SECURITY CLEARANCE LEVELS


THE LUSOPHONE FOUNDATION'S ORGANOGRAM


CONFIDENTIALITY OF INFORMATION


Artefacts of information considered "classified" (or "confidential") comprise any, and all materials whose access is restricted, and regulated to guarantee the protection, and safety of any, and all active, and passive institutional assets belonging to the Lusophone Foundation.

The process of Classification aims to protect, and restrict the access and usage of artefacts of information. The categorisation, and definition of confidentiality and restriction statuses, as well as the maintenance, protection, and regulation of artefacts of information, are under the institutional jurisdiction of the Directorate for the Administration of Archives, and Security of Information (DAASI)1.

To guarantee the security of institutional artefacts of information, the Lusophone Foundation employs the criteria of "need-to-know-basis"; it utilises a system to compartmentalise information to control, and limit access through classifications.

The principle of the "need-to-know" specifies that the dissemination of artefacts of information, and related knowledge, must not be greater than necessary in order to conduct, and enable efficient organisational operations. Therefore, access to information is limited only to individuals who truly require, and are properly authorised to access artefacts that are relevant to their laboural responsibilities.

This is a principle that the Lusophone Foundation applies to both its internal and external relations.

Individuals that, by incompetence, or negligence, fail to protect classified material, are penalised through disciplinary measures applied by the Lusophone Foundation's Ethics Committee in accordance with the significance of the incident.

SECURITY CLEARANCES


Authorisations, or Clearances (sometimes even "Permits") are special classifications comprising a series of norms to control the necessary permissions required to access, manipulate, and view certain artefacts of information, as well as defining qualifications about how certain information must be destroyed, manipulated, transmitted, or stored.

Due to the principle of the "need-to-know-basis", authorisations, and clearances are not generic tools which automatically concede access to any, and all material classified under the same, or inferior levels of that of the clearance, nor do they indicate the hierarchical position of an individual in an institutional structure.

Institutionally, the Lusophone Foundation utilises clearance levels to compartmentalise access to information. The compartmentalisation system exists to stop the uncontrolled dissemination of information, thus guaranteeing that only individuals that truly require certain information are capable of possessing it.

Security clearances are granted to individuals only after comprehensive and extensive investigations of their background and identity, and if it is reasonably justifiable that they truly require said clearance. This guarantees that only individuals with legitimate interests and needs are granted security clearances.

Security clearances do not necessarily indicate hierarchical positions, they are granted in accordance with the principles of compartmentalisation of information and the "need-to-know-basis", and only after an individual's qualifications have been extensively investigated and accredited.
A practical example of compartmentalisation:
Although the Site Directors of the Secure Facilities PT10, and PT33 have the same hierarchical position, and the same clearance level, the Site Director for PT10 does not have permission to access the PT33's database, and vice-versa because neither director actually needs to have indiscriminate access to databases that are not under their management.

Institutionally, the permission to access, and manipulate any, and all classified materials require the formal concession of a Security Clearance, which may be guaranteed with certain conditions, or specific qualifications (such as partial access, read-only, etc.).

The majority of available security clearances are temporary, thusly requiring their renewal; they expire automatically after a certain stipulated time has elapsed, or after the specific purpose that justified its concession is no longer relevant.

Archival artefacts, documentation, and any other records related to the infrastructure of security clearances are managed by the DAASI, which is also responsible for defining the infrastructure for the accreditation, and application of security clearances. These registries are available to be verified by the remaining organs comprising the Lusophone Foundation, especially those responsible for institutional security.

The clearance level required by an individual in order to occupy a position is defined directly by the officer in charge of the superintendence, department, sector, or project. The DAASI supports this process by analysing the qualifications and requirements of the clearance, and the individual who is to be accredited with it; as well as reviewing whether the clearance, and individual are up-to-date with the standards established for them.


