National Academies Press: OpenBook

Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements (2010)

Chapter: APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information

« Previous: APPENDIX F: Examples of SSI and Non-SSI
Page 76
Suggested Citation:"APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 76
Page 77
Suggested Citation:"APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 77
Page 78
Suggested Citation:"APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 78

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

76 APPENDIX G: Checklist for Assessing Adequacy of Management of Security Information The following checklist of questions may be useful in assessing the adequacy of the agency’s management of security information in its competitive procurement process. Because of the importance of state public records law in assessing the protected status of Restricted Security Information, the checklist also includes issues to look for in researching state law. The parameters of state law may influence counsel’s recommendations for structuring procedures to manage secu- rity information. ƒ Ensuring Agency’s Decisional Infrastructure Does the agency’s Sensitive Security Information (SSI)/Restricted Security Information policy cover procure- ment? Is the policy applied uniformly? Are personnel with significant input into procurement documents adequately trained on the disclosure and management ramifications of including SSI/Restricted Security Information in procurement documents? Are personnel who manage procurement documentation adequately trained on the requirements for managing SSI/Restricted Security Information in procurement records? Does the agency require that personnel with the requisite expertise, such as legal counsel or records managers, review any public record requests for documents containing SSI/Restricted Security Information? Are personnel who manage procurement documents adequately trained on requirements for responding to pub- lic records requests for procurement documents containing SSI or Restricted Security Information (procedural requirements under state law; agency procedures for review of public record requests)? ƒ Deciding Whether to Include SSI/Restricted Security Information in Procurement Documents Is there a real need to include the information in the documentation? If included, can the Restricted Security Information be protected under state law? What are the ramifications of being forced to release the Restricted Security Information? What are the contract management ramifications of including the SSI/Restricted Security Information? ƒ Protecting SSI/Restricted Security Information Under Contract Management Process Does the agency have the physical and IT security required to adequately secure all contract documents (hard copy and electronic) containing SSI/Restricted Security Information? Does the agency adequately manage contractor access to all SSI/Restricted Security Information, including site visits and access to documents needed to perform the contract?

77 Does the agency adequately manage internal access to all contracts containing SSI/Restricted Security Informa- tion? Do management controls include: Restricting access to personnel with need to know? Tracking all copies of documents containing SSI/Restricted Security Information?516 Requiring nondisclosure agreements before providing access to SSI/Restricted Security Information? Requiring background checks that comply with 6 U.S.C. § 1143 before providing access to SSI/Restricted Security Information? ƒ State Law Issues to Consider Does the state law definition cover electronic records? Has a standard been established for email? What is the standard for considering contractor records to be public records? Does state law explicitly address segregation? Do these requirements affect the structure of procurement docu- ments? Does state law include an exemption for security information? What is the scope of the exemption? Is the ex- emption mandatory or discretionary? Does the exemption require any specific statement or finding concerning public harm or danger from disclosure of withheld information? Do state courts look to the Freedom of Information Act in interpreting public disclosure requirements, particu- larly as applied to security exemptions? What is the standard of proof in establishing that an exemption applies? Does state law expressly address contract records? Have state courts interpreted the applicability of federal security legislation, such as the Critical Infrastructure Information Act of 2002, under state public records law? 516 Use of a controlled access database to do so could provide a quality control mechanism. See U.S. GOV’T ACCOUNTABILITY OFFICE, supra note 138, at 20.

Next: ACKNOWLEDGMENTS »
Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB‘s Transit Cooperative Research Program (TCRP) Legal Research Digest 32: Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements highlights the legal requirements that are relevant to the transit procurement process of balancing the competing needs of open government and public security. The report explores federal and state requirements concerning record retention and disclosure, as well as practices transit agencies have adopted to meet their responsibilities in balancing these competing public policy interests.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!