By David Touchton
There are various methods of classifying information or documentation, and each carries a different level of procedures required to ensure these documents are handled and stored correctly. This is especially true when contractors interact with classified information through government contracts. The National Industrial Security Program Operating Manual (NISPOM) is the governing document in the Facility Security Officer (FSO) realm. It delineates how and why our industry handles and stores classified information. Here are some general guidelines to help.
As FSOs, we are responsible for safeguarding classified information when:
- Receiving
- Using
- Storing
- Transmitting
- Reproducing
- Disposing
Classified information is categorized into three levels, Confidential, Secret, and Top Secret. Each level brings more protection and specific and varied requirements that must be followed to ensure compliance. These levels are not haphazardly applied to any information; they are labeled as such concerning the significance of damage to national security they would bring if disclosed without authorization.
On top of classification levels, another facet must be followed to avoid unauthorized disclosure—authorized personnel. Authorized personnel are individuals with a need-to-know reason, such as the performance of their duties and a Personnel clearance (PCL) for accessing a certain level of classified information. As an FSO, you are responsible for ensuring that only cleared personnel access their specific level of classified information. This does become complicated when your location is a multiple-facility organization, like MFOs or Federal agencies. But clear communication, training, proper documentation, and updated clearance lists will ensure proper authorization procedures are followed.
Another security factor that needs consideration when handling or storing classified information is maintaining a safeguarded and controlled information management system. The NISPOM requires contractors to establish an information management system for classified information in their possession. This management system can be in the form of an electronic database or a simple spreadsheet or log. The only mandatory requirements are the demonstrated ability to retrieve classified information timely and the capability to dispose of any or all classified information when required.
Lastly, procedures must be developed for safeguarding classified information in emergencies. As government contractors, emergencies can vary depending on the level of classified material on site. However, emergency procedures themselves do not have to be complicated; they should be simple and practical, adaptable to any emergency that may arise. Additionally, employee safety should be taken into consideration. As your facility’s FSO, it is your responsibility to ensure emergency procedures meet these requirements; it is also a good idea to consult your company’s safety officer to ensure employees are not at risk.
As FSOs, we must ensure our companies store, handle, and permit access to classified material appropriately and safely. The NISPOM is our holy grail regarding the procedures, rules, and premise of the FSO position. Don’t be intimated by its lengthy and verbose appearance; memorizing the NISPOM is not required for the job. However, understanding the basics is crucial for ensuring your classified information program is safeguarded from non-compliance errors.