The Federal Bureau of Investigation's Terrorist Threat and Suspicious Incident Tracking System

Audit Report 09-02
November 2008
Office of the Inspector General


Appendix V
The Federal Bureau of Investigation’s
Response to the Draft Report

October 14, 2008

The Honorable Glenn A. Fine
Inspector General
United States Department of Justice
Suite 4706
950 Pennsylvania Avenue, NW
Washington, DC 20530

RE:  THE FEDERAL BUREAU OF INVESTIGATION'S TERRORIST THREAT AND SUSPICIOUS INCIDENT TRACKING SYSTEM

Dear Mr. Fine:

The Federal Bureau of Investigation (FBI) appreciates the opportunity to review and respond to your report entitled, "The Federal Bureau of Investigation's Terrorist Threat and Suspicious Incident Tracking System" (hereinafter, "Report").

The Report documents your examination of the polices and procedures used by the FBI to identify, assess, and track terrorist threats and suspicious incidents. In particular, the FBI's (1) Guardian Threat Tracking System; (2) Guardian threat assessment process and operational guidance established by FBI headquarters; and (3) Guardian threat assessment policies and procedures in practice at six FBI field offices were evaluated. Guardian is the automated system employed by the FBI which records, stores and assigns responsibility for follow up on counterterrorism threats and suspicious incidents. Guardian can also distribute immediate threat information to users, and analyze threat information for trends and patterns.

As noted in the Report, the FBI's Guardian application and related process represents a significant improvement from the past over how the FBI tracks and handles threat information as it provides users an automated workflow process to manage suspicious activity and threat information. Between July 2004 to November 2007, the FBI utilized Guardian to resolve over 100,000 potential terrorism-related threats, reports of suspicious incidents, and terrorist watchlist encounters. The overwhelming majority of these had no terrorism nexus yet the process provided sufficient predication to initiate over 600 terrorism and criminal investigations.

Based on a review of the Report, the FBI concurs with the seven recommendations for improvement made therein. To date, the FBI has implemented measures to resolve all of the identified issues. In the post-9/11world in which we live, the FBI remains fully committed to future enhancements of Guardian to ensure continued success in our counterterrorism efforts.

In conclusion, the FBI appreciates the professionalism exhibited by your staff in working with our representatives throughout this audit process. Enclosed herein is the FBI’s response to the report. With the instituted remedial changes already implemented throughout the FBI, I respectfully request the report be appended. In addition, in light of the new Attorney General Guidelines, we will maintain coordination with your office and report future progress on each of your recommendations. Please feel free to contact me should you have any questions.

Sincerely yours,




Michael J. Heimbach
Assistant Director
Counterterrorism Division
National Security Branch

Enclosure

1 - Mr. Thomas Puerzer
Regional Audit Manager
Philadelphia Regional Audit Office
Office of the Inspector General
U.S. Department of Justice
701 Market Street, Suite 201
Philadelphia, Pennsylvania 19106

Recommendation Responses

The FBI's Terrorist Threat and Suspicious Incident Tracking System


Recommendation 1:  Ensure SSAs and Supervisory Intelligence Analysts review threat incidents entered into Guardian.

FBI Response:  FBI Concurs. The FBI's existing Guardian Policy (GP) Electronic Communication (EC) defined "Supervisor," within the Guardian context as follows: 

  1. Supervisory Special Agents (SSAs)
  2. Acting Supervisory Special Agents (A/SSAs)
  3. Supervisory Task Force Officers
  4. Supervisory Intelligence Analysts (SIA)

The GP did not specifically refer to "Relief Supervisors," however, in many instances where there was a question of supervisory review of a Guardian incident; a "Relief Supervisor" did conduct an appropriate review of the incident report. Guardian Policy will be amended to specifically include "Relief Supervisors," and/or other individuals designated by FBI management to function in the Guardian "Supervisor" role. This will be designated by the ADIC/SAC or his or her designee, and will be documented via EC to the Guardian file. Additionally, the Threat Monitoring Unit (TMU) will draft updated Guardian Policy to clarify this issue, and to enumerate pending Guardian enhancements, as a result of the consolidated AGG for Domestic FBI Operations.

