UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF THE INSPECTOR GENERAL April 23, 2004 INSPECTION MEMORANDUM TO: William Leidinger Assistant Secretary Office of Management Jack Martin Chief Financial Officer Office of the Chief Financial Officer FROM: Cathy H. Lewis Assistant Inspector General Evaluation, Inspection, and Management Services SUBJECT: Inspection Memorandum of the Inspection of the U.S. Department of Education's Contractor Employee Security Clearance Procedures (ED/OIG I13D0009) This memorandum provides the results of our inspection of the U.S. Department of Education's (the Department) contractor employee security clearance procedures. Our inspection focused on five objectives: (1) what procedures does the Office of Management Security Staff follow to process contractor employee security clearances and how are those procedures being implemented? (2) what costs are associated with security clearances for contractors? (3) how long does it take for Security Services to initiate the clearance process? (4) what monitoring is done to ensure that all contractors and their staffs have required security clearances and that contractor personnel hired after a contract begins have appropriate security clearances? and, (5) what training do contractors receive to ensure they are aware of their responsibilities when dealing with secured information, equipment and locations? Executive Summary The Department’s personnel security programs are under the control of Security Services in the Office of Management. This office processes security clearance forms and adjudicates Office of Personnel Management investigation results. To accomplish its mission, Security Services works with other Department organizations, the Federal 400 MARYLAND AVE., SW., WASHINGTON, DC 20202-1510 www.ed.gov Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation. ED/OIG I13D0009 Protective Service, and other local and federal law enforcement organizations to ensure the safety and security of the Department’s information, systems, and employees. The Department policy directive OM: 5-101, Contractor Employee Personnel Security Screenings was signed into effect on October 21, 2002. This document establishes the Department’s policy regarding the personnel security screening requirements for all contractor employees. The policy's supplement, which provides specific guidance for the Office of Management (OM), Contracts and Purchasing Operations (CPO), and the Principal Offices to follow, was signed into effect on June 26, 2003. This Supplement requires that all Principal Offices establish their own procedures for complying with the policy within 90 days of the date of the Supplement. Plans were due to OM no later than September 26, 2003. As of December 15, 2003, only two Principal Offices had forwarded their procedures to OM Security Services.1 As a result of our inspection, we determined that while OM: 5-101 provides general procedures to be followed in requesting security clearances for contractors, Security Services does not have its own internal procedures for processing clearances, which has resulted in some inconsistencies in file organization and hampered the clearance process. We also determined that the cost to the Department of processing security clearances for current contractor employees was nearly $3 million, a cost which might be reduced if Security Services utilized an online request form with edit checks to reduce the number of incomplete or improperly completed forms. Security Services does not currently track the status of clearance requests and investigations are not routinely initiated for all contractors within 14 days as required by federal regulations and OM policy. Also, Security Services does not routinely conduct monitoring reviews of pending files to determine whether background investigations are progressing appropriately and contractor employeess do not receive specific training on their responsibility for or how to protect the security of Department systems, information and buildings. We also determined that no part of the Department appears to be routinely monitoring to determine if only cleared contractor employees are performing contractor functions. OCFO needs to revise its current guidance to address this omission in its OCFO: 2-108 directive. Recommendations 1. Security Services should establish its own internal procedures for handling and processing contractor employee security clearance procedures, including a file protocol. 2. Security Services should modify or replace its current tracking system to enable it to verify that offices are meeting the 14-day requirement. 1 The due date for Principal Offices to develop and implement their internal procedures consistent with OM: 5-101 and the June 26, 2003 policy supplement occurred after our exit interview with Security Services; however, we encourage Security Services to follow up with each Principal Office that employs contractors that require a security clearance that has not yet complied with the policy supplement. 2 ED/OIG I13D0009 3. To expedite this aspect of the clearance process, Security Services should develop an automated security form with an edit check that will ensure the form is fully completed by the requesting office. Security Services may want to consider reviewing existing systems within other agencies such as the U.S. Department of Energy's Integrated Safeguards and Security System (www.issm.doe.gov/). This system was designed, in part, to decrease the time and money needed to process security clearances. 4. Security Services should publish and implement internal procedures for monitoring pending contractor employee security clearance files and include the capability for tracking the status of pending clearances into its modified or new tracking system. 5. The CPO Director should ensure that OCFO: 2-108 directive is revised to specify the need to provide routine monitoring of contractor employees and provide guidance to the Contracting Officer Representatives (CORs) or other program officials on how best to ensure that only appropriately cleared contractor employees are used to fill the security-sensitive positions on a contract. 6. The CPO Director should work with training providers and the Principal Offices to develop a training module for CORs and other program officials concentrating on the security responsibilities of contractor employees. Background Security Services in the Office of Management (OM/SS) oversees The Department’s personnel security programs, including processing security clearance forms and adjudicating Office of Personnel Management (OPM) investigation results. OM/SS works with other Department Principal Offices, the Federal Protective Service, and other local and Federal law enforcement organizations to ensure the safety and security of the Department’s information, systems, and employees. Until October 2002, Security Services relied upon Handbook 11, Personnel Security- Suitability Program, dated November 3, 1992 for processing contractor employee security clearances. In 2000, Security Services and the Personnel Security Working Group recognized the need to have policies and procedures specifically for contractor employees and began working on a policy. This collaboration resulted in OM: 5-101 Policy, Contractor Employee Personnel Security Screenings For our inspection, we selected offices based upon the amount of contract dollars and whether the office had contractor employees that required clearances. Based upon these criteria, we identified OIG, OCIO, IES, and FSA for inclusion in our study. Objective 1: What procedures does the Office of Management Security Services staff follow to process contractor employee security clearances and how are 3 ED/OIG I13D0009 these procedures being implemented? Security Services has not established its own internal procedures for processing contractor employee security clearances, which has resulted in some minor inconsistencies in file organization. OM: 5-101 provides general guidance to each Principal Office about processing security clearances for contractor employees; however, Security Services has not yet established its own internal procedures for processing security clearance requests. Absent internal processing procedures, Security Services does not have a standardized file format, which contributes to delays in processing requests. In the 15 files we reviewed, there were inconsistencies in all files in documenting action dates and in overall file organization. Security Services staff expressed the need for internal policies and procedures to help them consistently review contractor employee files. These tools should prove helpful to staff to perform routine monitoring reviews in preparing files for the clearance examination. Objective 2: What are the costs associated with gaining security clearances for contractors? Based on the estimates of time provided by Department personnel and the 2003 averaged hourly rate for responsible staff, the Department’s expense for the 8,343 current2, active and pending contractor employees was about $2,777,541.3 To obtain as complete an estimate on the cost of contractor security clearances, we included the following possible factors: (1) the estimated time Department employees use to process the clearance forms; (2) the cost of their time based on an average salary amount with benefits; (3) the time and cost associated with the adjudication process; (4) OPM’s charge to process the background checks for current and pending contractor employee clearances; and (5) the individual steps involved in the clearance process. A detailed discussion of how cost was determined is attached in the Appendix to this report. While the Department needs to ensure that contractor employees are properly cleared before working with the Department information or systems, given the cost of the clearance process, only those contractor employees who will actually perform the work 2 Security Services provided the lists of active and pending contractors on June 25, 2003. We did not independently verify the accuracy or completeness of this list but did use it to develop an estimate of costs associated with processing contractor security clearances. 3 As the Department moves forward with the One-ED strategic investment process, we note that the cost of security clearances is not currently being taken into account in the business case cost models. According to the President’s Management Agenda, "[T]o compare the cost of in-house performance to private sector performance, detailed estimates of the full cost of government performance to the taxpayer have to be calculated." These costs need to be included in any cost assessment prepared by bidders (where the staff who would work on the contract would need clearances). 