SECTION 1. PURPOSE.

.01 This Order prescribes the functions and responsibilities of the Office of Security (OSY). (The position of Director for Security is authorized in DOO 10-5, “Chief Financial Officer and Assistant Secretary for Administration.”)

.02 This revision updates the structure of OSY by describing functions to be performed in various program activities.

SECTION 2. STATUS AND LINE OF AUTHORITY.

.01 The Office of Security, a Departmental office, is headed by a Director, who reports to and is responsible to the Chief Financial Officer and Assistant Secretary for Administration (the Assistant Secretary) and to the Deputy Assistant Secretary for Administration (the Deputy Assistant Secretary).

.02 The Director shall be assisted by a Deputy Director who shall participate with the Director in management of activities of OSY and who shall perform all functions of the Director in his/her absence.

.03 The head of each operating unit is responsible for ensuring the security of the personnel, facilities, property, information and assets of their respective organizations in accordance with applicable laws, regulations, Executive Orders (E.O.s), and directives. The Director is responsible for advising and assisting heads of operating units. Additionally, the Director will provide security services when it is more practical or economical to consolidate them at the Department of Commerce (the Department) level. (For the purpose of administering the Department’s security programs, the Office of the Secretary is considered an "operating unit" and is subject to policy and procedural requirements levied on all other Departmental units. The Director shall serve as the Security Officer for the Office of the Secretary.)

.04 Departmental facility and senior office managers are responsible for ensuring the security of the personnel, facilities, property, information and assets of their respective facilities in accordance with applicable laws, regulations, E.O.s, and directives. Security officers providing client security services to bureaus and operating units will assist facility managers in carrying out these responsibilities.

.05 The Director will head the Department’s Security Council composed of representatives from each operating unit. The representatives will communicate security requirements from their respective operating units, exchange security-related information, and coordinate security services. Designating an employee to assist in performing security activities will not relieve the operating unit head, senior facility manager, or servicing security officer of their responsibilities.

.06 The Director may redelegate the authority prescribed by this Order to designated personnel in OSY and to the operating units of the Department.

SECTION 3. FUNCTIONS.

.01 Pursuant to the authority vested in the Assistant Secretary in DOO 10-5, and subject to such policies and directives as the Assistant Secretary may prescribe, the Director is hereby delegated the following authorities:

a. Department-wide staff management responsibility for establishing policies and procedures for: personnel security; industrial security; the safeguarding of classified and sensitive documents and information; protection of Department personnel, facilities, property, assets and activities; identification, assessment and management of threats; security risk assessments; emergency actions and preparedness; physical security (including executive protection); communications security; operations security; security education, awareness, and training; and compliance with security policies and procedures.

b. Provide services in the functional areas, outlined in subparagraph a. above, as required by the Office of the Secretary and all Department organizations and personnel.

c. Coordinate, establish, and maintain a Departmental Occupant Emergency Program (OEP) in accordance with the provisions of the General Services Administration's (GSA) Federal Management Regulations (FMR 102-74.230 to 102-74.260) at 41 CFR 102-74.230 to 102-74.260 pertaining to the OEP.

d. Serve as the principal Departmental official for coordinating and assisting in the establishment and continuation of a Department-wide emergency action program, to include emergency preparedness, particularly as applicable to the requirements of E.O. 12656, Assignment of Emergency Preparedness Responsibilities.

e. Serve as the principal Departmental official for matters involving security, mission-critical threats, and executive protection, and function as the Department’s liaison with agencies of federal, state, and local government in security, executive protection, and Departmental counterintelligence issues.

f. Conduct investigations under the authorities, functions, and responsibilities of OSY.

g. Provide support to the Department’s facility managers on security matters related to facility management and provide advice and assistance to facility management staff as required for security purposes.

SECTION 4. SPECIFIED AUTHORITY.

.01 In addition to the authority implicit in and essential to carrying out the functions hereby assigned, the Director shall:

a. Exercise authorities vested in the Secretary as well as obtain other authority under law as necessary (such as special deputation from the United States Marshal) for the authorization to carry firearms and make arrests in order to perform the functions and responsibilities assigned to the Director and certain members of OSY.

b. Ensure effective implementation of E.O. 13526, Classified National Security Information, as amended, or successor policy, as the senior agency official designated by the Secretary of Commerce (the Secretary) under the provisions of § 5.4. (d) of that E.O.

c. Ensure effective implementation of E.O. 12968, Access to Classified Information, or successor policy, as the senior agency official designated by the Secretary under the provisions of § 6.1. (a) of that E.O.

d. Ensure effective implementation of National Security Decision Directive 298, National Operations Security Program, or successor policy, as the Departmental planner for Operations Security.

e. Ensure effective implementation of E.O. 12829, National Industrial Security Program, January 6, 1993, or successor policy, as senior agency official to direct and administer the Department’s implementation of and compliance with the National Industrial Security Program.

f. Ensure effective implementation of E.O. 10450, as amended, Security Requirements for Government Employment, April 27, 1953, and 5 CFR Part 732, National Security Positions, and their successor policies, as the senior agency official designated by the Secretary.

g. Ensure effective implementation of E.O. 13467, June 30, 2008, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information, or successor policy, as senior agency official designated by the Secretary.

h. Ensure effective implementation of E.O. 13488, January 16, 2009, Granting Reciprocity on Excepted Service and Federal Contractor Employee Fitness and Reinvestigating Individuals in Positions of Public Trust, or successor policy, as senior agency official designated by the Secretary.

i. Ensure effective implementation of E.O. 13556, November 4, 2010, Controlled Unclassified Information, or successor policy, as senior agency official designated by the Secretary.

j. Ensure effective support of the National Foreign Intelligence Program as required by E.O. 12333, United States Intelligence Activities (1981), as amended by E.O. 13284 (2003), E.O. 13355 (2004) and E.O. 13470 (2008).

SECTION 5. ORGANIZATION.

The Director shall advise and represent the Assistant Secretary on policies and procedures for assessing threats to the mission, operations and activities of the Department and provide guidance and assistance to Departmental offices and operating units on the protection of personnel, facilities, property, assets and activities as well as classified and sensitive information. Except for those functions maintained in the immediate Office of the Director, the functions of OSY shall be organized and carried out under the direction and supervision of the Director through the following security components:

.01 The Anti-Terrorism Division will consist of the Physical Security, Overseas Security, and Executive Protection Programs:

a. Physical Security Program staff: develop a comprehensive physical security program to protect the agency’s facility, property, information, and personnel assets in accordance with Federal standards and regulations; evaluate and certify risk assessment surveys; prioritize the physical security effort; and recommend funding for countermeasures.

b. Overseas Security Program staff: manage the program to deliver services to the United States and Foreign Commercial Service; and with the Department of State, coordinate the provisions of all State-Commerce security agreements.

c. Executive Protection Program staff: coordinate and provide, as requested and authorized, physical protection for the Secretary, visiting foreign officials, and official guests during Department functions.

.02 The Investigations and Intelligence Division: conduct proactive and reactive investigations and analyses to identify and/or assess critical threats to the Department’s mission, operations, or activities; prevent or mitigate such threats from adversely affecting Department personnel, facilities, property, or assets through strategic and tactical approaches; and collaborate with other national security and law enforcement entities as appropriate. Staff produce and present reports, assessments, and briefings involving mission-critical threats to the Secretary, Deputy Secretary, Assistant Secretary, Director, and national security or prosecutorial officials, and may require and receive assistance from Department personnel while performing mission-critical threat functions.

.03 The Counterespionage Division will consist of the Information Security and Personnel Security Programs:

a. Information Security Program staff: develop, coordinate, and disseminate all Departmental policies relating to the handling and protection of classified information; manage the Department’s program that provides for the protection of classified national security in accordance with E.O. 13526, as amended, Intelligence Community Directives, and other applicable laws, E.O.s, directives, and regulations; develop professional standards and comprehensive security education and awareness program activities to enhance employee knowledge of security requirements, including personal protection, hostile intelligence threats, proper management of classified and sensitive information, and means of countering threats to Departmental facilities and personnel; and manage the Departmental Secure Telecommunications Program.

b. Personnel Security Program staff: receive and process requests for personnel security clearances for job applicants, employees, and other individuals requiring access to classified national security information at any Department location worldwide; request investigations for security clearances in accordance with E.O. 10450, as amended, E.O. 12968 and 5 CFR Chapter 1, Parts 731, 732, and 736; review and determine the status of cases involving the evaluation of adverse information in connection with the issuance of certificates of security clearance, the imposition of security restrictions on individuals, and other decisions affecting security clearances; take action, as appropriate, on withholding or withdrawing the security clearance of job applicants, employees, contractors, grantees, or other individuals, and, for employees, recommend action under the provisions of 5 U.S.C. §§ 7312 and 7531-32 and E.O.s 12968 and 10450, as amended; as requested by responsible Department officials, assist in the verification, review and evaluation of adverse information concerning Department employees, job applicants, and other individuals for the purpose of making suitability determinations (in accordance with 5 CFR Part 731 and other regulations promulgated pursuant to 5 U.S.C. § 301); and review, evaluate, and take appropriate action under the provisions of E.O. 10450, as amended, and E.O. 12968, with regard to any notifications of investigation of employee misconduct received by the Director from the Office of Inspector General. Program staff administer the provisions of the National Industrial Security Program as set forth in the National Industrial Security Program Operations Manual (NISPOM). Program staff also maintain liaison with operating unit and bureau program managers and the Defense Security Service in order to provide appropriate input and response required to maintain the NISPOM.

.04 The Continuity and Emergency Preparedness Division and its related program staff develops a comprehensive program for emergency programs; coordinates and reviews emergency preparedness plans and programs for utility and responsiveness to E.O. 12656; and oversees the development and implementation of Occupant Emergency, Continuity of Operations and Continuity of Government plans for the Department.

a. The Continuity Program staff: manages the Departmental continuity programs consisting of the Continuity of Government (COG) and the Continuity of Operations (COOP) programs. These programs are managed in accordance with Homeland Security Presidential Directive 20 (HSPD-20) and Federal Continuity Directive-1 (FCD-1). Through tests, training and exercises, the staff effectively plans for controls and evaluates all interagency level exercises for these programs, in accordance with the National Exercise Program. Additionally they oversee the involvement of the Department’s leadership in interagency senior level exercises (e.g., TOPOFF).

b. The Emergency Preparedness Program staff: manages the Departmental Emergency Operations Center and the overall Occupant Emergency Program for the Department, and the specific Occupant Emergency Plan for the Herbert C. Hoover Building (HCHB). Through tests, training and exercises the staff effectively plans for, controls and evaluates all interagency-level exercises for the above programs, in accordance with the National Exercise Program.

.05 The Client Security Services Division will consist of all field security offices. The field security offices shall be responsible for providing security oversight to operating units; coordinating searches, evacuations, and other procedures to protect persons, property and information; overseeing the emergency responses and investigations of security incidents at all Departmental facilities; developing, implementing, and maintaining a program of reviews throughout the Department to ensure appropriate compliance with all security policies promulgated by OSY; conducting a comprehensive security education and awareness program to enhance employee knowledge of security requirements; facilitating requests for personnel security clearances for job applicants, employees, and other individuals requiring access to classified national security information at any Department location worldwide; and reviewing suitability investigations for contractors of the Department.

.06 The Strategic and Administrative Management Division and its related program staff provide strategic solutions for Departmental issues including budget, performance metrics, personnel, training, procurement and administration.

.07 The Project Management Division and its related program staff provide project and technological support to enable OSY to perform risk reduction functions more efficiently; including providing assistance with the implementation of Homeland Security Presidential Directive 12 (HSPD-12).

SECTION 6. EFFECT ON OTHER ORDERS.

.01 This Order supersedes Department Organization Order 20-6, dated October 2, 2008.

.02 Nothing in this Order shall have the effect of, or be construed as, an exception to the responsibility and authority of the Office of the General Counsel under DOO 10-6, “Office of the General Counsel” for policy and operating guidance on legal matters. With respect to such security matters that involve legal issues, the Director for Security shall consult with the Office of the General Counsel.

.03 Nothing in this Order shall have the effect of, or be construed as, an exception to the responsibility and authority of the Department's Office of Inspector General under DOO 23-1, “Office of the Inspector General” to conduct investigations to prevent and detect fraud, waste, and abuse. With respect to such security matters that involve such issues, the Director for Security shall consult with the Office of Inspector General, which has the right of first refusal in investigating allegations involving any Department employee, contractor, or grantee.

Signed By: Chief Financial Officer and Assistant Secretary for Administration