What is sensitive security information? And what are its best practices? Well, read more because this article will discuss that.
Understanding Sensitive Security Information (SSI)
It refers to the information about security, operations, and facilities. It can also be about other assets or capital projects.
But, its exposure would be harmful. Especially to the security of transit employees and customers.
Because of that, transit agencies need to categorize SSI. And ensure to protect it. But, does that mean?
Well, protecting SSI means restricting its distribution. As well as controlling access to it.
By law, SSI is not subject to disclosure under the Freedom of Information. Additionally, it’s not available under discovery in civil litigation.
Moreover, SSI is not needed to be part of federal rulemaking. But, what is the purpose of SSI?
The Purpose
The U.S. Congress created SSI in 1974. It’s created as part of a response to a wave of airline hijackings. Thus initially, SSI was limited to the aviation industry.
But, on September 11, 2001, SSI extends to include all forms of transportation.
Thus, SSI refers to a kind of sensitive but unclassified information. And this is only related to the United States’ public transportation.
The SSI Policy
How would you protect SSI? Well, protecting it must start with setting an SSI policy.
Meanwhile, this policy sets the foundation of a transportation company’s SSI program. Besides, it helps employees understand their roles and duties.
Moreover, SSI policy should specify the following:
- Employees who receive and use SSI for their jobs are “covered persons”. And that’s under the U.S. government’s SSI regulation.
- It’s their special duty to protect SSI from unauthorized exposure.
Furthermore, the SSI policy ensures the SSI program has support from executives. So, what do you think will happen if it’s not followed?
Well, an adverse action for the employee will result. It can be verbal or written counseling up to. And the worst is the termination of employment.
SSI Best Practices
Marking
When a document contains SSI, every page must be appropriately marked. Especially in the header and footer of all pages. Even when there’s only a small part that contains SSI.
The header must include the identifier in bold letters: “SENSITIVE SECURITY INFORMATION”.
Also, it’s preferred to use a red font. Why so?
That’s because it sets the header apart from the rest of the text in the document.
SSI Material Media
Several media for use can contain SSI material. But it’s not limited to the following:
- Electronics presentation
- Spreadsheets
- Audio and video
- CDs and DVDs
- Portable Drives such as external hard drives or flash drives
Transmission Of SSI
How can you transmit SSI in a manner that prevents loss? Well, you can do the following:
- Fax
- Phone
Handling
You must store all SSI materials in a secure container. Examples are the locked file cabinet or drawer.
Reproduction
Only authorized employees and covered contractors are allowed to reproduce. Given that they have a signed non-disclosure agreement on file.
Loss Of SSI
Any loss must be reported immediately to the employee’s assigned manager.
Disposal
When the SSI material is no longer needed, you must destroy and dispose of it.