4 ED/OIG I13D0009 (and have access to the Department’s systems) should be put through the clearance process, rather than all contractor employees on a team. Security Services has issued guidance to the Principal Offices, however the decision is up to the Principal Office on which contractor employees to submit for clearance. Because individual CORs are in the best position to know which contractor employees need clearance, we suggest that CFO work with the CORs and the Principal Offices to determine the best way to reduce costs without compromising security concerns. Objective 3: How long does it take for Security Services to initiate the security clearance process? Contractor employee clearance forms should be forwarded to Security Services within 14 days of employment, however, requests are frequently not processed this quickly and Security Services does not currently track the time it takes for clearance request forms to reach them. Under 5 CFR 731.106(c) and OM: 5-101, section III.5, contractor employee clearance request forms4 are supposed to be forwarded to Security Services for investigation within 14 days of the contractor employee being placed into position. Currently, Security Services does not track the amount of time that elapses between when a contractor employee begins working on a project to the time the clearance forms actually reach Security Services.5 Without the ability to track such information, contractor employees may be allowed to work for some time before Security Services initiates an investigation. According to Security Services staff, for every 55 requests for security action they receive, 8 to 10, on average (18 percent), have to be returned to the Principal Office for correction of omitted forms, data or dates. None of those returned for correction are tracked to determine whether the 14-day requirement is being exceeded. To ascertain if compliance with the 14-day timeframe is being met, we reviewed the sampled contractor employee files and identified the time elapsed between the date the contractor employee signed the security clearance request forms and the time the Principal Office signed a Request for Security Action. Of the 15 files, seven did not meet the 14-day timeframe. 6 Security Services recognizes the need to track the time it takes Principal Offices to submit the contractor employee investigation forms. The office is considering modifying its current tracking system to include this information and to developing monitoring procedures. Security Services also recognizes that it would benefit greatly from an automated (on-line) security form with an automatic edit function. A system like this 4 Standard Form (SF) 85 is used for all low risk positions. SF 86 is used for moderate and high-risk positions. 5 None of the primary offices included in our sample track this information either. 6 In its internal examination, Department CIO Contractor Security Clearance Study (June 2003), OCIO reported that 124 out of 538 contractor employees (23 percent) did not have their preliminary clearance forms initiated within the 14-day requirement. 5 ED/OIG I13D0009 would automatically and immediately flag any missing information or improperly completed forms. Before Security Services makes a decision on revising its current system or developing its own on-line form, we suggest they review tracking systems used by other agencies such as the U.S. Department of Energy's Integrated Safeguards and Security System (www.issm.doe.gov/). This system was designed, in part, to decrease the time and money needed to process security clearances. Objective 4: What type of monitoring is being conducted to ensure all contractor staff have required security clearances and that contractor personnel hired after a contract begins have appropriate security clearances? Security Services does not routinely review pending files to determine whether or not the appropriate level of background investigations are occurring in a reasonable amount of time. Currently, Security Services does not regularly monitor the status of pending clearance requests to track whether investigations are progressing and if follow-up with OPM is needed. This creates the potential for unsuitable (uncleared) contractor employees to work on security-sensitive projects. During our review of 15 contractor employee files, we identified one that had been in "pending" status, awaiting OPM's investigation results, for over a year. The request for security action was dated May 7, 2002, and as of our review on July 3, 2003, the file remained pending. The file did not contain any notes or other indications of any Security Service reviews during the pending period. Because this contractor employee applied for clearance before OM:5-101 was instituted, Security Services was not required to conduct the pre-screening of the contractor employee. This contractor employee was allowed to work in a high-risk position with computer systems for over a year without clearance. We brought this file to the immediate attention of Security Services staff, who explained that their current