Facility Security Officers

The Facility Security Officer (FSO) position plays an integral role in ensuring the effective implementation of a FOCI mitigation agreement. In addition to serving as the principle advisor to the Government Security Committee (GSC), an FSO is responsible for the day-to-day implementation of the FOCI mitigation agreement requirements. The primary roles and responsibilities of an FSO relating to FOCI are:

  • Abide by and enforce the mitigation agreement in place;
  • Ensure the Facility's officers, directors, and employees comply with the provisions of the Facility's mitigation agreement;
  • Advise the GSC;
  • Assist the GSC in the development and implementation of the Technology Control Plan (TCP), Electronic Communications Plan (ECP), and Visitation Procedures;
  • Ensure Affiliated Services being provided between the FOCI Company and the Affiliates that have been approved in advance by the GSC and DSS;
  • For instances with potential FOCI Collocation, assist the GSC in developing and submitting a Facilities Location Plan (FLP) for DSS review and approval;
  • Maintain day-to-day oversight to ensure all Affiliated Services, FLPs, TCPs, ECPs, and Visitation Procedures are fully implemented and effectively mitigate the FOCI;
  • Ensure that DSS (through the IS Rep) is advised of any known attempts to violate any provision of the Facility's mitigation agreement or relevant U.S. government contract provisions related to security, U.S. export control laws, or the NISP; and
  • Communicate any material changes to the IS Rep early and often.


(04/30/12) New DSS FOCI Collocation Process
The Defense Security Service (DSS) recently revised the review process of Foreign Ownership, Control or Influence (FOCI) Collocations. The intent of the new process is to provide more transparency to Industry about DSS concerns associated with FOCI Collocation and improve consistency in the DSS assessment of FOCI Collocations. For more information, click here.

(2/8/12) Electronic Communications Plan (ECP) Sample
DSS released a Word document sample ECP to assist FOCI companies with a comprehensive example on how an ECP could be articulated and is not meant to replace or restrict ECP development as every ECP will be unique. When drafting your ECP, you must try to be as detailed and clear as possible to expedite the entire process. For more information regarding ECP development, contact your Industrial Security Representative.

(10/11/11) Updated Electronic Communications Plan (ECP) Release
DSS released an updated ECP template for use by facilities under foreign ownership, control or influence (FOCI) mitigation. DSS has updated the ECP Template based on an internal review of the document; feedback from Outside Directors/Proxy Holders; and feedback from Industry. This version replaces the previous ECP template released on 6/28/10.

ECP Summary of Changes:

  1. Clarification on Teleconference and Video Teleconference requirements (See sections 1, 17.1, and 17.3 of the ECP Template).
  2. Monitoring configuration changes and defining which ECP changes require prior approval by DSS (See section 8.1 and the addition of attachment 4 "ECP Revision Log").
  3. Export Control Procedures (Section 16). The addition of the sentence: "If a third party provider is administering the Company's network, please describe the Company's procedures in place to ensure that export control violations do not occur with respect to the third party provider's administration of the Company's network."
  4. Attachment 3 - The User Acknowledgement language has been revised to reflect that employees must be briefed on the purpose of the ECP and their responsibilities under the plan.

(2/23/11) Notice Regarding Seven (7) Day Advanced Notice Requirement for Companies Operating Under a DSS Special Security Agreement (SSA) or Proxy Agreement(PA)
Many SSAs and Proxy Agreements require seven (7) days of advance notice for Outside Director or Proxy Holder visit approvals unless precluded by unforeseen exigencies. DSS requires advance approval of visits; however, defers to the Government Security Committee (GSC) to determine the appropriate advance notice required. Once the GSC has determined the suitable advance notice period for visit requests it must be formalized in writing to DSS. Furthermore DSS defers to the GSC on what constitutes an unforeseen exigency, so long as visits are approved in advance. Should you have any questions related to this issue, please contact your Industrial Security Representative.