Determining the need to access information, documents, rooms, area or facilities is based on whether or not an individual needs access to perform assigned duties and responsibilities. Does the individual need to know? Does the individual need to enter a secured area? The determination of needs and the subsequent decision to grant access to an asset is a function of management. Once the determination is made, Security personnel should be consulted to assist in selecting the appropriate means to achieve the desired level of control.

While the safeguards presented in this Handbook provide protection against environmental threats (fire, power failures, etc.) and acts of God (hurricanes, floods, etc.), most of the protection methods are designed to protect against such human threats as:

Most of the methods of protection are designed for protection after normal duty hours or at any time the assets to be protected are not under personal custody of authorized Service employees. The methods of protection are also designed to limit access by non-IRS, non-Federal individuals who may require access to Service facilities.

Because any single safeguard is often insufficient protection for any asset, the concept of layering of safeguards was developed to provide security in depth. To facilitate understanding security in depth, it is important to have some understanding of what must be considered before a decision can be reached regarding the appropriate safeguard, or combination of safeguards, required for a particular asset. The value of the asset and any applicable laws are the primary considerations. Once these are determined, then the problem of unauthorized access is approached by one or all of these methods:

The Minimum Protection Standards (MPS) system establishes a uniform method for protecting data and items which require safeguarding. This system contains minimum standards which will be applied on a nationwide basis. The MPS system has been designed to provide management with a basic framework of minimum security requirements which will provide greater flexibility in dealing with local conditions. Since local factors may require additional security measures, management must analyze local circumstances to determine space, container and other security needs at individual facilities. (See IRM 1.16, Physical Security Manual, formerly IRM 1.16.8, Physical Security Handbook.)

Standard — Items and data to be protected are divided into three groups:

Containers — Containers are grouped into three categories:

All space can be classified as either secured or non-secured. Secured areas are perimeter and/or internal areas which have been designed to prevent undetected entry by unauthorized persons during non-duty hours.

It is imperative that security considerations be addressed whenever IRS space is designed, acquired, altered or redesigned. Failure to consider adequate security during the early phases of space planning generally will result in costly modifications. In "open space" environments, the Service must ensure that acoustical planning is considered in order to minimize the potential for inadvertent unauthorized disclosures and to achieve an acceptable level of ambient noise. In addition, with the increased use of automated systems, it is important to consider placement of computer terminals in "open space" in order to avoid unauthorized disclosures.

Standard — Managers within the space and security functions are mutually responsible for:

All managers will ensure that space planning, particularly in "open space" environments, provides:

Under the Restricted Area concept, entry to critical areas is controlled and access is limited to those individuals who actually work in the area or have demonstrated a bonafide need to enter the area. Thus, the term restricted area denotes an area to which entry is restricted to authorized personnel only during normal working hours. The use of restricted areas is an effective method of controlling the movement of individuals and eliminating unauthorized traffic through critical areas, thereby reducing the opportunity for unauthorized disclosure, theft or alteration of tax information. All restricted areas will also be secured areas as defined in Section 15 of IRM 1.16, Physical Security Manual, (formerly IRM 1.16.8, Chapter 5) or provisions must be made to store protectable items in appropriate containers during non-duty hours.

Standard — All managers will work with the local security office to determine the best method of complying with restricted area security requirements. All managers will assure that:

The standards previously presented for restricted areas dealt with the need to control access to selected areas during normal work hours. Secured area/perimeters are used to control access during non-work hours. Since no employees are present during non-work hours to prevent unauthorized persons from entering the area, various safeguards are used to secure the protectable materials.

Standard — Secured areas are perimeter and or internal areas which have been designed to prevent undetected entry by unauthorized persons during non-duty hours. All managers whose operations are located in restricted and secured areas will ensure that the safeguards used to protect the secured area are functioning and that all employees are familiar with these operations. The local Security office will assist in determining the best method of compliance with the secured area/perimeter security.

In some offices, managers may have a need to control access between work areas during duty hours for production or other administrative reasons. The functions performed in the area do not require the constrictive measures required for restricted areas but do require minimal control over access.

Standard — Local management may determine that areas under their jurisdiction require some form of access control. Controlled areas can be established as local management determines. The need for access control for these areas should be thoroughly documented for subsequent review. If local management wishes to use one or more of the formal security controls, such as ID card identifiers, security registers, etc. concurrence from the Security office is necessary. It is not permissible to use all of the formal restricted area security controls for a controlled area.

Keys, key cards and combinations to locks are a means of controlling access. Access to a locked area or container can be controlled only if the key, key card or combination is controlled. The security provided by a particular locking system is lost if the key, key card or combination is not strictly controlled or becomes compromised in any way.

Standard — Managers must ensure that keys, key cards and combinations are issued only to persons with an official need to access the area or container and that these persons are reminded of their responsibility to safeguard these items. Individuals assigned keys, key cards and combinations may not share these with any other individual unless approved by the manager and only if there is an official need.

The protection of information is of vital concern to the Service. All employees of the Service that have or have had access to tax returns or return information and privacy information are prohibited by statute from disclosing such information except as authorized by applicable law or regulation (see IRM 11.3, Disclosure of Official Information Handbook). In addition to tax data there are many other documents that require protection from disclosure.

Standard — Every effort must be made to ensure that all documents are provided protection commensurate with the information therein. Tax data and privacy information shall be properly protected during duty and non-duty hours, transmitted in a traceable manner, and protected from inadvertent disclosure when in use. Documents containing information that require protection must be stored in accordance with minimum protection standards whenever they are not in the custody of an authorized IRS employee (see Exhibit 1.4.6–2).

The Privacy Act of 1974, 5 U.S.C. 552a, provides comprehensive statutory recognition of an individual's right to privacy. Recorded information which is retrieved by reference to a name or other personal identifier, such as a social security number, is privacy information. The purpose of the Act is to give citizens more control over what information is collected about them by Federal agencies and how that information is used. The Act specifies that agencies will establish appropriate administrative, technical, and physical safeguards to insure the security of records and protect records against any anticipated threats or hazards to their security or integrity which could cause substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom information is maintained (see IRM 11.3, Disclosure of Official Information Handbook).

Standard — Managers will ensure Privacy information is protected from inadvertent disclosure when in use, stored in a manner that will prevent unauthorized access during non-duty hours, and destroyed by an approved method (i.e. shredding, pulping, disintegration or burning).

Persons furnishing information on tax violations expect and deserve to have their identity kept secret. All employees must, therefore, handle such information in strict confidence. Such information must be given special handling to avoid disclosure to other than those employees having a need to know.

Standard — As soon as informant correspondence is recognized by mail classifiers or other employees, it will be sealed in a "To Be Opened By Addressee Only" envelope (E-19 or E-20) and routed to the Criminal Investigation office. These same precautions will also apply to claims for rewards, memorandums of interviews with informants, or any other communication which might in any way identify informants. The routing of informant communications to other activities by the Criminal Investigation activity will be made by transmission in sealed envelopes bearing instructions "To Be Opened By Addressee Only" or by hand carrying the material to the appropriate office. In order to maintain maximum security, informant communications, claims for rewards, reward reports, memorandums or other documents which identify informants will be afforded containerized protection at all times, except when such documents are being processed. Access to such storage containers will be limited to the person/persons responsible for the security of the documents.

"National" security information is any information, regardless of form, pertaining to the national defense or foreign relations of the United States, that is owned by, produced by/for, or is under the control of the U.S. Government. Executive Order 12958 prescribes a uniform system for classifying, safeguarding, and declassifying national security information. "Classified national security information," commonly referred to as classified information, is information that requires protection against unauthorized disclosure. Classified information is marked Top Secret, Secret, or Confidential to indicate its classified status when in documentary form. Executive Order 12968 established the Federal personnel security program and addresses national policy for access to classified information. Access to classified information is guided by two principles: eligibility or "need for access" and "need-to-know" . Eligibility is a determination, commonly referred to as a "security clearance" (Top Secret, Secret or Confidential), that an employee requires access to a particular level of classified information to perform a lawful and authorized government function. "Need-to-know" is a determination by an authorized holder of classified information that the prospective recipient requires access to a particular level of classified information in order to perform or assist in a lawful and authorized governmental function.

Standard — Classified information shall be classified, declassified, safeguarded and controlled in a manner that prevents its unauthorized disclosure. An unauthorized disclosure is a communication or physical transfer of classified information to an unauthorized recipient. Employees shall not be granted access to classified information unless they have a security clearance at the appropriate level (Top Secret, Secret, Confidential); have a demonstrated need-to-know; and have signed an approved nondisclosure agreement. See IRM 1.9, National Security Information Handbook.

Sensitive But Unclassified (SBU) information is any information the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled to under section 552a of Title 5 (the Privacy Act) or other laws. SBU is also known as official limited information. U.S. Government SBU may be marked with protective legends such as Limited Official Use, Official Use Only, For Official Use Only, Close Hold, Eyes Only, Law Enforcement Sensitive, Proprietary, and Restricted. SBU may be unmarked information such as medical, personnel, financial, investigative, law enforcement, regulatory, compliance, taxpayer data, security plans, and procedures or countermeasures. Limited Official Use (LOU) is a category of SBU authorized within the Department of the Treasury. Official Use Only (OUO) information is a category of SBU information authorized within the Internal Revenue Service. Unauthorized disclosure of SBU may reduce the effectiveness of the Tax Administration system, violate law, or adversely affect the national interest, conduct of Federal programs, or the privacy to which individuals are entitled under the Privacy Act. SBU can be in paper, electronic, or material form. Regardless of its form or markings SBU information requires special handling to prevent its loss, misuse, alteration, or unauthorized disclosure.

Standard — Managers at all levels are responsible for security of information under their control regardless of its form and for ensuring the information is properly safeguarded. (See Delegation Order 89 (revision 9), IRM 11.3, Disclosure of Information Handbook, and IRM 25.10 Information Technology Security Policy and Guidance.)

All records and documents created or received by the Service in connection with operational and administrative activities are official information and the property of the United States Government. In accordance with 18 U.S.C. 2071, it is unlawful to remove records or documents from the custody of the Service except in accordance with prescribed procedures. The Tax Reform Act of 1976 provides that returns and return information are to be confidential and not subject to disclosure, except as specifically provided in IRC 6103 or other sections of the Internal Revenue Code. IRM 11.3, Disclosure of Official Information Handbook, contains guidelines governing the release of data included on tax returns and other information contained in Service files.

Standard — Records and documents in the custody of Service employees will not be disclosed to the public, except through approved disclosure procedures, and will be protected from disclosure to other employees that do not have a need to know the information. In addition to guarding against unauthorized disclosure of tax information by Service employees, steps must be taken to prevent the possibility of such disclosures by non-Service personnel. Care must be taken to deny unauthorized non-Service personnel access to areas other than those which have been established for serving the public. All those persons with "a need to know," such as certain Government contractors and vendor personnel, must be informed of the protection requirements under the law to prevent unauthorized disclosure. This can be best accomplished in writing, citing the prohibitions, restrictions and penalties for unauthorized disclosure of tax return and return information.

A large volume of the Service's assets such as tax returns, remittances and government checks are transmitted by mail. The theft of mail can easily occur when left unattended on receiving docks or in building lobbies without protection.

Standard — Incoming mail, not being distributed or processed, will be stored in a secured area or in locked containers. Mail, incoming or outgoing, will not be left unattended in areas open to the public.

At times field employees have sensitive information at the taxpayer's site which should be stored at an IRS facility. Due to local conditions, it is not always possible to remove the information from the taxpayer's site and store it at an IRS facility. Service managers must ensure that employees adequately secure such information at the taxpayer's site.

Standard — IRS employees are responsible for securing sensitive tax information while at the taxpayer's site. Sensitive tax information, such as agent's work papers, original returns, examination plans, fraud data, etc., which is housed at a taxpayer's site must be stored in a security container under the control of the responsible Service employee. The taxpayer cannot have access to this container. If a security container is not available, this data may not be stored on the taxpayer's premises during non-duty hours. During duty hours, the data must be under the personal custody of the Service employee when it is not containerized. Personal custody exists when a responsible Service employee or other designated person (e.g. armored car service employee, authorized employee of a contract firm) has possession of, or visual contact with, a document or item of property. For the purpose of this definition, visual contact is limited to the person's desk or immediate work area over which he/she has physical control.

While on official travel it is often necessary for employees to carry tax data, laptops, taxpayer's checks and money orders, etc. Employees are held responsible for the loss, theft or disappearance of Service property when attributable to negligence. Recovery of documents may not necessarily be a mitigating circumstance after the loss.

Standard — All sensitive information must be provided adequate safeguards. Employees in custody of sensitive information or Service property while outside of an IRS office must protect such items to the maximum extent possible. Managers shall caution employees against leaving information or Service property in automobiles, motel/hotel rooms, public conveyances, taxpayer's offices, etc. If there is no alternative and tax information must be left in a vehicle, it must be locked in the trunk. However, the vehicle must be locked and the material unattended for only a short period of time. It may not be stored in a vehicle overnight.

The Service routinely ships tax returns and return information between IRS locations, as well as to other Federal and state agencies. Such data in transit is especially vulnerable to loss, destruction and disclosure. Such loss could result in irreparable damage to the Service or taxpayers, delay tax processing, and damage the public image of the IRS. (See IRM 1.16, Physical Security Manual, Section 13, formerly IRM 1.16.8 Physical Security Standards Chapter 3.)

Standard — All shipments of tax returns and return information from any processing or computing center, area offices, posts of duty, or other agencies and jurisdictions will be documented and monitored to ensure accountability and receipt for each shipment. Every Service facility engaged in the shipment of tax returns and tax information shall designate individuals to be responsible for monitoring the shipments.

The purpose of destroying waste material generated in the processing of tax documents or other related documents is to prevent the information from being disclosed to unauthorized personnel. Disposition and destruction of tax information must be in accordance with IRM 1.15.2 (Records Disposition Handbook).

Standard — Although IRS employees may know the proper methods of destroying tax data, management must reinforce this knowledge by including document destruction as a topic in orientation sessions, periodic group meetings and other awareness sessions. Managers will ensure that waste material generated in the processing of tax documents, protected data or other related documents must be destroyed by shredding, pulping, disintegrating or burning or any other manner which in the judgement of the responsible security official renders the information contained in such material irrecoverable.

After-hours security reviews have identified repeated security violations where tax and privacy data are left out in work areas. To improve the level of protection provided tax and privacy data, the Service has adopted a clean desk policy. This initiative particularly lends itself to non-secure areas.

Standard — All tax and privacy data when not in the custody of an authorized IRS employee must be stored in locked containers. Protected data must be locked in containers in areas where non-Service personnel may have access during non-duty hours. Security personnel will assist managers in determining when locked containers will be required. Directors, Submission Processing/Computing Centers, Customer Service Sites and other executive levels may exempt certain mass processing areas (pipeline type operations), but the exemption must be justified (e.g. containerizing will be so disruptive as to cause critical delays in processing) and documented and not just a matter of convenience. Exceptions must be sent to the local security office for review and approval. Items identified as requiring Special Security (SP) may not be exempted from the clean desk policy. Due to special access control needs these require a specific type containerization regardless of the area security provided. (For additional information see IRM 1.16., Physical Security Manual, section 14, formerly IRM 1.16.8 Chapter 4.)

A security program is enhanced when all managers and all employees are aware of security requirements, including the reasons for each of the security requirements they are expected to follow or enforce. Security awareness is encouraged and strengthened by the attitudes and actions of managers. If managers can explain the need for security in various situations, the employees will usually accept the need as an integral part of their responsibilities. The key to an awareness program is to show how the requirements relate to the work in which an employee is involved. For example, awareness efforts directed toward computer room employees should relate to security requirements in a computer room, while those efforts directed toward a tax auditor should relate to protecting the privacy of the taxpayer and the sensitivity to the tax return and return information.

Standard — To ensure that all employees and managers are made aware of security requirements, a security awareness program will be implemented. Every security awareness program will include the following:

When it is necessary for an office to move to another location, plans must be made to properly protect and account for all tax data and other information, as well as government property. The circumstances of the move must be carefully considered (e.g., the distance involved and the method to be used in making the move).

Standard — Managers will make sure that tax documents and other sensitive information is kept in locked cabinets or sealed in packing cartons while in transit. Accountability will be maintained to ensure that cabinets or cartons do not become misplaced or lost during the move. This can be accomplished by numbering the cabinets or cartons and maintaining a corresponding list of the numbered cabinets/cartons and what each contains. Throughout the move, classified material and other critical material will remain in the custody of an IRS employee with the appropriate clearance and need to know. The precautions taken to protect Government property during the move will be commensurate with the type and value of property involved. Small items of high value will be packed in cartons or moved in locked cabinets. Accountability will be maintained throughout the move.

One aspect of emergency management is the timely reporting of significant conditions or situations. Prompt reporting of incidents is essential in order to advise all levels of management of conditions that affect the operation of the Service. Trends or patterns detected as a result of the analysis will assist in development of effective countermeasures to minimize the effect of future disruptions. Significant incidents must be reported to executive levels so that they may be aware of situations that could require their immediate assistance or that result in the need to respond to inquiries from Treasury, other Federal agencies or the news media. (See IRM 1.16 Physical Security Manual, Sections 8–10, formerly IRM 1.16.6, Emergency Management Handbook, Chapter 1.)

Standard — Managers are responsible for making sure that significant incidents, unusual situations, potential incidents or situations affecting or which may affect the operations of the Service are reported as quickly as possible. Managers must make sure that all employees are familiar with incident reporting procedures and have access to the names and numbers of authorities charged with responding to incidents.

Occupant emergency plans are an essential part of a security program. Properly developed plans can reduce the threat to personnel, property, and other assets while minimizing work disruption. (See IRM 1.16 Physical Security Manual, Section 9, formerly IRM 1.16.6, Emergency Management Handbook, Chapter 8.)

Standard — The General Services Administration requires that occupant emergency plans be prepared for all federally occupied space. If the Service is the primary occupant agency, that is the agency with the largest population in the facility, the designated official will develop, maintain and test the occupant emergency plan. (The designated official is the highest ranking official of the primary occupant agency.) All possible situations should be addressed so that personnel will know what procedures to follow. Situations and incidents which should be included are: bomb threats, explosions, demonstrations, utility disruptions or failures, natural disasters, disruptive weather, fires, accidents, etc. Managers are responsible for ensuring that employees are familiar with the plan and with evacuation procedures.

A Business Resumption Plan is a guide to the orderly re-establishment of operations after an incident. The objective of the plan is to resume processing of critical functions as quickly as possible and eventually resumption of full, normal operations. (See IRM 1.16 Physical Security Manual, Section 10, formerly IRM 1.16.6, Emergency Management Handbook, Chapter 3.)

Standard — A properly developed plan requires coordination with all IRS organizations located at the facility. Each function will participate in the development of the plan by identifying critical needs (i.e. critical personnel and equipment needs, etc.) and will assign personnel to participate in the planning process. Emergency management planning must include not only recovery of critical information systems and applications but must also address issues such as human resources, vital records, telecommunications, security, environmental concerns and the facility which houses the work environment.

ID cards will be issued to all Service employees and will be worn while in Service facilities. In order to preserve the integrity and reliability of the ID card, employees may never have more then one ID card in their possession and all ID cards must be recovered from personnel who leave the Service. (See IRM 1.16 Physical Security Manual Section 5, formerly IRM 1.16.4, Identification Media Handbook, Chapter 2.)

Standard — All managers and supervisors have responsibility for:

Because of the need for other Federal personnel and non-Federal personnel (e.g. GSA, contractors, vendors) to have access to Service facilities, procedures have been established to meet this need while still providing appropriate safeguards. While these individuals may have a need to be in an IRS work area, they are not IRS employees and are not provided the same privileges and access levels. When visitors are in the work area, care must be taken to prevent unauthorized disclosures.

Standard — Managers are responsible for ensuring that other Federal personnel and non-Federal personnel follow all Service and local procedures while in IRS facilities. Managers are responsible for advising employees when visitors are in the work area and reminding them that sensitive information is not to be discussed or left in view of visitors.

With the growing use of outside expertise, the demand for staff-like access (unescorted access in IRS facilities or work areas) by non-Federal personnel to IRS facilities has greatly increased. In order to meet this demand, non-Federal personnel who have a daily need to be at a facility on a continuing basis over a period of time (usually 30 days or more) may be issued a red-photo ID card for use at that facility.

Standard — Managers, in organizations utilizing non-Federal personnel, are responsible for ensuring that these individuals are properly badged and are aware of and follow all Service and local procedures. The Security function must be notified in writing of the impending visit, length of the visit, names of the individuals, SSN and whether a NBIC background check has been conducted. A copy of the NBIC letter stating there has been a completed interim check must be attached to the request. Non-federal ID cards (Forms 6056) may not be removed from the issuing facility and may not be used as authorization to access Service facilities. Without a copy of the NBIC letter, no photo ID will be issued.

Other Federal personnel and non-Federal personnel may have a need to visit IRS facilities. These individuals do not require staff-like access but may need periodic access on a regular basis. These individuals may be issued a non-photo, "VISITOR" ID card.

Standard — Managers are responsible for ensuring that individuals visiting an IRS facility are placed on a visitors register and upon arrival are made aware of and follow all Service and local procedures. These individuals may not be given staff-like access but rather should, in most instances, be limited to a specific work area and be escorted to that work area by an IRS employee. Visitors must be on a visitors register, show a picture ID to verify identity and sign the visitor's register. Employees are to be notified that there is a visitor in the work area and that sensitive information is not to be discussed or left in view of visitors. The "VISITOR" ID card may not be removed from the facility but must be recovered upon exiting.

Non-federal personnel, visiting an IRS facility, who do not have a verified background check or who are not on a visitor list, must be issued an "Escort Only" ID card. This is a non-photo ID card that will be issued only after the individual shows a picture ID, signs the visitor register and is verified by an IRS employee assigned to the facility. The visitor will be escorted at all times by an IRS employee.

Standard — Managers are responsible for ensuring that individuals issued "Escort Only" ID cards are escorted at all times by an IRS employee and that these individuals follow all Service and local procedures. Managers will ensure that the visitor's need to access has been validated by an IRS employee assigned to the facility. Managers are responsible for notifying employees that there is a visitor in the work area and that sensitive information is not to be discussed or left in view of the visitor.

Pocket commissions are used to present proof of authority in the performance of official duties. They are primarily intended to identify Service personnel to the public when dealing with tax matters and may not be issued merely to identify employees for transaction of routine business. There are two categories of pocket commissions—enforcement and non-enforcement. Enforcement commissions are issued only to individuals in the 1811 series. Non-enforcement commissions are issued to all other authorized employees. (See IRM 1.16 Physical Security Manual Section 6, formerly IRM 1.16.4, Identification Media, Chapter 3.)

Standard — Managers are responsible for ensuring that only authorized employees are issued pocket commissions and that pocket commissions will only be displayed as prescribed in IRM 1.16 Physical Security Manual Section 6, (formerly IRM 1.16.4, Identification Media Handbook). Managers will identify employees who are required to present proof of authority during taxpayer contacts and will initiate requests for pocket commissions for authorized employees. If a category of employees is not on the authorized list, managers will submit a memorandum to their Chief Officer, Operating Division Commissioner, Chief, Criminal Investigation, or Chief Counsel requesting that the title and series be added to the list. In addition to the title and series, the memorandum will include a justification. Once this request is approved, it should be forwarded to the Director, Real Estate and Facilities Management .

In accordance with the Federal Service Impasses Panel decision dated March 10, 1992, Internal Revenue Service employees authorized to hold a pocket commission may have the pocket commission issued in an approved pseudonym name. In a memorandum dated May 19, 1999, signed by the Chief Operations Officer and the President of NTEU, the Service agreed to issue ID cards in an employee's approved pseudonym name. The pseudonym has to be approved by the employee's manager and a written request from the manager will be submitted to the local Security office asking for issuance of the pocket commission and/or ID card in the employee's pseudonym name.

Standard — Employee's may be issued a single ID card and/or pocket commission in an approved pseudonym name. In addition, employees authorized name tags may have the name tag issued in an approved pseudonym name. Managers are responsible for generating requests for issuance of ID media in a pseudonym name. If an employee already has a pocket commission and/or ID card issued in their legal name, that ID media must be recovered prior to issuance of identification media in the pseudonym name. Managers must make sure that employees do not have more then one ID card and/or pocket commission in their possession.

Calling cards may be used by Service personnel who have a continuing need to leave their name, unique identifying number and telephone number with non-Service individuals or companies as a ready reference for contact by telephone or at an office address See IRM 1.16 Physical Security Manual Section 4, (formerly IRM 1.16.4, Identification Media Handbook) and 1.17, Multi-Media Publishing.

Standard—

Employees assigned to walk-in areas may be provided name tags as an alternate form of identification in order to meet requirements of 3705(a) of the Restructuring and Reform Act of 1998.

Standard — Employee names tags will be issued only to those individuals assigned to taxpayer walk-in areas and will include the employee's name (or pseudonym name) and unique identifying number. The design and size of the name tag will meet Service standards and will be ordered through the employee's manager.

Functional reviews measure adherence to security requirements and procedures that apply to each manager's office or functional area. Functional reviews allow managers to ensure that existing security procedures and requirements are being followed on a daily basis.

Standard — First line managers or their designated representative will conduct functional reviews on at least an annual basis (by September 30 of each year) or more frequently, will document the review and will provide a copy of the report to the local Security office for review. Managers will maintain a copy of the report for at least 3 years. Review criteria may be based on local concerns but at a minimum managers will conduct an after hours review and will evaluate their areas on:

An after hours review allows managers to determine whether documents, property and monies are being adequately protected when not in the custody of authorized IRS personnel.

Standard — Managers should periodically review functional areas after hours to determine if sensitive information is appropriately containerized and disposed of, whether cabinets, safes and other containers are appropriately secured and whether restricted areas, secure areas and office doors are secured. If weaknesses are identified, managers should take immediate action to safeguard information, property or rooms/facility, counsel employees as appropriate, and/or request assistance from appropriate Security personnel in developing corrective measures.

Contracts for services or property which involve the disclosure of sensitive information to a contractor (i.e. return or return information, personnel information and administrative or internal management information critical to mission of the Service), must include appropriate protective measures in accordance with applicable laws, regulations and procedures.

Standard — Managers should make sure that requests for contracted services involving disclosure of tax data or other protected information are reviewed by Disclosure and, where appropriate, Security and include:

In order to ensure that a contractor facility provides required security safeguards, an on-site (safeguard) review may be required. If it has been determined that a site survey will be required, the contracting officer shall require the vendor to provide, in writing, as part of their offer the following information:

Standard — It is the responsibility of the requesting activity to ensure that a site survey is conducted when necessary. If technical expertise is not available on the user's staff, assistance from Security personnel should be requested. The site review will usually consist of a pre-review conference, interviews, facility tour and close out conference.

An existing contractor's ability to adequately protect IRS data from unauthorized use or disclosure must be recertified annually for contracts which extend beyond a one year period, prior to contract renewal or if the safeguards employed by the contractor become a matter of concern (e.g. suspected security breach).

Standard — The requesting function is responsible for contract recertifications. If the recertification is conducted due to a disclosure concern, Security personnel should be contacted and briefed on the areas of concern. The contractor will be requested to provide a self-assessment regarding their ability to protect IRS data. If it cannot be determined from the self-assessment and other documentation whether to recertify, a recertification site review of the contractor facility should be scheduled.