Security policies and procedures are developed and implemented to ensure cleared employees understand how to properly protect classified information. Despite this effort, security incidents may occur. Employees are required to report all incidents or suspected incidents to the FSO immediately. The FSO will investigate the incident to determine if there has been a compromise or suspected compromise of classified information. All incidents will be reported to the proper agency as required per the NISPOM. Employees are encouraged to report incidents without fear of disciplinary action. Reporting incidents promptly will assist the FSO in ensuring our facility remains secure and capable of protecting national security. However, depending on the seriousness of the incident, administrative actions may result. A Graduated Scale of Disciplinary Actions has been created as a guide in determining the most appropriated administrative action to assign to an incident. Other factors that may be used to determine the administrative action include the employee’s position, the seriousness of the incident, and if there was a compromise/loss of classified material. Security Infractions are incidents that were not deliberate in nature, but, if left uncorrected, could lead to a compromise of classified material. An infraction is any incident that does not involve a deliberate disregard of security requirements or gross negligence of classified material. First Infraction – written report submitted to DCSA; verbal counseling by the FSO; copy of report placed in employee’s security file Second Infraction – written report submitted to DCSA; notification sent to the employee’s immediate manager; verbal counseling by the FSO; copy of report placed in employee’s security file Third Infraction – A third infraction in a 12-month period time frame will be processed as a first violation. Each additional infraction beyond three in a 12-month period will constitute an additional violation. Although the infraction may not have been deliberate in nature, it involves a pattern of negligence or carelessness. Security Violations are incidents where, failing to comply with Security policies and procedures, could result in the loss or compromise of classified material. A statement of the administration actions taken against an employee shall be included in a report to DCSA when individual responsibility for a security violation can be determined and one or more of the following factors are evident: the violation involved a deliberate disregard of security requirements, gross negligence of classified material, and/or was not deliberate in nature but involves a pattern of negligence or carelessness. First Violation – written report submitted to DCSA; notification sent the employee’s immediate manager; written reprimand and counseling by the FSO; copy of report placed in employee’s security file Second Violation – written report submitted to DCSA; written reprimand and counseling by the FSO and employee’s manager; temporary loss of classified privileges; copy of report placed in employee’s security file; copy of report placed in employee’s personnel file Third Violation – written report submitted to DCSA; written reprimand and counseling by the FSO, employee’s manager, and Division Manager; administrative leave without pay for a period of between two and five consecutive business days or dismissal; copy of report placed in employee’s security file; copy of report placed in employee’s personnel file
