Questions? Call 800-624-6242 About | Ordering | New Menu | Items in cart [0] SEARCH

Rights & Permissions Free PDF Access Sign in to download PDF book and chapters Free Resources Display this book on your site! Related Titles Private Lives and Public Policies:Confidentiality and Accessibility of Government Statistics TCRP Legal Research Digest 37: Legal Arrangements for Use and Control of Real-Time Data Other Related Titles TCRP Legal Research Digest 32: Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements (2010) Transit Cooperative Research Program Legal Program (TCRPLEGAL) Citation Manager Export the bibliographic data for this book in your chosen format Web Search Builder Use this book's key terms to search within this book, across our collection, or across the Web. Skim This Chapter Skim this chapter and use this chapter's key terms to search within this book. Reference Finder Paste in your own text to find books that relate to your topic. Citation Manager Waite, Jocelyn K, Transportation Research Board. "APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information." TCRP Legal Research Digest 32: Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press, 2010. Please select a format: Page 76   E-mail Share on facebook Facebook Share on delicious Delicious Share on stumbleupon Stumble Share on twitter Twitter More Sharing ServicesMore Page 76 COVER (1-1) CONTENTS (2-2) LIST OF ACRONYMS (3-3) LIKELY QUESTIONS CONCERNING MANAGEMENT OF SECURITY INFORMATION (4-4) A. Statement of the Problem (5-5) B. Background of Threats to Public Transit Systems (6-6) C. Background of Public Records Requirements (7-11) A. FOIA (12-17) B. Critical Infrastructure Information/Sensitive Security Information (18-30) III. STATE LAW SUMMARY (31-31) A. Public Records Laws - Disclosure Requirements (32-37) B. Public Records Laws - Security Exemptions (38-39) C. Public Records Laws - Other Exemptions That May Protect SSI and Other Security Information (40-42) D. Records Management Laws (43-43) A. Transit Agency A (44-44) C. Agency C (45-46) F. Virginia Department of Transportation (47-47) A. Minimizing Need to Balance Security and Transparency (48-48) B. Deciding Whether Information Should Be Disclosed (49-49) C. Procedures for Maintaining Contract Records Containing CII/SSI/Restricted Security Information (50-52) D. Issues to Consider in Establishing/Reviewing Security Protocol for Procurement Process (53-53) VI. CONCLUSIONS (54-56) APPENDIX A: Federal Statutory and Regulatory Provisions (57-59) APPENDIX B: State Public Records/Freedom of Information Laws (60-63) APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws (64-69) APPENDIX D: State Records Management Laws (70-73) APPENDIX E: Sample Nondisclosure Agreements (74-74) APPENDIX F: Examples of SSI and Non-SSI (75-75) APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information (76-78) ACKNOWLEDGMENTS (79-79) BACK COVER (80-80)

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 76
76 APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information The following checklist of questions may be useful in assessing the adequacy of the agency's management of security information in its competitive procurement process. Because of the importance of state public records law in assessing the protected status of Restricted Security Information, the checklist also includes issues to look for in researching state law. The parameters of state law may influence counsel's recommendations for structuring procedures to manage secu- rity information. Ensuring Agency's Decisional Infrastructure Does the agency's Sensitive Security Information (SSI)/Restricted Security Information policy cover procure- ment? Is the policy applied uniformly? Are personnel with significant input into procurement documents adequately trained on the disclosure and management ramifications of including SSI/Restricted Security Information in procurement documents? Are personnel who manage procurement documentation adequately trained on the requirements for managing SSI/Restricted Security Information in procurement records? Does the agency require that personnel with the requisite expertise, such as legal counsel or records managers, review any public record requests for documents containing SSI/Restricted Security Information? Are personnel who manage procurement documents adequately trained on requirements for responding to pub- lic records requests for procurement documents containing SSI or Restricted Security Information (procedural requirements under state law; agency procedures for review of public record requests)? Deciding Whether to Include SSI/Restricted Security Information in Procurement Documents Is there a real need to include the information in the documentation? If included, can the Restricted Security Information be protected under state law? What are the ramifications of being forced to release the Restricted Security Information? What are the contract management ramifications of including the SSI/Restricted Security Information? Protecting SSI/Restricted Security Information Under Contract Management Process Does the agency have the physical and IT security required to adequately secure all contract documents (hard copy and electronic) containing SSI/Restricted Security Information? Does the agency adequately manage contractor access to all SSI/Restricted Security Information, including site visits and access to documents needed to perform the contract?

OCR for page 77
77 Does the agency adequately manage internal access to all contracts containing SSI/Restricted Security Informa- tion? Do management controls include: Restricting access to personnel with need to know? 516 Tracking all copies of documents containing SSI/Restricted Security Information? Requiring nondisclosure agreements before providing access to SSI/Restricted Security Information? Requiring background checks that comply with 6 U.S.C. § 1143 before providing access to SSI/Restricted Security Information? State Law Issues to Consider Does the state law definition cover electronic records? Has a standard been established for email? What is the standard for considering contractor records to be public records? Does state law explicitly address segregation? Do these requirements affect the structure of procurement docu- ments? Does state law include an exemption for security information? What is the scope of the exemption? Is the ex- emption mandatory or discretionary? Does the exemption require any specific statement or finding concerning public harm or danger from disclosure of withheld information? Do state courts look to the Freedom of Information Act in interpreting public disclosure requirements, particu- larly as applied to security exemptions? What is the standard of proof in establishing that an exemption applies? Does state law expressly address contract records? Have state courts interpreted the applicability of federal security legislation, such as the Critical Infrastructure Information Act of 2002, under state public records law? 516 Use of a controlled access database to do so could provide a quality control mechanism. See U.S. GOV'T ACCOUNTABILITY OFFICE, supra note 138, at 20.

OCR for page 78