Printer Friendly

The task of terminating.

IT IS AN UNFORTUNATE FACT OF LIFE that all government-contracted programs must eventually come to an end. Regardless of the reason for their termination, the government and contract security officers responsible for them have an enormous amount of work to do.

Program management does not usually perceive the multitude of tasks that must be accomplished prior to program closure, nor does it generally appreciate the increased effort required by the security staff.

In addition, little is written on the subject to guide the security professional. Having the knowledge of how to close a program in an orderly and efficient manner will make your job easier and save the government - and the contractor - a great deal of money.

This article examines the methods I have used for program closures and provides a rationale for my actions. My methods are by no means the best for everyone, but they have worked for me. You can tailor my recommendations to your circumstances.

Gather information. The first thing to do when notified of a program closure is to gather your security staff and discuss the impact of the situation. For example,

* How many documents are you accountable for?

* How many personnel are briefed into the program?

* Are there any special concerns such as communications security (COMSEC) accountability?

* Are all documents and personnel immediately available or are some located in other parts of the facility or in other cities and states?

* What considerations must be made for company proprietary information?

* How long will it take to close the program?

* What are the requirements of the Industrial Security Manual or your program security manual? This is one of the most important questions.

The purpose of the first meeting with your staff is to brainstorm. As the security manager, you should not dismiss any concern or question as out of line. It is important to involve all of your staff, not just the managers, because your staff will have insights that management does not have.

For example, your document control clerk is the one who does the job eight hours a day. And when it comes to document control, he or she is the established expert.

Allow at least a day or two before the next meeting. This gives the staff a chance to discuss the situation informally. More often than not they will come up with a number of things that had not been considered at the first meeting.

During the time until the second meeting with your staff, meet with program management, engineers, and logisticians to solicit their input. This serves three purposes: It gives you further insight into the situation and its potential pitfalls, it allows all interested parties to appreciate the security tasks at hand, and it provides a group direction for a shared goal. After a few days have a second meeting with your security staff to discuss the situation again.

The first week or so you might think all you are doing is having meetings and talking to people, yet this early activity is vital. In addition to the group meetings, talk to the government program security manager, a facility legal representative, your contracting officer, and your program director.

Explain to the program security manager that you are developing a plan that will comply with the Industrial Security Manual and your program security manual.

Your legal staff can give you guidance on the identity and control of proprietary information, what to say, and what should be avoided in discussions with contractor or government personnel.

Your program security manual may explain what must be done, but that does not mean your security staff meetings are for naught. You still have to develop and implement a plan for your facility. Your job may be easier knowing what tasks are important to the government, and you will be able to plan accordingly.

Your program director will want your assurance that everything is under control. If you haven't in the past, now is a good time to solicit his or her support and understanding. You should also advise the program director that memos and quick briefings from you may increase significantly from what he or she has grown accustomed to.

Develop a plan. After reviewing the suggestions from your planning meetings, prioritize necessary actions and establish a preliminary plan. Prior to finalizing the plan, meet once again with your staff and program management.

The second round of meetings should be easily accomplished in an afternoon. If you have critically analyzed and accepted previous suggestions, discussion should be limited. If you have rejected a concern or suggestion, you should address it and provide a rationale for your decision.

Next, a game plan is needed. I use a three-phased approach to the situation: Perform an initial inventory of all pertinent information (documents, hardware, etc.), review all inventories by appropriate agencies (deciding to keep or destroy information), and finally, audit all information and the formal closure of the program (debriefing personnel and storage and shipping of information).

In the planning process, analyze your security work force. Do you have enough personnel to handle the increased administrative work load?

Also, determine where - if anywhere - you must go. Will you have to travel crosstown or cross-country to perform an inventory? If a facility is geographically separated, do you need to go there or can you use indigenous security personnel assigned to that facility? The key to this phase of the closeout process is communication.

Phase I: Inventory. Based on your decisions, notify all facility locations what you expect from them. Timing is important. Give the facilities enough time to do what you want and give your staff enough time to assimilate the information you will receive.

For example, if you have 15 facilities supplying inventory information in 10 days, the analysis and correlation of that information by your staff may take 30 days. It is much better to phase the transmission of data to your staff. Tell the smaller facilities to provide their information in 10 days and give the larger facilities 21 days. This will give the facilities needing it more time to reply while not overwhelming your staff.

Typically, once a program is identified for closing, program management will quickly start to reassign its staff to other projects. It is therefore important to let program management understand the scope of work the security staff will be required to accomplish after the program is terminated.

It is also important that program management understand that access to program personnel will probably be needed at a later date to review documents and assist in destruction decisions and reclassification or declassification actions. Lack of access to program personnel can cause significant problems in closing a facility and administrating classified holdings properly.

Key to this phase is identifying a universally acceptable format to report the facilities' inventory. A uniform format will significantly help your administrative staff in correlating a list and also during the next phase of the process.

Phase II: Review. As you receive information, enter it into a central computer file. You are miles ahead if you have one of the security management software programs available. If all facilities have the same software, it will not be necessary to establish a universal format, nor will you have to worry about everyone complying with it.

