Tuesday, March 18, 2014

Facility Security Clearance Element

As a recap from the last article, we can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:

(A) Facility Security Clearance (FCL)

(B) Access Authorizations

(C) Security Education


(E) Classification

A good place to start is the very beginning. This second article in the series will address how to integrate the Facility Security Clearance (FCL) into the overall security program designed to protect classified information.

Documentation is key.

Once a government contracting activity and/or prime contractor awards a contract, the defense contractor can begin preparing documentation to begin the facility security clearance (FCL) process. Proper documentation is required to get the FCL process started and must be maintained the entire time the defense contractor maintains their clearance. Defense Security Services is part of the clearance process and assist the defense contractor through the FCL process. As part of the FCL process, DSS works with the contractor to complete the required documents. Once the FCL is granted, DSS performs a vulnerability assessment and inspects NISPOM compliance (including required document maintenance).

Cleared defense contractors should keep all FCL related documents readily available both for reference and for future security audits. In an article on how to get an FCL, I outlined the requirements and explained the role of the following documents and actions the process follows in a very simplistic representation):
  • The GCA or prime contractor provides a sponsorship memo
  • The subject contractor applies for the clearance
  • DSS, GCA or Prime Contractor and subject contractor address security clearance request documentation:
    • Verify/Apply for CAGE Code
    • Sign Department of Defense Security Agreement (DD Form 441)
    • Complete a Certificate Pertaining to Foreign Interests (SF 328)
    • Provide Organization Credentials (type of business, business structure, list of officer, etc)
    • Identify Key Management Personnel for clearances

Just understanding what it takes to get the FCL process started lends to the importance of maintaining all original documents and updating as necessary. Some best practices include keeping these documents in a binder, folder or file for easy access and safe keeping. This administrative practice allows quick reference during security and certification reviews and protects the information for privacy and document configuration.

The following table is right out of The Self-Inspection Handbook for NISP Contractors:

Have all changes (e.g. changes in ownership, operating name or address, Key Management Personnel (KMP) information, previously reported FOCI information, or action to terminate business)
affecting the condition of the FCL been reported to your DSS IS Rep?

Has the companys FCL been used for advertising or promotional

Are the senior management official, the FSO, and other KMP cleared as required in connection with the FCL? VALIDATION:

Have the proper exclusion actions been conducted for uncleared company officials?
RESOURCE:  Temporary Exclusion Resolution for KMP Template under Key Management Personnel at: http://www.cdse.edu/toolkits/fsos/personnel-clearances.html VALIDATION:

Are you familiar with the way your facility is organized and structured?
RESOURCE Business Structure Job Aid under Facility Clearance at:  http://www.cdse.edu/toolkits/fsos/facility- clearance.html

There are seven discussion areas in the, The Self-Inspection Handbook for NISP Contractors that address the FCL. These can all be verified based on maintaining the above documentation. Having the original FCL package and updating as necessary is the requirement. FSOs are expected to use the self-inspection handbook to verify that the enterprise is in compliance.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: