Wednesday, July 4, 2012

How FSOs can Help Subcontractors Perform On Classified Contracts

Defense contractor?  So What. Cleared Contractor? What does it really mean? Just because an entity does business with the government or is cleared for classified work, doesn’t mean they are at the same level of performance as legacy organizations. It’s tempting to assume that every cleared contractor Facility Security Officer (FSO) as “appointed” by the National Industrial Security Program Operating Manual (NISPOM) attends professional organization meetings, are Industrial Security Professional (ISP) Certified and fully comprehend International Traffic In Arms Regulations (ITAR). But, it’s just not so.

Not all defense contractors are created equally. Cleared defense contractors may be approved to possess classified information on location with storage approval. Others may not have storage approval, but cleared to provide security clearances for classified performance at customer or other off site locations. Large defense contractors may have an entire staff devoted to the protection of classified information, physical security, operations security, contracts security, special access and etc. Small contractors may have similar responsibilities, but operate with just a few employees with one appointed as FSO.

With all the differences, let’s talk about common ground. Several cleared contractors can have contractual relationships. They can be bound in a relationship by classified contracts. For example, a cleared contractor can be a prime contractor with supporting sub contractors. In this example, Highup, Inc is in a contractual relationship with a government customer. HighUp, Inc. builds satellites, but subcontracts engineer support and payload providers. Box, Inc. provides specialty payload storage for Highup, Inc. and Engineerthis, Inc provides analysis and feasibility studies.

Box, Inc. and Engineerthis, Inc. are small companies consisting of five or fewer employees. Box Inc. just got approved for a facility clearance and Engineerthis, Inc has had one for only a year. Both are performing well, but are struggling with security requirements. They both have “appointed” FSOs who have taken required Defense Security Service classes and FSO certification training. However, application of the NISP is still a mystery.

Highup, Inc can make a difference by providing guidance and assistance. Instead of leaving the two subcontractors to their own devices, the prime can help protect national security, proprietary information and keep technical information out of the public domain through coaching or spelling out requirements.

Here are several ways to do so:

1. Establish requirements in the contract. The prime contractor can simplify the subcontractors requirements by spelling out classified performance expectations in the statement of work and the DD Form 254. Specifically: Discuss the classification level of work, classified information and equipment as applicable. Describe where work will be performed and how to protect it while performed. Help the subcontractor understand their responsibilities per NISPOM. Spell out how classified information will be stored, transported, destroyed and discussed.

2. Invite the appointed FSO to NISPOM training. Many professional organizations have workshops; why shouldn’t contractor have own. Workshops are very good venues for discussion and demonstrating how to wrap and mail classified information, how to designate restricted areas or protect classified discussions. Don’t assume that everyone will already know how to do this.

3. Invite the appointed FSO to professional organization meetings and training. You may already be active members of a professional organization and can show a good return on investment that the other organizations may not be able to understand. The smaller organizations may feel there is no return on investment to give up research and development time to participate in a security function.  They may be able to provide a compelling reason for the others to join them.

It’s tempting to assume that everyone understands all requirements of performing business with the government and protecting classified information. However, it’s not always the case. When possible, go the extra mile to help an inexperience contractor to improve their understanding of working under NISPOM requirements.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: