Mod 5 Job Aid Initial Annual Compliance Mtg Checklist

7/25/2019 Mod 5 Job Aid Initial Annual Compliance Mtg Checklist

1/6

Mod 5 Job Aid: Initial/Annual Agreement Meeting Checklist

1

Signatory Company Name:Address:CAGE:Date:

DSS RepresentativeField Office

FOCI Mitigation Agreement: (SCA, SSA, Proxy, Voting Trust)

Execution Date: Expiration Date:

Outside Director (OD)/Proxy Holder(PH)/ Voting Trustee (VT)

Name and indicate Chairman of GSC and designated addit ionalresponsibilities (such as Approving Authority for Visits)

Confirm the number of ODs/PHs/VTs

1.

2.

3.

If less than three, is there a letter ofjustification from the Company and DSSapproval letter?

Date of Approval

Inside directors (IDs)

Confirm the number of IDs1.

2.

Is the ID(s) formally excluded fromaccess to classified information byresolution of the companys board?

When applicable, does the number ofODs exceed the number of IDs?

Government Security Committee(GSC)

Was the GSC established?

Date established:

GSC Chair:

GSC Secretary:

List the members:

Does the GSC meets quarterly?

Include the minutes (check the attendeesand the agenda)

Any recommendations for the GSC

meeting?Compensation Committee(if applicable)

Has the Board established acompensation committee if applicable?

List the members (at least one OD andone ID)

1.

2.


2/6


2

Does the committee meet annually?

Review the minutes?

What decision did they make?

Board MeetingsDoes the board meet annually?

Review the minutes.

Any issues?

National Interest Determination (NID) SSA only

Request an updated list of classifiedcontracts with access to proscribedinformation.

Any concerns?

Financials PA onlyHas the format of the financial reportsprovided to their parent been approvedby DSS?

Has the facility deviated from theapproved format?

Has an independent auditor beenappointed by the Proxy Holders?

Visitation policy

Are there established visitation

procedures for visit notifications andapprovals between thecompany/controlled entities, and theforeign parent and Affiliates?

Are all the non-routine business visitspre-approved by the designated OD?

How many non-routine business visitswere approved in the last inspectioncycle?

How many were denied? Reason?

Any concerns?Are all the routine business visitsapproved by the FSO?

How many were denied? Reason?

Are the approved routine business visitsconsistent with the definitions ofbusiness visits as defined by theagreement?

Any concerns?


3/6


3

Do the submitted Visit Request Formsobtain enough detail sufficient to enablethe ODs/PHs/FSOs to approve/deny thevisit request?

Have there been any social visitsreported?

Do these social contact reports haveenough detail?

Any concerns?

Are there any Blanket visits, Long-termvisits or other type visit requests that theGSC or DSS needs to approve?

Does the GSC periodically review visitrequests?

Does the GSC maintain a chronologicalfile of all documentation associated withmeetings, visitations, andcommunication?

(PA ONLY)

Are visits between the Board and foreignshareholder being requested andapproved in advance by DSS?

Are VTCs requested and approved asvisits?

Are there any violations of the visitationpolicies and/or procedures?

Have employees reported issues thathave taken place as a result of visit?

Electron ic Communication Plan (ECP) ECP Approval date:

Describe the components of the facilitys

Electronic Communication Plan (ECP).

Does the ECP meet DSS template?

Review Section 17.

Emails:What are the companys procedures forreviewing emails between theCorporation and affiliates?

Review emails for indications of influenceor unauthorized disclosure ofCUI/classified/export controlledinformation.

Any concerns?


4/6


4

Phone calls:

What are the companys procedures forreviewing phone communication betweenthe Corporation and affiliates

Review phone logs for indications ofinfluence or unauthorized disclosure ofCUI/classified/export controlledinformation.

Any concern?

Faxes and other type devices forcommunication:

What are the companys procedures forreviewing other types of communicationbetween the Corporation and affiliates?

Any concerns?

What is the companys policy for personaldevices?

Technology Control Plan (TCP) TCP Approval Date:

Has the company appointed aTechnology Control Officer (TCO)?

Is the TCO also an Empowered Official?

Describe his experience level?

What are the access control procedures(badges, escort)?

Has there been a release of exportcontrolled or classified material to aparent or affiliate company? If yes,identify the license involved andparticulars of the transfer?

Have there been any export controlviolations at the company over the pastyear? Voluntary disclosures? Who did

the investigations?

Have there been any export controlviolations at the company over the pastyear?

Voluntary disclosures?

Who did the investigations?

Has the company had any export


5/6


5

licenses or agreements for export ofcontrolled information?

Have all employees signed TCPacknowledgments?

Co-location FLP Approval Date:

Is this facility co-located with a parentcompany or officers/employees of theparent excluded in the chain or affiliatecompany?

Describe this situation and success of theseparation.

Is a Facilities Location Plan (FLP)submission required?

Was co-location approved by DSS?Are visits between the cleared facility andco-located parent/affiliate/employee keptto a minimum?

FOCI Briefing

Has the FSO/GSC established initial andannual security education and training forthe implementation of the FOCI mitigationagreement, Visitation Policy, TCP, ECP,FLP (if applicable), and AOP (if

applicable), at the company andcontrolled entities?

Review the certificates of completion forall employees.

Verify employees knowledge on FOCI.

Was additional education provided?

Is the security education sufficient?

Affi li ate companies:

Does the facility have a listing of thosecompanies that are above or outside theagreement?

Are the employees aware of whichcompanies are affiliates?

Changes to the organization

Have there been any changes to thecorporation?

Any changes to the Board or KMP?

Any pending merger of acquisition?


6/6


6

Affi li ated Operations Plan (AOP) AOP Approval Date:

Is the company implementingunapproved affiliated operations?

Assess company compliance with their

approved AOP.If no AOP in place, check the following:

Human Resources:

Insurance:

Legal:

Marketing:

Audit:

Taxes:

Financial Reports:

Mod 5 Job Aid Initial Annual Compliance Mtg Checklist

Documents

Transcript of Mod 5 Job Aid Initial Annual Compliance Mtg Checklist