10.23.2  Contractor Investigations

Manual Transmittal

November 15, 2011

Purpose

(1) This transmits revised IRM 10.23.2, Personnel Security, Contractor Investigations.

Material Changes

(1) Added the Contractor Security Lifecycle Program (CSLP) Office, a new organization under Agency-Wide Shared Services/Physical Security and Emergency Preparedness (PSEP), due to their new role in facilitating contractor on-boarding. CSLP staff replaced Contracting Officer’s Technical Representatives (COTRs) in several sections of this IRM. CSLP is now sending all contractor background investigation requests to Personnel Security (PS) for processing.

(2) 10.23.2.2(1):

  • Contractor Security Representatives (CSRs) will assist with the position risk designation process along with COTRs, CSLP and Personnel Security (PS). Position risk will be assessed and determined using the Office of Personnel Management (OPM) Position Designation Automated Tool (PDT).

  • CSLP is responsible for coordinating all required actions with the CSR and will request all contractor background investigations. These actions were formerly performed by COTRs.

  • PS staff will utilize the OPM PDT and adjust the position risk designation as needed.

(3) 10.23.2.2(13) has been re-numbered as sub-section 10.23.2.13, Separating Contractor Employees. CSRs are responsible to ensure CSLP is notified to cancel any investigations in work for contractor employees who leave a contract. This notification was formerly a COTR responsibility.

(4) 10.23.2.2(7) through (9) were re-numbered as (10) through (12), and the former (10) through (12) were re-numbered to (7) through (9). This placed file maintenance topics at the end of the sub-section to improve clarity. Changes that follow use the new numbering to describe new concepts or changes.

(5) 10.23.2.2(7): Replaced the minimum background investigation requirement of a National Agency Check and Inquiries investigation with the requirement that all investigations must support the risk designation of the position. Added that escorting in lieu of staff-like access for IT systems is not allowed due to Homeland Security Presidential Directive 12 (HSPD-12).

(6) 10.23.2.4: Changed title to “Reciprocity of Other Agency Background Investigations” and removed security clearance reciprocity, which is adequately covered in 10.23.2.9. When a new background investigation is not required, additional requirements must be met for all risk levels for final access: fingerprint screening, selective service registration, citizenship/residency and full tax compliance. Moderate and high risk positions also require a credit check.

(7) 10.23.2.6: CSRs and COTRs will work with appropriate business unit officials for identifying access needs and preliminary assessments on position risk designations. PS is the final authority and will review and update the risk level as needed.

(8) 10.23.2.7: CSLP staff (formerly COTRs) are now responsible for coordinating contractor fingerprinting at USAccess enrollment stations. CSLP may delegate escort duties to COTRs when enrollment stations are not available.

(9) 10.23.2.9 and 10.23.2.15: PS will notify PSEP/CSLP and COTRs in writing when interim staff-like access is approved or denied.

(10) 10.23.2.10: Escort procedures were changed as follows:

  • Access to IT systems by contractor employees who are not approved for staff-like access is no longer allowed due to the more stringent background investigation requirements for such access in HSPD-12.

  • Clarified that contractor escorts must have final approved staff-like access in order to perform as escorts and may only escort a maximum of two contractor employees.

(11) 10.23.2.11: Added policy stating that, regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

(12) 10.23.2.12: Changed title to Revalidation of Contractor Employee Access. Added details on actions required for material changes in a contractual relationship. CSRs must submit a Risk Assessment Checklist to CSLP for material changes. CSLP will enter the RAC information into ABIS. These tasks were formerly performed by COTRs.

(13) 10.23.2.13, Payment for Investigations, has been moved to the end of the IRM as new sub-section 10.23.2.21. In 10.23.2.21(2), the time period that PS waits to bill or draw down funds for investigations has been clarified as 15 calendar days.

(14) 10.23.2.14(1): CSRs (formerly COTRs) are responsible for initiating re-investigations. This task was formerly performed by COTRs. COTRs must track when re-investigations are due.

(15) 10.23.2.15: Changed the title to “Notification of Access Determination” and added that written notification is provided to PSEP/CSLP and COTRs for cases where final staff-like access is not approved.

(16) 10.23.15(3): PS will inform PSEP/CSLP in addition to informing the contractor and COTR when the contractor is denied staff-like access for reasonable cause.

(17) 10.23.2.20: Full-time bank employees must now undergo appropriate investigations based upon their actual position risk designation.

(18) Updated links, improved grammar and made other editorial changes throughout the IRM.

Effect on Other Documents

This supersedes IRM 10.23.2, Personnel Security, Contractor Investigations dated October 16, 2008.

Audience

All Divisions and Functions

Effective Date

(11-15-2011)

Becky Barber
Acting Director, Employment, Talent and Security

10.23.2.1  (11-15-2011)
Purpose

  1. The purpose of this section is to establish general policy and describe background investigative requirements for contractors (and contractor personnel), subcontractors (and subcontractor personnel), and those providing advisory and assistance services (such as outside experts and consultants), and paid/unpaid interns (all of whom are collectively referred to hereinafter, as “contractor(s)” or “contractor employees,” as appropriate) to determine their suitability and fitness for Treasury/bureau work. Special emphasis and discussion is placed on those contractor personnel who require either escorted or unescorted access (i.e., staff-like access, as defined in IRM 10.8.1), wherever the location, to Treasury/bureau owned or controlled facilities; or work on contracts (as defined in Federal Acquisition Regulation (FAR) Part 2, https://www.acquisition.gov/far/current/html/Subpart%202_1.html#wp1145507) that involve the design, operation, repair or maintenance of information systems; and/or require access to sensitive but unclassified (SBU) information, as defined in IRM 10.8.1. These policies and requirements are pursuant to Executive Order (EO) 10450, "Security Requirements for Government Employment," as implemented by Title 5, Code of Federal Regulations (CFR), parts 731, 732, and 736; and in accordance with the Treasury Security Manual, TD P 15-71, Chapter II, Section 2, "Investigative Requirements for Federal Employees, Contractors, Subcontractors, Experts, Consultants and Paid/Unpaid Interns."

    Note:

    This section does not prescribe policy with respect to issuance of security clearances for access to classified National Security information under the National Industrial Security Program (NISP).

10.23.2.2  (11-15-2011)
General Investigative Requirements

  1. Unless specified otherwise in this IRM, each contractor employee assigned to work under an IRS contract shall undergo investigative processing commensurate with the risk level designation associated with the work to be performed, and comparable to that required for Federal employees who occupy the same positions and who have the same position sensitivity designation. Contracting Officer’s Technical Representatives (COTRs) and Personnel Security (PS) staff will review the work to be performed under contract and use the OPM Position Designation Automated Tool (PDT) to assign risk designations to positions of the contractors working on the contract in accordance with the criteria in TD P 15-71, Chapter I, Section 1, Position Sensitivity and Risk Designation. The vendor (company under contract) will assign a Contractor Security Representative (CSR) and an alternate CSR (ACSR) to all contracts requiring access to Treasury/bureau information, information technology and systems, facilities, and/or assets. The CSR will assist the COTR and PS with regards to the position duties, access needs, and preliminary assessments on risk designation. The Contractor Security Lifecycle Program (CLSP) office will send all contractor background investigation requests to PS and coordinate submissions and actions with the contractor and CSR, as appropriate.

  2. Contractor personnel hired for work within the United States or its territories and possessions who require escorted or unescorted (staff-like) access, wherever the location, to IRS owned or controlled facilities, or work on contracts that involve the design, operation, repair or maintenance of information systems, and/or require access to SBU information, security items or products, must meet the following three eligibility criteria before a full background investigation will be initiated:

    1. Must be Federal tax compliant. Must have filed all required returns and paid all taxes due, or be current on a payment plan for taxes due;

    2. Shall be a U.S. citizen for high risk access, or have lawful permanent resident status for low and moderate risk (3 years of U.S. residency required for moderate risk); and

    3. For all males born after 1959, must be registered with Selective Service or have an exception.

  3. Contractor companies must ensure that foreign born employees meet the eligibility requirement for U.S. citizenship or lawful permanent resident status, and, when applicable, Selective Service requirements. The Selective Service Online Registration Verification website at https://www.sss.gov/RegVer/wfVerification.aspx is available to contractors as one tool for this purpose.

  4. Investigative processing is required regardless of the location of the work. This includes contractor employees who use technology for remote access to Treasury/IRS facilities or information technology systems as well as those who have direct physical access to any IRS documents or data outside of any IRS facility.

  5. All unescorted contract employees are subject to a background investigation to determine their suitability and fitness for work on Treasury/bureau contracts. The investigation must be favorably adjudicated.

  6. Responsibility for adjudication of the background investigations falls under the responsibility of the Director, Personnel Security (PS).

  7. Treasury/IRS contractor personnel require background investigations as follows:

    1. Contractors whose duration of employment exceeds 180 days must meet the eligibility requirements for access and shall undergo a background investigation based on the assigned position risk designation as a condition of work under the government contract.

    2. If the duration of employment is less than 180 days or access is infrequent (i.e. 2-3 days per month), and the contractor requires unescorted access, the contractor employee must meet the eligibility requirements for access in 10.23.2.2(2) above and must undergo Federal tax compliance and fingerprint check screening.

    3. For contractor employees not requiring access to IT systems, a background investigation is not needed and will not be requested if a qualified escort, defined as an IRS employee or as a contractor who has been granted staff-like access, escorts a contractor meeting the conditions of 10.23.2.2(7)b above at all times while the escorted contractor accesses IRS facilities and equipment. See sub-section 10.23.2.10.

  8. Contractor personnel who are granted staff-like access to work on Treasury/IRS contracts are not automatically granted a national security clearance.

  9. Contractor personnel requiring access to Treasury/IRS offices/facilities in foreign countries who have been certified by the Department of State Diplomatic Security Service as meeting investigative and adjudicative criteria for access to facilities under the authority of a Chief of Mission shall be deemed to meet personnel security standards. In these cases, a review and determination by PS is still required.

  10. Treasury/IRS will establish and maintain a personnel security file for each individual contractor, expert or consultant in:

    • All moderate and high risk public trust positions; and

    • Those low risk or non-sensitive positions on whom unfavorable or derogatory information has been developed or received, unless the file is maintained by the Office of Personnel Management (OPM).

  11. Treasury/IRS need not maintain a file on a contractor employee granted access to classified information under the NISP, unless there is a requirement for:

    • additional investigation in connection with access to Treasury/bureau facilities or automated information systems; or

    • access to classified information not covered under the NISP.

  12. With regard to favorable investigations on contractor personnel, experts or consultants in low or moderate risk positions, Treasury/IRS may, at their discretion, retain either the entire report or pertinent investigative data only. The specific location of personnel security files shall be at Treasury/IRS discretion with the following exception: all national security files shall be maintained by the Treasury Personnel Security Officer or Director, PS.

  13. When a contractor leaves the contract, it is the vendor’s responsibility to immediately notify CSLP. CSLP will notify PS with the name, social security number, and contract number (with task order if applicable), of the contractor to cancel any pending investigations or adjudications, and to update the security file. Even if the background investigation is already completed, notification is required so that the separation information can be appropriately recorded in the security file.

10.23.2.3  (10-16-2008)
Citizenship Requirements

  1. In accordance with TD P 15-71, contractor personnel hired for work within the United States or its territories and possessions and who require access to Treasury/IRS owned or controlled facilities or security items or products, shall either be U.S. citizens or have lawful permanent resident status.

  2. Treasury/IRS will adhere to the following standard when allowing contractor personnel access to Treasury/IRS owned or controlled facilities, IT systems or security items or products, or SBU, Official Use Only and Personally Identifiable Information (PII):

    1. Low Risk = U.S. Citizen or lawful Permanent Resident Alien;

    2. Moderate Risk = U.S. Citizen or lawful Permanent Resident Alien with at least three or more years of U.S. residency; or

    3. High Risk = U.S. Citizen.

  3. Only under exceptional circumstances should a waiver be requested when a contractor does not meet the citizenship or lawful permanent resident residency requirement. Requests for waivers to the citizenship requirement must be submitted in writing. Foreign nationals employed as contractor, experts, or consultants shall not be allowed access to Treasury/IRS owned or controlled facilities, IT systems or security items or products, or SBU, OUO and PII prior to the issuance of a waiver.

  4. Waivers for low risk/non-sensitive positions for contractors not meeting the conditions in 10.23.2.2 (2) above may be requested by the COTR through the Director, PS to the Director, Office of Security Programs (OSP), Department of Treasury, for determination.

  5. Waivers for moderate risk positions for contractors not meeting the conditions in 10.23.2.2 (2) above may be requested by the COTR through a senior executive-level manager in the business unit that has the contract. The request is then sent to the Director, PS, who will forward it to the Director, OSP, Department of Treasury for determination.

  6. Waivers for access to high-risk positions will not be considered for foreign nationals. Waivers for foreign nationals working in IT positions involving the development of Treasury/bureau hardware or software products will not be considered if the position involves the design of security models, application integration, customization of software or hardware, or configuration of servers or networks. Waivers will not be allowed if the position has the ability to manipulate, or alter or affect the integrity, accessibility or availability of IT-maintained information or records.

  7. All waivers involving IT systems must be routed through Treasury’s Chief Information Officer and through the Director, PS prior to approval by the Director, OSP, Department of Treasury, for final determination.

  8. All waiver requests must include the following:

    1. The full name, date of birth, place of birth, and current citizenship of the applicant.

    2. A completed Standard Form 85 or 85P.

    3. A completed background investigation.

    4. A description of the job/duty to be performed.

    5. Justification why there is no qualifying U.S. citizen or permanent resident alien available or capable of performing the task.

    6. A business case necessitating the waiver.

    7. An assessment of the risk associated with granting the waiver.

    8. All security countermeasures and actions taken to mitigate the risks associated with the requested waiver.

10.23.2.4  (11-15-2011)
Reciprocity of Other Agency Background Investigations

  1. Previous background investigations will be accepted as satisfying the background investigation requirement for staff-like access under the following conditions:

    • Investigation was adjudicated as favorable by a Federal agency;

    • Investigation meets the same or greater scope required for each risk level;

    • Investigation was completed in the past two years (measured from the closed date of the previous investigation); and

    • If the investigation subject was previously employed by the Federal government or served in the U.S. military service, any current break in service must be less than two years.

  2. Additional requirements must be met for all position risk levels for final staff-like access to be granted: fingerprint screening, selective service registration, citizenship/residency requirements and full tax compliance. Moderate/high risk positions also require a credit check.

10.23.2.5  (04-04-2008)
Solicitations and Contracts

  1. Solicitations and contracts shall include a clause that requires position risk designations for contractor employee background investigation or screening is required for access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information. The clause shall require the successful contractor’s personnel to execute appropriate security forms prescribed by IRS Personnel Security prior to contract work being performed, and in advance of being granted access to Treasury/IRS facilities, information systems, and/or sensitive but unclassified information (see IRM 10.23.2.2, General Investigative Requirements).

10.23.2.6  (11-15-2011)
Position Sensitivity Risk Designation Levels

  1. Every IRS position, including those of contractors, must be designated with a position risk level. Incumbents must meet personnel security/suitability standards commensurate with their position risk level. All contractor employees shall be subject to investigation prior to being granted staff-like access. There are also re-investigation requirements for individuals in low, moderate and high risk positions and those who have security clearances if they continue to have a need for access to classified information. Additionally, contractor employees are subject to investigation at any time during the period of access to ascertain whether they continue to meet the requirements for staff-like access.

  2. Due to the superior knowledge of the vendor CSR and COTR, they are responsible for working with the appropriate business unit management for identifying access needs and preliminary assessments on risk designations for each position within the contract. The Director, PS, has the ultimate authority for position risk designation and may adjust the risk level if deemed appropriate.

  3. These risk levels are established through an analysis of the duties and responsibilities of the positions, and given the placement of contractors, their impact on agency mission. All risk designations will be determined through the use of the OPM PDT, which provides a logical questionnaire-based approach to position risk designation.

10.23.2.7  (11-15-2011)
Fingerprinting Contractor Employees

  1. CSLP is responsible for coordinating contractor fingerprinting at USAccess enrollment stations. The USAccess system is the first choice. If USAccess fingerprinting is not readily available, contractor employees may use Live Scan fingerprinting services at limited local servicing IRS Offices or IRS approved enrollment stations. If an enrollment station is not available, CSLP may delegate escort and/or registrar responsibilities to COTRs to escort contractor employees to other locations for fingerprinting.

  2. In rare instances, ink and roll fingerprints will be taken by IRS Offices or approved enrollment stations. The integrity of the chain of custody of the completed ink and roll fingerprint card must be maintained, therefore, the completed fingerprint card must be mailed directly to CSLP by the entity administering the fingerprinting.

  3. When the contractor employee will not have physical or systems access, non-custodial fingerprints taken at police or law enforcement offices can be utilized. The chain of custody requirement in HSPD-12 is not required for these contractor employees.

  4. Any costs for fingerprinting outside an IRS office (with the exception of an IRS approved enrollment station) will be borne by the contractor company or contractor employee.

10.23.2.8  (04-04-2008)
Staff-like Access

  1. A contractor employee who has been approved for interim or final staff-like access requires no escort while in an IRS owned or controlled facility (which includes leased or contracted space). Approved contractor employees may be granted access to information systems, data, or SBU information, no matter where the work will be located. This access is not unlimited, however, and should only be given for the work in which the contract was awarded. Until a contractor employee has been approved for staff-like access, an escort is required no matter where the work is located.

10.23.2.9  (11-15-2011)
Interim Staff-like Access Approval

  1. Interim staff-like access approval may be granted prior to the completion of the full investigation. Due to the risk associated with granting staff-like access prior to the completion of the required background investigation, interim staff-like access will only be granted in cases where it has been determined that the risk is acceptable.

  2. Interim staff-like access approval will be granted by PS prior to completion of the full investigation, as follows:

    1. Individuals who possess a current active U.S. Government security clearance for access to classified information may be granted interim staff-like access for positions after 1) the clearance is verified through the Joint Personnel Adjudication System (JPAS), and 2) after favorable adjudication of pre-screening eligibility/suitability checks. Individuals with Top Secret clearance may be granted interim staff-like access approval to occupy positions designated at any risk level. Individuals with Secret or Confidential clearances may be granted interim staff-like access approval to occupy positions designated Moderate or Low Risk.

    2. Individuals not possessing a current or active U.S. Government security clearance for access to classified information or not possessing a prior government personnel security investigation that meets the scope and criteria required for their position may be granted interim staff-like access approval upon favorable adjudication of pre-screening eligibility/suitability checks.

  3. Pre-screening eligibility/suitability checks are completed in an average of 15 calendar days after PS receives all required paperwork/forms. These checks include a review of:

    • Background investigation forms;

    • IRS account history for tax compliance;

    • Selective service registration compliance;

    • Citizenship/residency;

    • Federal Bureau of Investigation fingerprint criminal history;

    • Credit history (moderate and high position risk only); and

    • If applicable, prior background investigations.

  4. PS will notify the COTR and CSLP in an official memorandum via secure e-mail when interim staff-like access is approved. PS will notify PSEP, CSLP and the COTR in the same manner when interim staff-like access is denied.

  5. The memorandum of notice of interim staff-like access approval shall be attached to any ID media application. For system access, the COTR must have this memorandum of notice of interim staff-like access approval on file before initiating an online 5081, Information System User Registration/Change Request.

  6. If the contractor employee is issued a Proposal to Deny letter, then he or she must be escorted at all times. Access to an IT system will never be granted before interim staff-like access is approved. If interim staff-like access is approved and then subsequently revoked, access to all systems, facilities, IT systems or SBU information must be suspended by the COTR and PSEP/CSLP.

10.23.2.10  (11-15-2011)
Escort Procedures

  1. Contractor employees must be escorted in the following instances:

    1. When deemed appropriate in lieu of any investigation and/or screening, as described below in 10.23.2.11; however, the contractor should undergo an investigation unless the access is limited;

    2. Until the contractor employee has been granted interim staff-like access; or

    3. When a Proposal to Deny letter has been issued and an interim determination is pending.

  2. Contractor employees who have been denied final staff-like access approval may not be escorted and must be removed from the IRS contract. This includes situations where access only occurs at an off-site or non-IRS location. All sensitive information must be retrieved from any contractor employee who has been denied final staff-like access.

  3. Regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

  4. Escorted access requirements are the same for work performed at any location, whether at an IRS facility or not. Requirements for escorted access follow:

    • Only an IRS employee or a contractor employee approved for staff-like access at the same or higher position risk level as the contractor employee may serve as an escort.

    • The escort must accompany the contractor employee during all work performance and movements throughout the facility.

    • The escort must, at a minimum, have visual contact with the contractor employee.

    • One authorized person may escort a maximum of two contractor employees.

    Note:

    Exceptions to these requirements must be approved by the Director, PS.

10.23.2.11  (11-15-2011)
Escort Access in Lieu of Investigation

  1. Certain contracts provide for services whereby contractor employees only periodically require access to a facility or equipment (e.g., a time and materials maintenance contract, one or two day visit, once a month visits, etc.). Under these circumstances, a management official in the requesting organization may opt to provide escort access to a contractor employee instead of initiating an investigation or screening.

    Note:

    Regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

  2. Prior to selecting this alternative, the management official must:

    1. Ensure escort access provides adequate security protection.

    2. Document the decision and provide a copy to the COTR.

    3. Coordinate escort with management officials at the site(s) where access is required.

10.23.2.12  (11-15-2011)
Revalidation of Contractor Employee Access

  1. When there is a material change in the contract or working situation, revalidation of access is needed for affected contractor employees. Examples of material changes include:

    • Contractor employee transfers from one IRS contract to another;

    • Contractor employee works on more than one contract;

    • Contractor employee separates from an IRS contract and has a break in service of two years or less;

    • Contractor employee name changes;

    • Contractor company name changes; and

    • Contract number changes.

  2. In these situations, the CSR will provide CSLP with the Risk Assessment Checklist (RAC). CSLP will enter the RAC information into ABIS. The COTR and CSLP will receive an Approval of Final Staff-Like Access or Denial of Access memo from PS.

  3. Contractor employees who were previously approved to work on an IRS contract and have a break in service from the IRS contract of two years or less may move from one contract to another without an additional investigation as long as the prior investigation meets or exceeds the current risk level. CSRs are required to submit a RAC to CSLP in these instances. Final staff-like access continues in these cases, and PS will generate a revalidation of access letter of approval.

  4. Contractor employees who have had a break in service on an IRS contract of more than two years, or who require an investigation for a higher risk level, must have a new investigation before being granted staff-like access on a new contract.

10.23.2.13  (11-15-2011)
Separating Contractor Employees

  1. When a contractor employee leaves the contract, it is the contracting company’s responsibility to immediately notify CSLP. CSLP will notify PS with the name, social security number, and contract number (with task order if applicable), of the contractor employee to cancel any pending investigations or adjudications, and to update the security file. Even if the background investigation is already completed, notification is required so that the separation information can be appropriately recorded in the security file.

10.23.2.14  (11-15-2011)
Re-investigation Requirements

  1. Contractor employees in positions designated as high risk will be subject to re-investigation every five years. CSRs are responsible for initiating the re-investigations.

  2. Contractor employees in positions designated as low and moderate risk require updated Federal tax compliance checks and a FBI fingerprint check every five years.

  3. COTRs are responsible for tracking when re-investigations are due for their contractors and for ensuring that investigation or screening paperwork is submitted timely five years from the date of the final access determination or the re-screening date shown on the revalidation of access memorandum.

10.23.2.15  (11-15-2011)
Notification of Access Determination

  1. When the investigation is completed and the results are favorable, Personnel Security will notify the COTR and CSLP in an official memorandum, via secure e-mail noting that the contractor employee is approved for final staff-like access.

  2. When the results of the investigation are unfavorable and final staff-like access is not granted, PS will notify the COTR and PSEP/CSLP in an official memorandum, via secure e-mail, noting that the contractor employee is not approved for final staff-like access. See 10.23.2.16 for more details of actions taken when the results are unfavorable.

10.23.2.16  (11-15-2011)
Adverse Information and Revocation of Access

  1. When adverse information is discovered or detected in the course of an investigation, the scope of the inquiry may be expanded to obtain additional information to determine whether the contractor personnel may continue access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information.

