Report Contents
(U) The Bureau of Diplomatic Security (DS) is the Federal law enforcement and security bureau of the Department of State (Department) and has the largest global reach of any U.S. Federal law enforcement agency. DS has 253 regional security offices led by a U.S. direct-hire regional security officer (RSO) with oversight responsibility for more than 280 locations around the world. One method DS uses to oversee the regional security offices located at overseas posts is the Post Security Program Review (PSPR) program. The High Threat Programs Directorate (HTP) within DS conducts PSPRs for high-threat, high-risk (HTHR) posts. A PSPR consists of consultations with relevant DS offices, document reviews, observations at post, and interviews with post personnel to evaluate a regional security office’s level of compliance with selected requirements on topics such as life safety and emergency preparedness.1 The PSPR team documents noncompliant areas and makes recommendations to address these areas in a PSPR report sent to the post’s deputy chief of mission and RSO. The RSO must respond to recommendations with a corrective action plan,2 and HTP officials must work with RSOs to ensure that corrective action has been taken at post for each noncompliant item.3
(U) During an audit of the PSPR program, the Office of Inspector General (OIG) found that although DS has designed a compliance process to assess posts’ resolution of recommendations made to address security deficiencies, the PSPR compliance process needs improvement. For example, OIG found that HTP officials did not always maintain documentation describing corrective actions taken by RSOs in response to PSPR recommendations. Specifically, of 146 PSPR recommendations made to HTHR posts that underwent a PSPR in FY 2018 and FY 2019, HTP officials could not provide OIG with RSO compliance responses for 29 (20 percent) of the recommendations. An HTP official stated that the missing responses were likely due to posts’ responses not being properly archived to the PSPR SharePoint site. OIG also found that RSOs did not always provide compliance responses within the required 45 days. Specifically, 13 of 20 (65 percent) compliance responses were untimely and ranged from 17 to 204 days late. This occurred, in part, because neither the Foreign Affairs Manual (FAM), nor the PSPR Standard Operating Procedures (SOP), 4 requires HTP officials to escalate untimely compliance responses to deputy chiefs of mission. Furthermore, OIG found that HTP officials did not always track when compliance responses were due or have a formal process in place to follow up on overdue responses. OIG also found instances of insufficient compliance responses. Specifically, of 117 documented RSO compliance responses to PSPR recommendations made between FY 2018 and FY 2019, OIG determined that 12 (10 percent) were insufficient to comply with requirements set forth in the PSPR SOP, which requires that the RSO outline a plan to resolve noncompliant areas of review. Insufficient responses occurred, in part, because HTP officials did not require evidence or supporting documentation that demonstrates RSOs have fully implemented recommendations. As a result, HTP officials closed PSPR recommendations that were not fully addressed and were repeated in subsequent PSPR reports.
(U) Until these weaknesses with the PSPR compliance process are addressed, DS will have limited assurance that security deficiencies identified during PSPRs at HTHR posts, which are inherently at higher risk due to continuous security threats, have been remediated as recommended. Therefore, OIG made three recommendations to DS that are intended to improve the PSPR compliance process. In response to a draft of this report, DS concurred with the recommendations offered. On the basis of DS’s concurrence with the recommendations and planned actions, OIG considers the three recommendations resolved, pending further action. A synopsis of DS’s response to the recommendations offered and OIG’s reply follow each recommendation in the Results section of this report. DS’s response to a draft of this report is reprinted in its entirety in Appendix A.
1 (U) 12 FAM 413.2(a), “Preparation – PSPR Pre-Deployment Review,” and 12 FAM 413.3, “Conducting a PSPR.”
2 (SBU) Department memorandum, “Standard Operating Procedures (SOP) for Post Security Program Reviews (PSPRs) – For Internal Staff Use,” January 17, 2020.
3 (U) 12 FAM 413.4(d), “PSPR Completion.”
4 (U) “Standard Operating Procedures (SOP) for Post Security Program Reviews (PSPRs) - For Internal Staff Use,” January 17, 2020.
Report Recommendations
OIG recommends that the Bureau of Diplomatic Security revise Post Security Program Review policies and standard operating procedures to include how the new application within the “RSO Tools” portal has been employed to track regional security officer compliance responses.
OIG recommends that the Bureau of Diplomatic Security update its Post Security Program Review policies and standard operating procedures to clarify requirements for following up on overdue responses from posts related to security deficiencies identified. The update should, at a minimum, include a process for notifying higher level post officials when responses are overdue, a process for tracking when responses are due, and a set schedule (with established intervals and milestones) for following up with posts.
OIG recommends that the Bureau of Diplomatic Security update its Post Security Program Review policies and standard operating procedures to require regional security officers provide detailed, documented evidence that demonstrates corrective actions have been taken to remediate identified Post Security Program Review deficiencies and that those recommendations warrant closure.