Show Notes:

  1. Introduction
    1. What is a FAR?
    2. What’s the differences with DFARs?
    3. What types of companies should be concerned?
    4. What are some examples of covered with these regulations?
  2. What are the reporting requirements?
  3. What sort of resources are available to help demonstrate compliance?
  • What is the Federal Acquisition Regulation (FAR)
    • The purpose of the FAR is to provide uniform policies and procedures for acquisition of goods supplied to the US federal government. Among its guiding principles is to have an acquisition system that satisfies customer’s needs in terms of cost, quality, and timeliness; minimize administrative operating costs; conduct business with integrity, fairness, and openness; and fulfill other public policy objectives
    • At over 1,800 pages in its entirety, is a substantial and complex set of rules governing the procurement of all goods and services required by the U.S. Government
    • When a federal government agency issues a contract, it will specify the applicable FAR provisions, which may be numerous. In order to be awarded a contract, a company must either comply with the provisions, demonstrate that it will be able to comply with them once awarded, or claim an exemption from them (eg. Small business exemption)
    • All government issued contracts include any number of the FAR and/or DFARS clauses either in full text or by reference requiring the company issued the contract to demonstrate compliance to the requirements
    • Failure to comply with the requirements of FAR and DFARS may result in loss of contract or monetary fines
  • What’s the differences with DFARs?
    • Updated in July of this year the DFARS is one of the best-known examples of an agency supplement to the FAR addressing further reporting requirements put forth by the Department of Defense
    • This supplement covers contracts with the office of the secretary of defense, branches of the military, and other defense agencies
    • In order to be in the running for one of these highly lucrative defense contracts, companies need to stay on top of the latest changes to DFARS and ensure their contracts, systems and processes reflect these requirements
  • What types of companies should be concerned?
    • Companies that conduct their business with agencies of the US govt including defense contractors
    • Additionally those companies selling to organizations which conduct business with agencies of the US govt. will likely be asked to supply certain documentation to support their customer’s ability to demonstrate compliance
    • Winning a federal or defense contract means complying with laws and regulations unique to those doing business with the government. Many new contractors as well as their suppliers, are often unprepared for the rules and regulations they must follow and demonstrate, which can lead to costly errors and potential legal problems
  • Why should they be concerned? What are some examples of concerns covered with these regs
  • Depending on the type of end product provided to government agencies, different types of concerns or risk becomes a focus in such situations
  • In consideration of DFAR 209.4: Debarment, Suspension and Ineligibility – governmental contractors need ensure they are not using sub-contractors or sources that a government agency has listed as debarred or suspended for fraudulent activity. Inability to demonstrate sufficient review of sub-contractors and sources may result in exclusion from government contracts for up to 3 years.  Most companies don’t have the ability to conduct watch and/or sanction list reviews without third party support.
  • Another example FAR 52.224.2: Privacy Act – requires contractors and suppliers safeguard personal information and access to records. In addition to a well-designed cyber security policy internal to a company this also would require any data shared with a supplier or sub-contractor meet the same requirements.  Ensuring suppliers maintain high quality safeguards to protect personal information shared through the sourcing of products and services requires a review of that suppliers practices as well as knowledge into the elements of a good data protection policy both physical and virtual
  • While as for ‘DFAR 223.8: Ozone Depleting Substances’ – supplier’s will need to note that none of its DoD contract may include specification or a standard that requires the use of class I ozone-depleting substances as per the Clean Air Act.  This would require verification of substance details on a per product or product family basis.  Collecting and maintaining these certifications while on the surface sounds simple enough requires a company maintain a program to collect and evaluate such certifications from its suppliers as well as for its own manufactured products
  • Reporting requirements
  • In many cases sufficient screening, policy reviews and certification collection and validation will allow reporting companies to demonstrate compliance. But the issue isn’t necessarily what you have to collect to demonstrate compliance to meet FAR requirements (or report to customers which are obligated to) it’s how you do it.  Having a platform which can automate the data collection process as well as act as a repository is where most struggle…
  • What sort of resources are available to help me demonstrate compliance with these regs
    • We’ve created workflows to meet 48 of the specific FARs/DFARS supplier reviews and data collection processes