  2. A contractor on whom unfavorable or derogatory information has been discovered or detected during a personnel investigation must be so advised and offered an opportunity to refute, explain, clarify, or mitigate the information in question. The individual should also be advised that the IRS will not disclose any details of the adverse information to the contractor’s firm. However, if after final adjudication, a determination is made of ineligibility to render services on a contract and access to Treasury/IRS facilities is denied, the person will be formally notified and informed of the decision and the reason(s). The contractor company will be advised only that the individual is denied employability on the IRS Government funded contract. This decision does not intend to imply that the person’s suitability for employment elsewhere in the company is affected.

  3. When denial of staff-like access is appropriate, Director, PS will send a proposal to deny notification, via email, to the contractor, COTR, and PSEP/CSLP stating that the contractor employee is being denied access for reasonable cause until a final determination is made. Director, PS will send a proposal to deny notification to the contractor employee as a sealed letter, using trackable means such as certified/express mail. The sealed letter will outline the reasons for the proposed access denial and give the contractor employee seven calendar days from the date of receipt in which to respond to the Director, PS with any explanation, refutation, clarification, or mitigating circumstances. The Director, PS will make a final determination upon receipt of the response or expiration of the time period. Upon notification from Director, PS of a proposal to deny access, the COTR and PSEP/CSLP must ensure that the contractor employee's access be suspended or that the contractor employee is escorted until the final determination is made. If after final adjudication, a determination is made to deny final staff-like access, the contractor employee will be formally notified by the Director, PS of the determination to deny by sealed letter. The Director, PS will notify the COTR, Contracting Officer and PSEP/CSLP with a Memorandum of Notification of Final Staff-like Access Denial. The COTR will notify the Contracting Officer to remove the contractor from the contract and provide a copy of the notification to PSEP/CSLP. The contractor company shall be notified that the finding makes the individual ineligible to render services (or otherwise perform) under the contract. The government may not disclose any details of the adverse information to the contractor company.

  4. Access to Treasury/IRS facilities, information systems, security items/products, and SBU information is a privilege. It may be revoked by the contracting Treasury/bureau element based upon unsanctioned, negligent or willful action on the part of a contractor. Examples of actions that can trigger revocation include, but are not limited to, unauthorized access or inspection of a sensitive system and/or data, introduction of unauthorized and/or malicious software, unauthorized modification or disclosure of systems and/or data, or failure to follow prescribed access control policies or procedures.

  5. The Contracting Officer (or COTR if authorized to communicate with the contractor employee's employer under this circumstance) must communicate to the employer that the contractor employee is being denied staff-like access for reasonable cause, that such finding makes the contractor employee ineligible to render services (or otherwise perform) under the contract, and that the decision by the Government does not intend to imply that the contractor employee's suitability for employment elsewhere in the company is affected. The Contracting Officer will provide a copy of the Memorandum of Notification of Final Staff-like Access Denial to the employer.

10.23.2.17  (10-16-2008)
Non-Disclosure Agreement for Sensitive but Unclassified Information

  1. Treasury/IRS personnel security officers, in consultation with Treasury/bureau information systems security officers, contracting officers, and COTRs, shall determine whether sensitive but unclassified information to which contractor personnel require access, warrants execution of a non-disclosure agreement as a condition thereof. When determined to be necessary, each non-disclosure agreement will reference to the conditional nature of access to sensitive but unclassified information with respect to the contract work, or specialized project, for which such access is required. The Director, PS, may be contacted for guidance in making these determinations. COTRs should use the sample/instructions document provided at the PS Intranet web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/NBIC/NDAandInstructions.doc. The document has been adapted for IRS use from the non-disclosure agreement format prescribed by TD P 15-71, Chapter 2, Section 2.

  2. The original signed non-disclosure agreement shall be retained by the COTR for a minimum of five years and for at least as long as the person has access to the system for which they executed the agreement. The Treasury/IRS has the discretion to maintain the agreement for as long as the information is deemed sensitive. A copy may be maintained in the official contract file. If requested, a copy may be furnished to the individual signatory.

  3. Treasury/IRS will consult with legal counsel to determine whether annual appropriations acts, in effect at the time an agreement is executed, contain provisions requiring the inclusion of specific text in non-disclosure agreements.

10.23.2.18  (04-04-2008)
Protection of Personnel Security Records

  1. Personally Identifiable Information (PII) in personnel security investigations, records, and operations shall be carefully safeguarded to protect the interests of both the individual and the Service, pursuant to requirements of the Privacy Act. Unless categorized at a higher level, or determined to be classified national security information, personnel security information must be afforded the same degree of protection as material identified as "Controlled Unclassified Information (CUI),” as defined in IRM 10.8.1, and must be used only for authorized official purposes. When not in use, personnel security information must be stored in a General Services Administration approved security container or in an equally secure area.

  2. Personnel security investigation information requested by the subject of an investigation must be processed according to procedures established by Treasury/bureaus under provisions of the Privacy Act or the Freedom of Information Act, as appropriate. Requests for the release of the results of any personnel security investigation shall be referred to the Treasury/bureau or non-Treasury agency that conducted it.

  3. Reports containing classified information must be protected in accordance with EO 13526, Classified National Security Information and appropriate Treasury regulations.

10.23.2.19  (10-16-2008)
Advisory Committees

  1. Personnel security procedures relating to participants on advisory committees require that pre-appointment fingerprint screening to include a FBI fingerprint criminal history and name check be completed and annual tax checks requested by sponsoring officials. IRS officials responsible for the oversight of advisory committees is required to initiate the pre-appointment fingerprint screening and FBI name check through Personnel Security.

  2. Current IRS Advisory Committees are:

    • Electronic Tax Administration Advisory Committee

    • Information Reporting Program Advisory Committee

    • Taxpayer Advocacy Panel

    • Internal Revenue Service Advisory Council

    • Tax Exempt & Government Entities

    • Art Advisory Panel of the Commissioner of Internal Revenue Service

  3. In order to conduct those inquiries, committee-sponsoring officials shall inform selected advisory commission members of the purpose for requesting the information, as required by the Privacy Act. Sponsoring officials shall obtain a signed tax check waiver from the selected member and a FD 258 fingerprint card. Live Scan fingerprints can be taken at limited local servicing IRS Offices or IRS approved enrollment stations.

  4. When results of the FBI fingerprint and name checks are obtained and are favorable, the requesting office is informed by PS that there is no objection to the person participating in the requested capacity. This does not, however, constitute a security clearance for access to classified information.

  5. When results of the FBI fingerprint and name checks are questionable, the results are sent to the Director, PS for a final determination. If the determination is denied, the requesting office is notified of the objection via secure e-mail.

10.23.2.20  (11-15-2011)
Lockbox Employees

  1. In accordance with Wage and Investment’s Lockbox Security Guidelines (Section L.S.G.2.4.3, Employee Background Investigations), Lockbox employees must have an approved background investigation screening by IRS PS before being granted staff-like access to any lockbox facility, IT system (no matter where located), and/or sensitive data or information. Background investigations are conducted on a position risk basis as follows:

    • Full time bank employees - appropriate investigation based on position risk.

    • Bank associates - annual fingerprint check.

    • Temporary employees - annual fingerprint check.

10.23.2.21  (11-15-2011)
Payment for Investigations

  1. The investigative costs are to be funded by the requesting customer organization. The requesting customer organization is responsible for completing a reprogramming action in the Integrated Financial System (IFS). The requesting customer organization will transfer funds to PS for payment of investigation per PS procedures. IFS transfer procedures are posted on the PS web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contractor/ContractorProcess.shtml.

  2. PS will not bill or draw down funds for those investigations canceled by the CSLP or the COTR within 15 calendar days of PS receipt. PS must receive written notification of the cancellation from the CSLP or the COTR, any investigation canceled after the 15th day will be charged the full rate current at the time the investigation was received.

  3. If a contractor employee transfers to a new IRS contract within 15 days of receipt of the investigative paperwork by PS, the new customer organization will be charged for the cost of the investigation.

  4. If a contractor employee transfers to a new IRS contract after 15 days of receipt of the investigative paperwork by PS and an interim determination was made by PS, the previous customer organization will be charged for the cost of investigation.

  5. Current investigation pricing information may be obtained from the PS web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contractor/ContractorProcess.shtml.


More Internal Revenue Manual