Facility Clearance issuance through DCSA is not a single event. It is a nine-phase sequence with predictable choke points and a realistic timeline of sixteen to twenty-four weeks for a clean Tier 1 case, twenty-four to thirty-six weeks for a case with FOCI mitigation, and longer for Top Secret and TS / SCI work.
The phases run in order. Sponsor verification confirms that the prime or government sponsor relationship is real, current, and supports DCSA submission. KMP and FOCI triage identifies Key Management Personnel and surfaces foreign ownership, control, or influence factors. The document package includes DD-441, SF-328, KMP designations, FSO designation, and supporting submissions in the format DCSA expects. KMP clearance initiations push personnel investigations into the DoD CAF queue. Security program standup establishes NISPOM-compliant policies, procedures, insider-threat program, and required postings. FSO preparation trains and equips the designated FSO before issuance, not after. ISR liaison coordinates with the assigned DCSA Industrial Security Representative through submission and validation. Pre-FCL inspection readiness runs a mock inspection and remediates findings before the real DCSA review. DCSA issuance and handoff closes the engagement and transfers operating control.
The work is concrete. The artifacts are specific. There is no part of this that benefits from improvisation.
Three stall points account for nearly every cleared small business that drifts past its sponsor's procurement window without an issued FCL.
KMP clearance investigation queues. Personnel investigations at the DoD Consolidated Adjudications Facility are not driven by your timeline. They are driven by the queue. Investigation depth varies, foreign travel histories add weeks, and certain financial or criminal flags trigger expanded scope that nobody anticipated. A KMP with a clean background is faster than one with even a single complication, and most cleared shops do not run their KMPs through a pre-application diagnostic before submission. That is a self-inflicted delay.
FOCI documentation incompleteness. SF-328 looks like a short form. It is not. The questions about foreign ownership and influence are fact-pattern questions with significant downstream consequences. A vague answer triggers DCSA follow-up, which triggers a documentation rework cycle, which triggers a multi-week delay. Companies that have a single foreign citizen on the cap table, a foreign-domiciled supplier in the chain, or a foreign board observer almost always need to engage the FOCI question before they submit, not after.
Security program standup that fails the pre-FCL inspection. Standing up a NISPOM-compliant security program is real work. Policies, procedures, designation letters, training records, insider-threat program documentation, required postings, an actual file structure that survives an inspector walking through it. Many cleared shops paper this up in the week before the inspection. It is visible from across the room when they have done that. The inspection bounces, and the shop discovers that a finding requires a remediation cycle of its own.
The pattern is consistent. A small business secures a sponsor letter. It treats that letter as the hard part. It does not budget the operational time for the work that follows. The FSO designate is a senior person, typically the CEO or the COO, who has fifty other things to do and now needs to learn the NISPOM, run a security program, and shepherd a clearance application through DCSA simultaneously with running the company.
Documents go in incomplete. They come back. The KMPs are juggling the day job and the clearance paperwork. The sponsor relationship cools because the sponsor's procurement calendar does not pause for a slow small business. Twenty-four weeks turns into thirty-six. The sponsor awards the procurement to a different contractor who already had an FCL on the shelf. The small business is now cleared, sort of, several months later, with no work to do.
This is the version of the story that does not appear in the marketing material of every FCL service in the market. It is the version every cleared FSO has seen happen to someone they know.
When Bedrock scopes an FCL Setup engagement, we ask five diagnostic questions before we propose anything. None of them are about the company's revenue or its cap table. All of them are about whether the engagement is set up to succeed.
An FCL Setup engagement is not a paperwork exercise. It is an operational change to your company. Companies that treat it as paperwork stall. Companies that treat it as an operational change finish, on time, and use the clearance.
If your company is somewhere in the nine-phase sequence and the timeline is slipping, the most useful thirty minutes you can spend this week is a structured walk-through of where the application actually sits, who is accountable for each open item, and where the next stall is most likely to surface.
That is what we offer as a thirty-minute FCL risk review. No commitment. We listen to the situation. We mark the predictable stalls. We tell you whether your sponsor's procurement window is realistic against the application's actual position. You walk away with a one-page assessment. Either we are useful to you on the next phase, or you have a clearer picture of what to do without us. Either way, you keep the assessment.
Short, practical field notes on FCL readiness, DCSA inspection risk, SCIF / SAPF execution, sources sought signals, and cleared-business growth. Written for operators, not tourists. Four issues a year. Unsubscribe with one click.