tracking system does not show the length of time a file is in pending status. Staff also explained that they do not have internal procedures for monitoring files. We discussed the possibility of programming the current tracking system to include a query and report to show the age of the pending files and Security Services agreed that the system could be programmed to produce such a report. We determined during our inspection that there is apparently no routine monitoring done to ensure that contractor employees working in the Department have appropriate clearances to do the work they are assigned. Security Services views such monitoring as outside of their scope of responsibility. OCFO has responsibility for monitoring contractors once the initial clearance has commenced; however, neither its current directive, OCFO:2-108 Contract Monitoring for Program Officials, or the June 24, 2003, supplement to this directive specify the need for program officials, i.e., CORs and program managers, to monitor active contractor employees for appropriate clearances. 6 ED/OIG I13D0009 None of the four Principal Offices we sampled consistently conduct routine monitoring of contractor employees to ensure that only cleared contractor employees are accessing Department information, systems, and buildings. One Principal Office Systems Security Officer performs site visits, but does not routinely monitor to determine if only cleared contractor employees are the ones performing the contracted functions. Some of the contracts currently in place have as many as 200 or more cleared contractor employees working at any given time. Without some routine monitoring, it is impossible to adequately ensure that only cleared personnel are accessing Department information, systems, and buildings. To address this omission, the CPO Director should ensure that OCFO: 2-108 directive is revised to specify the need to provide routine monitoring of contractor employees, as well as to provide guidance to the CORs or other program officials on how to ensure that only appropriately cleared contractor employees are fulfilling the security-sensitive positions on contracts. Objective 5: What training do contractors receive to ensure they are aware of their responsibilities when dealing with secured information, equipment and locations? Contractor employees completing work on Department contracts do not receive specific training on how they should access Department systems, information or buildings and their responsibilities for ensuring their security. We reviewed the COR training manuals provided by Houseman and Associates and the Department. We also interviewed CORs concerning the training that they received. Neither the training manuals nor the classroom training content provided guidance on how the CORs or other responsible persons should make the contractor employees aware of their responsibilities. Some contractor employees have their own internal "rules of behavior" that they give to their employees. However, Department employees do not review this information to determine whether or not it fulfills Department needs for ensuring security. If contractor employees do not know the expectation of the Department for handling information and accessing systems and buildings, the Department is vulnerable to unauthorized access and usage of its information, systems, and buildings. Conclusion Security Services must ensure that contractor employees who have access to Department information, systems and buildings have appropriate security clearance. Security Services could enhance its ability to perform this function by establishing its own internal procedures for processing requests, and modifying its tracking system so that it can track the status of requests for clearance and to ensure that background investigations are progressing appropriately. Costs of the current process might be reduced by the introduction of an online clearance request form that could minimize internal processing errors and further information on how to determine exactly which contractors require clearance. Also, the training provided for contractor employeess needs to be improved to include training on their responsibilities for protecting the 7 ED/OIG I13D0009 security of Department systems, information and buildings. Finally, steps need to be taken to clearly vest responsibility for ensuring that only appropriately cleared contractor employees are fulfilling security-sensitive positions on Department contracts. Objectives, Scope, and Methodology Because of the signature dates on the policy and its supplement, we did not perform a compliance review. Rather, we inspected current procedures in place and have focused on areas either not covered by the supplement or on making suggestions for OM Security Services and the Principal Offices to use when implementing the supplement. The specific objectives for our inspection were to: 1. Identify and analyze applicable laws, regulations, procedures, and directives pertaining to personnel security clearances for contractor employees and their staffs. We will also determine how these procedures are implemented. We focused on: • Security levels; • Adjudication processes; • Reinvestigation for past security clearances; and • Training of CORs to increase awareness of security procedures for contractor employees. 