An IT Security verification review will be conducted on all DOC sensitive or classified national security IT systems by an evaluation team under the direction of the DOC IT Security Manager or the operating unit ITSO every three years. The purpose of the IT security verification review is to provide a level of review and evaluation independent of the system owner, that will verify that adequate and appropriate levels of protection are being provided for the individual systems, based on their unique protection requirements. At the operating unit level, responsibility for conducting IT security verification reviews may be delegated to subordinate organizations as long as those subordinate organizations do not come under the direct control of the system owner. Detailed guidelines for conducting IT security verification reviews are contained in Section 5 of the "DOC IT Security Manual."