Scope Gaps in SCIF Projects: Why Undefined Responsibilities Create Construction and Accreditation Risk

The Gap Nobody Claims

SCIF and SAPF projects involve multiple disciplines, multiple organizations, and multiple sets of requirements that all have to work together. Architects draw the walls. Engineers design the mechanical, electrical, and plumbing systems. The general contractor manages construction. The security manager monitors Construction Security Management compliance. The accrediting authority reviews the documentation.

Each of those parties has a defined role. The problem is what happens in the space between those roles, the areas where ICD 705 requirements create responsibilities that do not map cleanly to any one discipline's scope.

That space is where scope gaps live. And in secure facility work, scope gaps rarely stay quiet. They tend to surface as change orders, field disputes, failed inspections, or accreditation delays, all of which are more expensive to resolve than they would have been to prevent.

Why SCIF Projects Are Especially Vulnerable to Scope Gaps

On a conventional commercial project, scope gaps are a normal problem that experienced teams manage through standard coordination mechanisms. The consequences are usually financial, a change order, a delay, a warranty dispute.

On a SCIF or SAPF project, scope gaps carry additional risk because the requirements are performance-based and the evaluation is binary. The facility either meets ICD 705 requirements or it does not. There is no partial credit at accreditation review.

That creates a specific vulnerability: when a scope gap leaves a requirement unaddressed, it does not become a negotiation. It becomes a finding. And findings at accreditation — particularly those related to perimeter integrity, acoustic performance, or construction security compliance — require correction before the project can advance, regardless of how late in the process they surface.

Where Scope Gaps Most Commonly Occur

Acoustic assembly coordination. ICD 705 STC requirements apply to the entire secure perimeter, walls, floors, ceilings, doors, windows, and penetrations through all of them. The responsibility for designing and verifying each element often sits ambiguously between the architect of record, the security consultant, the contractor, and specific trade subcontractors. When no one has been explicitly assigned accountability for how all of those elements work together as a system, gaps appear.

Mechanical and electrical penetrations. Every pipe, conduit, duct, or cable that passes through the secure perimeter is a potential acoustic and RF vulnerability. ICD 705 has specific requirements for how those penetrations must be addressed. But design drawings for a SCIF project frequently involve multiple engineering disciplines, each documenting their own systems without always cross-referencing the secure perimeter requirements that apply to each penetration.

Construction Security Management. CSA protocols create responsibilities for access control, visitor management, inspection, and documentation during construction. Those responsibilities span the security manager, the general contractor, and the owner. When that ownership is not explicitly mapped at the beginning of construction, CSA compliance becomes reactive rather than managed.

As-built documentation and inspection records. Accreditation requires a clear, accurate record of how the facility was built and how security requirements were maintained throughout construction. When nobody has explicitly taken ownership of that documentation as a project deliverable, it tends to be assembled from incomplete memory after the fact.

PSC Perspective

The most effective thing PSC does on SCIF and SAPF projects is not pointing out problems. It is helping project teams establish clear responsibility for every element of secure facility compliance before those responsibilities become disputes.

That work happens in design, during preconstruction planning, and at the start of construction. It means reviewing the project's scope documents, specifications, and contract terms with an eye toward the specific questions that ICD 705 creates: Who is responsible for verifying acoustic performance of each perimeter assembly? Who owns the penetration schedule? Who is accountable for CSA documentation? Who generates the as-built record that the accrediting authority will review?

These are not complicated questions. But they require someone with secure facility experience to ask them at the right time, before the gap becomes a problem.

Practical Takeaways

Before a SCIF or SAPF project moves into design development, project teams should map every ICD 705 requirement to a responsible party. Not at the discipline level, at the specific-task level. That mapping should be reflected in contract documents, design specifications, and construction phasing plans.

If the team does not have someone in that coordination role who understands both the policy requirements and the project delivery process, that is the right moment to bring in external support. The cost of closing scope gaps during preconstruction is almost always lower than the cost of resolving them during construction or accreditation.

If your team is heading into a SCIF or SAPF project and you want to make sure responsibilities are clearly defined before construction starts, PSC can help you get there. Talk to an Expert: https://www.psc-consultant.com/talk-to-an-expert