2. Identify the costs incurred for security clearances of contractor employees. We will also determine if contractor employees pay a premium to expedite their clearances. 3. Determine the time needed to process the different security clearance levels for contractor employees. 4. Identify the types of monitoring conducted to ensure that all contractor employees and their staffs have the required security clearances. We will also determine if the monitoring is completed as needed at both headquarters and regional levels. 5. Determine how ED officials ensure that contractor personnel hired after the contract begins receive appropriate security clearances before working on the project. 6. Identify and document the training that contractor employees receive to ensure they are aware of their responsibilities when dealing with secured information, equipment, and locations. To focus our fieldwork, we randomly selected six Principal Offices using November 2002 contract dollars as a basis to stratify. We selected OIG, OCR, OCIO, OVAE, IES, and FSA. Because OVAE and OCR do not currently have contractor employees that 8 ED/OIG I13D0009 require clearances, our inspection focused on the procedures followed within OIG, OCIO, IES, and FSA. We also reviewed applicable procedures in OM/SS. We began our primary fieldwork March 24 and concluded it on July 25, 2003. Our work included reviews of applicable laws and regulations, contractor employee files, interviews with OM/SS, responsible Principal Office, CPO personnel, and observations of systems used and physical location of files. We also used the current list of active and pending contractor employee security clearances for contractor employees as provided by OM/SS. Our inspection was performed in accordance with the 1993 President's Council on Integrity and Efficiency Quality Standards for Inspections appropriate to the scope of the inspection described above. Department Response The Office of Management responded to recommendations 1-4. Recommendations 1. Security Services should establish its own internal procedures for handling and processing contractor employee security clearance procedures, including a file protocol. On November 1, 2002, all OM SS Personnel Security Staff received a copy of the Standard Operating Procedures (SOP) for preliminary screenings of contractors assigned to high risk IT level positions. Internal procedures are currently being developed to address all facets of the contractor employee personnel security screening process. OIG Response: We find that the comments are responsive to the finding and should address the problem when the internal security procedures are developed and implemented. No change has been made to the finding or recommendation. 2. Security Services should modify or replace its current tracking system to enable it to verify that offices are meeting the 14-day requirement. OM SS is working to update the Security Tracking System. The services of an In-House Consultant have been requested to help OM SS develop a new tracking system to better serve their needs. The system will help OM SS ensure that paperwork is submitted within 14 days of notification that a new contractor has started at the Department. However, OM SS does not know when a new contractor is assigned or reassigned except when they require an ID card to enter a particular departmental facility, or unless a COR submits a security forms package for the individual, or OM SS is otherwise notified by a PO. 9 ED/OIG I13D0009 The ID system is programmed for the ID to expire in 14 days if OM SS does not receive a security forms package. Each individual is given a memorandum when they are issued an ID card regarding the need to complete and submit their forms within 14 days, and the consequences if they fail to do so; their ID card will be deactivated. OIG Response: We find that the comments are responsive to the finding and should address the problem when the Security Tracking System is updated and a new tracking system is developed and implemented. No change has been made to the finding or recommendation. 3. To expedite this aspect of the clearance process, Security Services should develop an automated security form with an edit check that will ensure the form is fully completed by the requesting office. Security Services may want to consider reviewing existing systems within other agencies such as the U.S. Department of Energy’s Integrated Safeguards and Security System (www.issm.doe.gov/). This system was designed, in part, to decrease the time and money needed to process security clearances. The Assistant Secretary for Management recently executed an inter-agency agreement with the Office of Personnel Management (OPM) to implement the e- QIP (Electronic Questionnaires for Investigations Processing) system at the Department of Education. Initially, applicants, employees and contractors will be able to complete the SF 86 – Questionnaire for National Security Positions form on-line. However, in the near future OPM will be adding the SF 85P – Questionnaire for Public Trust Positions, and the SF 85 – Questionnaire for Nonsensitive Positions to the system. The e-QIP system will ensure that individuals complete the forms properly before they are submitted to the Department for processing. OIG Response: We find that the comments are responsive to the finding and should address the problem when the Electronic Questionnaires for Investigations Processing (e-QIP) system is fully functional in the department and can process the SF 86 – Questionnaire for National Security Positions, the SF 85P – Questionnaire for Public Trust Positions, and the SF 85 – Questionnaire for Non-sensitive Positions forms are on-line. No change has been made to the finding or recommendation. 