10.23.2  Contractor Investigations

Manual Transmittal

July 28, 2014

Purpose

(1) This transmits revised IRM 10.23.2, Personnel Security, Contractor Investigations.

Material Changes

(1) IRM 10.23.2.1: Added that all contractors working at contractor sites using contractor managed assets for IRS work must comply with Publication 4812, Contractor Security Controls.

(2) IRM 10.23.2.2(2)1: Added that contractors must be Federal tax compliant and must remain compliant while working on an IRS contract.

(3) IRM 10.23.2.2(13): Added that IRS contractors must remain Federal tax compliant while working on IRS contracts. The Employee Tax Compliance Office will conduct periodic tax compliance checks on all IRS contractors and those undergoing revalidation.

(4) IRM 10.23.2.5: Added that tax compliance must be included in clauses required in contracts.

(5) IRM 10.23.2.12(3): Added that IRS account history checks for Federal tax compliance are conducted on all revalidations.

(6) IRM 10.23.2.13: CORs are responsible for notifying CSM when a contractor employee leaves a contract.

(7) IRM 10.23.2.14: Moderate risk position incumbents are now subject to re-investigation every five years. CORs are responsible for initiating required re-investigations.

(8) IRM 10.23.2.16(4): Added non-compliance with Federal tax regulations to the list of actions that may cause revocation of access.

(9) Made the following changes throughout the IRM due to realignments/name changes:

  • Replaced Contractor Security Lifecycle Program (CSLP) with Contractor Security Management (CSM).

  • Replaced Director, Personnel Security with Associate Director, Personnel Security.

  • Replaced Contracting Officer Technical Representative (COTR) with Contracting Officer Representative (COR).

(10) Updated links, improved grammar and made other editorial changes throughout the IRM.

Effect on Other Documents

This supersedes IRM 10.23.2, Personnel Security, Contractor Investigations dated November 15, 2011.

Audience

All Divisions and Functions

Effective Date

(07-28-2014)

Becky Barber
Director, Executive Services, Employment, Talent & Security

10.23.2.1  (07-28-2014)
Purpose

  1. The purpose of this section is to establish general policy and describe background investigative requirements for contractors (and contractor personnel), subcontractors (and subcontractor personnel), and those providing advisory and assistance services (such as outside experts and consultants), and paid/unpaid interns (all of whom are collectively referred to hereinafter, as “contractor(s)” or “contractor employees,” as appropriate) to determine their suitability and fitness for Treasury/bureau work.

  2. Special emphasis and discussion is placed on those contractors who require either escorted or unescorted access (i.e., staff-like access, as defined in IRM 10.23.2.8), wherever the location, to Treasury/bureau owned or controlled facilities; or work on contracts (as defined in Federal Acquisition Regulation (FAR) Part 2, https://www.acquisition.gov/far/current/html/Subpart%202_1.html#wp1145507)that involve the design, operation, repair or maintenance of information systems; and/or require access to sensitive but unclassified (SBU) information, as defined in IRM 10.8.1.4.14.1.1, Sensitive But Unclassified Information.

  3. Contractors with access to SBU information must comply with the provisions of Publication 4812, Contractor Security Controls. These policies and requirements are pursuant to Executive Order (EO) 10450, "Security Requirements for Government Employment," as implemented by Title 5, Code of Federal Regulations (CFR) 731, 5 CFR 732, and 5 CFR 736; and in accordance with the Treasury Security Manual, TD P 15-71, Chapter II, Section 2, and "Investigative Requirements for Federal Employees, Contractors, Subcontractors, Experts, Consultants and Paid/Unpaid Interns."

    Note:

    This section does not prescribe policy with respect to issuance of security clearances for access to classified National Security information under the National Industrial Security Program (NISP).

