5 FAM 120 

INFORMATION MANAGEMENT STAFFING ABROAD

(CT:IM-246;   11-20-2018)
(Office of Origin:  IRM)

5 FAM 121  INFORMATION RESOURCE MANAGEMENT ROLES AND RESPONSIBILITIES ABROAD

(CT:IM-246;   11-20-2018)

a. The purpose of these sections is to explain the roles and responsibilities of the personnel working in the Information Resource Management (IRM) sections abroad.  IRM is used in 5 FAM 120 to refer to the offices, programs, and personnel responsible for managing information management resources, as well as non-technology responsibilities, such as diplomatic pouch and mail operations and records management.

b. Information systems security officer (ISSO) responsibilities will be designated at each post according to post capacities and circumstances.  ISSO roles and responsibilities are outlined in 5 FAH-2 H-128.5, Information Systems Security Officer (ISSO), and 12 FAM 600, Information Security Technology.

c.  The Information Programs Center (IPC) is primarily responsible for all classified IRM communications and systems, while the Information Systems Center (ISC) is primarily responsible for all unclassified communications and systems.  Despite these distinctions, all U.S. full-time, direct-hire IRM employees assigned to either of these sections are expected to perform system administration, cybersecurity, user support, and project support duties on all networks and IT-based solutions under the Department's authority.  This includes supporting OpenNet, ClassNet, and any future IRM solutions.  As we strive to implement new technologies, support existing solutions, and eliminate silos, interoperability is the way forward and IRM personnel must proactively counter cyber threats and provide users with a versatile, secure, and increasingly mobile operating environment regardless of office affiliation.

d. The information management officer (IMO) (or information programs officer (IPO), as appropriate), is strongly encouraged to participate as an active member of the Emergency Action Committee (EAC).  As the principle IRM subject matter expert at post on communications and information technology, the IMO/IPO provides oversight for critical post infrastructure assets.  It is essential that the IMO/IPO maintain a primary role in the formulation of post emergency policies and procedures to ensure that operational responsibility for all pertinent aspects are considered and addressed.  Crisis situations can develop rapidly.  Consequently, the ability to assess critical communication vulnerabilities as early as possible is essential to formulating responses, mitigating risks, and ensuring that responses are carried out effectively and efficiently so that communication is possible during times of crisis.

5 FAM 121.1  INFORMATION MANAGEMENT OFFICER (IMO)

(CT:IM-191;   04-25-2017)

a. The IMO is the senior IRM person at post.  The IMO supervises IRM services, operations, and the activities of post IRM personnel.  The IMO reports to the management officer.

b. IMO duties are not limited to the scope of these sections and are coordinated with post management.  It is understood that the IMO at post has the ultimate responsibility for any decisions that the IRM section makes, which may have been delegated to the IPO or information systems officer (ISO):

(1)  Budget:  The IMO creates a post-specific IRM budget plan that includes, but is not limited to, lifecycle replacement costs for all post-funded IRM equipment and other assets (including monitoring the lifecycle of IRM-funded equipment); current and future projects as identified in the IRM component of the Mission Strategic and Resource Plan (MSRP); and IRM services offered under International Cooperative Administrative Support Services (ICASS); and

(2)  Contacts and representation:  The IMO serves as the initial point of contact with the Regional Information Management Center (RIMC), the geographic bureau’s regional information management officer (RIMO), the IRM Bureau, and other agencies for all IRM matters;

(a)  The IMO is the liaison to host-nation authorities regarding telecommunications rights and services;

(b)  The IMO represents IRM in post's counter-intelligence working groups (CIWG); emergency action committees (EAC); and the ICASS boards to promote using IRM assets, products, and services by these groups;

(c)  The IMO serves as the chairperson on the local change control board (LCCB), which deals with post's IRM hardware and software issues.  The IMO also serves as the contact point for the corporate IT CCB; and

(d)  The IMO serves as the Department of State representative at post for telecommunications services provided to client agencies.

