To assess how well the OBDs were implementing the Contractor Personnel Security Program, we selected three different types of service contracts that provided 1,760 contract employees to the OBDs in FYs 1998 and 1999 1. Using invoices and contractor status records, we selected 628 of the 1,760 contract employees to determine whether the SPMs ensured that these employees had obtained the required background investigations (BIs) and were cleared to work on the contract. We compared the names of 628 contractor personnel to the security records maintained by the SPMs to determine whether they had approved clearances. If the SPMs did not have a clearance record or a file for the contract employee, we searched for clearance information at other locations including SEPS and other OBDs that may have used the contractor. In some cases, we also reviewed available contractor and Office of Personnel Management (OPM) records to determine whether a BI had been performed.
To assess whether contract personnel security requirements were included in the contracts and certified by the SPMs, we reviewed 91 contracts for FYs 1998 to 2000. We initially reviewed 42 contracts for FY 1998. We found that these contracts did not require the SPM contract certification requirement because they were based on solicitations that preceded the July 1997 revision to the JAR. Most of the FY 1998 contracts, however, contained personnel security requirements that had been developed by the program office. In February 2000, we conducted an additional review of 25 FY 1999 contracts and 24 FY 2000 contracts to assess the progress made by the OBDs.
According to the SEPS October 1997 guidelines, the OBDs could issue additional policies and procedures to address their specific personnel security needs. As part of the inspection, we reviewed the OBDs' policies and procedures for managing the Contractor Personnel Security Program. Their guidance generally reiterated the SEPS guidelines on the risk levels, identified the types of BIs required for each level, and included contractor personnel security procedures specifically tailored for the OBDs' needs.