20 February 1996



This Headquarters Operating Instruction (HOI) implements AFI31-401, Managing the Information Security Program. The purpose of this HOI is to provide procedures for reporting possible security violations, conducting inquiries, and preparing written summaries for security inquiries. It applies to all personnel assigned to, or performing duties within, Headquarters North American Aerospace Defense Command (NORAD) or United States Space Command (USSPACECOM), except for personnel at Cheyenne Mountain Operations Center and the HQ NORAD and USSPACECOM Combined Intelligence Center.


This HOI reflects the current organizational structure within both headquarters and establishes new procedures for coordinating written security inquiries.

1. References:

1.1. DOD 5200.1-R, Information Security Program.

1.2. AFI 31-401, Managing the Information Security Program.

1.3. AFP 205-11, Security Manager's Guide.

1.4. AFP 205-22, Conducting Preliminary Inquiries and Formal Investigations.

2. Terms Explained:

2.1. Compromise. A known or probable disclosure of classified information to unauthorized individuals.

2.2. Security Deviation. A security violation that can't be defined as a compromise.

2.3. Security Violation. A violation of the information security program standards or procedures that may classify either as a compromise or a security deviation.

3. General. Protecting classified information is one of our top priorities. When a security violation occurs, it must be determined if classified information has been compromised. If a compromise took place, the seriousness of damage to United States and/or NORAD interests must be determined and appropriate measures taken to negate or minimize the adverse effect. If the preliminary inquiry officer does suspect the incident caused damage to national security, the office of classifiying authority conducts a separate damage assessment. In some cases, corrective actions need to be addressed to minimize the likelihood of a reoccurrence.

4. Objectives/Goals:

4.1. Report all security incidents as soon as they are discovered.

4.2. Eliminate the number of security incidents through education.

4.3. Streamline the process for notification, reporting, and coordination.

5. Responsibilities:

5.1. It is everyone's responsibility to safeguard classified material in accordance with applicable directives.

5.2. Each directorate and special staff office is responsible for training its personnel on safeguarding classified documents and reporting any possible security deviations, compromises, or incidents.

5.3. The Joint Secretary appoints a preliminary inquiry officer and administers this program.

6. Procedures:

6.1. Anyone who discovers a possible security violation must report it immediately to their directorate executive officer, security manager (or alternate security manager), and the senior officer in charge.

6.2. The security manager responsible for the area where the possible security violation occurs performs an initial assesment of the circumstances surrounding the incident and determines whether a possible security violation occurred relying upon the preliminary report, if any, and the appropriate security classification guides.

6.2.1. If the incident was caused by an outside agency, the security manager notifies that office of the situation and verbally reports it to the Joint Secretary.

6.2.2. If it is determined that a security violation occurred, the security manager immediately reports it to the senior officer in charge, the directorate security manager, the Joint Secretary, and HQ AFSPC/SPI. The security manager ensures the director is notified and forwards a staff summary sheet to the Joint Secretary requesting a preliminary inquiry officer be appointed. Use example at attachment 1.

6.3. The Joint Secretary appoints a preliminary inquiry officer from another directorate but within the same Command. The preliminary inquiry officer should be equal to, or superior in grade to the alleged offender whenever possible. The example in attachment 2 will be used.

6.4. The preliminary inquiry officer follows the instructions outlined in the Joint Secretary appointment letter.

6.5. The concerned directorate takes no administrative or disciplinary actions until the possible security violation is closed.

6.6. Only the ND or UD may close a preliminary inquiry.

6.6.1. If it is determined there is a loss or compromise of classified information which could be expected to damage either nation's security or the probability of damage to national security cannot be discounted, then a formal investigation is usually required.

6.6.2. The Joint Secretary, if necessary, appoints an investigative official. The investigation is completed within 30 days of appointment.

7. If Communications Security (COMSEC) material is involved, the USSPACECOM COMSEC office is notified by the CINSEC Responsible Officer (CRO). The inquiry or investigative official coordinates with the Base COMSEC Manager, 21 CS/SCUCC, on the conduct of the inquiry. Upon completion of the inquiry or investigation, the violating unit commander forwards findings to the COMSEC manager.

8. If Sensitive Compartmented Information (SCI) is involved, the USSPACECOM Special Security Officer (SSO) is notified by the security manager. The SSO or designated representative conducts the investigation. Upon completion, the SSO forwards the report through SCI channels and briefs the Joint Secretary.

9. An Air Force Office Special Investigation report cannot substitute for the investigation required by this operating instruction. It may be used as an exhibit and attached to the report. Prior approval from AFOSI is necessary before attaching the report.


Colonel, USA

Joint Secretary


1. Example of Request for Appointment of Inquiry Officer

2. Example of Joint Secretary Appointment Letter

Staff Summary Sheet



Signature (Surname), Grade, Date



Signature (Surname), Grade, Date













Grade and Surname of Action Officer



Suspense Date

Subject SSS Date
Request for Appointment of Inquiry Officer 1 Jan 96

1. PURPOSE: To address whether or not there was a compromise of classified information.

2. DISCUSSION: On 31 Dec 95, at 1000L, Maj Doe, N/SP JX, discovered a document, marked SECRET, on the floor next to the copier machine. Maj Doe secured the document in Safe #3 and reported the incident to Lt Col Black (the senior officer in charge), SMSgt Brown (directorate security manager), and the Joint Secretary.

3. RECOMMENDATION: JS appoint an inquiry officer.

JEFFREY L. SMITH, Captain, USAF XXXX Security Manager

AF Form 1768, Staff Summary Sheet (Word for Windows Version 6.0) INQUIRY.DOC




FROM: Joint Secretary

SUBJECT: Appointment of Inquiry Officer, Security Inquiry XX-XX

1. In accordance with DoD 5200.1R/AFI 31-401, Chapter 6, you are appointed to conduct a preliminary security inquiry. This inquiry is your primary duty for the period necessary for completion. The primary purpose of your inquiry is to determine if there was a compromise of classified information and whether a formal investigation is required. You are required to categorize the incident as a COMPROMISE or SECURITY DEVIATION. You will also determine the facts in sufficient detail to support a trend analysis and recommend procedural changes, training and/or other corrective actions.

2. To support trend analysis and corrective action, the following specific issues must be addressed:

a. Who was responsible for this incident?

b. Is it the first incident or does he or she have a pattern of carelessness?

c. Was the directorate operating instruction adhered to?

d. Does the Director or office chief have an affective training program?

e. Should the individual(s) responsible be given more training?

f. Does the first line supervisor give adequate emphasis to the importance of security?

3. You are instructed to take the following actions:

a. Contact HQ AFSPC/SPI at 4-9919 for a briefing concerning your responsibilities.

b. Contact Judge Advocate at 4-9193 for a briefing.

c. Prepare your report according to the format provided by the Security Police and submit it to JA within 5-workdays after receiving your briefings. Recommendations for disciplinary action will not be included.

d. After receipt of report from JA, obtain coordination from the director's office which had the "lapse" and then forward it to HQ AFSPC/SPI.

4. If you determine an officer senior to you is wholly or partially responsible for the incident, immediately contact the Joint Secretary. If you have any questions, contact the Joint Secretary at 4-5996.


Colonel, USA

Joint Secretary