Information Security Oversight Office (ISOO)

Program Reviews and Inspections


Under Executive Order 12958, as amended, the Information Security Oversight Office (ISOO) is responsible for monitoring the information security programs of those executive branch activities that create or handle national security information. Originally established by Executive Order 12065, ISOO continues to be the primary oversight organization for the President's security classification system. In this role, ISOO oversees the information security programs of approximately 65 departments, independent agencies and offices of the executive branch. ISOO also oversees the security classification programs of private industry through a separate Executive Order.

ISOO program analysts serve as liaisons to specific agencies to facilitate coordination and to provide for continuity of oversight operations. The analysts must stay abreast of relevant activities within each agency's information security program and coordinate with assigned agency counterparts on a continuing basis. In addition to the analyst/liaison function, ISOO also has dedicated inspection teams that conduct formal inspections of the agency's program in accordance with a planned annual inspection schedule. These inspections may include visits to selected field activities as well as offices in the Washington metropolitan area.

The inspections encompass all aspects of the information security program, including:
  1. classification;
  2. declassification;
  3. safeguarding;
  4. security education and training;
  5. internal oversight;
  6. identification of "best practices" that may be useful to other agencies; and
  7. an overall assessment of the agency's organizational structure as it relates to information security.
The inspections also include interviews with agency security personnel, classifiers, and handlers of classified information. ISOO may also review a sampling of classified information in the agency's inventory to determine the propriety of classification and the existence of necessary security markings and declassification instructions.

At the end of a particular inspection, or a short time thereafter, the ISOO inspection team usually briefs the Senior Agency Official on the inspection results. Any identified weaknesses and recommended corrections are discussed during this time. These findings are then documented into a formal inspection report and sent to the Senior Official or Agency Head.

Overall, the inspection process serves to not only assess compliance with the Executive Order, but the inspection process also serves as a measure as to how well the security classification policies are functioning. In the past, aggregate data obtained from the inspection process has played a major role in changing key policy issues and requirements.

The U.S. National Archives and Records Administration
8601 Adelphi Road, College Park, MD 20740-6001
Telephone: 1-86-NARA-NARA or 1-866-272-6272