Friday, January 17, 2014

You have your Facility Security Clearance, Now What?

I spend a lot of time writing about the security clearance process and how to protect classified information. I write the security clearance process with the newly cleared or yet to be cleared defense contractors in mind. The latter, I write for established contractors as they maintain their classified contracts. 

Though I’ve covered it in DoD Security Clearance and Contracts Guidebook, I’ve not yet published an article about what happens after you get the new facility security clearance (FCL.) Once the security clearance is awarded and you begin to work on classified information, your responsibility is to establish the security program and protect classified information the way you promised your government customer you would. Soon enough, your industrial security representative from Defense Security Services (DSS) will be by to verify those security practices.

Preparation for the visit begins with understanding your responsibility to prepare the facility to safeguard classified information. This can be done through building policy and infrastructure. The least expensive but most time consuming preparation is with policy development. Writing procedures, processes and publishing to build security conscious DNA within an a cleared enterprise is fundamental. Many security programs, especially non-possessing (no maintaining classified information on site) can sustain with policy alone providing they have the appropriate security awareness training. For example, a written policy explaining education, access procedures, reporting requirements and other National Industrial Security Program Operating Manual (NISPOM) considerations enforced with comprehensive training can lead a cleared facility to success.

However, possessing facilities would need the additional and more expensive infrastructure considerations. These include technical controls for enforcing need to know and access to classified information, constructing sensitive compartmented information facilities (SCIF), closed areas, and GSA security containers. Though the security clearance process does not directly charge the cleared contractor, meeting NISPOM requirements for protecting classified information does. Make sure you understand contractual requirements in the statement of work, contract, DD Form 254 and those proscribed in the NISPOM.

Once you establish your best way forward and implement the security policy and infrastructure, it’s time to inspect it and ensure that you are able to protect the classified information as required. DSS has an excellent Self-inspection Handbook for NISP Contractors on their website that can not only prepare you for establishing an award winning security program, but will lead you through a security program validation process in preparation for the DSS review. Use the handbook and all the information and tips inside to get prepared to receive and protect classified information.

Find more information for protection classified information in:

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: