Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

December 16, 2024 | Susan Napier-Sewell

Lessons Learned: Negative Trends in Disposition of Classified Computers

negative trends

Prompt identification and communication of negative trends can lead to effective issues management and corrective actions.

The primary cause of negative trends was attributed to untrained individuals performing critical tasks, such as removing classified hard drives from computers. Additionally, the complexity associated with the cross-program nature of the lifecycle management of classified computers contributed to the negative trends issue.

Other common causes of negative trends included unclear processes and procedures, ambiguous roles and responsibilities, and inadequate training, communication, and work planning.

What happened?
Other incidents involved the improper storage and protection of classified computers. Past incidents occurred across various organizations at Sandia’s and involved personnel in different roles. The majority of incidents took place during the disposition and reapplication process, and two occurred during the movement of classified computers from one location to another.

What was learned?
During the causal analysis, it became evident that identifying and communicating system-level gaps is crucial:

•Critical or complex tasks should be performed by trained and qualified individuals.

•Effective work planning and the definition of clear roles and responsibilities, including hand-offs, are essential.

•Always seek guidance from available subject matter experts (SMEs) and resources, such as CCHD, Deployed Security Professionals, Classified Administrative Specialists, and Cyber Liaisons.

What was done to prevent recurrence? Improvements?

•A corporate-led systemic causal analysis was conducted with team members from the NM and CA sites.

•Thirteen lab-level corrective actions were identified.

•A new corporate process for the clearing and sanitization of classified computers and equipment was established—contact CCHD for assistance!

•Communications and training across the three program areas (Cyber/IT, Reapplication, and Security) were updated and created.

•Six instances have been documented where the new CCHD process has successfully pre•A corporate-led systemic causal analysis was conducted with team members from the NM and CA sites.

•Thirteen lab-level corrective actions were identified.

•A new corporate process for the clearing and sanitization of classified computers and equipment was established—contact CCHD for assistance!

•Communications and training across the three program areas (Cyber/IT, Reapplication, and Security) were updated and created.

•Six instances have been documented where the new CCHD process has successfully prevented an IOSC.

•There have been zero repeat IOSCs since the implementation of the corrective actions!

Content credit: EHSS (Office of Environment, Health, Safety, and Security) OpexShare, “Disposition of Classified Computers (Systemic Issue), published December 9, 2024, publisher, Sandia National Laboratories (SNL), Albuquerque, NM (Sandia National Lab).

Categories
Accident, Investigations, Operational Excellence
-->
Show Comments

Leave a Reply

Your email address will not be published. Required fields are marked *