(3)  Human resources:

(a)  The IMO rates the IPO and ISO and reviews employee evaluation reports (EER) for personnel in the IRM section, as appropriate.  The IMO creates work requirements and conducts formal counseling for the rated employees;

(b)  The IMO promotes and supports leadership and supervisory training for all IMSs and leadership and management training for the IPO and ISO.  The IMO must ensure post's ISSO(s), and alternate(s), attend ISSO training and refresher courses (see 12 FAH-10 H-212.2 and 12 FAH-10 H-650);

(c)  The IMO creates and/or updates position descriptions for all IRM staff, including locally employed staff (LE staff), to include IPO and ISO capsule descriptions used in the bidding process; and

(d)  The IMO works with subordinates to develop an individual development plan (IDP) that ensures that their training and development needs are met;

(4)  Internet and intranet:  The IMO ensures proper security configurations and service availability of internet and intranet sites within the scope of the Department's guidelines, which are provided by Diplomatic Security (DS) and IRM; and

(5)  Logistics and infrastructure:

(a)  Based on input from the IPO and ISO, or other IRM staff when appropriate, the IMO finalizes lifecycle replacement costs and schedules in keeping with the Department's general replacement cycles.  These schedules support funding requirements outlined in the post IRM budget plan and in the MSRP and serve to ensure that all equipment is updated/replaced periodically; and

(b)  The IMO provides procurement guidance on IRM equipment to other mission sections or agencies.  This is especially true for equipment used in controlled access areas (CAA);

(6)  Management:

(a)  The IMO, as the senior IRM officer, reports to the post's management officer.  The IMO oversees all IRM operations and personnel at post;

(b)  The embassy IMO, in coordination with RIMC, is the first point of contact for all constituent posts for IRM issues and assistance.  The IMO periodically visits each constituent post to assess its IRM operations, equipment, and infrastructure;

(c)  The IMO advises post management when staffing levels and workloads warrant requests for temporary duty (TDY) assistance.  Similarly, the IMO advises post management if staffing levels and workloads permit rendering TDY assistance to constituent posts when requested; and

(d)  For posts without an IPO and/or ISO, the IMO assumes the IPO/ISO responsibility.  The IMO at such a post may delegate elements of those roles, as appropriate, to IMSs at post;

(7)  Operations:

(a)  The IMO is responsible for effective, efficient, and secure IRM operations at post;

(b)  As the focal point for all telecommunications issues, the IMO oversees the planning of alternate routes and contingencies for all IRM programs at post;

(c)  The IMO is the post's accountable property officer for IRM equipment and assets.  Working closely with the general services office (GSO), the IMO confirms the accuracy of the relevant inventories, including Consular Affairs (CA) IRM assets, and ensures that all CAA equipment is ordered and shipped in accordance with regulations; and

(d)  All IRM projects, plans, and issues are reported to the IMO;

(8)  Planning and reporting:

(a)  The IMO is responsible for the post's Information Technology (IT) Contingency Plan and for ensuring that it is fully coordinated with the post's Emergency Action Plan (EAP).  In addition, the IMO assists post with site contingency plans and contributes to the IRM component of the post’s MSRP development; and

(b)  The IMO participates in relevant portions of the post's reporting requirements and ensures that these requirements are integrated with the Department’s overall IT Strategic Plan; updates Annex A, Communications, of post's EAP; and prepares quarterly ICASS reports for IRM services; and

(9)  Security:

(a)  The IMO ensures that all personnel in the IRM section are current on all security regulations, awareness, and guidelines as they pertain to IRM operations, equipment, and infrastructure;

(b)  The IMO serves as the post's alternate Top Secret control officer or delegates that responsibility;

(c)  The IMO is the post's communications security (COMSEC) officer and, with the COMSEC custodian, maintains the integrity of all COMSEC assets at post;

(d)  The IMO ensures proper safekeeping of classified materials and equipment in the IRM section in accordance with Department security guidelines; and

(e)  The IMO works closely with the ISSOs, system administrators, and RSOs implementing the Department's Automated Information Systems (AIS) security program on all classified and unclassified IRM networks at the mission and/or at constituent posts (see 12 FAM 613, Responsibilities).

5 FAM 121.2  INFORMATION PROGRAMS OFFICER (IPO)

(CT:IM-191;   04-25-2017)

a. The IPO manages the IPC and is responsible for all IPC systems, programs, and telecommunications operations.

b. The IPO supervises all personnel whose duties fall under the IPC.  The IPO reports to the IMO.

c.  IPO duties are not limited to the scope of these sections, are coordinated with the IMO, and include performing system administration, cyber security, user support, and project support duties on all networks and IT-based solutions under the Department's authority as required:

(1)  Budget:  The IPO assists the IMO with the post's IRM budget plan and the IRM component of the MSRP submission.  The IPO provides the IMO with annual budget figures for lifecycle costs of all post-funded IPC equipment.  The IPO provides the IMO and the local ICASS board with information on IPC's services on the ICASS service list;

