Case Study – Security Control

by Jamil Evans Dec 10th, 2019 Business Software Technology


The Challenge:

If you work as a security officer in private industry or many government agencies, chances are you are responsible for multiple security domains, to include personnel security, industrial security, incident management, operations security, foreign disclosure, and insider threat for your entire organization. The current management tools for these areas are generally paper files, excel spreadsheets, SharePoint sites, email inboxes, and at best multiple stove-piped and antiquated software solutions. This leads to time lost searching for and providing information. The disconnection of systems has institutionalized inefficient processes that create additional work for each specialist handling a transaction. In a surprising large number of cases, inaccurate or absent data entry has led to missed handoffs, lengthening the clearance processing time, which hits an organization’s bottom-line unnecessarily. In the most heartbreaking cases, these organizations lose their ability to hold classified contracts completely due to non-compliance with the NISPOM (view pdf here) and failed inspections.


The Approach:

Evans & Chambers, in partnership Industrial Security Integrators (IsI), designed and developed Security Control to be the market leader in the industrial security software sector.  Security Control is a cloud-native SaaS solution for industry and government that centralizes all aspects of industrial security to include modules for classified contracts, personnel, secure facilities, safes, classified materials, visits, incident management and insider threat. Our product notifies security officers and clearance holders of actions necessary to remedy issues to stay in compliance with security and agency policy directives. Rather than require security officers to hunt down employees for annual training via email and phone, Security Control assigns actions items to employees within the application. Users then click the email link to launch an employee portal to view their action items and complete them.

For incident management and insider threat, Security Control offers submission forms enabling employees to report their incident along with supporting details and attachments. The entire submission is then routed to the supervisor, security officer, insider threat personnel security officer (ITPSO), and any key personnel within the organization, as required by your organizational policies. Finally, a simple export is needed to provide the report to the relevant government authorities.

Security Control’s latest feature is automated DCSA self inspections. Prior to this breakthrough feature, organizations would spend up to a month emailing an MS Word questionnaire around to key corporate personnel, and approximately 15% of your cleared workforce.  This process requires each recipient to answer a subset of questions. After herding cats to get the questions answered, and verifying accuracy and completeness, the data would be manually compiled into a coherent report with a cover letter and made available to DCSA with the hopes that it would fit compliance requirements. Security Control’s automated self inspection feature with workflows enables the security office to complete this entire process accurately in just a few clicks.

Security Control was built on the Amazon Web Services GovCloud regions with a security-first approach. Our product offers both SaaS and on-premise versions. The SaaS option ensures data isolation and integrity without requiring dedicated hardware. Our Multi-tenant architecture balances security with cost-effectiveness by segmenting customer information via unique databases per tenant while also employing auto-scaling through multiple web servers that share customer computational workloads. Private subnets are used to keep customer data secure and prevent any unauthorized access. Security Control is in the process of achieving a FedRAMP moderate compliance level.


The Results:

Industrial Security Integrators, our strategic partner, came onboard as our first client in 2017. Together, we migrated 4,000 personnel clearances from over 200 Federal government contracting firms into the system. Today, our product has achieved a client base of 14,000 employee personnel clearances and over 550 Federal Government contractors. As Security Control continues to grow, the number of clerical errors and time lost during the clearance process will continue to decrease. We are committed to staying ahead of the compliance curve through the production of innovative new features as DCSA continues to add more regulations to the NISPOM. Through these efforts, we are excited to be recognized as a leading contributor in helping our clients achieve and maintain their levels of security, efficiency, and compliance.