Which statement describes non-reportable practices dangerous to security?

• A. Must be reported to NCIS
• B. Must be documented and CO notified
• C. Should be ignored
• D. Must be published in a newsletter

Answer: (B)

Handling practices that could compromise security but aren’t actual crimes is about escalation and record-keeping. When you encounter something that poses a security risk but doesn’t require outside investigation, the correct action is to document the issue and notify the Commanding Officer. This puts the issue on the official radar, allows a security risk assessment, and prompts corrective actions or training to prevent recurrence. It also creates a formal trail for accountability and trend analysis, helping the unit strengthen its defenses without unnecessarily involving investigative agencies.

Reporting to NCIS would imply a criminal investigation, which isn’t warranted for non-criminal security vulnerabilities. Ignoring the issue is unsafe, and publishing details in a newsletter would expose sensitive information and bypass proper security channels. Documentation plus CO notification is the proper, controlled way to address the risk.