Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED Classified Information Security Event EFCOG Fall Workshop.

Slides:

Advertisements

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Advertisements

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Page 1 County of Los Angeles Corrective Action Plan Program Enhancements John Sterritt CEO Risk Management.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP

1 Pathway Expansion Process Agenda Agenda Welcome Brief Overview Linked Learning Presentation of Pathway Expansion Timeline Completing the.

ATTACK of the RAC How to prepare and respond to RAC audits.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D 2012 Annual PERT Workshop Best Practice.

Understanding the Enforcement Process Environmental Trade Fair Colin Barth Region 11 Compliance Assistance Specialist. Small Business Local Government.

Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.

The Use of Counseling and Discipline to Improve Employee Productivity.

Special Ed. Administrator’s Academy, September 24, 2013 Monitoring and Program Effectiveness.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Implementing a Calibration Management System Cory Otto Principal Metrology Engineer, Boston Scientific 10 October 2012.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP

Implementing post-290 EVALUATION: Remediating Inadequate Performance of Teachers 1 The Hungerford Law Firm April 13, 2015.

Finite Reinsurance - Regulator perspective August Chow Senior Director, OSFI Nov 9, 2005.

Integrity Management Inspection Process Don Moore, OPS Central Region.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

0 Overview of the Foreign Corrupt Practices Act and Related Corporate Procedures (A312, A312A and A301)

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

OSEP National Early Childhood Conference December 2007.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Slide 1 Nick Salazar Operations Support.

PRESENTED BY: RAHIMA NJAIDI MJUMITA 3 RD APRIL 2012.

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

Notices to Comply (NTC) and Notices of Violation (NOV) March 22, 2006 Peter Moore Yorke Engineering, LLC x24

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Management Systems Part II.

STATE OF ARIZONA BOARD OF CHIROPRACTIC EXAMINERS Mission Statement The mission of the Board of Chiropractic Examiners is to protect the health, welfare,

Integrating Environmental Management System (EMS) Requirements and Work Controls April 21, 2004 Denny Hjeresen, EMS Team Lead, LANL Gene Turner, NNSA Lead,

U.S. Department of Energy Environmental Management Los Alamos Field Office Legacy Cleanup Completion Project DOE National Cleanup Workshop September 29,

Telerik Software Academy Software Quality Assurance.

North Carolina Health Information Exchange Governance Workgroup Date: May 12, 2011 Time: 9:00 am – 11:00 am Location: NC Institute of Medicine 630 Davis.

Significant Provisions Of S MINERS ACT Significant Provisions Of S MINERS ACT Pertaining to Enforcement of all M/NM Mines. New ombudsman within the Office.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

RFP – Clauses & Fee Structure Mark A. York, MSFOC Contracting Officer.

NYSFAAA Leadership Preparation Program Reviews October 16, 2015 Thomas J. Dalton Assistant Vice-President, Enrollment Management Excelsior College.

IDEA FORMAL COMPLAINTS Administrative Accountability Branch Kentucky Department of Education Understanding the Self-Investigation Process.

1 Welcome CMS V Workshop Employee Central.. 2 Project Sequence – Training, Workshops, Hands-on Sessions Overall Governance -- Completed/Ongoing Portal.

ORNL is managed by UT-Battelle for the US Department of Energy Enforcement Lessons Learned Ergonomic Manual Lifting and Material Handling Investigation.

V Energy Facility Contractors Group (EFCOG) Safety Working Group Regulatory & Reporting Technical Subgroup Enforcement Letter: Suspect Documentation October.

M S H A PART 100 RULING. 30 CFR PART 100 ASSESSMENT OF CIVIL PENALTIES; FINAL RULE.

ORNL is managed by UT-Battelle for the US Department of Energy Enforcement Lessons Learned Unexpected Airborne Release Presented to EFCOG Regulatory &

Corrective Action Plan Overview Chief Executive Office Risk Management Branch Inspector General Office.

Enforcement of Integrity Management Rule Workshop on the Integrity Management Rule for Large Liquid Pipelines Chris Hoidal, Director OPS Western Region.

The TJU Human Research Protection Program (HRPP) Part II, Conflict of Interest and IRB Noncompliance J. Bruce Smith, MD, CIP.

Assessment and Causal Analysis: Enforcement Lessons-Learned ISM Workshop 2007 Tony Weadock Office of Enforcement.

Page 1 Portfolio Committee on Public Service and Administration Presentation by the Auditor-General 18 November 2009.

Processing Level I and II Violations 2013 Regional Rules Seminars Laura McNab and Mike Zonder NCAA Enforcement Staff.