Recommendation 2: Ensure that terrorist threats and suspicious incidents entered in Guardian are closed or forwarded for investigation in a timely manner.

FBI Response:  FBI Concurs. Existing GP regarding this matter continues to be reinforced by the National Threat Center Section (NTCS). The NTCS compiles weekly statistics for Guardian compliance and communicates directly with FBI Field Office and Legat management via e-mail and/or EC to address any compliance issues. This includes incidents which are not addressed in a timely manner, as well as, to direct specific investigative action to mitigate a threat. Additionally, the Guardian Training Program (GTP) has begun to stress and will continue to stress the importance of entry of threats and suspicious activity incidents into Guardian, as well as the mitigation window dictated by policy. Current policy dictates all Guardian incidents should be closed within thirty (30) days of incident creation. Recent contact with the field reinforced the Counterterrorism Division's (CTD) dedication to ensuring timely mitigation, incident closure and/or forwarding for investigation. The TMU sends an e-mail communication to all field offices on a monthly basis detailing field office performance in addressing Guardian leads and instructing them to address any incidents not closed within 30 days. The TMU offers additional on-site Guardian training for field offices which are rated below minimally successful in complying with GP during any fiscal year.

Any reports of terrorism related threats, terrorists' events, or suspicious activity first received by the NTCS are immediately entered into Guardian by Counterterrorism (CT) Watch. CT Watch tracks the incident through Guardian and makes sure it is updated in a timely fashion. If the threat requires more sophisticated techniques beyond those allowed by the Attorney General Guidelines (AGG) for Threat Assessments (TA), the Guardian incident is closed and the threat is forwarded to the International Terrorism Operations Section (ITOS) within approximately 72 hours.

Additionally, the NTCS has two protocols for review of all Guardian threat incidents, one analytical and one operational. The Threat Review Unit (TRU) consists primarily of Intelligence Analysts (lA's), including two SIA's, and one Unit Chief SIA. This unit is responsible for the review of all Guardian incidents to determine trends or patterns with regard to threats in Guardian, and publishes a weekly Emerging Trend Report on the FBI Intranet. The CT Watch Unit has initiated a Threat Review Group (TRG) within CT Watch consisting of IA's, Staff Operations Specialists (SOS), and Personnel Service Contractors as well as SSAs. The TRG reviews all new Guardian threat incidents and ensures all possible investigative avenues are being actively pursued by the field or Legat. If the TRG determines additional investigative steps are necessary to completely mitigate any threat, the field or Legat will be contacted and directed to conduct the follow up measures.

Recommendation 3: Determine the value added by the completion of Guardian's supplementary tabs, issue comprehensive guidance, and ensure the field offices follow the guidance for completing the supplementary tabs.

FBI Response:  FBI Concurs. The completion of Guardian's supplementary tabs strengthens individual searches and improves analysis capabilities. The TMU will conduct periodic random sampling of new incidents to determine field office usage of the supplementary tabs. It has been determined by FBI analysts, that the completion of the supplementary tabs yields better search results. The TMU will draft updated Guardian policy to reinforce this issue. The GTP stresses the importance of populating the supplementary tabs upon incident entry and update as well as the resultant search benefit derived from doing so. New users are informed that the:  location, name, vehicle, target and weapon searches are fed directly from the incident supplementary tabs. New users are encouraged to creatively utilize several search tools available in Guardian to ensure they find complete results. Demonstrations of various search features during instruction reinforce this important point. The TMU has reinforced the need to populate the individual tabs for:  confidential human sources, targets, subjects, alleged groups, weapons/methods and vehicles not only when the incident is first entered, but also as information is received throughout mitigation of the threat.

