Industrial Security & You: Identifying Your Role

AJ's Consulting

* Industrial Security * Marketing * Training *

Industrial Security & You

Identifying Your Role

February 2009

Greetings!

Are you overwhelmed by the various tasks and roles of being the company's Facility Security Officer (FSO)? If not, do you know a new FSO who is? What better time to introduce him or her to my newsletter.

My goal this month is to assist in identifying some of the various roles we have and how we can best prepare to fill those roles and assist our company to deliver services and products while protecting national security.

Our main roles include:

Protecting and securing company assets and

People
Information
Physical Assets

Assisting management with identifying and evaluating risk

Upon identifying your role in your company, you should also identify your top five (5) priorities. Just keep in mind that sometimes your priorities will change with changes in your environment.

Enjoy,

Our Focus This Month

Understanding Your Role as FSO

Paperwork Reduction w/ JPAS

Updates & Reminders

JPAS Q & A

Creating Compliant Briefings

One on One training is the bomb!!! Lab time was very informative and All questions plus ones that I was thinking of were answered clearly. Really enjoyed the whole process.

Linda Wilson

San Antonio, TX

Understanding Your Role as FSO

The role of the corporate security professional is a protective role: the protection of people, information, and physical assets that belong to or are a part of any corporation. It is more than just a checklist of duties to be performed and responsibilities to be met. It is a commitment to a corporations's management and employees to provide a safe and secure work environment. A safe and secure work environment reduces the chances of disruption to the business. (Kovachich & Halibozek's The Manager's Handbook for Corporate Security: Establishing and Managing A Successful Assets Protection Program.)

The NISPOM (February 2006) states that the FSO is an appointed contractor employee responsible for supervising and directing security measures for implementing the NISPOM and related Federal requirements for the protection of classified information.

Your role may be either the corporate description, the NISPOM definition, or somewhere in-between. Does your job description indicate which? Do you know what management feels is the top 3 priorities of your position? The top 10?

Too often the FSO or SSO have multiple roles in an organization and must learn to prioritize what is most important and when it is due. Sometimes we need the list of top 3 (or 10) priorities to enable us to work efficiently and meet expectations.

Always consider how much disruption to business is caused by protective measures -- no business equals no job. Is it possible to say "Yes" instead of "No" and still protect what needs protecting?

It is our role to incorporate both business sense and our natural protectiveness to enable our companies to pursue their goals and create more -- more jobs, more money, and more services.

I just wanted to let you know how much I appreciate the help you always give when I call with questions or the need for advice. You are a fabulous resource.
Diane Gallatin

Manchaca, TX

Paperwork Reduction w/ JPAS

A large part of the Facility Security Officer's role includes personnel security administration -- tracking personnel's eligibility, accesses, and training briefs.

JPAS (the Joint Personnel Adjudicative System) has definitely changed the paperwork and reporting requirements of personnel security administration. With JPAS as the system of record, we have less paperwork, but more responsibility.

We are required to maintain the accuracy of the JPAS records for each individual we have an owning or servicing relationship with. Many of our reports can now be made by keeping JPAS updated including --

Name Changes
Marital Changes
Social Security Number (SSN) changes
Employee changes --
- Key Management Personnel (KMP)
- Contractor (employee)
- Consultant
Changes in Access (Indoctrinate/Debrief)
Requesting an Investigation
Receive/Send Visit Requests
Incident Reports
Receive/Send Central Adjudicative Facility (CAF) Messages

Learn more about JPAS by registering for either a 45-Minute Webinar (Got JPAS Access -- Now What?) or a full day JPAS & e-QIP Immersion training session.

Training was great. The reference book provided has been a lifesaver.

Joseph Cole

Pepperell, MA

Updates & Reminders

DSS Website Updates:

(02/02/2009) Upcoming Personnel Security Investigation (PSI) Projection Survey
On March 31, 2009 DSS will deploy the Spring 2009 PSI Projection Survey to the FSOs of all active, cleared facilities. This Survey will collect PSI projections for FY10-FY12. A full notice with updates to the Survey can be seen here and content and screenshot examples can be viewed here . Questions pertaining to the Spring 2009 PSI Projection Survey can be directed to DSSPSISurvey2009@dss.mil
(2/4/2009) DSS Academy announces the release of the Need-To-Know video:
The DSS Academy announces the release of the Need-To-Know video. This video provides a short refresher on the fundamental need-to-know security principle. It reviews a case history and provides guidelines on your responsibilities for applying the principle. To see the video, click here.
(1/16/09) Guidance for industry on the changes in completing Requests for Investigations:
The following guidance is for Industry Facility Security Officers (FSOs) on the changes in completing Requests for Investigations, Questionnaire for National Security Positions, Standard Form 86 (SF 86), July 2008, and Agency Use Block (AUB) Coding. The military services should use guidance issued by their Component. Read more.

