You can remain calm! No classified information will be revealed in this text (at the expense of the interest of some of you). I will on the other hand tell you about the handling of classified information and the processes around the people who in their daily life manage classified military information.
As I wrote in my last contribution to this blog, the text called Export control, products are given a class depending on their level of secrecy. These products would not exist if we don´t have the information telling us how to create them and haw to use them. The information is desirable and therefore at least as secret as the actual hardware. The level of secrecy of the information is classified according to the following scale:
- Top Secret
SÄPO (the Swedish security police) performs a register control on people who manages classified military information according to the scale depending on the level of secrecy on the information. The information with a higher level of secrecy will have a bigger impact on national security if being leaked. As you can imagine this puts great requirements on the handling of the information as well as on the people knowing it.
In order to be allowed to handle classified military information in the job a person needs to be evaluated in a special security process involving several steps. One could argue that it would be simplest just to evaluate every employee according to this process to get rid of the problem of who is allowed to tell what to whom at work? Unfortunately it is not as simple as that. In fact, the company makes a mistake if it evaluates people who are not exposed to classified military information in their work.
In the Security protection regulation (1996:633) it is stated that the evaluation shall be based on
- The personal knowledge existing about the person subjected to the evaluation.
- Data appearing from grades, certificates, references etc.
- Data appearing from register control.
So, what does it imply to be evaluated? The evaluation contains of three steps:
The personal conversation: during the conversation questions are asked about your living situation, background, friends and family, your alcohol habits as well as your travel habits. The moderator will also ask about narcotics, doping, your criminal record, your behavior online and on social media, your safety thinking and your loyalty. All of which is needed to evaluate the vulnerability of you and your surroundings as well as your loyalty and trustworthiness, which is the point of the conversation.
All of these questions can be found on the website of FMV (Swedish Defence Material Administration) in a document named “Underbilaga 8.3 till Industrisäkerhetsmanualen”.
After the personal conversation an opinion is formed on whether or not the employee is suitable for handling classified information.
Signing an NDA: The employee must also sign an NDA (nondisclosure agreement) promising not to reveal any classified information for at least 40 years.
Register control: A proposal to perform a register control according to the “safety protection law” is performed after the consent of the employee and subsequently sent to SÄPO. The register control delegation, working on permission of SÄPO, runs the employee against the criminal records. If there is anything in the records that hasn´t come up during the personal interview SÄPO will give you a call and give you a chance to explain. As long as the person manages this kind of information in his/her job the employee will remain in the record.
When all this I done and the employee has passed the evaluation, the company and the employee is notified.
To further decrease the vulnerability surrounding a specific person it is always made certain that no single person handle more classified information than is needed to do the assigned job. In that way no person possesses the entire puzzle, but just a piece of it.
When you leave your employment and no longer need to handle classified military information you will be removed from the register and all papers regarding your evaluation will be destroyed, except the NDA of course! That will be valid for at least 40 years..