Section Ten: Security Violations and Deviations
Note: All classified markings contained within this presentation are for training purposes only.
Security Violations and DeviationsDefinitions
• Security Violation
– Any failure to comply with an established policy or procedure that reasonably could result in the loss or compromise of classified or sensitive information
– A compromise is the disclosure of classified or sensitive information to an unauthorized person
• Security Deviation
– Any failure to comply with an established policy or procedure that would not result in the loss or compromise of classified or sensitive material
– Any action that would have a negative impact on the {Company}’s security posture
Security Violations and Deviations Examples
BE AWAREOF
SECURITYVIOLATIONS
• A loss or compromise of classified information
• Failure to protect the security of a computer or network
• Failure to properly dispose classified material
• Failure to properly secure a Closed Area or Security Container
• Failure to secure classified materials
• Failure to properly transport classified material, either internally or externally of the facility
• Failure to properly mark classified material
• Failure to sanitize a Closed Area prior to an uncleared visitor entering
• Inadvertently disclosing classified information to individuals that do not have the proper need-to-know or security clearance
• Failure to report a violation
The human element • Distractions, fatigue, change in routine,
and lack of focus
Lack of training
Incomplete/mismarked classified information
Mechanical
External personal circumstances
Security Violations and DeviationsContributing Factors
Not following procedures
The Path to Security Violations
Security Violations and DeviationsPrevention Tips
TIPS
• Always ensure your security container is properly locked
• Only remove classified material from your container when it is needed and returned immediately when not in use
• Always check your entire area for the presence of classified material before leaving the area unattended
• Use a Security Record as a reminder to check your container
• Use the open/closed signs on Closed Area doors and security containers
• Reduce your classified holdings to the absolute minimum
TIPS
• Do not work alone after normal working hours with classified material
‒ If necessary, arrange with the Security Department first
• Never delay placing the appropriate classification markings on rough drafts, working papers, etc.
• Ensure notes extracted from classified documents are classified, appropriately marked and protected
• Always use classified folders and coversheets, when material is removed from security containers
• Ensure all electronic media is properly marked and secured after use
Security Violations and DeviationsPrevention Tips (cont.)
Security Violations and Deviations{Company} Obligations
• To maintain its security posture and meet its security obligations to the U.S. Government, {Company} retains the right to take immediate action to prevent the loss or compromise of classified or sensitive information
• Once individual culpability for a security violation or deviation is determined through investigation, the Security Department management will assess the implications of the event for the individual and the {Company} security posture
• {Company} has a graduated scale of administrative sanctions that will be taken for failing to adhere to established security rules and regulations
Security Violations and DeviationsAdministrative Sanctions
• Sanctions are determined by the offense and are on a graduated scale (See local SPP for details)
• Sanction examples:
– Verbal or written counseling by Security, immediate supervisor, {Company} president or a combination
– Information restrictions
– Project access restrictions
– Required training
– Suspension without pay
– Clearance termination or job change
– Removal from contract
– Employment termination
– Imprisonment and/or fines
Security Violations and DeviationsIndividual Culpability
• Reporting individual culpability to the Department of Defense‒ {Company} is required to identify the culpable party(s) to a
security violation where there is an issue of the individual’s future reliability
• Determination to forward a culpability report occurs when one or more of the following factors are revealed:‒ The violation involved a disregard of security requirements,
gross negligence in the handling of classified information, or a pattern of negligence or carelessness even though the incident was not deliberate
• Security Violations are costly, but can be prevented by ensuring all individuals remain aware of their security responsibilities‒ Ignorance will not excuse you from disciplinary action or
criminal prosecution
