When a company is operating under what the NISPOM calls Foreign Ownership, Control, or Influence (FOCI), in order to gain a facility security clearance (FCL) it must implement a FOCI mitigation action plan. Though there are a variety of Foreign Ownership, Control, or Influence (FOCI) mitigation measures from which to select—ranging from the simple to the complex—the most demanding step involved is often the implementation of an Electronic Communications Plan (ECP). In most cases of FOCI mitigation, companies must implement an Electronic Communications Plan (ECP) along with their FOCI mitigation measure. As you can see in the Defense Counterintelligence and Security Agency (DCSA) Electronic Communications Plan template, an ECP is detailed and covers essentially all electronic communications that take place between the cleared company and its foreign parent/investor. For most companies, customizing an Electronic Communications Plan to their circumstances while meeting the Defense Counterintelligence and Security Agency’s (DCSA) requirements for security and accountability is a more demanding undertaking than implementing the Foreign Ownership, Control, or Influence (FOCI) mitigation plan.
Due to the magnitude of the undertaking, it is usually prudent to first estimate how much time and money would be needed to implement an Electronic Communications Plan (ECP). This serves multiple purposes. It helps the company determine whether obtaining a facility security clearance is even feasible or desirable. It also helps in planning and allocating sufficient resources to implement the Electronic Communications Plan (ECP) efficiently and on time. We can assist during both the estimation and implementation phases of the ECP project on a consulting basis by providing the necessary expertise in information technology, FOCI mitigation, and security clearances. Please contact us to discuss your individual needs and concerns.