Project Life Presented by Chuck Ray, PMP ITS Project Manager.

FSC Caribbean Group of Securities Regulators 10th Annual Conference and Workshop November 6 -8, 2013.

Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.

DOE’s Worker Safety and Health Enforcement Program Kevin Dressman, Director Office of Worker Safety and Health Enforcement Office of Enforcement Office.

IH Exposure Assessment Enforcement Activities and Observations Anthony Pierpoint Office of Worker Safety and Health Enforcement Office of Enforcement.

PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.

Worker Safety and Health Enforcement Program Update

Updated ERO Enterprise Guide for Internal Controls

Responding to a Data Breach 360° of IT Compliance

Linda M. Chatwin, Esq. RAC Business Manager, UL LLC

MAC Input on Section 4.9 Review

System Safety Regulation

Special Ed. Administrator’s Academy, September 24, 2013

Increasing approval rates in the digital world

CJA/475 FORECASTING AND STRATEGIC PLANNING The Latest Version // uopcourse.com

CJA/475 CJA/ 475 cja/475 cja/ 475 FORECASTING AND STRATEGIC PLANNING The Latest Version // uopstudy.com

Presentation transcript:

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED Classified Information Security Event EFCOG Fall Workshop October 21, 2015

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED Agenda Slide 2  Event Overview  Timeline  Investigation Results & Potential Violations  Enforcement Outcome (Mitigation of Penalties)  Lessons Learned

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED The event involved potential unauthorized disclosure, consisting of “loss of control of classified matter” Slide 3  December 2012 – LANS discovered that it could not document the disposition of two classified legacy parts –Parts manufactured in the 1960’s for the underground test program –Parts not required to be accounted for pursuant to then existing security requirements (parts contained accountable amount of depleted uranium)  April 2013 – LANS internal investigation concluded –Likelihood of compromise of classified information was low –Destruction documentation was not required in , when the parts in question likely were appropriately destroyed

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED The timeline related to this event stretched over multiple years 4 Week of 12/9/13 OE onsite investigation 5/27/15 LANS received PNOV 7/28/15 LANS received FNOV April 2013 Internal LANS investigation completed 8/12/14 OE enforcement conference; LANS factual accuracy provided 6/29/15 LANS submitted response to PNOV 4/24/13 Report closed in SSIMS Dec 2012 LANS discovered MC&A inconsistencies /14/13 LANS received OE Notice of Intent to Investigate /20/14 OE investigation report issued Jan 2013 LANS identified non-compliances and reported in SSIMS 2012

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED # Description of Potential Violation LANS Position at Enforcement Conference – clarifying information was provided as support 1Failure to provide timely notification of an incident of security concern Notification was timely and conservative Note: not cited in FNOV 2Failure to adequately define potential risk (disposition pathways, physical security) LANS incident evaluation was thorough, conservative and compliant 3Failure to control classified information No evidence that LANS failed to control classified matter 4Failure to implement a comprehensive self-assessment program NNSA approved self-assessment program The investigation report cited four potential violations of classified information security requirements Slide 5

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED  PNOV assessed a $247,500 financial civil penalty – Cited three violations – one Severity Level I and two Severity Level II violations; continuing violation – Penalty was initially calculated by OE to be $385,000; mitigated for corrective actions associated – After enforcement conference, LANS provided factual accuracy document and affidavits – LANS submitted letter to OE requesting reconsideration challenging severity of violations and argued that civil penalties proposed were excessive Civil penalties were mitigated based on corrective actions and clarifying information provided Slide 6 LANS’ continued focus during the investigation was factual accuracy and providing clarifying information, resulting in a positive outcome.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED  FNOV assessed a $192,500 financial civil penalty – Penalty reduced based on LANS letter and additional supporting information provided Eliminated per day penalty that PNOV had identified as continuing violation Further consideration of LANS corrective actions – No change to severity of violations Civil penalties were further reduced based on additional clarifying information provided Slide 7 LANS’ continued focus during the investigation was factual accuracy and providing clarifying information, resulting in a positive outcome.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED  Factual accuracy – continued follow up  Corrective actions – proactive discussions  Mitigation of penalties  Understanding of rules associated with investigation – 30 day response deadline – Citations associated with violations Lessons Learned – this investigation Slide 8

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA UNCLASSIFIED  PAAA role  Teaming with legal counsel  PAAA engagement in investigation – Interviews – Planning  Strategy  Document request  Formality – OE interaction Lessons Learned – general Slide 9