Return to the USDOJ/OIG Home Page
Return to the Table of Contents

Implementation of the Contractor Personnel Security Program
in Selected Offices, Boards, and Divisions

Report Number I-01-004
March 2001


Our review found that the OBDs were not effectively implementing the Contractor Personnel Security Program and, consequently, were providing access to sensitive Department data and facilities to hundreds of contract employees who did not have the required security clearances. We found that 44 percent of the 628 contract employees we examined did not have security clearances. Several contract employees did not have clearances that were sufficient for the sensitivity of their work. In addition, less than 25 percent of the FY 1999 and 2000 contracts we reviewed had the required SPM security certifications.

When SEPS transferred the responsibility for contractor personnel security to the OBDs, the SPMs did not have procedures in place to perform these duties. In addition, JMD did not adequately monitor the OBD's implementation of the program. Consequently, many uncleared contract employees had access to sensitive law enforcement information that may have included grand jury information as well as some of the Department's most important automated information systems.

In September 2000, we met with representatives from the OBDs to discuss the results of our review. Subsequent to the meeting, we revised the report to show that several OBDs have developed procedures for managing their Contractor Personnel Security Programs. In November 2000, JMD conducted the first in a planned series of contractor personnel security program training. The training covered the SPM's role and responsibilities, BI requirements for the various position risk levels, the minimum BI required for contract employees, reinvestigation requirements, and record-keeping requirements. As our review progressed, the SPMs improved the administration of their security programs. However, some of the SPMs still have not developed a program that fully addresses the level of responsibility associated with ensuring that all contract employees are cleared to work on Department contracts.

We believe that JMD needs to exercise increased oversight over the OBDs' implementation of the Contractor Personnel Security Program. In addition to providing guidance on the topics covered by the November 2000 training, we believe that the program can be improved by developing procedures for designating SPMs, developing procedures for SPM contract certifications, and coordinating contract employee information between COTRs and SPMs. In addition, once policies and procedures have been established, the OBDs must ensure that their SPMs, program officials, COTRs, and other pertinent employees adhere to them. Accordingly, we make the following recommendations to the Assistant Attorney General for Administration:

  1. JMD delegate authority to make employment security determinations required for the Contractor Personnel Security Program to the appropriate OBD officials.

  2. SEPS and PSS provide training and guidelines that clarify roles and responsibilities in the Contractor Personnel Security Program to procurement staff, SPMs, and COTRs.

  3. SEPS and PSS develop a standard contract security certification form to be included in the contract file. PSS should consider including in each contract the name of the designated SPM and the SPM's role and responsibilities in the contractor personnel security process.

  4. JMD provide guidelines for contractor personnel record maintenance, including provisions for safeguarding personnel security records.

  5. JMD require SPMs to conduct periodic reviews of contractor files to ensure contractors are performing the required prescreening and maintaining the appropriate documentation required by the contracts.

  6. JMD provide guidelines that establish reinvestigation standards for contract employees and standards for accepting previously completed BIs.

In response to the report, JMD indicated that SEPS is issuing revised program guidance that should address the recommendations, with the exception of recommendation six. JMD did not agree that SEPS should issue guidance on reinvestigation standards and instead proposed that each of the OBDs establish their own standards. We did not agree with JMD's position and consider the report open.