The most important documents for your FCL security review and how to keep them organized
In your annual security review, your Industrial Security (IS) representative will require documentation that shows your facility is meeting NISPOM requirements. Your IS rep will provide you with a list of the documents they’ll need to see and give you one to two months to provide them.
These are key documents to maintaining your Facility Clearance (FCL). However, since many of them are not things you’re accessing on a daily basis, it’s easy for them to get buried in your files, especially if you don’t have a clear organizational system. In order to be prepared for your security review, you need to be familiar with the documents the IS rep will need to see and know where to access them.
The Documents
Some common documents the IS rep may request include your company’s DD 441 and 254, SF 328 and employee SF 312s, bylaws, articles of incorporation, and other documents related to Foreign Ownership, Control or Influence (FOCI). Many of these are documents you won’t be regularly updating or accessing.
DD 441 is an agreement between contractors and the government that details the security responsibilities of both and acts essentially as an NDA.
DD 254 is a contract that provides the contractor with security requirements and the classification necessary for the contract.
SF 328 covers concerns of FOCI. It asks 10 yes or no questions about the organization’s dealings with foreign persons, and if the answer to any questions is yes, you need to elaborate on why.
SF 312 is the classified information nondisclosure agreement employees sign.
There are further documents the IS rep may request beyond these, like your Key Management Personnel (KMP) List or proof of your Facility Security Officer (FSO) STEPP training.
Beyond these, it’s crucial to maintain documentation of any incident reports. Document these as soon as any incidents are brought to your attention. If there is a big gap in time between the incident and the documentation of it, that can be a red flag to your IS rep that your security may not be up to snuff.
Of course, being familiar with these documents and having them up to date doesn’t matter if you can’t find them when the time comes for your inspection.
Best Practices for Document Management
Organization of your files is incredibly important. In cleared facilities, it isn’t uncommon for the FSO to wear multiple hats and hold more than one position and set of responsibilities. When they have to juggle multiple important roles, it can be easy for these files to get lost in the shuffle if they’re not saved in a clear location or with a proper name. If you have a tendency to download documents and not rename them or move them out of the downloads folder, it’s time to rework your file organization system.
The best starting point is to create a general FSO or security folder. Within this, you can create further folders organized by how frequently you use them, such as FCL, Personnel Clearance (PCL), incident reports, and insider threat program. When developing your file system, it’s not enough for the system to make sense to you. Make sure there’s a logical progression of folders to get to what you need, so if someone else needs to access them without you in future, they’ll still be able find what they need.
When saving documents like SF 312s, make save them in a way where you can easily search for them even if you can’t remember where they were in your files. It also helps you identify what the document is at a glance, without having to open it. Include both the name of the person who the document is relevant to and what the form is, so “John Doe SF 312” rather than just the person’s name or document type.
Keep your folders organized and clean as well. Have an area to archive things you no longer need, and set a time frame for how long documents will sit before they’re moved there. The general rule of thumb is to keep any documents for a year before archiving them, like moving files related to a terminated employee.
When the IS rep does make their request for your documents, they typically give you a deadline a month or two from the initial contact to send them what they need. Because there’s a long time frame in which to do this, it’s tempting to put it off and chip away at it over time, but that often means it’s just left until the last minute and results in a crunch to find everything right at the deadline. Instead, take the time to find everything right away, especially if your documents aren’t fully organized or there’s anything you’re worried might take some time for you to locate.
If you’re an FSO looking for help managing some of your responsibilities, our FSO support services can help lighten your load and free you up to focus on what’s important. From PCL management to annual briefings, our team can meet your needs and offer expert insight into creating a strong security culture at your organization.
