FSO Success
What great FSO’s read!
Be fully prepared for your SVA journey.
Being Inspection-Ready Feels Amazing!
We talk to a LOT of FSOs on a monthly basis. A LOT. When all is said and done, what is the biggest issue (other than protecting classified information which is always the Mission)? Inspections! (They are actually called Security Vulnerability Assessments, aka: SVA, but it triggers the same feelings!) At FSO PRO, we participate in 3-6 SVA/inspections a month. So far, in 2020 – by the time you get this newsletter – we have 10 on our calendar. Over the years, we have learned a LOT! We can certainly help you do your best!
Feb 2020
What FSOs Need To Do This Month
- Take a load off your mind by getting your electronic folders “inspection ready”.
- Organize your inspection documents on a weekly or monthly basis.
- Log into JPAS and any other timed data base so you don’t get locked out.
- Remove any personnel who should not be in JPAS by out-processing or contract ending.
- Present an “SVA Over- view” to Executive Management to build buy-in.
- Look at the expiration dates on your classified contracts (DD254) and coordinate with your Con- tracts Administrator to see if they are being ex- tended or ending soon for de-briefings if necessary.
- Order your I Heart My IS Rep mug for your meeting with DCSA! Show the love!
STEP 1 What to expect:
We have a 3-Slide overview that you can review or provide to your management about what to expect on the day of your inspection for non-possessing facilities. It helps everyone feel calm when they understand what is coming and how long it will take. Would you like to have your own copy? Ask this guy!
Step 2 – How to prepare:
Here is a list of comprehensive items to gather for review. At FSO PRO, we like to set up these folders electronically on a restricted-access shared drive and update them as we go throughout the year. This habit cuts WAY down on the time involved in preparing. Folder A – Company Information: SF328, DD441, changes in ownership or address, if your By-Laws support who is on your KMP list, org chart, etc. Folder B – JPAS Reports: Personnel, PR Report, and Ghost Report. Folder C – Self-Inspections: Checklist and Management memos for each year since your last SVA. Folder D – Contract information: Active Classified Contracts/DD254s – issued to you and that your organization has issued. For any subcontractors, make sure you have your NISS Validations.
What to expect when you’re expecting… An SVA. (Gender reveal: it’s an inspection!)
Folder E – Security Briefs and Training: All NISPOM 3 required topics: Initial Security Briefing, Insider Threat, Annual Security Refresher, and Debriefing Statements. Folder F – Personnel Security Clearance: Make sure you have the Privacy Statement from NISPOM that tells clearance candidates that you will review their SF86 then destroy it. Folder G – Security Policies and Procedures: All your SPPs, Disciplinary Policy for Security Violations, etc.
Folder H – Reports: Incident/Adverse, Suspicious Contacts. Any self-reports, suspicious contacts, and adverse information (and their results) since the last SVA go here. Folder I – Consultants: Any 1099 or Independent Contractors utilized on classified contracts and their signed “Consultant Certificate” goes here. Folder J – FSO Information: Any training certificates for your FSO Courses, extra training (classified storage, NCMS, other STEPP Courses) and any appointment letters. Folder K – Specialized Briefings: NATO, COMSEC (including semi-annual reports if you have a COMSEC Account), Counterintelligence, SCI, Foreign Travel, etc. briefings go here. Folder L – Visits: VAR template and any incoming VARs if you have classified storage or host classified meetings.
All this talk about folders is making me hungry. Here, try this chocolate cream pastry.
Folder M – Insider Threat: Your Insider Threat plan, records, working group minutes, self-reports, self certification plans, training for programs and personnel records. Folder N (if applicable) – Classified Storage: Anything pertaining to your classified storage – your SPP, emergency plan, checklists, 147 form, signage, the certificate for the GSA-Approved locksmith who set your safe lock, etc. Folder O – Miscellaneous: Anything else! We used to add the PSI Survey to this section, but they know it is done through NISS now.
Hopefully gathering your team won’t take as long. Or as many portals.
STEP 3 – Gather Key Personnel
DCSA will want to speak to personnel who can discuss your contracts. Sometimes that is you, sometimes it is the owner/ senior management and sometimes it is a program manager. Regardless, make sure they are available. With the new risk based approach to security assessments, it is more than just a checklist of documents listed above. The government wants a clear picture of the risks and all the ways they can recommend the best security practices for your organization. Is there more to it than this? Yes, but this gives you a strong framework to walk into an assessment and know you can work with your DCSA Rep to build the best program you can have! Want more? We are planning an online workshop for those who would like more training on Security Vulnerability Assessment Prep. If you are interested, let us know!
I Heart My REP!
Matt! Larrissa! Braden! Susie! Mary! Ashley! Brent! Juaquita! Brian! Not former Mousketeers (that we know of …) but these are a few (real) first names of some DCSA Representatives that we LOVE! They: • Take & Return Calls/emails quickly• Provide Resources
• Problem Solve
• Help Expedite
• Solicit FSO Feedback
• Track down support & More! Really, we cannot feel more love towards those that have a real partnership with FSOs and companies as opposed to never being available, never responding, playing “gotcha” with new FSOs, speaking only to BIG company FSOs, etc. Just in time for Valentine’s Day: This cup is a great icebreaker for your meetings (usually gets a big laugh!) Order yours here!
FSO PRO thanks all the FSOs out there for everything you do to keep the warfighter safe. Even the smallest task is designed to keep our nation’s information out of the hands of those who would do harm. We, as FSOs, are doing our part to stay vigilant and determined to protect those who protect us, even in our own small way.
That is why we say how awesome you are. And thank you.
</div*gt