Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.

Slides:

Advertisements

Similar presentations

1 Welcome Safety Regulatory Function Handbook April 2006.

Advertisements

Managing the Health and Safety of Contractors

Role of Senior Management

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

RMS – a collaborative approach Presentation Lyn Dare & Stephen Larmour Authorisation & Audit Comcare.

Intentional Adulteration Phase 2 Workgroup 1.

Contractor Safety Management

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Environmental Management Systems An Overview With Practical Applications.

EMS Auditing Definitions

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

1.2.1 > ISPS Module ISPS Code Responsibilities

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

TRAINING AND DRILLS. Training and Drills Ensure A comprehensive, coordinated, and documented program as an integral part of the emergency management program.

Purpose of the Standards

Supplier Ethics: Program Checklist

FPSC Safety, LLC ISO AUDIT.

1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

ISO 9001 Auditor Training Rita D’Angelo AFDO San Diego, March, 2015

Control environment and control activities. Day II Session III and IV.

Internal Auditing and Outsourcing

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Auditing an EMS for Conformance with EO 13423

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.

Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.

Defense Security Service New Rating Process Current as of 10/19/2011.

Compliance and Ethics Training Overview

Developing an Effective Ethics Program

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

COMMUNITY AWARENESS / EMERGENCY RESPONSE BEST PRACTICE EXAMPLES AND TOOLS David Sandidge Director, Responsible Care American Chemistry Council May 31,

Setting up an Internal Audit Program By

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

December 2013 Michael Campbell ViaSat, Inc..  NISPOM Requirements  Interpretation ◦ Category Level ◦ Business Best Practices  Available Tools  Pre-Inspection.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Practice Management Quality Control

Safety Stand Down – Together We Will Make the Difference.

Audit Planning Process

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development Making South Africa a Global Leader in Harnessing ICTs for Socio-economic.

Office of Human Resources1 PERFORMANCE MANAGEMENT 2008 AT HKS.

WEC MADRID 18 TH MARCH 2004 ASTRAZENECA’S APPROACH TO SUPPLIER RISK MANAGEMENT.

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

SACSOC ACCREDITATION AND INSTITUTIONAL EFFECTIVENESS STUDENT AFFAIRS LEARNING AND DEVELOPMENT OBJECTIVES REVIEW COMMITTEE OCTOBER 17, Allan Aycock.

Systems Accreditation Berkeley County School District School Facilitator Training October 7, 2014 Dr. Rodney Thompson Superintendent.

Internal Auditing ISO 9001:2015

How To Conduct An Administrative Inquiry (AI) Due To A Security Violation

February, MansourahProf. Nadia Badrawi Implementation of National Academic Reference Standards Prof. Nadia Badrawi Senior Member and former chairperson.

* Registered WSH Officer * Registered Environmental Control Officer * MOM Approved Risk Consultant * MOM Approved WSH Auditor * MOM Approved Trainer for:

Developing an Effective Ethics Program C H A P T E R 8 Ethical Decision Making For Business 8e Fraedrich/Ferrell/Ferrell CHAPTER 8.

Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.

Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.

1.  Overview of the HCBS Settings Final Rule  Implementation Requirements for States  Arkansas’s Transition Process 2.

CPA Gilberto Rivera, VP Compliance and Operational Risk

Developing an Effective Ethics Program

NISPOM Basics What You Need to Know!

Policies and Standards Governance

Safety Accountabilities

OH&S Management System

Derivative Classification Overview

The Organized FSO Getting Control of the Paperwork and the Chaos

RECORDS AND INFORMATION

Information Security Risk Management

Developing a Comprehensive Electrical Program

Chapter 8 Developing an Effective Ethics Program

Presentation transcript:

Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections be conducted What does the NISPOM say about Self-Inspections What are some tips for conducting Self-Inspections What are some Common Issues What qualifies as an enhancement for Self- Inspections

What Are Self-Inspections?

 Self-inspections are security reviews of your program.  Self-inspections should be tailored to your program. The Self-Inspection handbook was designed to be used as a job aid and to help in complying with this requirement. The handbook was also developed to help assist in developing a viable self-inspection program tailored to the classified needs of your company.

Why Should Self-Inspections Be Conducted?

 To be in compliance with NISPOM requirements  To assess your company’s security program  Improve the overall quality of your program  Help identify any issues/vulnerabilities you may not otherwise be aware of  To prepare for Audits  Opportunity to talk to employees one on one if possible

When Should Self-Inspections be Conducted?

 Generally a formal self-inspections should be conducted mid way between security reviews/Audits  There is no rule on how often self-inspections should be conducted, however this should be a continuous process  Self-Inspections can be conducted as often as FSO feels necessary

What Does the NISPOM Say About Self- Inspections? NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL February 2006 Incorporating Change 1 March 28, 2013 DoD M

 1-206b: Contractors shall review their security system on a continuing basis and shall also conduct a formal self-inspection at intervals consistent with risk management principles  Risk management principles – The process should create value It should be an integral part of the organizational process It should factor into the overall decision making process It must explicitly address uncertainty It should be systematic and structured It should be based on the best available information It should be tailored to the project It must take into account human factors It should be transparent and all-inclusive It should be dynamic and adaptable to change It should be continuously monitored and improved upon as the project moves forward

What are Some Tips for Conducting Self- Inspections?

 Make Notes on Inspection checklist  Interview cleared and uncleared employees  Be sure to include your AFSO and ISSO  Ensure to verify all documentation  Having all materials centrally located helps during Audit time  Conduct self-inspections as necessary, at a minimum two per year.  Get employees involved  Be sure to address any vulnerabilities that were found  Share your review with your DSS Rep, if there were any issues found work with your rep to find solutions before the audit

What are the Most Common Issues?

 Company claims to have conducted multiple self-inspections but vulnerabilities are still found during Audit  ISSM has failed to conduct a comprehensive self-inspection of the accredited information systems  Local employees receive great security training but off-site employees rarely receive guidance  When interviewed for Audit it is clearly evident that employees are not provided with adequate training and education  Company does not keep DSS apprised of reportable information (i.e. company name change, KMP changes)  Not following updated NISP requirements

What Qualifies As An Enhancement? Yeah we got an enhancement!!

Category 5: Self Inspection - Effective documented self inspections designed to provide an on-going, continuous evaluation of the security program and promptly sharing the self inspection results with DSS, which encourages open dialogue of identified issues and possible resolutions prior to the DSS scheduled inspection.  Provide DSS with a detailed report of their self-inspections to include identifying threats or vulnerabilities  Collaborate with DSS to correct any issues prior to annual assessment  Proof of on-going and continuous evaluation of security program through multiple self-reviews  Self-review conducted by a cleared contractor outside of the corporate structure, i.e. prime contractor assisting a sub or a consultant with an applicable need-to-know (DD 254)  Establish an internal corporate review program conducted by another facility within the organization/corporate structure in addition to the required self-review

QUESTIONS????