By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP
There are three key pillars that I like to employ to build confidence and better prepare for the DCSA review. Whether you want to just maintain a satisfactory rating or you want to elevate to commendable or superior these three keys are going to help you.
The Key Pillars.
The first is the FSO Workbook. That’s your survival tool.
The second is the self-inspection program or your health check.
The third is the gold standard criteria, which are your war stories. So let’s talk about these three and how they are important.
Key Pillar 1 – The FSO Workbook
First, let’s talk about your survival tool, that FSO Workbook, the bare minimum that you need to have on hand to measure or demonstrate that you are NISPOM compliant. Why is this important? Because it has all of your facility and personnel clearance artifacts on hand in electronic and printed formats. While your day to day work will be in NISS, DISS and NBIS, the FSO Workbook should be updated frequently. The electronic version should be updated regularly, but the printed version should be update at least closer to the DCSA review date so you can easily display them to DCSA .
This is an important document that provides artifacts that demonstrate you are in compliance. These artifacts include the DD Form 441 and the SF 328.. You’ll also want to maintain training documents, Standard Practices and Procedures, Insider Threat Program policy, and many other artifacts that DCSA is going to want to review.
Key Pillar 2 the self-inspection program.
Be sure to use the Self Inspection Handbook for NSP contractors provided by DCSA. It’s a wonderful tool. The only thing I don’t recommend is doing it all at once. While the self-inspection should be certified annually, spread the event over several months. Perform a review of your security program throughout the year, checking and double checking, cross walking with that FSO notebook, and maintain this regularly.
Key Pillar 3 – DCSAs Gold Standard Criteria
DCSA has a gold standard criteria under the new rating scheme that allows defense contractors opportunities to excel.
You can use the FSO Workbook as a kind of standardization. If you have this completed, you’re going to definitely get a satisfactory rating. However, the Gold Standard Criteria allows you to demonstrate commendable and superior capabilities.
This is your opportunity to story board your security program. Many people use the term story branding or avatars. Basically, you’re making a story about your security program. Where the FSO Workbook demonstrates compliance through artifacts, the Gold Standard Criteria allows you to demonstrate through examples and narrative; you’re sharing your experiences, having discussions and demonstrations of your ability.. What does your management support look like? Are you involved with the community? What does security education look like?
This also must be maintained regularly and not completed at the last minute, cramming for this right before the DCSA review.
In summary, these three keys. The FSO Workbook, the self-inspection program and the Gold standard criteria will give you the confidence to do well during the DCSA review.
I am Jeff Bennett and I provide fractional FSO support to many different companies.
If you have any questions on any of this, contact me via email, but by all means, stay tuned. I’ll be discussing each of these points in further issues. I hope you’ll stay in touch and stay tuned for more information