4. Security Services should publish and implement internal procedures for monitoring pending contractor employee security clearance files and include the capability for tracking the status of pending clearances into its modified or new tracking system. OM SS has requested the services of the in-house consultants. They need to review the current system and help OM SS develop a new system. This new system will be designed to alert OM SS when cases are clearly delinquent. 10 ED/OIG I13D0009 To date, four Principal Office’s (PO) have submitted their implementing procedures to OM SS, as required by the “Contractor Employee Personnel Security Screenings” policy (OM: 5-101). Those POs who have complied are: OELA, OCR, OM, and OPE. OM SS will contact the Executive Officers of the remaining POs to determine the status of their implementing procedures. OIG Response: We find that the comments are responsive to the finding and should address the problem when a new tracking system is developed and implemented. No change has been made to the finding or recommendation. The Office of the Chief Financial Officer (OCFO) and Contracting and Purchasing Office (CPO) responded to recommendations 5-6. 5. The CPO Director should ensure that OCFO: 2-108 directive is revised to specify the need to provide routine monitoring of contractor employees and provide guidance to the Contracting Officer's Representative (CORs) or other program officials on how best to ensure that only appropriately cleared contractor employees are used to fill the security-sensitive positions on a contract. OCFO/CPO Response: CPO concurs with your recommendation that specific guidance is needed. CPO will modify the contracting monitoring directive to address this issue. OIG Response: We find that the comments are responsive to the finding and should address the problem when the directive is revised and implemented. No change has been made to the finding or recommendation. 6. The CPO Director should work with training providers and the Principal Offices to develop a training module for CORs and other program officials concentrating on the security responsibilities of contractor employees. OCFO/CPO Response: CPO will examine current course offerings for COR certification to determine where the inclusion of security responsibilities of contractor employees is most appropriate. CPO will also work with the Office of Management to explore methods on providing information to contractors of their responsibilities when accessing departmental systems, facilities, and secured information. OIG Response: We find that the comments are responsive to the finding and should address the problem when the training for CORs and other program officials is modified to include the security responsibilities of contractor employees. No change has been made to the finding or recommendation. 11 ED/OIG I13D0009 Other comments from the Office of Management The OIG’s suggestion in the Executive Summary that POs might want to consider submitting only those contractors who will have system access for clearance contradicts a June 30, 2003 “OIG Investigative Program Advisory Report (IPAR) Contracted Mailroom Services of Vistronix, Inc.”, wherein OIG recommended that “all mailroom positions be designated at least Moderate Rick (MR) positions”. Most mailroom positions do not require system access. Furthermore, OM: 5-101 requirements are not limited to contractor employees who will have system access. OIG Response: This point is well taken. The June 30, 2003 “OIG Investigative Program Advisory Report (IPAR) Contracted Mailroom Services of Vistronix, Inc.” includes important recommendations that we did not intend to contradict. We have therefore deleted from the executive summary the cost saving suggestion to submit for clearance only those contractors who have access to the department’s systems. Administrative Matters This inspection was performed in accordance with the President’s Council on Integrity and Efficiency (PCIE) Quality Standards for Inspections (1993). We appreciate the cooperation given to us during the inspection. If you have any questions or wish to discuss the contents of this report, please call Deb Schweikert, Director, Evaluation and Inspection Division at 202-205-5569. Please refer to the control number in all correspondence relating to this report. 