Cover Image

Not for Sale

View/Hide Left Panel
Click for next page ( 55

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 54
54 Employees may become lax in following procedures VI. CONCLUSIONS that require tracking seemingly inconsequential infor- mation. Historically, transit agencies have had to be mindful of confidentiality in the procurement process, perhaps 4. Managing Contractors' Use of Needed Security most notably in maintaining the confidentiality of trade Information secrets and confidential business information. More recently, maintaining the confidentiality of security information, including SSI, has come to the fore. The The policy should clearly establish the range of op- new federal requirements for security-related informa- tions that are available to maintain confidentiality of tion raise more complex disclosure and records man- SSI and other security information in contract docu- agement issues than those many transit agencies have ments and otherwise available to contractors. traditionally faced in the procurement process. Confidentiality requirements, including training, NDAs, and logs, should be applied objectively rather While security information concerns are most obvi- than on the basis of personal knowledge of the contrac- ous when dealing with security contracts, transit tor. agency personnel should also be aware of the potential Even if bid/contract documents themselves are free for security information being included in competitive from SSI and restricted security information, the policy bidding documents for other types of contracts. There should address other parts of the competitive procure- are several major stages of the procurement process at ment process that exposes security information, such as which it is important to be cognizant of security re- site visits or on-site examination of plans. quirements: developing the procurement documentation (whether to include SSI or restricted security informa- 5. Taking Steps to Protect Security Information tion); allowing site visits and access to ancillary docu- Internally ments not part of the procurement documentation, ei- ther before or after contract award; responding to The security protocol can be expected to include requests for information from parties other than bid- training. It is advisable that the required training cov- ders and contractors; and managing procurement ers the procurement process. documents. It is important that transit agencies provide Security requirements such as signing NDAs the decisional infrastructure necessary for adequate should be uniformly required throughout the agency, consideration of security issues at those various stages. including senior level personnel. At the bidding stage, personnel should be aware of Requirements for tracking the location of security legal requirements governing disclosure of security in- documents should be uniformly required throughout formation to contractors, for maintaining the confiden- the agency, including senior level personnel. tiality of security information, and governing disclosure If the transit agency expects to generate restricted of security information to members of the public. Con- security information, it may be useful to distinguish tract personnel, as well as any personnel with signifi- under its security policy between CII/SSI and restricted cant input into procurement documents, should be security information, particularly in terms of making trained on these requirements, including the disclosure clear the federal penalties for making unauthorized and management ramifications of including disclosure of CII/SSI. SSI/restricted security information in procurement Protocol should make clear that careless handling documents. Such ramifications--which may vary de- of security information may affect the ability to assert pending on state law--include the possibility that the state exemptions. information may be disclosable under state law and the It may be advisable to audit security procedures obligation to physically and electronically secure the within the agency. information. Moreover, it is advisable that the need to include SSI/restricted security information in procure- ment documents be assessed by personnel knowledge- 6. How to Exercise Available Discretion Concerning able about the ramifications of such inclusion. Public Disclosure The obligation to safeguard security information, particularly SSI, extends to contract management, and Depending on state law, the agency may have dis- transit agencies are advised to ensure that their records cretion as to whether to withhold restricted security management policies, including those for procurement information under state public records exemptions. records, are structured accordingly. In particular, it is The transit agency may consider reviewing secu- important to ensure that existing SSI procedures, such rity information to determine whether release of a spe- as those required for major capital projects, are ade- cific document may cause harm, as opposed to withhold- quately coordinated with the agency's procurement and ing information based on document classification. Such records management procedures. Procedures should a distinction may in fact be required under state law. This approach may also be possible in designating security information, including SSI.

OCR for page 54
55 ensure that personnel with the requisite expertise, such with state as well as federal disclosure and records as legal counsel or records managers, review any public management requirements. record requests for documents containing SSI/restricted security information. Such personnel should be familiar

OCR for page 54