Tuesday, January 21, 2014

FSO's-Get Ready for The Self-Inspection

This year is still new, but some expectations never change. One thing that you can expect to do is either undergo a self-inspection, a DSS review or both depending on the audit cycle. A DSS review could also be conducted in your facility when applying for a facility security clearance (FCL). Since the DSS review tests security countermeasures and makes determinations of vulnerability and preparedness, it's best to focus on these areas as you prepare for the visit.

Begin with the self-inspection. Once you are set up with a security program, you what to know the status and help determine whether or not your security posture is where you expect it to be. In other words, are you able to protect classified information at the level required. Begin with a pre-inspection to plan out your actions. According to DSS, this can be conducted in six steps:

1) Identify all security elements that apply. Cleared facilities are either possessing or non-possessing. The common denominator is that there are security elements common to ALL cleared companies and are covered by chapters 1-5 and parts of chapter 6 of the National Industrial Security Program Operating manual. These areas are:  Facility and Personnel Security Clearance (FCL and FCL), Access Requirement, Security Education, Foreign Ownership Control and Influence (FOCI), and Classification (original and derivative). Possessing facilities will have additional storage, classified processing, NATO and or other considerations covered in the remaining chapters of NISPOM.

Security elements are referred to in statements of work, DD Forms 254, and other contracts requirements. Be sure to prepare your self-inspection to cover all security elements.

2) Familiarize yourself with how your company's business is structured and organized.  Is the business a sole proprietor? Then, easy, only one person makes the decisions. How about a corporation such as limited liability corporations, S-Corp, C-Corp, partnership? The business structure determines positions of employment, ownership, or committee that have influence over classified information. Along with business structure, the Key Management personnel are those identified senior employees who have influence over classified contract performance. In many cases certain FSOs, VP's, board members, and etc. make decisions that impact policy. The policy may impact classified contracts. This KMP identification helps DSS understand who has such decision making authority. If they are not cleared, they will have to be otherwise exempted.

3) Identify who you will need to talk to and what records you may want to review. Regardless of whether or not your business has 1 or thousands of employees, FCL requirements are conducted by someone. Be sure to identify who impacts classified contracts, export compliance, performs on classified contracts and determine what classified documents exist if at all on site and what documents exist that reference classified contracts. These documents include classified information receipting actions, DD Forms 254, export licenses and etc.

4) Prepare a list of questions and topics that need to be covered. Be sure to include questions to test an employee's knowledge of NISOM training, access to classified information, performance on classified contracts, foreign travel, need to know enforcement and who the facility security officer is. The new handbook provides lots of sample questions to help you out.

The next few topics only deal with cleared facilities with classified storage approval:

(5) Understand the infrastructure supporting classified work requirements. This could include closed areas, GSA approved containers, classified processing, etc., and

(6) Have knowledge of the processes involved in the classified programs at your facility.

These are all great suggestions based on the Self-Inspection Handbook. Go ahead, download a copy and get started.

For more information on security clearance and performing on classified contracts, get your copy of DoD Security Clearance and Contracts Guidebook by Red Bike Publishing

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: