Sensitive Security Information - The Assumptions We Make

Lori Beckman, A.A.E.
September 4, 2018

Airports and air carriers are required to protect sensitive security information (SSI). Sounds simple right? If you are a security director you assume your staff is handling SSI correctly – but are they?

Many airport operators would say they protect information properly; however, when you really look at the requirements under 49 CFR, Part 1520, not all airports make the grade.

Why? Here are some areas to consider:

  • Do you have a written SSI plan?
  • How is SSI information stored? Think about your Planning and Engineering department – are they aware of all the proper procedures for storing SSI?
  • What is your policy for SSI record retention?
  • What is your email SSI policy?
  • Does your staff know how to properly password protect an SSI document, with an acceptable password that doesn’t include the airport code, year and project info?
  • These are just a few questions that you should be able to answer at any time. These questions should be part of your SSI written plan. As an aviation security consultant, I see improper SSI markings and passwords all over the industry – some of these even come from the TSA!

Too many times airports make assumptions that staff know how to handle SSI. Can you afford to continue with that assumption? No? Then it's time for formal training.

These are the types of positions that can benefit from formal SSI training:

  • Airport Security Coordinator
  • Trusted Agents
  • Authorized Signatories
  • Airport Security Staff
  • Airport Engineering, Operations, and Maintenance Staff
  • Airport Administrative Staff
  • Airport tenants

There is no truth to "all press is good press." Don't be caught out – ensure your sensitive security information is safe.

Learn about SSI Training from AAAE