REPORTING UNAUTHORIZED DISCLOSURES TO THE INFORMATION SECURITY OVERSIGHT OFFICE (ISOO)

Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B0089OR000700190024-8 r'IINISTRATIVE ~ 3 APR ,9PI STAT MEMORANDUM FOR: Director, Office of Information Services Chief, Administrative Law Division Office of General Counsel STAT STAT Director of Security Reporting Unauthorized Disclosures to the Information Security Oversight Office (ISOO) REFERENCES: A. Letter from C/SECOM to D/ISOO, dated 5 Dec 1983 (attached) B. Letter from D/ISOO to C/SECOM, dated 19 Jan 1984 (attached) C. Memorandum for SECOM Members from C/SECOM, dated 1 Feb 1984 (attached) 1. References A through C discussed the agreed upon details concerning the reporting of unauthorized disclosures to the Information Security Oversight Office. By way of summary, the Information Security Oversight Office had agreed to the following: ? A semiannual unclassified report will be sent from the Agency's Director of Information Services, citing only the number of unauthorized disclosures reported during the period to the Department of Justice. ? When necessary, an unclassified report will be forwarded from the Director of Information Services to the Director, Information Security Oversight Office to alert the latter that an unauthorized disclosure involving a systemic problem has occurred. If considered essential by this Agency, a fully-cleared representative of the Information Security Oversight Office may be subsequently briefed on the details of the disclosure. OS 4 0439/1 USE ADMINISTRATIVE 1 g4E .' 1 Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B0089OR000700190024-8  Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B00890R000700190024-8 hdMINISTRATIVE !N A E I"' U S L UN ,1Y ? When requested, a briefing will be presented to a fully cleared representative of the Information Security Oversight office regarding unauthorized disclosures reported to the Department of Justice. 2. In order to implement the agreed upon reporting procedure, the following is recommended: ? The Office of General Counsel, on a semiannual basis (October through March, and April through September), will provide to the Director of Information Services an unclassified report citing the number of unauthorized dis- closures reported to the Department of Justice during the aforementioned period. The Director of Information Services, in turn, will submit an unclassified report citing the same number to the Director, Information Security Oversight Office. In the event an unauthorized disclosure occurs as a result of a systemic problem, the Office of Security will notify the Director of Information Services. In the event that it is considered essential for the Information Security Oversight office to have specific details of the disclosure, the Information Security Oversight Office will be contacted by the Director of Information Services, and a cleared representative of the Information Security Oversight office will be briefed. ? On request from the Information Security Oversight Office (through the Director of Infor- mation Services and with the concurrence of the Office of General Counsel) a briefing by the Office of Security will be given to a fully- cleared representative of the Information Security Oversight office concerning the unauthorized disclosures reported to the Department of Justice. The briefing will be conducted at this Agency. STAT ADMINISTRATIVE l ;E s '. ' E U"[ Y Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B00890R000700190024-8  Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B00890R000700190024-8 SUBJECT: Reporting Unauthorized Disclosures to the Information Security Oversight Office (ISOO) Distribution: Orig - Adse 1 - D/Sec 1 - OS Reg 1 - C/PPG M - SAG OS/PSI/SAG (21 Feb 84) Revised:P&M PPG (6 Mar 84) Revised:P&M/PPGF (30 March 84) Revised (2 Apr 84) STAT Sanitized Copy Approved for Release 2011/07/11: CIA-RDP95B00890R000700190024-8