10.23.2.2  (07-28-2014)
General Investigative Requirements

  1. Unless specified otherwise in this IRM, each contractor employee assigned to work under an IRS contract shall undergo investigative processing commensurate with the risk level designation associated with the work to be performed, and comparable to that required for Federal employees who occupy the same positions and who have the same position sensitivity designation. Contracting Officer’s Representatives (CORs) and Personnel Security (PS) staff will review the work to be performed under contract and use the Office of Personnel Management’s (OPM) Position Designation Automated Tool (PDT) to assign risk designations to positions of the contractors working on the contract in accordance with the criteria in TD P 15-71, Chapter I, Section 1, Position Sensitivity and Risk Designation. The vendor (company under contract) will assign a Contractor Security Representative (CSR) and an alternate CSR (ACSR) to all contracts requiring access to Treasury/bureau information, information technology and systems, facilities, and/or assets. The CSR will assist the COR and PS with regard to the position duties, level of access required, and preliminary assessments on risk designation. The Contractor Security Management (CSM) office will send all contractor background investigation requests to PS and coordinate submissions and actions with the contractor and CSR, as appropriate.

  2. Contractor personnel hired for work within the United States or its territories and possessions who require escorted or unescorted (staff-like) access, wherever the location, to IRS owned or controlled facilities, or work on contracts that involve the design, operation, repair or maintenance of information systems, and/or require access to SBU information, security items or products, must meet the three eligibility criteria listed below before a full background investigation will be initiated. This does not apply to non-Federal personnel who do not have a contract with the IRS (i.e., child care workers, Credit Union employees) as they require access to non-IRS areas only.

    1. Must be Federal tax compliant. Must have filed all required returns and paid all taxes due, or be current on a payment plan for taxes due;

    2. Shall be a U.S. citizen for high risk access, or have lawful permanent resident status for low and moderate risk (3 years of U.S. residency required for moderate risk); and

    3. For all males born after 1959, must be registered with Selective Service or have an exception.

  3. Contractor companies must ensure that foreign born employees meet the eligibility requirement for U.S. citizenship or lawful permanent resident status, and, when applicable, Selective Service requirements. The Selective Service Online Registration Verification website at https://www.sss.gov/RegVer/wfVerification.aspx is available to contractors as one tool for this purpose.

  4. Investigative processing is required regardless of the location of the work. This includes contractor employees who use technology for remote access to Treasury/IRS facilities or information technology systems as well as those who have direct physical access to any IRS documents or data outside of any IRS facility.

  5. All unescorted contract employees are subject to a background investigation to determine their suitability and fitness for work on Treasury/bureau contracts. The investigation must be favorably adjudicated.

  6. Responsibility for adjudication of the background investigations falls under the responsibility of the Associate Director, Personnel Security (PS).

  7. Treasury/IRS contractor personnel require background investigations as follows:

    1. Contractors whose duration of employment exceeds 180 days must meet the eligibility requirements for access and shall undergo a background investigation based on the assigned position risk designation as a condition of work under the government contract.

    2. If the duration of employment is less than 180 days or access is infrequent (i.e. 2-3 days per month), and the contractor requires unescorted access, the contractor employee must meet the eligibility requirements for access in 10.23.2.2(2) above and must undergo Federal tax compliance and fingerprint check screening.

    3. For contractor employees not requiring access to IT systems, a background investigation is not needed and will not be requested if a qualified escort, defined as an IRS employee or as a contractor who has been granted staff-like access, escorts a contractor meeting the conditions of 10.23.2.2(7)b above at all times while the escorted contractor accesses IRS facilities and equipment. See sub-section 10.23.2.10.

  8. Contractor personnel who are granted staff-like access to work on Treasury/IRS contracts are not automatically granted a national security clearance.

  9. Contractor personnel requiring access to Treasury/IRS offices/facilities in foreign countries who have been certified by the Department of State Diplomatic Security Service as meeting investigative and adjudicative criteria for access to facilities under the authority of a Chief of Mission shall be deemed to meet personnel security standards. In these cases, a review and determination by PS is still required.

  10. Treasury/IRS will establish and maintain a personnel security file for each individual contractor, expert or consultant in:

    • All moderate and high risk public trust positions; and

    • Those low risk or non-sensitive positions on whom unfavorable or derogatory information has been developed or received, unless the file is maintained by the Office of Personnel Management (OPM).

  11. Treasury/IRS need not maintain a file on a contractor employee granted access to classified information under the NISP, unless there is a requirement for:

    • Additional investigation in connection with access to Treasury/bureau facilities or automated information systems; or

    • Access to classified information not covered under the NISP.

  12. With regard to favorable investigations on contractor personnel, experts or consultants in low or moderate risk positions, Treasury/IRS may, at their discretion, retain either the entire report or pertinent investigative data only. The specific location of personnel security files shall be at Treasury/IRS discretion with the following exception: all national security files shall be maintained by the Treasury Personnel Security Officer or Associate Director, PS.

  13. IRS contractors must remain Federal tax compliant while working on IRS contracts. Periodic tax checks will be conducted on all IRS contractors, and those undergoing revalidation, by the Employee Tax Compliance Office.

  14. When a contractor leaves the contract, it is the vendor’s responsibility to immediately notify CSM. CSM will notify PS with the name, social security number, and contract number (with task order if applicable) of the contractor to cancel any pending investigations or adjudications and to update the security file. Even if the background investigation is already completed, notification is required so that the separation information can be appropriately recorded in the security file.

10.23.2.3  (10-16-2008)
Citizenship Requirements

  1. In accordance with TD P 15-71, contractor personnel hired for work within the United States or its territories and possessions and who require access to Treasury/IRS owned or controlled facilities or security items or products, shall either be U.S. citizens or have lawful permanent resident status.

  2. Treasury/IRS will adhere to the following standard when allowing contractor personnel access to Treasury/IRS owned or controlled facilities, IT systems or security items or products, or SBU, Official Use Only and Personally Identifiable Information (PII):

    1. Low Risk = U.S. Citizen or lawful Permanent Resident Alien;

    2. Moderate Risk = U.S. Citizen or lawful Permanent Resident Alien with at least three or more years of U.S. residency; or

    3. High Risk = U.S. Citizen.

  3. Only under exceptional circumstances should a waiver be requested when a contractor does not meet the citizenship or lawful permanent resident residency requirement. Requests for waivers to the citizenship requirement must be submitted in writing. Foreign nationals employed as contractor, experts, or consultants shall not be allowed access to Treasury/IRS owned or controlled facilities, IT systems or security items or products, or SBU and PII prior to the issuance of a waiver.

  4. Waivers for low risk/non-sensitive positions for contractors not meeting the conditions in 10.23.2.2 (2) above may be requested by the COR through the Associate Director, PS to the Director, Office of Security Programs (OSP), Department of Treasury, for determination.

  5. Waivers for moderate risk positions for contractors not meeting the conditions in 10.23.2.2 (2) above may be requested by the COR through a senior executive-level manager in the business unit that has the contract. The request is then sent to the Associate Director, PS, who will forward it to the Director, OSP, Department of Treasury for determination.

  6. Waivers for access to high-risk positions will not be considered for foreign nationals. Waivers for foreign nationals working in IT positions involving the development of Treasury/bureau hardware or software products will not be considered if the position involves the design of security models, application integration, customization of software or hardware, or configuration of servers or networks. Waivers will not be allowed if the position has the ability to manipulate, or alter or affect the integrity, accessibility or availability of IT-maintained information or records.

  7. All waivers involving IT systems must be routed through Treasury’s Chief Information Officer and through the Associate Director, PS prior to approval by the Director, OSP, Department of Treasury, for final determination.

  8. All waiver requests must include the following:

    1. The full name, date of birth, place of birth, and current citizenship of the applicant.

    2. A completed Standard Form 85, 85P or 86.

    3. A completed background investigation.

    4. A description of the job/duty to be performed.

    5. Justification why there is no qualifying U.S. citizen or permanent resident alien available or capable of performing the task.

