Sandia Corp., the management and operations contractor for the Sandia National Laboratories, is working to improve its program to prevent the unauthorized disclosure of classified information following a review by the Department of Energy’s (DOE) Office of Enterprise Assessments (EA) that revealed some issues.
EA evaluated two such incidents of unauthorized disclosure that Sandia Corp. reported in January, identifying two concerns with the site’s incidents of security concern program, according to a Sept. 7 enforcement letter to Sandia Corp. President and lab Director Jill Hruby from EA Office of Enforcement Director Steven Simonson.
The first problem, EA said, was that the two incidents were categorized as “Non-Events,” which means that information thought to be unclassified was sent for classification review through unclassified means, but later determined to have classified information. The two incidents “constituted [incidents of security concern] and therefore must be categorized and responded to in accordance with Departmental directives,” the letter said.
The second issue, EA said, was that the individuals responsible for the two incidents were instructed to sanitize their own contaminated equipment, which is against Sandia procedures; electronic equipment should be taken to the lab for sanitization. The incidents “revealed a weakness in Sandia’s personal conflict of interest process, as well as shortcomings in employee training on DOE’s Publication of Nuclear Weapon Information,” the letter said.
Sandia is conducting corrective actions for the personal conflict of interest process, it said, and will update its annual ethnics training for employees with clearance. The letter also noted that DOE will not pursue further enforcement activity and instead will monitor Sandia’s security performance progress.
The contractor was issued a final notice of violation last July and incurred a $577,500 penalty for six classified information security violations.
