Three Tips For Managing Security in a Complex Organization
For cleared contractors, Facility Security Officers (FSO) establish security programs to protect classified information. This task sounds simple and appears inwardly focused. However, managing classified contracts is complex and often includes corporate shareholders outside of the security organization as well as agencies external to the cleared contractor facility.
For example, guidance found in the National Industrial Security Program Operating Manual (NISPOM) directs that cleared contractors report foreign travel. While the FSO can provide this information in an annual briefing, they would be more successful with the requirement supported by human resources, department heads, and those who arrange travel.
In another example, additional guidance requires cleared contractors to report security violations as well as address those security violations. Again, this requirement is often stove piped with the FSO, but proves more effective if supported by outside organizations.
Cleared contractors and FSOs also are outwardly facing with responsibilities to a prime contractor, government customer and the Defense Counterintelligence and Security Agency (DCSA). These interactions are complex and while the FSO could absorb all of the actions, they would be more effective is shared across the enterprise.
So, how do effective FSOs and security managers develop such a culture of shared responsibilities? Quoting regulations only exasperates cleared employees and the very act does little to foster a climate of cooperation. However, developing relationships based on a good understanding of roles, support necessary, the corporate mission and influence goes a long way toward implement the successful security program.
The following tips can assist and FSO with managing security in a complex organization.
- FSO influences corporate culture. Security of classified information should be treated as a major role for every unit. Instead of stove piping security functions, they should tie in with other organizations. Though each office has a different product, funding or budget item, each fulfills their obligation in a chain of responsibilities necessary to meeting customer needs, especially on classified contracts. When business units work to support a united mission, the entire organization benefits. For example, if a remedy for a security violation is to be implemented, the FSO would benefit from having such language and actions in outside policies such as a human resources policy.
- FSO shares roles for protecting classified information outside of the department. Failure to safeguard classified material could result in a defense contractor losing the Facility security Clearance (FCL) and ultimately cost current and future contracts. Security as an afterthought or viewed as a “necessary evil” may contribute to such losses. An observer should notice that NISPOM guidance applies to protecting classified projects, but there are actions that human resources, safety, technology, program managers, and contracts must take to protect classified programs. The FSO is the expert that could assist with the integration of these roles. FSOs would be mistaken to assume that only their security employees would be the only players.
- The FSO can also train non-security employees as security “force multipliers”. This is a military term that simply means, other organizations can support the FSOs mission. With security ingrained in the performance and actions of all employees, the organization becomes a united front and all employees exist to protect classified information. For example, even employees without security clearances can help protect classified information by learning to recognize classification markings and reporting suspicious behavior or contacts.
FSOs have a complex security mission and the appointed responsibility to develop programs to protect classified information. Success leads to maintaining the FCL. While they have that appointing, they are not required to go it alone.
The FSO would do well to ensure their tasks are incorporated into the corporate culture. Non-security employees should understand how they fit into supporting customers on classified contracts and the importance of their contribution toward the enterprise’s success.
More tips can be found in the author’s book, How to Get U.S. Government Contracts and Classified Work.