(2)  Contacts and representation:  The IPO serves as the initial point of contact with RIMC, the geographic bureau, IRM, and other agencies for technical matters falling within the IPC's responsibilities.  The IPO maintains close contact with IRM vendors for equipment and support.  The IPO may serve on the Local Change Control Board (CCB) dealing with IRM hardware and software issues at post.  As the head of the IPC, the IPO must meet regularly with users to assess customer needs and satisfaction;

(3)  Human resources:

(a)  The IPO rates or reviews IPC personnel, including Locally Employed Staff (LE staff), as appropriate.  The IPO creates work requirements and conducts periodic formal counseling for these personnel, as appropriate;

(b)  The IPO promotes and supports leadership and supervisory training for all IMSs under his or her supervision;

(c)  The IPO updates the position descriptions of all IPC staff, including LE staff, to include IMS capsule descriptions used in the bidding process; and

(d)  The IPO works with subordinates to develop an IDP to ensure that their training and development needs are met.

(4)  Internet and Intranet:  The IPO ensures proper security configurations and service availability of internet and intranet sites within the scope of the Department's guidelines provided by DS and IRM;

(5)  Logistics and infrastructure:

(a)  The IPO determines the lifecycle schedule for all post-funded IPC equipment and assets in accordance with Department guidance and replaces equipment according to this schedule;

(b)  The IPO monitors the IPC equipment lifecycle replacement process to ensure projected equipment is delivered according to the established lifecycle and in accordance with Diplomatic Security (DS) shipping requirements for Controlled Access Area (CAA) equipment;

(c)  The IPO is responsible for keeping mailrooms furnished with the necessary expendable and non-expendable supplies in conjunction with the GSO;

(d)  The IPO ensures accurate inventory accounting and records for IPC assets; and

(e)  The IPO provides guidance to other agencies on the purchasing of IRM equipment for CAAs.

(6)  Management:

(a)  The IPO manages all IPC operations, assets, and personnel.  These operations and personnel may include the mailroom and its personnel; the telephone switchboard and the operators; receptionists; and LE staff telephone and/or radio technicians;

(b)  The IPO informs all IPC personnel, the ISO, and the IMO of immediate plans, tasks, responsibilities, and pending items to encourage effective two-way communication; and

(c)  The IPO must schedule periodic technical and operational support to constituent posts and support any emergency telecommunication needs.  The IPO should coordinate with appropriate Department offices and other agencies to accomplish goals.

(7)  Operations:

(a)  The IPO oversees the IPC's data network operations, administration, and maintenance.  The IPO exercises control of telecommunications circuits and related equipment and provides guidance on alternate route testing and contingencies;

(b)  The IPO provides oversight for the mission's telegraphic system and classified network (ClassNet) in accordance with Department policies and guidance;

(c)  The IPO coordinates, with the regional security officer (RSO) and post management, for testing and reporting of all post's short-range VHF/UHF radio networks.  The purpose of frequent testing is to ensure the networks and radio equipment are functional and users are familiar with radio operations;

(d)  The IPO ensures that regularly scheduled high frequency (HF) radio tests and follow-up procedures are performed in accordance with their area net operating instructions;

(e)  The IPO ensures that the telephone systems, including secure phones, are operational at all times;

(f)   The IPO confirms that COMSEC responsibilities are correctly discharged;

(g)  The IPO is responsible for ensuring that classified pouch materials are properly stored and handled; and

(h)  The IPO creates and maintains standard operating procedures (SOPs) for all IPC operations and responsibilities.

(8)  Planning and reporting:

(a)  The IPO provides input for post's IT Contingency Plan and the IT component of the MSRP;

(b)  The IPO maintains a complete inventory of all post-procured software for IPC, including all applicable licensing documents;

(c)  The IPO should ensure that the IPC Emergency Destruction Plan (EDP) is current and coordinate quarterly EDP drills with the RSO and post management.  The IPO, RSO, and post management must sign the memorandum documenting that the drills were performed; and

(d)  The IPO brings to the attention of the IMO new programs and projects that will enhance customer relations and improve post operations.

(9)  Security:

(a)  The IPO ensures that IPC security procedures are in place and followed;

(b)  The IPO coordinates with the ISSO to ensure that adherence to Department-mandated security settings are implemented, documented, and available for OIG and DS inspections.  In the event that a mandate cannot be implemented, the IPO ensures that any requests for exceptions to policy are sent to the chief information officer (CIO), who in turn would defer the waiver request to either DS or IRM/IA;

(c)  The IPO develops and implements a policy for user access to and deletion from IPC systems.  The ISSO, or his or her designee, must provide security awareness training before an appropriately cleared new user is given access to the system; and

(d)  The IPO ensures proper safekeeping of classified IPC materials and equipment in accordance with Department security guidelines.

5 FAM 121.3  INFORMATION SYSTEMS OFFICER (ISO)

(CT:IM-191;   04-25-2017)

a. The ISO manages the Information Systems Center (ISC) and is responsible for all unclassified IRM equipment and systems.  See 5 FAM 800, Information Systems Management; 12 FAM 500, Information Security; and 12 FAM 600, Information Security Technology, for more specific guidance and policies governing unclassified data processing and the ISC.

b. The ISO supervises all personnel whose duties fall under the ISC.  The ISO reports to the IMO.

c.  ISO duties are not limited to the scope of these sections, are coordinated with the IMO, and include performing system administration, cyber security, user support, and project support duties on all networks and IT-based solutions under the Department's authority as required:

(1)  Budget:  The ISO assists the IMO with the post's IRM budget plan and the IRM component of the MSRP submission.  The ISO provides the IMO with annual budget figures for lifecycle costs of all post-funded ISC equipment.  The ISO provides the IMO and the local ICASS board with information on ISC's services on the ICASS service list;

(2)  Contacts and representation:  The ISO, at the IMO's direction, serves as the post's initial point of contact with RIMC, the Geographic Bureaus, IRM, and other agencies for technical matters falling within the ISC's responsibilities.  The ISO maintains close contacts with local and stateside IRM vendors for equipment and support.  The ISO may serve on the Local Change Control Board (LCCB).  As the head of ISC, the ISO meets regularly with users to assess customer needs and satisfaction;

(3)  Human resources:

(a)  The ISO rates and reviews ISC personnel, including LE staff, as required.  The ISO creates work requirements and conducts periodic formal counseling for these employees;

(b)  The ISO supports leadership and management training for all IMS under his or her supervision;

(c)  The ISO updates position descriptions for all ISC staff, including LE staff, to include IMS capsule descriptions used in the bidding process; and

(d)  The ISO works with subordinates to develop an IDP to ensure their training and development needs are met.

(4)  Intranet and Internet responsibilities:  The ISO ensures the proper security configurations and service availability of internet and intranet sites within the scope of the Department's guidelines provided by DS and IRM;

(5)  Logistics and infrastructure:

(a)  The ISO determines the lifecycle schedule for all post-funded ISC equipment and assets in accordance with Department guidance and replaces equipment according to this schedule;

(b)  The ISO monitors the ISC equipment lifecycle replacement process to ensure projected equipment is delivered according to the established lifecycle and in accordance with Diplomatic Security (DS) shipping requirements for Controlled Access Area (CAA) equipment;

(c)  The ISO ensures accurate inventory accounting and records for ISC assets.  This includes an inventory of all other hardware and software installed on ISC assets; and

(d)  The ISO provides guidance to other agencies on purchasing IRM equipment for the non-CAA spaces.

(6)  Management:

(a)  The ISO manages all ISC operations, assets, and personnel;

(b)  The ISO informs all ISC personnel, the IPO, and IMO of immediate plans, tasks, responsibilities, and pending items to encourage effective two-way communication; and

(c)  The ISO schedules periodic technical and operational support to constituent posts and supports any emergency telecommunication needs.  The ISO coordinates with appropriate Department offices and other agencies to accomplish goals.

(7)  Operations:

(a)  The ISO exercises control of unclassified data network operations, administration, and maintenance, providing guidance on alternate route testing and contingencies;

(b)  The ISO provides oversight for the mission's unclassified LANs in accordance with Department policies and guidance; and

(c)  The ISO creates and maintains SOPs for all ISC operations and tasks.

(8)  Planning and reporting:

(a)  The ISO provides input for post's IT Contingency Plan and the IT component of the MSRP;

(b)  The ISO maintains a complete inventory of all post-procured software and hardware for the ISC, including all applicable licensing documents;

(c)  The ISO ensures that all reporting requirements for IRM systems, as indicated in 5 FAM 800, Information Systems Management, are submitted; and

(d)  The ISO brings to the attention of the IMO new programs and projects that will enhance customer relations and improve post operations.

(9)  Security:

(a)  The ISO ensures that ISC security procedures are in place and followed.  The ISO is responsible for implementing the necessary security procedures in the ISC;

(b)  The ISO coordinates with the ISSO to ensure that adherence to Department-mandated security settings are implemented, documented, and available for OIG and DS inspections.  In the event that a mandate cannot be implemented, the ISO ensures that any requests for exceptions to policy are sent to the CIO who, in turn, would defer the waiver request to either DS or IRM/IA;

(c)  The ISO develops and implements a policy for user access to and deletion from ISC systems.  The ISSO, or his or her designee, must provide security awareness training before an appropriately cleared new user is given access to the system;

(d)  The ISO coordinates with CA and ISSO to ensure that security standards are maintained on CA systems; and

(e)  The ISO ensures proper safekeeping of classified ISC materials and equipment in accordance with Department security guidelines.

5 FAM 121.4  INFORMATION MANAGEMENT SPECIALIST (IMS)

(CT:IM-191;   04-25-2017)

a. IMS refers to all IRM employees within the 2880 skill code.  For this subsection, IMS generally refers to those IRM personnel without supervisory responsibilities.

b. IMSs typically have no supervisory responsibilities unless otherwise directed, although some posts permit IMS the managerial responsibility of an office of LE staff, e.g., the mailroom, for managerial experience.  IMSs report to the IPO, or ISO, or IMO as appropriate.

c.  The following subsections explain IMS roles and responsibilities in generic terms, but specific job duties are at the discretion of the IPO, or ISO, and IMO.  IMS duties are not limited to the scope of these subsections, are coordinated with post's IRM management, and include performing system administration, cyber security, user support, and project support duties on all networks and IRM-based solutions under the Department's authority as required:

(1)  Budget:  Not applicable;

(2)  Contacts and representation:

(a)  IMSs serve as the first point of contact for users in the unclassified and classified sections of the post.  IMSs may also meet with LE staff to ensure problem-free operations; and

(b)  IMSs report any daily requirement to IRM management.

(3)  Human resources:

(a)  IMSs develop an IDP to ensure that training and development needs are met; and

(b)  IMSs who are assigned managerial responsibility of an LE staff unit should be familiar with 3 FAH-2 H-100, Supervision of Foreign Service National Personnel.

(4)  Internet and Intranets:  IMSs ensure that the proper security configurations and service availability of internet and intranet sites within the scope of the Department's guidelines provided by DS and IRM;

(5)  Logistics and infrastructure:

(a)  IMSs maintain adequate spares and supplies for equipment and notify IRM management of equipment shortages;

(b)  IMSs provide inventory information to management when equipment is replaced;

(c)  IMSs dispose of defective equipment in accordance with Department guidelines; and

(d)  IMSs assist with property accounting, inventories, reconciliations, and reporting.

(6)  Management:  Not applicable;

(7)  Operations:

(a)  IMSs process daily telegraphic traffic;

(b)  In accordance with mission SOPs, IMSs administer and maintain systems;

(c)  IMSs test backup systems for usability and accessibility;

(d)  IMSs maintain user accounts in accordance with the policies and procedures established by the IPO and ISO (5 FAM 121.2 paragraph c (9)(c), Information Program Officer, and 5 FAM 121.3 paragraph c (9)(c), Information Systems Officer;

(e)  IMSs install and configure new IRM equipment in accordance with mission and Department guidelines as directed or required;

(f)   IMSs perform radio tests according to established standard operating procedures and 5 FAM 540, Voice Radio Systems, and 5 FAH-2 H-700, Managing Radio Networks;

(g)  IMSs prepare and process classified pouch material as directed in accordance with SOPs and 14 FAH-4, Pouch and Mail Handbook; and

(h)  IMSs provide assistance to users as required or requested.

(8)  Reporting:

(a)  IMSs record and report to IRM management any anomalies with the system infrastructure; and

(b)  IMSs record and draft outage reports for IRM management in accordance with the mission's escalation procedure.

(9)  Security:

(a)  IMSs configure and maintain all systems in accordance with Department security guidelines;

(b)  IMSs ensure proper safekeeping of classified IRM materials and equipment in accordance with Department security guidelines;

(c)  IMSs attend all mandated security training courses in accordance with Department guidance; and

(d)  IMSs attend ISSO training when appropriate to assume lead or alternate ISSO duties as required.

5 FAM 122 THROUGH 129  UNASSIGNED