    6. A business case necessitating the waiver.

    7. An assessment of the risk associated with granting the waiver.

    8. All security countermeasures and actions taken to mitigate the risks associated with the requested waiver.

10.23.2.4  (11-15-2011)
Reciprocity of Other Agency Background Investigations

  1. Previous background investigations will be accepted as satisfying the background investigation requirement for staff-like access under the following conditions:

    • Investigation was adjudicated as favorable by a Federal agency;

    • Investigation meets the same or greater scope required for each risk level;

    • Investigation was completed in the past two years (measured from the closed date of the previous investigation); and

    • If the investigation subject was previously employed by the Federal government or served in the U.S. military service, any current break in service must be less than two years.

  2. Additional requirements must be met for all position risk levels for final staff-like access to be granted: fingerprint screening, selective service registration, citizenship/residency requirements and full tax compliance. Moderate/high risk positions also require a credit check.

10.23.2.5  (07-28-2014)
Solicitations and Contracts

  1. Solicitations and contracts shall include a clause that requires position risk designations for contractor employee background investigation or screening and Federal tax compliance is required for access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information. The clause shall require the successful contractor’s personnel to execute appropriate security forms prescribed by IRS Personnel Security prior to contract work being performed, and in advance of being granted access to Treasury/IRS facilities, information systems, and/or sensitive but unclassified information (see IRM 10.23.2.2, General Investigative Requirements).

10.23.2.6  (11-15-2011)
Position Sensitivity Risk Designation Levels

  1. Every IRS position, including those of contractors, must be designated with a position risk level. Incumbents must meet personnel security/suitability standards commensurate with their position risk level. All contractor employees shall be subject to investigation prior to being granted staff-like access. There are also re-investigation requirements for individuals in low, moderate and high risk positions and those who have security clearances if they continue to have a need for access to classified information. Additionally, contractor employees are subject to investigation at any time during the period of access to ascertain whether they continue to meet the requirements for staff-like access.

  2. Due to the superior knowledge of the vendor CSR and COR, they are responsible for working with the appropriate business unit management for identifying access needs and preliminary assessments on risk designations for each position within the contract. The Associate Director, PS, has the ultimate authority for position risk designation and may adjust the risk level if deemed appropriate.

  3. These risk levels are established through an analysis of the duties and responsibilities of the positions, and given the placement of contractors, their impact on agency mission. All risk designations will be determined through the use of the OPM PDT, which provides a logical questionnaire-based approach to position risk designation.

10.23.2.7  (11-15-2011)
Fingerprinting Contractor Employees

  1. CSM is responsible for coordinating contractor fingerprinting at USAccess enrollment stations. The USAccess system is the first choice. If USAccess fingerprinting is not readily available, contractor employees may use Live Scan fingerprinting services at limited local servicing IRS Offices or IRS approved enrollment stations. If an enrollment station is not available, CSM may delegate escort and/or registrar responsibilities to CORs to escort contractor employees to other locations for fingerprinting.

  2. In rare instances, ink and roll fingerprints will be taken by IRS Offices or approved enrollment stations. The integrity of the chain of custody of the completed ink and roll fingerprint card must be maintained, therefore, the completed fingerprint card must be mailed directly to CSLP by the entity administering the fingerprinting.

  3. When the contractor employee will not have physical or systems access, non-custodial fingerprints taken at police or law enforcement offices can be utilized. The chain of custody requirement in HSPD-12 is not required for these contractor employees.

  4. Any costs for fingerprinting outside an IRS office (with the exception of an IRS approved enrollment station) will be borne by the contractor company or contractor employee.

10.23.2.8  (04-04-2008)
Staff-like Access

  1. A contractor employee who has been approved for interim or final staff-like access requires no escort while in an IRS owned or controlled facility (which includes leased or contracted space). Approved contractor employees may be granted access to information systems, data, or SBU information, no matter where the work will be located. This access is not unlimited, however, and should only be given for the work in which the contract was awarded. Until a contractor employee has been approved for staff-like access, an escort is required no matter where the work is located.

10.23.2.9  (11-15-2011)
Interim Staff-like Access Approval

  1. Interim staff-like access approval may be granted prior to the completion of the full investigation. Due to the risk associated with granting staff-like access prior to the completion of the required background investigation, interim staff-like access will only be granted in cases where it has been determined that the risk is acceptable.

  2. Interim staff-like access approval will be granted by PS prior to completion of the full investigation, as follows:

    1. Individuals who possess a current active U.S. Government security clearance for access to classified information may be granted interim staff-like access for positions after 1) the clearance is verified through the Joint Personnel Adjudication System (JPAS), and 2) after favorable adjudication of pre-screening eligibility/suitability checks. Individuals with Top Secret clearance may be granted interim staff-like access approval to occupy positions designated at any risk level. Individuals with Secret or Confidential clearances may be granted interim staff-like access approval to occupy positions designated Moderate or Low Risk.

    2. Individuals not possessing a current or active U.S. Government security clearance for access to classified information or not possessing a prior government personnel security investigation that meets the scope and criteria required for their position may be granted interim staff-like access approval upon favorable adjudication of pre-screening eligibility/suitability checks.

  3. Pre-screening eligibility/suitability checks are completed in an average of 15 calendar days after PS receives all required paperwork/forms. These checks include a review of:

    • Background investigation forms;

    • IRS account history for tax compliance;

    • Selective service registration compliance;

    • Citizenship/residency;

    • Federal Bureau of Investigation fingerprint criminal history;

    • Credit history (moderate and high position risk only); and

    • If applicable, prior background investigations.

  4. PS will notify the COR and CSM in an official memorandum via secure e-mail when interim staff-like access is approved. PS will notify PSEP, CSM and the COR in the same manner when interim staff-like access is denied.

  5. The memorandum of notice of interim staff-like access approval shall be attached to any ID media application. For system access, the COR must have this memorandum of notice of interim staff-like access approval on file before initiating an online 5081, Information System User Registration/Change Request.

  6. If the contractor employee is issued a Proposal to Deny letter, then he or she must be escorted at all times. Access to an IT system will never be granted before interim staff-like access is approved. If interim staff-like access is approved and then subsequently revoked, access to all systems, facilities, IT systems or SBU information must be suspended by the COR and PSEP/CSM.

10.23.2.10  (11-15-2011)
Escort Procedures

  1. Contractor employees must be escorted in the following instances:

    1. When deemed appropriate in lieu of any investigation and/or screening, as described below in 10.23.2.11; however, the contractor should undergo an investigation unless the access is limited;

    2. Until the contractor employee has been granted interim staff-like access; or

    3. When a Proposal to Deny letter has been issued and an interim determination is pending.

  2. Contractor employees who have been denied final staff-like access approval may not be escorted and must be removed from the IRS contract. This includes situations where access only occurs at an off-site or non-IRS location. All sensitive information must be retrieved from any contractor employee who has been denied final staff-like access.

  3. Regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

  4. Escorted access requirements are the same for work performed at any location, whether at an IRS facility or not. Requirements for escorted access follow:

    • Only an IRS employee or a contractor employee approved for staff-like access at the same or higher position risk level as the contractor employee may serve as an escort.

    • The escort must accompany the contractor employee during all work performance and movements throughout the facility.

    • The escort must, at a minimum, have visual contact with the contractor employee.

    • One authorized person may escort a maximum of two contractor employees.

    Note:

    Exceptions to these requirements must be approved by the Associate Director, PS.

10.23.2.11  (11-15-2011)
Escort Access in Lieu of Investigation

  1. Certain contracts provide for services whereby contractor employees only periodically require access to a facility or equipment (e.g., a time and materials maintenance contract, one or two day visit, once a month visits, etc.). Under these circumstances, a management official in the requesting organization may opt to provide escort access to a contractor employee instead of initiating an investigation or screening.

    Note:

    Regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

  2. Prior to selecting this alternative, the management official must:

    1. Ensure escort access provides adequate security protection.

    2. Document the decision and provide a copy to the COR.

    3. Coordinate escort with management officials at the site(s) where access is required.

10.23.2.12  (11-15-2011)
Revalidation of Contractor Employee Access

  1. When there is a material change in the contract or working situation, revalidation of access is needed for affected contractor employees. Examples of material changes include:

    • Contractor employee transfers from one IRS contract to another;

    • Contractor employee works on more than one contract;

    • Contractor employee separates from an IRS contract and has a break in service of two years or less;

    • Contractor employee name changes;

    • Contractor company name changes; or

    • Contract number changes.

  2. In these situations, the CSR will provide CSM with the Risk Assessment Checklist (RAC). CSM will enter the RAC information into the Automated Background Investigation System (ABIS). The COR and CSM will receive an Approval of Final Staff-Like Access or Denial of Access memo from PS.

  3. Federal tax compliance checks are conducted on all revalidations.

  4. Contractor employees who were previously approved to work on an IRS contract and have a break in service from the IRS contract of two years or less may move from one contract to another without an additional investigation as long as the prior investigation meets or exceeds the current risk level. CSRs are required to submit a RAC to CSM in these instances. Final staff-like access continues in these cases, and PS will generate a revalidation of access letter of approval.

  5. Contractor employees who have had a break in service on an IRS contract of more than two years, or who require an investigation for a higher risk level, must have a new investigation before being granted staff-like access on a new contract.

10.23.2.13  (07-28-2014)
Separating Contractor Employees

  1. When a contractor employee leaves the contract, it is the COR’s responsibility to notify CSM. CSM will notify PS with the name, social security number, and contract number (with task order if applicable), of the contractor employee to cancel any pending investigations or adjudications and to update the security file. Even if the background investigation is already completed, notification is required so that the separation information can be appropriately recorded in the security file.

10.23.2.14  (07-28-2014)
Re-investigation Requirements

  1. Contractor employees in positions designated as high and moderate risk will be subject to re-investigation every five years. The COR is responsible for initiating the re-investigations with assistance from the CSR if necessary.

  2. Contractor employees in positions designated as low risk require a FBI fingerprint and tax check every five years.

  3. CORs are responsible for tracking when re-investigations are due for their contractors and for ensuring that investigation or screening paperwork is submitted timely five years from the date of the final access determination or the re-screening date shown on the revalidation of access memorandum.

10.23.2.15  (11-15-2011)
Notification of Access Determination

  1. When the investigation is completed and the results are favorable, Personnel Security will notify the COR and CSM in an official memorandum, via secure e-mail noting that the contractor employee is approved for final staff-like access.

  2. When the results of the investigation are unfavorable and final staff-like access is not granted, PS will notify the COR and PSEP/CSM in an official memorandum, via secure e-mail, noting that the contractor employee is not approved for final staff-like access. See 10.23.2.16 for more details of actions taken when the results are unfavorable.

10.23.2.16  (07-28-2014)
Adverse Information and Revocation of Access

  1. When adverse information is discovered or detected in the course of an investigation, the scope of the inquiry may be expanded to obtain additional information to determine whether the contractor personnel may continue access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information.

  2. A contractor on whom unfavorable or derogatory information has been discovered or detected during a personnel investigation must be so advised and offered an opportunity to refute, explain, clarify, or mitigate the information in question. The individual should also be advised that the IRS will not disclose any details of the adverse information to the contractor’s firm. However, if after final adjudication, a determination is made of ineligibility to render services on a contract and access to Treasury/IRS facilities is denied, the person will be formally notified and informed of the decision and the reason(s). The contractor company will be advised only that the individual is denied employability on the IRS Government funded contract. This decision does not intend to imply that the person’s suitability for employment elsewhere in the company is affected.

  3. When denial of staff-like access is appropriate, Associate Director, PS will send a proposal to deny notification, via email, to the contractor, COR, and PSEP/CSM stating that the contractor employee is being denied access for reasonable cause until a final determination is made. Associate Director, PS will send a proposal to deny notification to the contractor employee as a sealed letter, using traceable means such as certified/express mail. The sealed letter will outline the reasons for the proposed access denial and give the contractor employee seven calendar days from the date of receipt in which to respond to the Associate Director, PS with any explanation, refutation, clarification, or mitigating circumstances. The Associate Director, PS will make a final determination upon receipt of the response or expiration of the time period. Upon notification from Associate Director, PS of a proposal to deny access, the COR and PSEP/CSM must ensure that the contractor employee's access be suspended or that the contractor employee is escorted until the final determination is made. If after final adjudication, a determination is made to deny final staff-like access, the contractor employee will be formally notified by the Associate Director, PS of the determination to deny by sealed letter. The Associate Director, PS will notify the COR, Contracting Officer and PSEP/CSM with a Memorandum of Notification of Final Staff-like Access Denial. The COR will notify the Contracting Officer to remove the contractor from the contract and provide a copy of the notification to PSEP/CSM. The contractor company shall be notified that the finding makes the individual ineligible to render services (or otherwise perform) under the contract. The government may not disclose any details of the adverse information to the contractor company.

  4. Access to Treasury/IRS facilities, information systems, security items/products, and SBU information is a privilege. It may be revoked by the contracting Treasury/bureau element based upon unsanctioned, negligent or willful action on the part of a contractor. Examples of actions that can trigger revocation include, but are not limited to, non-compliance with Federal tax regulations, unauthorized access or inspection of a sensitive system and/or data, introduction of unauthorized and/or malicious software, unauthorized modification or disclosure of systems and/or data, or failure to follow prescribed access control policies or procedures.

  5. The Contracting Officer (or COR if authorized to communicate with the contractor employee's employer under this circumstance) must communicate to the employer that the contractor employee is being denied staff-like access for reasonable cause, that such finding makes the contractor employee ineligible to render services (or otherwise perform) under the contract, and that the decision by the Government does not intend to imply that the contractor employee's suitability for employment elsewhere in the company is affected. The Contracting Officer will provide a copy of the Memorandum of Notification of Final Staff-like Access Denial to the employer.

10.23.2.17  (10-16-2008)
Non-Disclosure Agreement for Sensitive but Unclassified Information

  1. Treasury/IRS personnel security officers, in consultation with Treasury/bureau information systems security officers, contracting officers, and CORs, shall determine whether sensitive but unclassified information to which contractor personnel require access, warrants execution of a non-disclosure agreement as a condition thereof. When determined to be necessary, each non-disclosure agreement will reference to the conditional nature of access to sensitive but unclassified information with respect to the contract work, or specialized project, for which such access is required. The Associate Director, PS, may be contacted for guidance in making these determinations. CORs should use the sample/instructions document provided at the PS Intranet web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/NBIC/NDAandInstructions.doc. The document has been adapted for IRS use from the non-disclosure agreement format prescribed by TD P 15-71, Chapter 2, Section 2.

  2. The original signed non-disclosure agreement shall be retained by the COR for a minimum of five years and for at least as long as the person has access to the system for which they executed the agreement. The Treasury/IRS has the discretion to maintain the agreement for as long as the information is deemed sensitive. A copy may be maintained in the official contract file. If requested, a copy may be furnished to the individual signatory.

  3. Treasury/IRS will consult with legal counsel to determine whether annual appropriations acts, in effect at the time an agreement is executed, contain provisions requiring the inclusion of specific text in non-disclosure agreements.