JPAS Breaking News:

(2/3/2009) Lock-out Notification:
The JPAS system currently has accounts that have not been accessed within the last 120 days; we are taking steps to clean up these accounts. Over the next couple of months actions will be taken to lock un-used/inactive user accounts; this effort will be conducted in phases (240 days, 210 & 180 days, and 150 & 120 days).

The first phase will begin on 02/10/09 and will target accounts that have not been accessed within the last 240 days; it will include those accounts whose users have never logged into the system.

NOTE: These accounts are not being deleted, they are only being locked so that the user can no longer log into the JPAS system; the DSS Help Desk will be able to unlock any individual account for JPAS accounts Managers. All other users will be referred to their JPAS Account Managers to have their accounts unlocked.

[Y]our class was the best thing this office could have done to get their security up and running.

Eugene Turner

Huntsville, AL

JPAS Q & A

Please feel free to email your questions or tips and techniques to ajsconsulting@earthlink.net.

Q. How Do I Indoctrinate in JPAS?

A.
Indoctrinating or granting Access should occur when the individual has an eligibility with a current investigation (investigation date should not be older than 2 years old) and the individual requires access to classified.

Select Person (from menu on Left)

Enter SSN and Select 'Display Person Summary'

Click Display

Make sure that the Person Category shows your CAGE Code and Industry Category.

Scroll down to bottom of screen and review the Adjudication and Investigation History to be sure what eligibility has been granted and when the last investigation was.

Scroll back up to the 'Accesses Table' and locate Available Actions

Select 'Indoctrinate'

Check the NDA box for a date -- if there is a date, leave it, if not, you will need to obtain a signed SF 312 and send the original to DISCO's Columbus Office

Enter the indoctrination date for the level of access you are granting.

Click Save.

Click Cancel to return to the Person Summary Screen

Remember that by entering an Indoctrination date into JPAS you are indicating that the individual has been briefed on their responsibilities as a cleared individual and on how to handle classified information.

Feel free to contact me (ajsconsulting@earthlink.net) for customizable briefings for initial and refresher briefings.

Best money spent on consulting services in my career.
Current Customer

Creating Compliant Briefings

Creating compliant briefings so that your security representative does not ping you during your security review means understanding what you are complying with -- the NISPOM and the Industrial Security Letters.

NISPOM 3-106 Initial Briefings requires the following to be included in the initial clearance briefing of employees and contractors:

Threat Awareness Briefing
Defensive Security Briefing
Overview of the Security Classification System
Employee Reporting Obligations and Requirements and
Security Duties Applicable to person's job or tasks.

Once an individual's eligibility is granted via JPAS by the Central Adjudication Facility (CAF), the Facility Security Officer (FSO) gives an initial (or upgrade) briefing to the employee or contractor prior to their being given access to classified information. Then the FSO will indicate that the individual has been granted access to classified information via JPAS using the Indoctrination link on the "Person Summary Screen" (see Indoctrinating in JPAS).
Threat Awareness and Defensive Security delves into the understanding of the various threats to U.S. National Security Information and the cleared individual. The Security Classification System covers the three levels of classification as well as the additional caveats or handling instructions that may be added. Sometimes additional training needs to be added to cover the special types like SCI, SAP, NATO, CNWDI, COMSEC, etc. Security duties applicable to the person's job or tasks assigned allows for customizing the briefing to a specific facility's or organization's policies and procedures.

The "standard" reporting requirements of cleared personnel are discussed in the FSO Management Course held by DSS (register via ENROL), various other DoD Personnel Management courses also offered by DSS, provided by training sessions at the Annual NCMS Seminar, and discussed in our FSO & SSO Personnel Security Administration training sessions where we provide both security resources and instruction on how to use them to effectively administer your DoD Personnel Security Program.

Want a one-page handout on reporting responsibilities? Register for a 45-minute webinar (Got JPAS Access? or NISPOM Compliance -- Reporting Requirements) or the FSO/SSO Personnel Security Administration training and receive 20 Reporting Responsibilities of a Cleared Individual.

The [JPAS] class was outstanding - I really enjoyed the hands-on approach to the class. I would highly recommend this class and the instructor.

Kevin Cloud

Austin, TX

Thank you for reading my newsletter. If you know of someone who could benefit from the information shared, please pass it on. If you have a topic suggestion, or a how-to-question, please submit it to ajsconsulting@earthlink.net.

What I do best is assist you with solutions to difficult industrial security challenges. How may I assist you today?

Sincerely,

Ann J. Martick, ISP
AJ's Consulting

What I Do Best

AJ's Consulting

17+ years experience in the Industrial Security arena.

On-Demand JPAS & e-QIP Support
On-Demand FSO Surrogate Support
Industrial Security Training
- JPAS & e-QIP Immersion
- JPAS & e-QIP Proficiency & Troubleshooting
- FSO/SSO Personnel Security Administration
- Webinars
  - Got JPAS Access - Now What?
  - NISPOM Compliance - Reporting Responsibilites
- Customized Briefing Packages
Marketing
- Internal Newsletters
- External Newsletters