Section Six: Foreign Ownership, Control, or Influence (FOCI)

Slides:

Advertisements

Similar presentations

Managing the Health and Safety of Contractors

Advertisements

Subchapter M-Indian Self- Determination and Education Assistance Act Program Part 273-Education Contracts under Johnson-OMalley Act.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

CIP Cyber Security – Security Management Controls

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

Defense Security Service Facility Clearance Branch (FCB)

MANAGING FACILITY CLEARANCES AND CHANGES OF CONTROL Mary Beth Bosco Patton Boggs LLP 2550 M Street, N.W. Washington, D.C

BOARD STRUCTURES, BYLAWS AND MEETINGS ADDRESSING THE CHALLENGES by Heman A. Marshall, III, Principal Woods Rogers PLC September 2, 2009.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Justin Walsh FOCI Program Manager Industrial Security Field Operations.

National Contract Management Association – Norfolk Chapter Contracting Ground Rules.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

WORK HEALTH AND SAFETY ACT IMPLICATIONS FOR SMALL BUSINESS

Security Policies Group 1 - Week 8 policy for use of technology.

How to Hold Electronic Meetings and Votes Community Associations Institute 2012 Annual Conference Steve Sowell.

Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

A SOUND INVESTMENT IN SUCCESSFUL VR OUTCOMES FINANCIAL MANAGEMENT FINANCIAL MANAGEMENT.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Deemed Exports Erin Golsen Export Policy Analyst Office of Nonproliferation Controls and Treaty Compliance.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

HIPAA PRIVACY AND SECURITY AWARENESS.

Training Module 4 Special thanks to the Michigan Association of Conservation Districts for assisting in the development of this training module.

PERFORMING ON CLASSIFIED CONTRACTS.

INTERNAL CONTROL OVER FINANCIAL REPORTING

Considering Internal Control

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.1 Steps in the Licensing Process Geoff Vaughan University.

DEFENSE SECURITY SERVICE DSS Role in International Security.

1. Module Rev.F1 2  The Integrated Safety Management System (ISMS) is a systematic, common sense approach to working safely. The objective of.

Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.

Creating an Insider Threat Program.

SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.

ISO/IEC 27001:2013 Annex A.8 Asset management

“SPEAR” W ORKSHOP O CTOBER 19 & 30, 2015 ANGELLE GOMEZ S UBAWARD R ISK A SSESSMENT / MONITORING.

Chapter 8 Auditing in an E-commerce Environment

Vienna 14 March 2006 Andrew J. Popham Vice-President of FEE Partner, PricewaterhouseCoopers LLP The New Directive on Statutory Audit in the EU.

CLCCS Mission The specific mission of each charter school of the Corporation is to create a powerful, safe,* secure,* active, project-based learning environment.

Data protection—training materials [Name and details of speaker]

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

FDIC Perspective on Environmental Risk Presented by: Gordon Stoner Legal Division Federal Deposit Insurance Corporation May 6, 2008.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter

Responsibilities of Test Facility Management, Study Director, Principal Investigator and Study Personnel G. Jacobs Belgian GLP Monitorate Zagreb, 17 December.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Nassau Association of School Technologists

Safeguarding CDI - compliance with DFARS

Port of Stockton Escort Training

Safeguarding Covered Defense Information

Providing Access to Your Data: Handling sensitive data

Obligations of Educational Agencies: Parents’ Bill of Rights

Introduction to the Federal Defense Acquisition Regulation

Paul T. Smith Davis Wright Tremaine LLP

CIS 349 Competitive Success/snaptutorial.com

CIS 349 Education for Service/snaptutorial.com

CIS 349 Teaching Effectively-- snaptutorial.com

Red Flags Rule An Introduction County College of Morris

AN OVERVIEW OF THE INDUSTRIAL SECURITY PROGRAM

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Export Controls – Export Provisions in Research Agreements

An overview of Internal Controls Structure & Mechanism

Presentation transcript:

Section Six: Foreign Ownership, Control, or Influence (FOCI) Requirements Note: All classified markings contained within this presentation are for training purposes only.

Foreign Ownership, Control, or Influence (FOCI) Indicators A U.S. company is under FOCI when A foreign interest has the power, whether or not exercised, to direct or decide matters affecting the management or operations of the company This may result in unauthorized access to classified information or may adversely affect performance of classified contracts Indicators include Substantial foreign holdings of company stock > 5 % of the ownership interests > 10% of the voting interest Existence of foreign subsidiaries Foreign corporate officers or board directors Contractual agreements with foreign sources Foreign debts/income Shared corporate officers or board directors

Foreign Ownership, Control, or Influence (FOCI) Business Impact If a defense contractor is determined to be under FOCI: The Defense Security Service (DSS) takes immediate action to safeguard classified information Contractor is not eligible for a new facility clearance until FOCI review Existing facility clearance can continue if DSS sees no risk of compromise Existing facility clearance will be revoked if security measures inadequate If a contractor does not currently possess, or have a current/impending requirement for access to classified information, their facility clearance is administratively terminated The U.S. Government can impose any security methods it deems necessary to protect classified information

Foreign Ownership, Control, or Influence (FOCI) Mitigation Requirements and Objectives U.S. companies that have some degree of foreign ownership or control must develop and implement a mitigation plan FOCI mitigation requires the company to develop a plan to control or deny access to technical information by the foreign entity The U.S. Government and the contractor have to concur on the mitigation plan Objectives To protect classified and export-controlled information To recognize and assess the influence and direction exerted by the foreign parent (and/or foreign government) To develop and to put into effect remedies when foreign influence may be adverse to U.S. national security interests

Foreign Ownership, Control, or Influence (FOCI) Mitigation Requirements and Objectives (cont.) Mitigation enables U.S. contractors to perform on classified programs with provisions in place to Negate foreign influence over that company Deny the foreign entity access to classified or export- controlled data Defense Security Service (DSS) permits mitigation through one of the following: Board Resolution Proxy Agreement and Voting Trust Agreement Security Control Agreement (SCA) and Special Security Agreement (SSA) Technology Control Plan (TCP) and Electronic Communications Plan (ECP)

Foreign Ownership, Control, or Influence (FOCI) Mitigation Instruments Board Resolution Used when the foreign entity does not own voting stock sufficient to elect a representative to the company's governing board Proxy Agreement (PA) and Voting Trust Agreement (VTA) Used when a cleared company is owned or controlled by a foreign entity Both agreements are substantially identical whereby the voting rights of the foreign owned stock are vested in cleared US citizens approved by the Federal Government (DSS) Neither arrangement imposes any restrictions on the company's eligibility to have access to classified information or to compete for classified contracts Security Control Agreement (SCA) Used when the cleared company is not effectively owned or controlled by a foreign entity and the foreign interest is entitled to representation on the company's governing board There are no access limitations under an SCA

Foreign Ownership, Control, or Influence (FOCI) Mitigation Instruments (cont.) Special Security Agreement (SSA) Used when a company is effectively owned or controlled by a foreign entity SSA has access limitations Allows foreign owned U.S. companies to win and work on classified contracts The SCA and SSA are substantially identical arrangements that: Require specific organization of the U.S. company (board, security committee, etc.) Designed to manage contact between the cleared company and its parent and affiliates Grant security clearance to specific sites and employees for classified U.S. projects

Foreign Ownership, Control, or Influence (FOCI) Mitigation Instruments (cont.) Technology Control Plan (TCP) A plan developed and implemented to prescribe security measures necessary to reasonably foreclose the possibility of unauthorized or inadvertent access by any foreign person to information for which they are not authorized The documentation that results from the collaborative process of site functions creating a written plan to manage the presence of foreign nationals in the work place Reinforces workplace awareness and education Identification of physical and electronic controls Established Audits/Checking Serves as evidence to U.S. Government Addresses where foreign national can and cannot go, who will escort them, how will they access information they need, what pre-authorizations are in place A TCP must be in place when: When non-U.S. persons are hired as employees in accordance with applicable laws Visits of three weeks or longer of a non-U.S. person A program involves non-U.S. customers who frequent or are assigned to a cleared site

Foreign Ownership, Control, or Influence (FOCI) Mitigation Instruments (cont.) Electronic Communications Plan (ECP) Required by DSS for FOCI companies Describes the oversight of communications between contractor personnel and the foreign owner and/or affiliates Intended to deter and detect undue influence by the foreign owner/affiliates over management affairs or unauthorized attempts to access classified information or export controlled technology For non-classified networks A network description will be included and contain All electronic communication mediums including but not limited to, personal/network firewalls, remote administration, monitoring, maintenance, and separate email servers (as appropriate) The scope will include all communications including telephone, teleconference, video conferences, facsimile, cell phones, PDAs and all computer communication including emails and server access Video conferencing shall be treated as a visit under the visitation requirements of the FOCI mitigation agreement Controls will be looked at during your annual DSS Inspection