Essential ITPSO Policies and Procedures

Essential ITPSO Policies and Procedures assist the Insider Threat Program Senior Official (ITPSO) with administering National Industrial Security Program Operating Manual (NISPOM) requirements. These policies are required and will be audited during the DCSA review. They meet requirements and can be tailored to add or delete material. These forms are packaged as an assembled group for your convenience and are also tailorable to fit your individual or organization needs and configuration requirements. Feel free to disassemble the package into individual forms and add your business information and logos.

HERE IS HOW TO USE YOUR DIGITAL DOWNLOAD ESSENTIAL ITPSO POLICIES AND PROCEDURES:

1. The Insider Threat Program Senior Official (ITPSO) Appointment Letter: The ITPSO is required to be a U.S. citizen, have a security clearance at the level of the facility, an employee of the company and appointed in writing. This form meets appointment requirements and once populated and signed, can be uploaded into the National Industrial Security System (NISS). Use this form each time an ITPSO is appointed and each time a Change Condition Package requires it.

2. Insider Threat Program Charter This Charter establishes the Insider Threat Program Working Group (ITPWG). The ITPWG intent is to gather, integrate, and report relevant and available information indicative of a potential or actual insider threat, consistent with E.O. 13587 and Presidential Memorandum “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.”

3. ITPWG Meeting Agenda: The agenda should be published for each ITPWG session. The ITPSO can use this agenda to ensure that all topics are covered as applicable and that notes are taken for a final meeting report to be signed by the Senior Management Official. This agenda will be published for each session and is intended to demonstrate compliance with the ITP guidance.

4. Insider Threat Program Policy: This document demonstrates your company’s establishment of a program to protect classified information, residing in personnel knowledge, equipment, networks, or systems from insider threats. An insider threat is the likelihood, risk or potential that an insider will use his or her authorized access, wittingly or unwittingly to do harm to the security of the United States. These threats may include harm to the program information to the extent it impacts obligations to protect classified national security information.

5. Information Inventory Management and Risk Matrix: The ITPSO should use this form to lead conversation necessary to identify where sensitive and classified information resides and how it is present. For example, the information may be an item, software, or document. The key is to identify the existence, the sensitivity level, and where located.