The shortest notice I ever received for an on-site inspection was 9 days. The shortest ever for a Continuous Monitoring call was when I called with a question and my Rep launched straight into it “while she had me on the phone.” (They do not have to give us any notice, by the way—be grateful!) The point is, we do everything we can to prepare and try to share that information with you!
We attend 5-8 inspections a month and here is some of the updated information:
1. DCSA Reps are required to do at least two on site reviews a month (I am quoting, so if someone tells you different…go with that!) so they get to everyone over a period of two years. You should be able to do the math on that if you haven’t had one in a while.
2. If any of your travelers are going to: China, Iran, N. Korea or Russia, loop in your Counter Intelligence Special Agent for a briefing! They are willing to advise on ANY foreign travel but especially those areas.
3. Keep adding to your Insider Threat Plan. We have all had an ITP since 2016, but now it is time to really hone in on the specifics, including
- You should have a Working Group that includes HR, Finance, and possibly IT.
- Your Working Group should have taken the “Establishing an Insider Threat Program” training.
- Your working group should have procedures for how each person receives reports, notifications, or detects an Insider Threat.
- How does that information flow to the Insider Threat Officer?
- How is it then mitigated or reported?
4. Same for SEAD 3
“Your SEAD 3 in your SPP does not meet the requirement of ISL 2021-02 SEAD 3. I need to see a greater level of detail in your SPP for SEAD 3. As a reminder, I’d refer you to page 5 of the ISL. Include how your people know to report on SEAD 3 e.g. ‘we discussed a SEAD 3 briefing for them with your contact info for them to report to’ as well as it requires the procedures for implementing it at your company. The generic items are not enough.”
That was a real quote for an FSO after using the SPP template, updating the information in it for the organization, and sending it out to personnel for review. His organization has less than 4 cleared people but the compliance requirement is the same. Here are some of the areas we brainstormed for his organization:
- How do you plan to educate your personnel on the SEAD 3 reporting? Possible answers, maybe you did an online training, maybe you provided the desk reference, maybe you send out a newsletter… (FSO PRO Members get all of these tools, by the way.)
- How do you receive and manage reports? Possible ideas: Where do you share them? Who all do you include? Do you upload it to the DCSA designated system of record?
- How do personnel report topics on themselves and others? Possible solutions: Do you have a form or a process? Is it on a shared drive or provided in another format? Is there an anonymous option?
These are areas to consider before your next review. Make it clear and scalable should you have company growth!
While it is always very helpful for DCSA to indicate what items they specifically would like to review ahead of time, there is a list of items that an FSO should always have ready at any given moment as part of your Industrial Security Program.
They are as follows:
Company information
Always keep this, and documents that support these changes, current!
- The KMP List
- The company address
- The most recent SF328
- The most recent 441
- Facility Profile updated in NISS
DISS Information
- Two account managers who are active
- Personnel List updated (and be able to state the number of personnel in your organization’s DISS off the top of your head – it feels awkward while they wait for you to count!)
- Periodic Reinvestigations initiated
- ANY Corrections (birthdays, NDA dates, citizenship, names) implemented or processing
- SMO information in DISS
Contract Information
- All active DD254s—uploaded in NISS.
- The current Government Contracting Activity, point of contact name (usually the Contracting Officer), email, phone number
- NISS Validation Pages for Subcontractors
- SubDD254s
Last month, one of our FSO Members asked us to prepare a list of common “mistakes” (findings) that occur. We like to focus on the positive but we put several items together for our FSO PRO members. They really appreciated the information.
We will always try and provide you with good information so you are prepared!
Are you a small business FSO?
Our FSO PRO “Superhero” Membership is for small business FSOs or FSOs who wear multiple hats! With our club membership, you receive:
- Reminders
- Tools
- Free Monthly Templates
- Free “MarketFlix” videos for your Team
- Planners and To-Do Lists
- Text Alerts
- Free Admission to FSO Contests
- Free “ask a question”
And more!
Need more explanation or assistance with any items mentioned this month? Contact FSO PRO!
Looking for FSO Gifts? Check out the FSO PRO Shop!
- Security Review Binders!
- Coffee Mugs!
- Membership Club!
- Training Videos!
- One Hour one-on-one FSO Support for self inspections or inspection prep.
- Security Review Prep!