Recommendation 4: Ensure that all threat information obtained from ongoing counterterrorism investigations that meets Guardian entry requirements is entered in Guardian.

FBI Response:  FBI Concurs. The GTP will continue to stress the importance that all new threat information meeting Guardian entry requirements, even those arising from an ongoing investigation or a terrorism event which has already occurred, is entered into Guardian in a timely manner. This is outlined in Guardian Policy, and reinforced with a scenario discussion exercise in the GTP. Additionally, the Automated Case Support (ACS) Unit is creating a new mandatory field in ACS to be utilized during the creation of all new 315 cases. This new field documents the origin of the 315 case, and will capture any case which originated as a Guardian incident. The new field is searchable and will provide an accurate count of 315 investigations which originated as a Guardian incident.

Current Guardian Policy dictates that all field offices, Legal Attaches and other FBI entities are required to enter all terrorism related threats and suspicious activity incidents into Guardian. This is mandatory even when a preliminary investigation or full field investigation is immediately opened. In all such instances that involve the immediate opening of an official investigation upon receipt of a terrorist related threat and/or suspicious activity report, a Guardian record must be created to summarize the nature of the incident. The record can be immediately marked "complete," after referencing the case file number and checking the appropriate boxes from the disposition tab, "drop down" menus.

Recommendation 5: Develop and implement a schedule to ensure technical patches to the Guardian systems are completed in a timely manner.

FBI Response: FBI Concurs. This recommendation has been implemented in coordination with scheduled technical patches to the Guardian system and performing emergency maintenance as needed.

The Guardian Technical Team (GTT) obtained clearance from the Technical Configuration Control Board (TCCB) to use an eight hour window during the first Saturday of each month to conduct any necessary maintenance to the Guardian program. Authority must be granted by the TCCB because the GP must be taken off line in order to perform this regularly scheduled maintenance. Any emergency maintenance is done on an as-needed basis with proper authority and special attention paid to minimal inconvenience to users. In January, 2008, TMU advised that a quarterly release schedule would take effect for calendar year 2008. As intended, three successful releases have been implemented this year to date.

Recommendation 6: Develop performance measurements to support the FBI's efforts to resolve terrorist threats and suspicious incidents.

FBI Response: FBI Concurs. This recommendation has been implemented beginning Fiscal Year 2007 by rating each Assistant Director in Charge(ADIC)/Special Agent-in-Charge (SAC) on their Performance Appraisal Reviews (PAR) and through the Inspection Division's (INSD) new Semi-Annual Program Reviews (SAPR) which contain sections which specifically addresses the field offices performance in the utilization of Guardian for documenting, tracking, and resolving potential terrorist threats.

Each field office is rated by CTD on an annual basis on their adherence to the threat mitigation period policy. The results of this rating are reflected in the ADIC/SAC's PAR. The following criteria are utilized to determine field office compliance with Guardian Policy: 

As part of the FBI INSD's re-engineered inspection process, the INSD developed new SAPRs for all FBI investigative programs. The SAPRs for both the International Terrorism (IT) and Domestic Terrorism (DT) Programs contain sections which specifically address the field offices performance in the utilization of Guardian for documenting, tracking, and resolving potential terrorist threats. The following criteria are utilized to determine IT/DT program compliance with Guardian: 

System enhancements are currently being implemented that will allow for enhanced tracking of various Guardian measures and statistics such as, the timeliness and results of TAs. Additionally, the system enhancements will permit the tracking of specific investigative techniques utilized in the vetting and/or mitigation of a threat or suspicious incident report (referred to as "Assessments" in the new AGG). Guardian will also track the number of incidents which result in initiation of a Preliminary or Full Investigation. It is anticipated that the aforementioned enhancements will be implemented on or before December 1, 2008.

In response to the September 29, 2008 signing of the new AGG for Domestic FBI Operations and the instant report regarding the FBI's Terrorist Threat and Suspicious Incident Tracking System, the NTCS will issue updated policy and guidance to all field offices and personnel working CT matters. This guidance will incorporate recommendations made by the DOJ/OIG and changes to the FBI's Threat Mitigation Policy and Procedures which are directly affected by the new AGG. This policy and guidance will be issued prior to the effective date of the new AGGs on December 1,2008.

As mentioned previously, the consolidated AGG were signed by the Attorney General on September 29, 2008 and will be fully implemented by December 1, 2008. Several changes to the Guardian Program, as well as enhancements to Guardian Policy will be necessary to comply with the new Guidelines. As a result of the below listed changes, the NTCS will have the ability to generate reports which track the timeliness and results of Assessments conducted in Guardian. These technology enhancements to the Guardian application are needed to effectively measure performance.

Change 1:  Guardian must have the ability to identify which approved investigative methods have been used in each assessment, therefore Guardian users will be required to document which methods were used in each incident. This will likely be accomplished by choosing one of the ten methods from a drop-down menu box whenever a new note is written to the incident. This will allow the user to clearly identify which method they are documenting with the note. Guidance and training will be made available when this change is completed.

Change 2:  Guardian must have the ability for the "Supervisor" to identify the correct 0­ASSESS file for upload. Guardian incident reports (FD-71a's) will no longer upload to the 324 classification files, as the 324 classification will be eliminated. Users will likely choose from a drop-down menu list of Assessment sub-files (A through U) for upload. Guidance and training will be made available when this change is completed.

Change 3:  Guardian must have the ability to designate an Assessment as a Sensitive Investigative Matter (SIM). The SIMs will require Chief Division Counsel (CDC) review and SAC approval in an Assessment, as soon as practical after the identification of the Assessment as a SIM. Guidance and training will be made available when this change is completed.

Change 4:  Guardian must develop language to include in all Assessments that are closed without leading to a predicated investigation indicating that, at the time of closing of the Assessment, there was no basis for further investigation by the FBI. Guidance and training will be made available when this change is completed.

Recommendation 7: Incorporate threat and incident performance measurements into existing resource allocation plans.

FBI Response: FBI Concurs. As previously mentioned, the NTCS currently utilizes Guardian performance measures as an element of the ADIC/SAC PAR. FBI Field Offices are measured on their Guardian usage, to include ensuring Guardian incidents are entered, and are closed or forwarded for investigation in a timely manner. This metric is also included in the INSD SAPRs for both the IT and DT Programs. TMU provides direct input to INSD in the evaluation of field office participation in the Guardian Program. Along with other performance measures, these evaluations are utilized by CT Executive Management (EM) to evaluate the effectiveness of each field offices' IT and DT Programs to determine if their Funded Staffing Levels for CT are appropriate based on the threat faced by each office.

The Resource Planning Office (RPO) established the Corporate Resource Planning Board (CRPB) to apply executive oversight to the resource allocation process and ensure resource decisions are made in accordance with the FBI's strategic objectives. The CRPB is responsible for reviewing all corporate-level resource decisions, including the management and review of positions, hiring decisions, and corporate plans. More specifically, the CRPB seeks to align existing resources, financial and human capital, and assets with the FBI's five-year strategic plan. The CRPB is comprised of executives representing a cross-section of FBI operational and support divisions. The Guardian staff will work with the CRPB to incorporate Guardian threat and incident performance measurements into existing resource allocation plans.

The FBI’s Terrorist Threat and Suspicious Incident Tracking System


Recommendation 1:  Ensure SSAs and Supervisory Intelligence Analysts review threat incidents entered into Guardian.

FBI Response:  FBI Concurs. The FBI’s existing Guardian Policy (GP) Electronic Communication (EC) defined "Supervisor," within the Guardian context as follows: 

  1. Supervisory Special Agents (SSAs)
  2. Acting Supervisory Special Agents (A/SSAs)
  3. Supervisory Task Force Officers
  4. Supervisory Intelligence Analysts (SIA)

The GP did not specifically refer to “Relief Supervisors,” however, in many instances where there was a question of supervisory review of a Guardian incident; a “Relief Supervisor” did conduct an appropriate review of the incident report. Guardian Policy will be amended to specifically include "Relief Supervisors," and/or other individuals designated by FBI management to function in the Guardian "Supervisor" role. This will be designated by the ADIC/SAC or his or her designee, and will be documented via EC to the Guardian file. Additionally, the Threat Monitoring Unit (TMU) will draft updated Guardian Policy to clarify this issue, and to enumerate pending Guardian enhancements, as a result of the consolidated AGG for Domestic FBI Operations.

Recommendation 2:  Ensure that terrorist threats and suspicious incidents entered in Guardian are closed or forwarded for investigation in a timely manner.

FBI Response:  FBI Concurs. Existing GP regarding this matter continues to be reinforced by the National Threat Center Section (NTCS). The NTCS compiles weekly statistics for Guardian compliance and communicates directly with FBI Field Office and Legat management via e-mail and/or EC to address any compliance issues. This includes incidents which are not addressed in a timely manner, as well as, to direct specific investigative action to mitigate a threat. Additionally, the Guardian Training Program (GTP) has begun to stress and will continue to stress the importance of entry of threats and suspicious activity incidents into Guardian, as well as the mitigation window dictated by policy. Current policy dictates all Guardian incidents should be closed within thirty (30) days of incident creation. Recent contact with the field reinforced the Counterterrorism Division's (CTD) dedication to ensuring timely mitigation, incident closure and/or forwarding for investigation. The TMU sends an e-mail communication to all field offices on a monthly basis detailing field office performance in addressing Guardian leads and instructing them to address any incidents not closed within 30 days. The TMU offers additional on-site Guardian training for field offices which are rated below minimally successful in complying with GP during any fiscal year.

Any reports of terrorism related threats, terrorists’ events, or suspicious activity first received by the NTCS are immediately entered into Guardian by Counterterrorism (CT) Watch. CT Watch tracks the incident through Guardian and makes sure it is updated in a timely fashion. If the threat requires more sophisticated techniques beyond those allowed by the Attorney General Guidelines (AGG) for Threat Assessments (TA), the Guardian incident is closed and the threat is forwarded to the International Terrorism Operations Section (ITOS) within approximately 72 hours.

Additionally, the NTCS has two protocols for review of all Guardian threat incidents, one analytical and one operational. The Threat Review Unit (TRU) consists primarily of Intelligence Analysts (IA's), including two SIA's, and one Unit Chief SIA. This unit is responsible for the review of all Guardian incidents to determine trends or patterns with regard to threats in Guardian, and publishes a weekly Emerging Trend Report on the FBI Intranet. The CT Watch Unit has initiated a Threat Review Group (TRG) within CT Watch consisting of IA's, Staff Operations Specialists (SOS), and Personnel Service Contractors as well as SSAs. The TRG reviews all new Guardian threat incidents and ensures all possible investigative avenues are being actively pursued by the field or Legat. If the TRG determines additional investigative steps are necessary to completely mitigate any threat, the field or Legat will be contacted and directed to conduct the follow up measures.

Recommendation 3:  Determine the value added by the completion of Guardian’s supplementary tabs, issue comprehensive guidance, and ensure the field offices follow the guidance for completing the supplementary tabs.

FBI Response:  FBI Concurs. The completion of Guardian’s supplementary tabs strengthens individual searches and improves analysis capabilities. The TMU will conduct periodic random sampling of new incidents to determine field office usage of the supplementary tabs. It has been determined by FBI analysts, that the completion of the supplementary tabs yields better search results. The TMU will draft updated Guardian policy to reinforce this issue. The GTP stresses the importance of populating the supplementary tabs upon incident entry and update as well as the resultant search benefit derived from doing so. New users are informed that the:  location, name, vehicle, target and weapon searches are fed directly from the incident supplementary tabs. New users are encouraged to creatively utilize several search tools available in Guardian to ensure they find complete results. Demonstrations of various search features during instruction reinforce this important point. The TMU has reinforced the need to populate the individual tabs for:  confidential human sources, targets, subjects, alleged groups, weapons/methods and vehicles not only when the incident is first entered, but also as information is received throughout mitigation of the threat.

Recommendation 4:  Ensure that all threat information obtained from ongoing counterterrorism investigations that meets Guardian entry requirements is entered in Guardian.

FBI Response:   FBI Concurs. The GTP will continue to stress the importance that all new threat information meeting Guardian entry requirements, even those arising from an ongoing investigation or a terrorism event which has already occurred, is entered into Guardian in a timely manner. This is outlined in Guardian Policy, and reinforced with a scenario discussion exercise in the GTP. Additionally, the Automated Case Support (ACS) Unit is creating a new mandatory field in ACS to be utilized during the creation of all new 315 cases. This new field documents the origin of the 315 case, and will capture any case which originated as a Guardian incident. The new field is searchable and will provide an accurate count of 315 investigations which originated as a Guardian incident.

Current Guardian Policy dictates that all field offices, Legal Attaches and other FBI entities are required to enter all terrorism related threats and suspicious activity incidents into Guardian. This is mandatory even when a preliminary investigation or full field investigation is immediately opened. In all such instances that involve the immediate opening of an official investigation upon receipt of a terrorist related threat and/or suspicious activity report, a Guardian record must be created to summarize the nature of the incident. The record can be immediately marked "complete," after referencing the case file number and checking the appropriate boxes from the disposition tab, "drop down" menus.

Recommendation 5:  Develop and implement a schedule to ensure technical patches to the Guardian system are completed in a timely manner.

FBI Response:  FBI Concurs. This recommendation has been implemented in coordination with scheduled technical patches to the Guardian system and performing emergency maintenance as needed.

The Guardian Technical Team (GTT) obtained clearance from the Technical Configuration Control Board (TCCB) to use an eight hour window during the first Saturday of each month to conduct any necessary maintenance to the Guardian program. Authority must be granted by the TCCB because the GP must be taken off line in order to perform this regularly scheduled maintenance. Any emergency maintenance is done on an as-needed basis with proper authority and special attention paid to minimal inconvenience to users. In January, 2008, TMU advised that a quarterly release schedule would take effect for calendar year 2008. As intended, three successful releases have been implemented this year to date.

Recommendation 6:  Develop performance measurements to support the FBI’s efforts to resolve terrorist threats and suspicious incidents.

FBI Response:  FBI Concurs. This recommendation has been implemented beginning Fiscal Year 2007 by rating each Assistant Director in Charge(ADIC)/Special Agent-in-Charge (SAC) on their Performance Appraisal Reviews (PAR) and through the Inspection Division’s (INSD) new Semi-Annual Program Reviews (SAPR) which contain sections which specifically addresses the field offices performance in the utilization of Guardian for documenting, tracking, and resolving potential terrorist threats.

Each field office is rated by CTD on an annual basis on their adherence to the threat mitigation period policy. The results of this rating are reflected in the ADIC/SAC's PAR. The following criteria are utilized to determine field office compliance with Guardian Policy:

As part of the FBI INSD’s re-engineered inspection process, the INSD developed new SAPRs for all FBI investigative programs. The SAPRs for both the International Terrorism (IT) and Domestic Terrorism (DT) Programs contain sections which specifically address the field offices performance in the utilization of Guardian for documenting, tracking, and resolving potential terrorist threats. The following criteria are utilized to determine IT/DT program compliance with Guardian:

System enhancements are currently being implemented that will allow for enhanced tracking of various Guardian measures and statistics such as, the timeliness and results of TAs. Additionally, the system enhancements will permit the tracking of specific investigative techniques utilized in the vetting and/or mitigation of a threat or suspicious incident report (referred to as “Assessments” in the new AGG). Guardian will also track the number of incidents which result in initiation of a Preliminary or Full Investigation. It is anticipated that the aforementioned enhancements will be implemented on or before December 1, 2008.

In response to the September 29, 2008 signing of the new AGG for Domestic FBI Operations and the instant report regarding the FBI’s Terrorist Threat and Suspicious Incident Tracking System, the NTCS will issue updated policy and guidance to all field offices and personnel working CT matters. This guidance will incorporate recommendations made by the DOJ/OIG and changes to the FBI’s Threat Mitigation Policy and Procedures which are directly affected by the new AGG. This policy and guidance will be issued prior to the effective date of the new AGGs on December 1, 2008.

As mentioned previously, the consolidated AGG were signed by the Attorney General on September 29, 2008 and will be fully implemented by December 1, 2008. Several changes to the Guardian Program, as well as enhancements to Guardian Policy will be necessary to comply with the new Guidelines. As a result of the below listed changes, the NTCS will have the ability to generate reports which track the timeliness and results of Assessments conducted in Guardian. These technology enhancements to the Guardian application are needed to effectively measure performance.

Change 1:  Guardian must have the ability to identify which approved investigative methods have been used in each assessment, therefore Guardian users will be required to document which methods were used in each incident. This will likely be accomplished by choosing one of the ten methods from a drop-down menu box whenever a new note is written to the incident. This will allow the user to clearly identify which method they are documenting with the note. Guidance and training will be made available when this change is completed.

Change 2:  Guardian must have the ability for the "Supervisor" to identify the correct 0-ASSESS file for upload. Guardian incident reports (FD-71a's) will no longer upload to the 324 classification files, as the 324 classification will be eliminated. Users will likely choose from a drop-down menu list of Assessment sub-files (A through U) for upload. Guidance and training will be made available when this change is completed.

Change 3:  Guardian must have the ability to designate an Assessment as a Sensitive Investigative Matter (SIM). The SIMs will require Chief Division Counsel (CDC) review and SAC approval in an Assessment, as soon as practical after the identification of the Assessment as a SIM. Guidance and training will be made available when this change is completed.

Change 4:  Guardian must develop language to include in all Assessments that are closed without leading to a predicated investigation indicating that, at the time of closing of the Assessment, there was no basis for further investigation by the FBI. Guidance and training will be made available when this change is completed.

Recommendation 7:  Incorporate threat and incident performance measurements into existing resource allocation plans.

FBI Response:  FBI Concurs. As previously mentioned, the NTCS currently utilizes Guardian performance measures as an element of the ADIC/SAC PAR. FBI Field Offices are measured on their Guardian usage, to include ensuring Guardian incidents are entered, and are closed or forwarded for investigation in a timely manner. This metric is also included in the INSD SAPRs for both the IT and DT Programs. TMU provides direct input to INSD in the evaluation of field office participation in the Guardian Program. Along with other performance measures, these evaluations are utilized by CT Executive Management (EM) to evaluate the effectiveness of each field offices’ IT and DT Programs to determine if their Funded Staffing Levels for CT are appropriate based on the threat faced by each office.

The Resource Planning Office (RPO) established the Corporate Resource Planning Board (CRPB) to apply executive oversight to the resource allocation process and ensure resource decisions are made in accordance with the FBI’s strategic objectives. The CRPB is responsible for reviewing all corporate-level resource decisions, including the management and review of positions, hiring decisions, and corporate plans. More specifically, the CRPB seeks to align existing resources, financial and human capital, and assets with the FBI’s five-year strategic plan. The CRPB is comprised of executives representing a cross-section of FBI operational and support divisions. The Guardian staff will work with the CRPB to incorporate Guardian threat and incident performance measurements into existing resource allocation plans.

 


« Previous Table of Contents Next »