SECURITY VETTING


From an administrative point of view, the most important assets an organisation possesses are the individuals integrating it. The application of security vetting (or verifications) is extremely important to guarantee that the functionaries occupying positions of trust do not become risks, or cause damage by accessing and manipulating artefacts of information without the proper capacitation, and clearance.

Security Vetting, just like the extensive checks, and investigations of an individual's background and identity, are normally done by special DAASI divisions working together with the human resources, and security sectors of superintendencies, and secure facilities.

These verifications have a pragmatic regime; they include physical and information of technology checks, as well as the promotion of specific training procedures, and the designation of special officers inside the organisational structure in order to ensure, and verify that security standards are up-to-par.

Institutionally, the recruitment, and the maintenance of employment of personnel follows rigorous standards. Any, and all personnel associated with the Lusophone Foundation have their backgrounds, and identities extensively checked, and investigated; they also receive comprehensive training in order to properly treat information. Strategic positions are subjected to a higher level of scrutiny.

The purpose of security management, and vetting is to guarantee that the character, and personal circumstances of individuals are in accordance with the expectations, and requirements needed in order to accredit these individuals with positions that have access to sensitive assets, thus making sure that these artefacts are not accessed by any individuals who are susceptible to improper influences, have conflicts of interest, or that demonstrate dishonest/unstable behaviours; this guarantees that the operations of the Lusophone Foundation are not put at risk for the benefit of third-parties.


BSSC
The Baseline Standard Security Check2 is the minimum required check needed to employ any, and all personnel associated with the Lusophone Foundation. It is usually effected before an individual is hired.

The vetting process comprises the verification of the following: identity, academic/civic/criminal/employment status, and nationality.

It is the minimum requirement for the accreditation, and qualification of an individual working with material classified as RESTRICTED.
CTSC
The Counter-Terrorism Security Check3 is the minimum required check needed to employ any, and all personnel working in structures of intelligence, logistics, and security of the Lusophone Foundation, as well as any individual who needs to access assets that may have any value to hostile groups, or individuals.

The vetting process comprises the verification of the following: the conclusion of a standard security test, and interviews with security officers, extensive background checks of an individual's finances, life, and familiar/personal relationships, as well as the investigation of documents, and other information produced by governmental organs.

It is the minimum requirement for the accreditation, and qualification of an individual working with material classified as CONFIDENTIAL.
AVC
The Advanced Security Check4 is the minimum required check needed to employ any, and all personnel occupying administrative/technical/operational positions requiring frequent and long-term access to SECRET assets, and are capacitated to sufficiently understand the scope of projects that utilise extremely sensitive material.

The vetting process comprises the verification of the following: the conclusion of an advanced security test, a complete investigation of the individual's life and history of employment in the Foundation, and the inclusion of the individual into the institutional surveillance programme.

It is the minimum requirement for the accreditation, and qualification of an individual working with material classified as SECRET.
ESC
The Extraordinary Security Check5 s the minimum required check needed to employ any, and all personnel occupying administrative/technical/operational positions considered essential to the institutional operations of the Lusophone Foundation, and that require frequent and long-term access to ULTRA-SECRET assets.

The vetting process comprises the verification of the following: the conclusion of multiple tests and interviews with special security officers, extensive background investigations on the personal life of the individual, and a direct evaluation by the current head of the DAASI.

It is the minimum requirement for the accreditation, and qualification of an individual working with material classified as ULTRA-SECRET.
SSC
The Strategic Security Check6 is a special procedure that qualifies an individual with clearance (or "keys") to access exceptional materials classified with especially specific restrictions.

The vetting process depends exclusively on the qualificative criteria required by the special classification of the material in question.

Amongst the most utilised are:

a) SSC-I — relevant only to a specific institutional division (e.g. "Site PT33's Medico-Legal Sector");
b) SSC-II — relevant only to a specific operation, or project (e.g. "Project Spatial");
c) SSC-III — relevant only to a specific institutional position (e.g. "the Director for PT33's Department of Medicine Medico-Legal Sector");
d) SSC-IV — relevant only to a specifically designated individual (e.g. "Doctor Arturia Baccarin");
e) SSC-V — relevant only to access a specifically-designated location (e.g. "access to Site PT33");

It is the minimum requirement for the accreditation, and qualification of an individual working with exceptionally classified materials.

The Security Clearances are cumulative, and guaranteed in a crescent order of complexity (e.g. in order to be qualified to receive AVC, the individual needs to have previously received CTSC). The Lusophone Foundation DOES NOT utilise the "Personnel Classification System" (e.g. Class A, B, C, etc. personnel) as the Security Clearances are utilised in its place.


CLEARANCE LEVELS


The Clearance Levels are defined based on the impact caused by the knowledge, or the operation of a certain artefact of information, asset, or resource, in the institutional structure of the Lusophone Foundation.

UNRESTRICTED (UR)
Usually qualified as "LEVEL 1 CREDENTIALS". They guarantee access to assets that are officially known, and widely disseminated and utilised internally by the Lusophone Foundation.
RESTRICTED (RS)

Usually qualified as "LEVEL 2 CREDENTIALS". They guarantee access to assets that are reserved through institutional databases, as well as access to active permanency in work environments in which classified information is manipulated.

CONFIDENTIAL (CF)

Usually qualified as "LEVEL 3 CREDENTIALS". They guarantee access to assets related to technical structures, and operations utilised in the R&D of technologies such as intelligence, logistics, and security.

SECRET (SC)

Usually qualified as "LEVEL 4 CREDENTIALS". They guarantee access to assets related to complex administrative and technical structures entailing general, or specific institutional operations.

ULTRA-SECRET (USC)

Usually qualified as "LEVEL 5 CREDENTIALS". They guarantee access to assets related to key structures, and operations that are integral to, or highly relevant to the development and continuous operation of the Lusophone Foundation.

COSMIC ULTRA-SECRET7

Not formally utilised by the Lusophone Foundation. However, when it is utilised, it means that the Lusophone Foundation possesses, or is sharing access to assets related to structures, and operations that are integral to Site Concordia, or other Foundation branches, that are classified as "ULTRA-SECRET".

Each Clearance Level is related to a Security Vetting level, meaning that no individual is capable of receiving a Clearance Level without first being properly capacitated.


CLEARANCE CARDS


Each one of the Lusophone Foundation's employees is granted a personal electromagnetic identification card (RFID), vulgarly known as a "name tag"8, to identify their functional occupation via the verification of the information stored through electronic means (access clearances, tokens, permissions, functional dossiers, etc.), and visual means (personal picture, name, etc.).

The information stored through an ID Card is updated whenever necessary to properly reflect the new functions, or permissions accredited to an individual so as to avoid disseminating numerous cards.

Personnel may also receive untransferable tokens (normally in the form of a physical token such as a pen drive; or, if in electronic formats, such as authentication codes, and passwords) that are utilised to access specific terminals, or specific information on the Lusophone Foundation's intranet.

The usage of biometric scans is normally reserved to protect accesses which absolutely require the storage of data regarding exactly who is accessing a material such as to record the ingress and egress of individuals into a secure location.

Cognitive, and memetic agents are utilised especially for the protection of artefacts of information stored in the form of textual, visual, sensorial, etc. materials; therefore requiring an individual to be previously inoculated against the action of that specific agent via a special procedure, or to guarantee that any individuals accessing a material possess a certain level of resistance. Other applications of anomalous systems for the protection of assets may receive their own specific access keys, and procedures.

Physical locks and keys are utilised ordinarily to protect containers, doors, valises, etc. which require special control procedures in order to dissuade, and protect against invasions. It is the most common type of protection utilised in order to restrict access to assets, especially regarding the protection of high-level physical assets.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License