10.23.2.18  (04-04-2008)
Protection of Personnel Security Records

  1. Personally Identifiable Information (PII) in personnel security investigations, records, and operations shall be carefully safeguarded to protect the interests of both the individual and the Service, pursuant to requirements of the Privacy Act. Unless categorized at a higher level, or determined to be classified national security information, personnel security information must be afforded the same degree of protection as material identified as "Controlled Unclassified Information (CUI),” as defined in IRM 10.8.1, and must be used only for authorized official purposes. When not in use, personnel security information must be stored in a General Services Administration approved security container or in an equally secure area.

  2. Personnel security investigation information requested by the subject of an investigation must be processed according to procedures established by Treasury/bureaus under provisions of the Privacy Act or the Freedom of Information Act, as appropriate. Requests for the release of the results of any personnel security investigation shall be referred to the Treasury/bureau or non-Treasury agency that conducted it.

  3. Reports containing classified information must be protected in accordance with EO 13526, Classified National Security Information and appropriate Treasury regulations.

10.23.2.19  (10-16-2008)
Advisory Committees

  1. Personnel security procedures relating to participants on advisory committees require that pre-appointment fingerprint screening to include a FBI fingerprint criminal history and name check be completed and annual periodic tax checks requested by sponsoring officials. IRS officials responsible for the oversight of advisory committees are required to initiate the pre-appointment fingerprint screening and FBI name check through Personnel Security.

  2. Current IRS Advisory Committees are:

    • Electronic Tax Administration Advisory Committee

    • Information Reporting Program Advisory Committee

    • Taxpayer Advocacy Panel

    • Internal Revenue Service Advisory Council

    • Tax Exempt & Government Entities

    • Art Advisory Panel of the Commissioner of Internal Revenue Service

  3. In order to conduct those inquiries, committee-sponsoring officials shall inform selected advisory commission members of the purpose for requesting the information, as required by the Privacy Act. Sponsoring officials shall obtain a signed tax check waiver from the selected member and a FD 258 fingerprint card. Live Scan fingerprints can be taken at limited local servicing IRS Offices or IRS approved enrollment stations.

  4. When results of the FBI fingerprint and name checks are obtained and are favorable, the requesting office is informed by PS that there is no objection to the person participating in the requested capacity. This does not, however, constitute a security clearance for access to classified information.

  5. When results of the FBI fingerprint and name checks are questionable, the results are sent to the Associate Director, PS for a final determination. If the determination is denied, the requesting office is notified of the objection via secure e-mail.

10.23.2.20  (11-15-2011)
Lockbox Employees

  1. In accordance with Wage and Investment’s Lockbox Security Guidelines (Section L.S.G.2.4.3, Employee Background Investigations), Lockbox employees must have an approved background investigation screening by IRS PS before being granted staff-like access to any lockbox facility, IT system (no matter where located), and/or sensitive data or information. Background investigations are conducted on a position risk basis as follows:

    • Full time bank employees - appropriate investigation based on position risk.

    • Bank associates - annual fingerprint check.

    • Temporary employees - annual fingerprint check.

10.23.2.21  (11-15-2011)
Payment for Investigations

  1. The investigative costs are to be funded by the requesting customer organization. The requesting customer organization is responsible for completing a reprogramming action in the Integrated Financial System (IFS). The requesting customer organization will transfer funds to PS for payment of investigation per PS procedures. IFS transfer procedures are posted on the PS web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contractor/ContractorProcess.shtml.

  2. PS will not bill or draw down funds for those investigations canceled byCSM or the COR within 15 calendar days of PS receipt. PS must receive written notification of the cancellation from CSM or the COR. Any investigation canceled after the 15th calendar day will be charged the full rate current at the time the investigation was received.

  3. If a contractor employee transfers to a new IRS contract within 15 calendar days of receipt of the investigative paperwork by PS, the new customer organization will be charged for the cost of the investigation.

  4. If a contractor employee transfers to a new IRS contract after 15 calendar days of receipt of the investigative paperwork by PS and an interim determination was made by PS, the previous customer organization will be charged for the cost of investigation.

  5. Current investigation pricing information may be obtained from the PS web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contractor/ContractorProcess.shtml.


More Internal Revenue Manual