Mastering the New Steps to Bring FAR in Focus

Posted by Deltek on April 24, 2019

FAR Compliance in Focus

How the federal government purchases goods and services versus how the companies eager to compete in the government space offer up and tally compensation for those supplies is an ongoing tenuous tango. Finding a sure footing today is in no way a guarantee that tomorrow, “these are the steps, this is the routine,” will always and forever remain the same. As agencies change and needs evolve to keep pace with the times and technology, it stands to reason how the government and goods and services suppliers partner will experience its own transition.

In the recent webinar FAR in Focus: Decoding the Latest FAR Updates and Challenges, Deltek partner experts Matt Fogo, NeoSystems, and Eric Crusius, Holland & Knight LLP, reviewed their most encountered Federal Acquisition Regulation (FAR) hurdles and offered a forecast of what is likely to take the floor in terms of cybersecurity, procurement and labor rates.


 

FAR in Focus: Decoding the Latest Updates and Challenges


On Demand Webinar 

Watch Now

 

 

Cybersecurity Cha-Cha

Cybersecurity has never been a static issue. As breaches and breach attempts have trended up, so has the amount of resources being allocated for prevention and preventative measures. One of the first Executive Orders issued to specifically define and address controlled unclassified information (CUI) was Order 13556 later informed the FAR clause specifically addressing government contractor information systems.

Via the National Defense Authorization Act (NDAA) – developed in part to ensure those working in conjunction with the Department of Defense have the right methods in place to protect sensitive information – the next evolution of information protection, the National Institute of Standards and Technology (NIST), was born. The Under Secretary of Defense at the time stated that protection of controlled unclassified information residing in non-federal information systems and organizations is of paramount importance to federal agencies because of its direct impact on the ability of the federal government to successfully carry designated end user missions and business operations.

Fast forwarding a bit, the Defense Federal Acquisition Supplement (DFAR) clarified and further defined CUI for contractors, stating how data should be handled and establishing a government-wide online repository of federal-level guidance regarding CUI policies and procedures. Now more specifically defined as covered defense information (CDI), what information or systems are subject to scrutiny and next steps for proper security management have been fleshed out by DFAR. Fourteen control families, each with 110 required control roll ups, provide specific guidance for contractors working to build compliant systems within their organizations. Also reviewed through the lens of FAR, how the data is stored and transmitted, both within a contracting firm and as part of relationships with subcontractors. The 15 FAR expectations for safeguarding any information system owned or operated by a contractor that processes, stores, or transmits federal contract information provides an additional layer of guidance on what contractors need from their back office enterprise resource planning (ERP) systems, as an example.   

So, what is likely next regarding FAR and cybersecurity? Stricter compliance control from contract primes that flow down information to subcontractors is likely, with primes factoring a subs cybersecurity protocols and their abilities to prevent breaches as part of their selection criteria. Equally likely, more enforcement action in regards to DFAR and FAR standards. Also, as technology and threats evolve, an upgrade to the FAR clause itself to address changes is always expected.

The Lindy Hop of Labor Rate Changes

Updated labor clauses that align with Service Contract Act (SCA) and FAR compliance are making the rounds within government contracting firms as they address human resources policies and procedures. Contracts that fall under SCA must factor in one hour of sick leave for every 30 hours worked, for up to 56 hours (FAR 52.222-62). This also applies to three other contract types including Davis-Bacon Act (DBA) covered contracts. Companies can choose to provide more, but the minimum must be provided to all employees. Because the language for leave is broad – it can be the employee’s illness or an illness of a family member or somebody of affection – it is difficult to deny an employee taking leave.

An important wrinkle to keep in mind with sick leave is that some places around the country also have local labor rate laws, such as Massachusetts, Washington, D.C. and Maryland. The answer regulation writers give when asked about how to deal with these inconsistencies is that you go with the more generous of the leave policies.

FAR 52.222-17 addresses non-displacement of qualified workers as applied under SCA contracts. This clause requires incoming contractors to make offers of employment for all covered employees from an incumbent workforce. The exceptions, the burden or which rests on the contractor, include new staffing plans and performance of the employee.

As part of FAR 52.222-55, following January 1, 2019, the minimum wage for all workers working on or “in connection” with a covered SCA and DBA contract increased to $10.60, up from $10.35.

One of the newer FAR clauses (522.222-50) provides a prohibition list as a means of defining human trafficking. Direct or associated activity not allowed as part of the clause:

  • Trafficking in persons
  • Commercial sex acts
  • Forced labor
  • Denying access to identity or immigration documents
  • Use of misleading or fraudulent practices during recruitment
  • Charging recruitment fees
  • Failure to provide return transportation upon the end of employment
  • Provision of housing that fails to meet the host country housing and safety standards
  • Failure to provide an employment contract in the employee’s native language.

If a contractor has a contract for supplies to be acquired outside of the United States (other than commercial off-the-shelf items), and/or similar services to be performed outside the United States, with an estimated value that exceeds $500,000, the contractor is required to certify annually that “after having conducted due diligence”:

  • To the best of the contractor’s knowledge and belief: neither it nor any of its agents, subcontractors, or their agents are engaged in any trafficking activities; or
  • If abuses related to any prohibited activities have been found, the contractor or subcontractor has taken the appropriate remedial and reporting actions.

A human trafficking awareness program can be an excellent first step in building a compliance plan to address such concerns. It is also important to provide a process where employees can report trafficking activities without fear of retribution, agree upon a recruitment and wage plan that prohibits charging recruitment fees, and ensuring a housing plan that allows the housing to live up to the minimum standards of the host country, and prohibits, of course, trafficking in persons.

Section 809 Panel Paso Doble

As part of the 2016 NDAA, the Section 809 Panel was established and appointed to streamline and codify acquisition processes for the Department of Defense. Volumes one and two of the findings were released in January 2018 and June 2018 respectively and did much of the “heavy lifting” recognizing where there were inconsistent definitions for commercial products, purchases and costs. Of the recommendations, a narrowing of the scope for those definitions and separating out commercial products from commercial services, because these are two distinct things, was suggested. Report three was released in January 2019 and reviews protests and other issues.

2018 and 2019 NDAA Two-Step

Some of the updates from the 2018 NDAA include:

  • A loser-pays provision at the U.S. Government Accountability Office (GAO) for contractors with an annual revenue of $250 million or more.
  • Additional restrictions on lowest price technically acceptable (LPTA) source selection process.
  • A revised definition of subcontractors.
  • Revisions on how intellectual property is handled within the federal government.

Some of the changes to the 2019 NDAA have started to make an appearance. Additional restrictions to LPTA are being discussed. In regards to subcontractors, the Department of Defense is seeking more information on how past performance is evaluated, as well as information surrounding joint venture partners. Changes to the Other Transaction Authority (OTA) include Section 211, which addresses protests that happen on OTAs. Also, there are changes to the number limits and the monetary limits for OTAs, as well as Congress is seeking a regular report on OTAs, how much is being spent and the successes and challenges that the agency has had with OTAs.

Section 846 Portal Pachanga

The Section 846 Portal applies to commercial items under the simplified acquisition threshold, which was raised in 2018. The portal is currently in development, and because there will likely be more than one portal, more than one award is being granted. The General Services Administration (GSA) will write the regulations for the portal(s), and though there is no deadline to launch the portal(s), the report is a launch is expected before the end of 2019.

What Next?

Though extensive, this recap of the webinar FAR in Focus: Decoding the Latest FAR Updates and Challenges only scratches the surface of the wealth of information available within the on demand session, including an informative Q&A with the expert presenters. Make the time to review the download for yourself.