Section Ten: Security Violations and Deviations

Note: All classified markings contained within this presentation are for training purposes only.

Security Violations and DeviationsDefinitions

• Security Violation

– Any failure to comply with an established policy or procedure that reasonably could result in the loss or compromise of classified or sensitive information

– A compromise is the disclosure of classified or sensitive information to an unauthorized person

• Security Deviation

– Any failure to comply with an established policy or procedure that would not result in the loss or compromise of classified or sensitive material

– Any action that would have a negative impact on the {Company}’s security posture

Security Violations and Deviations Examples

BE AWAREOF

SECURITYVIOLATIONS

• A loss or compromise of classified information

• Failure to protect the security of a computer or network

• Failure to properly dispose classified material

• Failure to properly secure a Closed Area or Security Container

• Failure to secure classified materials

• Failure to properly transport classified material, either internally or externally of the facility

• Failure to properly mark classified material

• Failure to sanitize a Closed Area prior to an uncleared visitor entering

• Inadvertently disclosing classified information to individuals that do not have the proper need-to-know or security clearance

• Failure to report a violation

The human element • Distractions, fatigue, change in routine,

and lack of focus

Lack of training

Incomplete/mismarked classified information

Mechanical

External personal circumstances

Security Violations and DeviationsContributing Factors

Not following procedures

The Path to Security Violations

Security Violations and DeviationsPrevention Tips

TIPS

• Always ensure your security container is properly locked

• Only remove classified material from your container when it is needed and returned immediately when not in use

• Always check your entire area for the presence of classified material before leaving the area unattended

• Use a Security Record as a reminder to check your container

• Use the open/closed signs on Closed Area doors and security containers

• Reduce your classified holdings to the absolute minimum

TIPS

• Do not work alone after normal working hours with classified material

‒ If necessary, arrange with the Security Department first

• Never delay placing the appropriate classification markings on rough drafts, working papers, etc.

• Ensure notes extracted from classified documents are classified, appropriately marked and protected

• Always use classified folders and coversheets, when material is removed from security containers

• Ensure all electronic media is properly marked and secured after use

Security Violations and DeviationsPrevention Tips (cont.)

Security Violations and Deviations{Company} Obligations

• To maintain its security posture and meet its security obligations to the U.S. Government, {Company} retains the right to take immediate action to prevent the loss or compromise of classified or sensitive information

• Once individual culpability for a security violation or deviation is determined through investigation, the Security Department management will assess the implications of the event for the individual and the {Company} security posture

• {Company} has a graduated scale of administrative sanctions that will be taken for failing to adhere to established security rules and regulations

Security Violations and DeviationsAdministrative Sanctions

• Sanctions are determined by the offense and are on a graduated scale (See local SPP for details)

• Sanction examples:

– Verbal or written counseling by Security, immediate supervisor, {Company} president or a combination

– Information restrictions

– Project access restrictions

– Required training

– Suspension without pay

– Clearance termination or job change

– Removal from contract

– Employment termination

– Imprisonment and/or fines

Security Violations and DeviationsIndividual Culpability

• Reporting individual culpability to the Department of Defense‒ {Company} is required to identify the culpable party(s) to a

security violation where there is an issue of the individual’s future reliability

• Determination to forward a culpability report occurs when one or more of the following factors are revealed:‒ The violation involved a disregard of security requirements,

gross negligence in the handling of classified information, or a pattern of negligence or carelessness even though the incident was not deliberate

• Security Violations are costly, but can be prevented by ensuring all individuals remain aware of their security responsibilities‒ Ignorance will not excuse you from disciplinary action or

criminal prosecution