In addition, once the information is entered you can easily manipulate it and quickly analyze it. If you do not have access to a document security software program, establish a file to hold the information.

AFTER LOGGING IN ALL THE DOCUMENTS, distribute them to the people who will need to take action on them. The action will be one of three options: Destroy the documents, retain them under their current classification, or regrade or declassify the information.

Depending on the size of the inventory and the number of people who must review the inventory, the review process may take anywhere from a few days to a few weeks. As with the first phase of the operation, communication with program management is vital.

For instance, there may be an office you are unaware of that program management feels should have the opportunity to take action on the documents.

Who has the final say on what is kept, destroyed, declassified, or reclassified? The obvious answer is the government. In my experience, the government has always chosen to retain classified information commensurate with the requirements of the Industrial Security Manual and other government directives, such as a program security manual.

After all personnel have supplied their responses, you should correlate their suggestions and make one list. Incorporate all of the suggestions and subdivide the list by the responses (keep, destroy, reclassify, or declassify). Conflicts will probably arise where one person wants to retain a document and another wants to destroy it.

If you are in the contracting community, many of these decisions will already have been made or will soon be made for you by the government. But this process is just as applicable when reviewing company proprietary information or any nongovernment work that needs to be terminated.

In cases involving conflicting opinions, it is always better to err on the conservative side: Choose to retain a document rather than destroying it. Regrading and declassifying is a hard decision and must be coordinated with program management and applicable personnel. Once you have made the decision, make your recommendation to the cognizant government security office for approval.

After all decisions have been finalized and coordinated, publish a list of the proposed actions and coordinate final action with those who reviewed the document.

This final coordination provides all parties the opportunity to have a final say on the future of all documents. It also allows all parties to see what other people have said regarding a document's fate and may stimulate someone to view a document's retention value in a different light.

Phase III: Termination. After the final coordination, don't forget the legal and contracting offices. The government will issue a termination order outlining the disposition of documents to each facility. Again, while this article is written with a government slant, it is also applicable to similar situations for the contractor. As with the previous phases, allow more time for those facilities with large accounts.

From a contractor's perspective, the job is clear-cut. Destroy the documents designated for destruction and send the documents earmarked for government retention to the government. Any documents that have been approved for contractor retention should have change-of-custody documentation completed and be transferred to the identified contractor facility.

The government has a more difficult time: It must find a repository for the program documents it has elected to retain. Presumably, the facility you once used will shortly be used for another program; therefore, arrangements must be made to store the information at another location.

Depending on the requirements of the program, you may also have to keep briefing and debriefing forms, fax logs, destruction certificates, and a myriad of other program security-related documents for a number of years. Plan for this task to ensure an appropriate place is available for these documents.

MANY ACTIONS NEED TO BE TAKEN IN closing a facility. I have limited my discussion to document control and other issues that could potentially cause problems throughout the process.

Take your time, use the available resources, and communicate and coordinate as much as possible. The steps I have identified are not all-inclusive, nor are they applicable to every circumstance, but they should provide a starting point to making the process less frustrating.

Consider some of the following issues as you go along:

* Those on your security staff will eventually be without jobs, and it is incumbent on you to look after them. Speak to corporate or senior security management about securing your staff's positions. The experience of closing a program will give your staff a quick and intensive course in many aspects of the security profession that will benefit a future program.

* COMSEC instruments such as secure telephone units (STU-IIIs) may become available for other offices. If they do, make sure they are zeroized prior to transfer and that your COMSEC custodian has verified it is appropriate to transfer them.

* Computer resources, as with COMSEC instruments, may become available. Prior to transfer, be certain that the transfer is appropriate from a security point of view.

* Security containers will also be available. Remember to reset them to the factory combination and search them thoroughly for documents prior to transfer. Consider designing a form to affix to safes certifying that a security person has examined and verified that the safe contains no classified information.

* Archiving documents - systematically storing and recording the identity and location of all retained information - is an absolute must. It is essential to be able to locate the information easily later.

Finally, communicate with the cognizant security officer one more time, advising him or her of what you have done and coordinating when all actions are completed.

Once you have verified that there is nothing more to do, you may officially close the facility. And don't forget to turn off the lights before you lock the door.

John C. Schulze, CPP, is a system security engineering manager assigned to Headquarters Aeronautical Systems Division, Wright-Patterson Air Force Base, OH. He is a member of ASIS.
COPYRIGHT 1991 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Special Seminar Issue; ending projects properly
Author:Schulze, John C.
Publication:Security Management
Date:Sep 1, 1991
Words:2209
Previous Article:Trial of the trade secret.
Next Article:Breaking bureaucratic bonds.
Topics:


Related Articles
The security challenge: order in the court.
Reinventing government for the clinical lab.
Safeguarding against errors in pension benefits: a big job at CalPERS.
Rewarding the right stuff.
Life cycle of a residential tenancy pt2: before a tenancy is born: gestation.
A Message from the President.
NIST publishes guidance on securing interconnecting IT systems. (General Developments).
Developing your IT project: a well-crafted plan is the key to success.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters