P.

O BOX 619820
DALLAS, TX 75261-9820
TEL (214-647-9600) * FAX (866-316-4142)

Foreign Ownership, Control and Influence (FOCI) Desktop Reference Guide

Supplemental Training to Initial and Annual Security and Insider Threat Awareness Training

This document is a supplement to the Special Security Agreement (SSA) that PDS Tech operates under in
coordinated effort with the Defense Counterintelligence and Security Agency (DCSA). It serves as a
desktop quick reference to provide additional guidance for employees in the area of foreign ownership,
control, or influence (FOCI). There are four documents that provide the framework surrounding FOCI,
(1) Special Security Agreement (SSA); (2) Affiliated Operations Plan (AOP); (3) Electronic
Communications Plan (ECP); and (4) Technical Control Plan (TCP). These plans serve as mitigation
measures in dealing with FOCI.

Precautions should be taken at all levels of the company and from all employees to ensure sensitive
Department of Defense and other US Government information is not disclosed to AKKA Affiliates or
foreign nationals. This includes:

a. Controlled Unclassified Information (CUI)

b. Export Controlled Technology or Information

If in doubt, ask. If you see something questionable, report it. Reporting an issue is the first step in
resolving it and therefore helps to ensure PDS’s requirements are successfully met.

Report foreign control or influence concerns or security violations/concerns to security@pdstech.com.

Additional contact information is located at the bottom of this document.

Note: This guide provides key daily quick reference highlights as the actual mitigation plans are quite
lengthy. The plans should always be referenced for more detailed guidance and information, which are
always available for review. If you have questions, consult your management, Security, or PDS Legal.
CONTENTS:

1. Special Security Agreement (SSA) key points

2. Affiliated Operations Plan (AOP) key points

3. Technology Control Plan (TCP) key points

4. Electronic Control Plan (ECP) key points

5. VISITS WITH AKKA AFFILIATES

6. POINTS OF CONTACT
 1. Special Security Agreement (SSA) Key Points

The purpose of the Special Security Agreement is to reasonably and effectively insulate foreign entities
from unauthorized access to classified and export controlled information; influence over PDS Tech’s
performance of classified contracts, participation in classified programs and AKKA’s involvement in PDS’s
business affairs shall be limited to participation in the deliberations and decisions of the Company Board
and authorized committees thereof.

 Visitation Policy – Pertains to all business AND social meetings between PDS Tech
associates/employees (Staff and Contract Employee) and AKKA associates/employees. This
includes AKKA personnel visiting PDS personnel at PDS locations; PDS personnel visiting AKKA
personnel at AKKA locations; and PDS/AKKA personnel meeting at third party locations.
o Visits between PDS Contract Employees (Contractors) and AKKA Affiliates should rarely
happen and should be premised by a legitimate need. Prior to any contact (in person,
telephonic, email, etc) with an AKKA Affiliate/Associate, a PDS Contract employee must
submit a request in writing to PDS Security for approval.
o Visit requests (VRs) shall be submitted to PDS Security at security@pdstech.com at least
seven (7) days in advance of the visit. Employees must provide sufficient lead time for
consideration of the VRs. If the request is less than seven days’ notice an “unforeseen
exigency” statement must be included in the VR.
o VR’s are just that, visit “requests”, they are not visit “notifications”. Until you receive a
“Visit Approved” email response, the visit has not yet been approved and you MAY NOT
meet with AKKA personnel.
o The VRs must include a by-name list of all individuals meeting and which company each
employee/associate represents. VR’s should also identify an alternate individual with
knowledge of the meeting (if applicable) and security personnel for the site being visited
(as appropriate).
o If a short notice meeting with an AKKA associate/employee becomes necessary such as
unexpected/unplanned (Adhoc meetings), you SHALL first contact the PDS Security
department at security@pdstech.com to seek approval to meet.
o Casual “greetings” (i.e., “Hello” in passing, etc.) do not require visit approval.

2. Affiliated Operations Plan (AOP) Key Points

This Plan provides PDS’s Government Security Committee (GSC) and the DCSA with an understanding of
the operational relationship between PDS and AKKA to ensure the risks related to the performance on
classified contracts are effectively mitigated.

 The AOP identifies approved “Services” that PDS Tech can perform for AKKA and/or in reverse.
These services may be shared third-party vendors, cooperative commercial arrangements, and
even “shared persons”.
 These Shared Services, Persons and Efforts include:
o Business Development coordination
 o Legal Department
o Human Resources Personnel
o Information Systems Security Manager (ISSM)
o Financial tools to include
 SAP BFC Consolidation and Financial Reports
 Kyriba Treasury Management
 Citrix
 Sage
 Syges
 Via Report Leases
 Anaplan
o Acquisition Analysis Services
o Marketing and Communication Services
 Prior to performing/receiving a new Service for/from AKKA that is not already outlined in the
existing AOP, to include administrative assistance functions please confer with the FSO and
Legal Department first.

3. Technology Control Plan (TCP) Key Points

This Plan prescribes all security measures determined necessary to reasonably foreclose the possibility
of unauthorized access to classified or export-controlled information by non-U.S. citizen employees or
visitors. The TCP shall also establish measures to assure that access by non-U.S. citizens is strictly limited
to only the information for which appropriate US Government (USG) disclosure authorization has been
obtained.

For Clarity: PDS is a non-possessing facility and does not handle classified information or export-
controlled technology information. The only information PDS staff employees handle relates to the
staffing requisitions/requests for these types of programs for the purposes of providing employment to
qualified individual contractors and providing these contract labor resources to Government prime
clients. Specific details related to these programs are segregated within the PDS Security Department.

 The Technology Control Officer (TCO) shall be given SEVEN days’ notice of ANY AKKA
Associate/Employee or foreign national visitors to the PDS facility.
 Controlled Unclassified Information (CUI) and Export Controlled Technology or Information
may NOT be released to foreign nationals, including AKKA Associates, without WRITTEN
authorization from the U.S. Government.
 Foreign nationals may NOT be granted unescorted access into access-controlled spaces.
 Foreign Persons employed by, assigned to (extended visit) or visiting PDS Tech, shall receive a
briefing that addresses:

o That prior to the release of Export Controlled Information to a

Foreign Person an export authorization from the U.S. Government
needs to be obtained by PDS Tech.
 o That they adhere to the Company's security rules, policies and procedures and in-plant
personnel regulations.
o The specific information that has been authorized for release to them.
o PDS Tech's applicable in-plant regulations for the use of facsimile, IT systems, and
reproduction machines.
o Violations of security procedures and in-plant regulations committed by Foreign Persons
are subject to PDS Tech sanctions. Sanctions for violations of these security procedures
or regulations may include but are not limited to suspension of employment,
termination of employment, removal from the facility, and a temporary or permanent
ban on entry to the facility.

Access Controls:

Only Cleared U.S. Citizens with a need-to-know are eligible for access to Classified Information. No non-
U.S. Citizen or any unauthorized person will be given access to any Classified Information.

In addition, no Foreign Person will be given access to any Export Controlled Information, unless any
required authorization is obtained in advance from the U.S. Government (typically in the form of a
specific license issued by the U.S. Government or specified in writing via the supported contract).

Foreign Persons who visit PDS Tech's premises will have their access controlled through several
mitigation protocols:

Physical Access is only granted with prior coordination through the PDS Security Department at
security@pdstech.com.

 All visiting personnel, regardless of nationality will be identified and badged appropriately upon
arrival to the facility.
 All Foreign Person’s visiting the PDS facility, including AKKA personnel, will be escorted by PDS
Tech staff employees for the duration of the visit. This does not include PDS Tech employees
who are foreign persons.
 All activity concerning the staffing of classified programs for PDS clients will be conducted by
assigned PDS staff members located in segregated areas of the facility. All attempts will be
made to limit exposure, discussion, and any details related to the DOD cleared programs being
actively resourced to personnel not identified to assist with these efforts and all non-US Citizen
personnel.

4. Electronic Communications Plan (ECP) Key Points

This Plan demonstrates how PDS Tech will monitor/control communications (i.e. email, fax, phone),
including the company’s unclassified network(s), to ensure there is no unauthorized disclosure of
classified or export-controlled information. It also ensures that PDS Tech’s unclassified network(s) is
separated from the Affiliates unless approved otherwise by the DCSA.

 PDS’s Network
o There are two wireless access points associated with the PDS Corporate Network.
  Protected network for use by PDS Staff employees ONLY and will only allow use
when authenticated with a PDS Tech Domain Username/Password.
 Isolated and Independent PDS Guest network for use by all visitors and AKKA
Affiliates. PDS staff employees should not use this access point to conduct
business unless necessary.
 Electronic Communications (EC) Recordkeeping
o All data communications (i.e., email, text messages, chats) and non-data
communications (voice calls, teleconferences, VTCs), (both incoming and outgoing) with
AKKA Affiliates shall be logged using the approved means as outlined in the working
Monitoring Procedures Annex to the ECP.
 Approved AKKA Affiliate Collaboration Tools/Apps
o Microsoft Office365, Skype Business
o No non-approved collaboration tools/apps may be used to communicate with AKKA
Affiliates.
 Authorized Communications Devices
o Only business provided devices (i.e., business PC, office VoIP line, business mobile
phones) are authorized for conducting business and communicating with AKKA
Affiliates. This primarily applies to PDS Staff employees but is included here for general
knowledge. For effective auditing purposes, employees shall NOT use the business lines
in an office other than their own.

Non-business provided PCs and phones are NOT authorized for use to conduct business or communicate
with AKKA Affiliates.

5. VISIT REQUESTS WITH AKKA AFFILIATES/ASSOCIATES

As previously disclosed above in the SSA procedures, please adhere to these DoD mandated
requirements for any meeting or contact with an AKKA Affiliate/Associate. If on assignment with a
Department of Defense (DoD) or U.S. Government client, sponsored or related program, PDS Contract
Employees should report any inappropriate or suspicious request for information related to their
assignment to PDS Security at security@pdstech.com immediately.

 Visits between PDS Contract Employees (Contractors) and AKKA Affiliates should rarely happen
and should be premised by a legitimate need. Prior to any contact with an AKKA
Affiliate/Associate, a PDS Contract employee must submit a request in writing to PDS Security
for approval.
 Visit requests (VRs) shall be submitted to PDS Security at security@pdstech.com at least seven
(7) days in advance of the visit. Employees must provide sufficient lead time for consideration
of the VRs. If the request is less than seven days’ notice an “unforeseen exigency” statement
must be included in the VR.
 VR’s are just that, visit “requests”, they are not visit “notifications”. Until you receive a “Visit
Approved” email response, the visit has not yet been approved and you MAY NOT meet with
AKKA personnel.
  The VRs must include a by-name list of all individuals meeting and which company each
employee/associate represents. VR’s should also identify an alternate individual with
knowledge of the meeting (if applicable) and security personnel for the site being visited (as
appropriate).
 If a short notice meeting with an AKKA associate/employee becomes necessary such as
unexpected/unplanned (Adhoc meetings), you SHALL first contact the PDS Security department
at security@pdstech.com to seek approval to meet.
 Casual “greetings” (i.e., “Hello” in passing, etc.) do not require visit approval.

6. POINTS OF CONTACT

If after reviewing this reference guide, you have a question regarding something related to FOCI, please
contact security@pdstech.com to address your question or concern.

PDS Security Department POC’s:

Karl Eichholtz
Corporate Facility Security Officer
Insider Threat Program Senior Official (ITPSO)
Keichholtz@pdstech.com
214-647-9662

Jim Brown
Facility Security Officer- Headquarters
jbrown@pdstech.com
214-647-9662

Technology Control Officer:

Luis Barrera
lbarrera@pdstech.com
214-647-9600 x10116

Chief Information Officer (CIO)

Information Systems Security Manager (ISSM):
Matt Hahn
mhahn@pdstech.com
214-647-9600x10219