BAMS

FOCI Action Plan

  1. Board Resolution:
    • Board Resolution (BR) can be found here.
    • Technology Control Plan (TCP). A TCP is required in cases where there are foreign board members or in cases where additional security measures are required to protect national security interests. A template TCP can be found here.
  2. FOCI Mitigation Agreements (Security Control Agreement (SCA) /Special Security Agreement (SSA) /Proxy Agreement (PA) /Voting Trust Agreement (VTA) ):
    • Templates for the above agreements can be found here.
    • Outside Director/Proxy Holder/Trustee Nominations: Outside Directors (ODs)/Proxy Holders (PHs)/Trustees have to be nominated by the company and approved by DSS. The candidates will have to be nominated, on company's letterhead. You will need to provide the full name, mailing address, phone number, e-mail address and social security number on each nominee. You may download the ODs/PHs/Trustees Questionnaire and their associated Certificate from the Foreign Ownership Control or Influence (FOCI) section of the DSS website here. Once a complete package has been received he will be vetted by DSS and either approved or disapproved for the position. Once approved as ODs/PHs/Trustees, they will need to work with the Facility Security Officer (FSO) to have their personnel clearance claimed in the Joint Personnel Adjudication System (JPAS). If they are not currently cleared, the FSO will need insure the appropriate actions are taken to process that individual for a Personnel Security Clearance through the Electronic Questionnaire Investigative Processing (e-QIP) system.

      Note: Generally, only one (1) OD is required for the SCA but DSS may require additional one in situations of an increased security concern. SSAs/PAs/VTAs generally require three (3) ODs/PHs/Trustees. In the case of the SSA, the number of ODs must exceed the number of Inside Directors (IDs). The PA and the VTA do not allow foreign representation on the cleared company's board. If the company will be requesting less than three (3) ODs/PHs/Trustees, a letter should be provided to DSS with a justification or rationale as to why the company believes that less than three (3) ODs/PHs/Trustees can implement the requirements the requirements of the agreement.

    • Affiliated Services: The in-process company has to advise DSS whether it will be requesting the following:
      • Shared Services;
      • a valuable product or service provided by any affiliate(s);
      • a valuable product or service provided by the in-process company or any of its subsidiaries to any of its affiliate(s);
      • a cooperative commercial arrangements such a joint research, development, marketing or other type of teaming arrangements between the in-process company and the affiliate(s).

        Additional information and a template Affiliated Operations Plan can be found here.

    • Facility Location Plan (FLP): If the in process company will be collocated with foreign parent, a minority foreign interest, or one of its affiliates, a FLP shall be submitted for DSS review and approval. A template of the FLP can be found here.
    • Electronic Communication Plan (ECP): policies and procedures that provide assurance to Government Security Committee (GSC) and DSS that electronic communications between the in-process company and its affiliates do not result in the unauthorized disclosure of Classified Information or Export Controlled Information, or/and are not used by any of the affiliates to exert influence or control over the company's business or management in a manner that could adversely affect the performance of contracts. A template of the ECP with all the requirements can be found here.
    • Technology Control Plan (TCP): A TCP is a plan which prescribes all security measures determined to be necessary to prevent the unauthorized disclosure of, and inadvert or intentional access by non U.S. citizens to, classified information and Export Controlled Information for which they are not authorized, including without limitation, requirements for badging, escorting, segregating work areas, and security indoctrination. A template for the TCP can be found here.

Note: Additional documents may be required to complete the process of implementing a FOCI mitigation instrument.