Before starting any procedure that requires a security protection agreement, ensure that a special security protection assessment is completed. This means identifying what security-classified information or other security-sensitive activities a cooperating party might gain access to. The assessment should focus on whether the planned cooperation poses a risk from a security protection standpoint. The goal is to make sure sensitive information or activities are not exposed to unnecessary threats.

Document the outcome of the assessment clearly, including what was identified as sensitive and what protective measures will be taken. If the assessment concludes that the cooperation is not suitable from a security perspective, the procedure must not proceed.

In addition to identifying the risks through the special security protection assessment, organizations also evaluate whether the planned cooperation is appropriate. Consider both the specific nature of the planned activity and the sensitivity of the information involved. This helps ensure that external parties do not receive access to information or systems beyond what is safe or necessary.

The result of the suitability assessment should also be documented. If the cooperation is found to be unsuitable due to security risks, it should be stopped or restructured to eliminate those risks.