors perform self inspections sometime between Cognizant Security Office (CSO) reviews, but that is not the compelling reason or many of the supporting rewards for those who capture results of self inspections.

The Defense Security Services (DSS, the CSO for the Department of Defense) will look for self inspection results during regularly scheduled security reviews. If you have a possessing cleared facility, then DSS will review annually. If non-possessing, then this review will occur every 18 Months. The NISPOM requires a self review be performed midway between CSO reviews.

Now that we have the regulatory guidance out of the way, we can focus on the real reasons to perform the self reviews. The Facility Security Officer (FSO) tying security into the DNA of the corporation can approach the self inspection, has more valuable reasons for assessing their state of security. The following are some very valuable lessons to share and reasons for getting corporate buy in.

Here are 5 compelling reasons for cleared contractors to conduct self inspections:

1. Validate security procedures-An FSO can write a security procedure or policy. But unless validated, these policies aren’t worth the paper they are written on. A self review can identify what works and doesn’t work toward the ultimate goal of designing and document security programs designed to protect classified information. A self review can document, item by item, topic by topic, what procedures work. Results can be used to improve existing successful measures.

2. Educate employees-All employees can benefit from the self inspection. This event can be used to remind employees of procedures, interview them to demonstrate whether or not procedures work or train them on the fundamentals. Engaging employees ensures the self inspection is a corporate event and not just something created by security. Results provide great security training as well.

3. ID problem areas and make corrections-Self-inspections not only reinforce successful programs, but also hi-light areas for improvement. This includes inspecting personnel, information, contracts and other security disciplines. Whatever doesn’t work can be investigated and improved.

4. Prepare for government inspections-The CSO will review the self-inspection documentation. Be sure to not only download the self-inspection handbook from the DSS website, but identify topics that apply to your organization, inspect, and document the results. Be prepared to demonstrate the effectiveness of your program.

5. Verify protection of classified information-Self-inspections can solidify your program. By asking questions, investigating processes, inspecting markings, following the paper trail and using proper procedures, you can verify whether or not your program is working. By testing security procedures, educating employees and identifying problem areas, you validate your organizations ability to safeguard classified information. This is directly linked to DSS reviews and your ability to maintain your clearance and ability to perform on classified contracts.

Self inspections are certainly a part of the DSS or CSO security review process. It is also required in the NISPOM. However, if you want good results as well as an improved security program to protect classified information, use the five reasons we provided. Use these five goals as compelling arguments for getting the entire organization involved provide the best results.

For more information see  DoD Security Clearances and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: