As the Project Manager, you are responsible for all aspects of your program including personnel and document security.
Your government PM will look to you for ensuring your program is compliant with their security requirements. The government PM has a security department supporting them that will interface directly with your Security Team and perform inspections.
Remember your company’s Security Team is there to support you. Invite them to program reviews, meetings with customers, etc. – as you feel appropriate. Do not try to bear the security burden by yourself. Introduce your Security Team to your customer’s security team and let them work together.
Your Security Team often handles the day-to-day tasks with little or no guidance or support from you. When issues, such as a security incident arise, you will become part of the process since it is your personnel and program that are impacted. Some of your security responsibilities are:
- Ensuring all personnel comply with security requirements of the contract to include reporting changes in personal status, foreign travel, foreign contacts, etc.
- Working with security to ensure all contact requirements are addressed and completed
- Reporting any security incidents immediately to security even if your customer has taken the lead on the investigation
- Any changes to the contract or procedures
Normally, HR will notify security of changes such as reassignments or terminations. With changes in your program, it is a good practice to check with your Security Team and communicate your needs. When you add somebody to your program, you may have to get your customer’s approval before security can transfer security clearances. This action can take up to 90 days or longer.
Polygraphs are required by some government agencies and many times the polygraph is one of the most intimidating phases of security for your personnel. Your Security Team probably can provide excellent polygraph guidance and should be available to discuss polygraph issues with you or your team members before they take one.
Communications is a two way street. Security has an obligation to inform you of any changes the customers makes to their security policy that might impact the security posture of your program. So, stay informed!
– Mike Lisagor