12 ED/OIG I13D0009 Appendix The Cost of Contractor Security Clearances (1) To determine the approximate time associated with processing the clearance forms, we interviewed responsible staff. We learned that none of the Principal Office staff interviewed directly track the amount of time they expend, but were able to provide estimates. All of those interviewed explained it took them approximately 15 minutes, review each form for accuracy and approximately 5 minutes to forward each form to the next level. FSA uses an internal database to capture information on FSA's contractor employees. This extra step adds an additional 15 minutes to the FSA processing time. The approximate times to process an individual contractor employee are as follows: • 115 minutes to process properly completed clearance forms. • 160 minutes at a minimum to process forms that are not properly completed. (This time frame can vary greatly dependent upon the inaccuracies in the forms.) • 130 minutes for FSA to process clearance forms that are properly completed. (FSA has an additional step that the other Primary Offices we reviewed did not.) • 175 minutes for FSA to process clearance forms that are not properly completed. (2) To determine the cost, we identified the pay grade levels of responsible staff and averaged their hourly salary. Based on the 2003 OPM pay table and applying a 27.1 percent increase to cover benefits, the average hourly salary is $39.19 or $.6532 per minute.7 We used the approximate times identified in paragraph (1) and developed the following estimated costs to process forms for an individual contractor employee: • $75.12 to cover salaries and benefits of the staff members processing properly completed forms. • $104.51 to cover salaries and benefits of the staff members processing improperly completed forms. • $84.92 to cover salaries and benefits of the FSA staff members processing properly completed forms. 7 The pay grades range from GS-11 to GS-14. We used the hourly rates for the Washington, DC metropolitan area as specified in the 2003 pay tables provided by OPM. We used the 27.1 percent rate used by OIG in FY 2003 to cover benefits. 13 ED/OIG I13D0009 • $114.31 to cover salaries and benefits of the FSA staff members processing improperly completed forms. (3) To determine the time and cost associated with the adjudication process, we interviewed the OM Security Services Security Officer who explained that it is difficult to estimate the time involved. In reviewing the OPM investigation results, OM Security Services adjudicating staff may have to conduct its own investigation of issues that OPM identified. Staff may have to request additional information from the individual, from OPM, or another source. This additional investigation adds time and expense to the adjudication process. However, if the OPM investigation results do not have additional issues, the adjudication process can take as few as 45 minutes. For the purpose of providing an indication of the minimum cost associated with the adjudication process, we will use 45 minutes and apply the minute rate of $.6532. Therefore, the adjudication process for each contractor employee without issues costs approximately $29.39. When we provided this information to OM Security Services, the Special Assistant to the Assistant Secretary of OM made the observation that it costs more for handling and processing the forms than it takes for the actual adjudication process. (4) The OPM charges from $75 to about $3,000 for the different types of background investigations.8 As of June 25, 2003, the Department had 9,214 contractor employees9 with either current or pending security clearances. Of this total, 871 had current background checks with OPM and did not require additional ones, so the costs we developed relate to the remaining 8,343. Therefore, $29.39 for the adjudication plus $75.12 equals $104.51 estimated minimum processing costs. Multiplying this amount times the total number of current and pending contractor employees requiring security clearances brings this portion of the clearance processing to about $871,927. Adding this amount to the estimated cost of OPM investigations ($1,905,614) brings The Department’s expense for processing 8,343 contractor employee security clearances to approximately $2,777,541. 8 The costs for the different types of background checks are National Agency Check, National Agency Check with Inquiries, and Single Agency Check= $75; National Agency Check with Inquiries and Credit = $100; National Agency Check with Law and Credit = $148; Access National Agency Check and Inquiries = $163.50; Periodic Reinvestigation = $415; Periodic Reinvestigation and Residence Coverage = $1,050; Periodic Reinvestigation for Single Scope Background Investigation = $1,640; Minimum Background Check = $405; Limited Background Investigation = $2,136.67; Background Investigation = $2,627.67; Single Scope Background Investigation = $2,910; and Upgrade Limited Background Investigation from a Minimum Background Investigation completed = $1,732. 9 OM/SS provided the lists of active and pending contractors on June 25, 2003. This list included contractor employees who were hired as early as 1992 through June 25, 2003. We did not independently verify the accuracy or completeness of this list but did use it to develop an estimate of costs associated with processing contractor security clearances. 14
Inspection Memorandum of the Inspection of the U.S. Department of Education's Contractor Employee Security Clearance Procedures (ED/OIG I13D0009). Date Issued: 04/23/2004 PDF (196K) MS Word (109K)
Published by the Department of Education, Office of Inspector General on 2004-04-23.
Below is a raw (and likely hideous) rendition of the original report. (PDF)