Tuesday, September 18, 2012

As I struggled through a neighborhood jog, my thoughts wandered to adding more distance. My jogging route includes a core distance of 2 miles. However to increase stamina and speed I have to add distance. So, I began adding more cul-de-sacs and side routes.

At first my body responded to the request with “not another requirement, this run is perfectly fine as is.”

However, my mind rationalized in reply, “If you ever want to get better, stronger and faster, you’ll have to accept more challenges.”

Soon, I began to incorporate the added distance to my daily run and now my body expects three miles. Gone is the expectation of a two mile distance. The three miles is now the standard and “not just another added requirement.”

Suddenly, I realized this conversation sounded very familiar. In fact, it reminded me of some recent conversations I’ve had as an FSO. You’ve heard it before, so let’s shout it out loud:


The annual security awareness training should be considered part of doing business; a core competency. After all, the enterprise is performing on a classified contract and training is the expectation and not the exception.

There are ways to incorporate it as the standard that make it transparent to the enterprise. This makes the FSO’s job easier as they will hear fewer sighs of exasperation. The following suggestion incorporates training with the contract review requirement. All you need to do is document the training with signatures.
   1.      Gather all the documentation and references necessary. For this task you’ll need:
a.     The contract documentation
                                                             i.      DD Form 254
                                                           ii.      Contract
                                                        iii.      Security Classification Guide
b.    Government documentation
                                                             i.      National Industrial Security Program Operating Manual (NISPOM)
                                                           ii.      Latest Industrial Security Letters
c.     Enterprise documentation
                                                             i.      Security Policies and procedures
                                                           ii.      Policies and procedures from supporting and operational business units
   2.    Form an interim protection team. This is a team led by you, the FSO and consists of cleared employees on a given contract. The team members are chartered and therefore documented as such. Guess what? Those signatures and dates on the charter are also training documentation The members are subject matter experts that you lead through the technical details. They provide the situation and you provide the protection measures.

With the resources and subject matter experts available, use them to lead the security training. This is highly desired technique as all contribute to understanding the requirements. Everyone (including the FSO) receives training, but you also document results such as protection measures realized during the IPT. Use this to develop a winning training session that is fresh every year.

    1.      Review the DD Form 254 with the cleared employees supporting the classified contract. The 254 provides classification level, work to be performed, where it is to be performed and special instructions. Ask questions and expect answers from the participants. Seek to clarify requirements and offer security solutions.
   2.    Review the contract with cleared employees. This provides how work will be performed and to what standard. The employees get to discuss their plan of action in support of the contract and you provide protection measures to apply to classified and sensitive unclassified information.
   3.    Go over the Security Classification Guide and discuss impact to the program and enterprise.
   4.    Measures 1-3 will be applied with input from government and enterprise oversight requirements.

Just as you might increase distance to improve stamina, an FSO can improve quality of training to increase effectiveness. Instead of seeing NISPOM training as “another requirement”, it will be part of the contract expectations. The end result is the ability to remain in compliance while documenting training requirements, improved security posture and value to cost, performance and schedule. Such in depth classified contract review clarifies roles and are viewed by cleared employees as value added. 

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: