Monday, July 15, 2013

Security and the Facility Clearance

A Facility Clearance (FCL) is a Defense Security Services (DSS) administrative determination issued in accordance with the National Industrial Security Program Operating Manual (NISPOM), that a ‘facility’ is eligible for access to U.S. Government classified information or award of a classified contract. Essentially, an FCL is a ‘secure site’ where routine access is denied to U.S. citizens not holding appropriate security clearances and to all non- U.S. citizens. An FCL normally is awarded for a specific program, at a specific classification level. It is not transferable and may not be used in support of marketing. For every U.S. Military program being considered for supply by a U.S. or Foreign owned company there is a strong probability that holding an FCL will improve the likelihood of an award by granting a cleared company access to the classified supporting documents describing the threats, requirements and program goals.

In the absence of an FCL and security cleared personnel, Government representatives as well as other cleared companies must limit all conversations and information exchange to non-classified data. Demonstrably, having access to such data is necessary for a company to make an informed bid for the vast majority of U.S. Government military programs. The FCL determination is based upon favorable background investigation adjudications of Key Management Personnel (KMP). These can include the chairman of the board, senior management officials, and the Facility Security Officer (FSO). All other KMP defined in company bylaws or operating agreements must be formally excluded unless they require access to classified information to perform work duties. Note that the granting of an FCL can be complicated by any Foreign Ownership Control and Influence (FOCI). To counterbalance the risk of exposing classified information, the U.S. Government requires foreign owned companies to take measures to mitigate FOCI. (Please see DMG Briefing Notes on NISPOM and FOCI).

Mitigation Measures

Due to the immense risks posed to companies and employees for violating the NISP, it is important that companies doing business in the U.S. and engaging with foreign entities create, implement, and maintain physical controls and security procedures compliant with the NISPOM. For foreignly owned companies wishing to secure an FCL, extra care must be taken to mitigate FOCI and negotiate a proxy agreement. For further information please feel free to contact DMG.

No comments:

Post a Comment