Transactional Data Reporting: Providing Data Needed to Facilitate Program Management
There is a maxim of business that an organization cannot manage what it does not measure. At a basic level, this maxim recognizes the importance of data, like information surrounding performance, production activities, and distribution, to the success of a business. Given that competitive markets are dynamic, accessing such data and understanding it allows businesses to respond to market changes by adjusting various inputs to meet them. Readers will recall recent FAR & Beyond blogs (here and here) where the Coalition discussed the evolution and utility of Transactional Data Reporting (TDR) and where we noted, in part, that TDR “focuses on transactions at the order level, the most relevant, actionable data for GSA, customer agencies, and MAS contractors.” In this blog, we delve into this point to discuss the important role TDR plays in providing the General Services Administration (GSA) relevant data to improve contract performance continuously.
Under TDR, in addition to contract identifier information, contractors are required to provide, among other things, a description of deliverables, including part numbers and units delivered, along with the quantity of items sold, the price paid per unit, and the total price paid. By providing such information, contractors can avoid current program requirements, including the reporting of Commercial Sales Practices (CSP), the establishment of Most Favored Customer (MFC) commercial pricing/Basis of Award (BOA) customer benchmarks and pricing, tracking and aligning BOA/MFC pricing with prices given to GSA, and compliance with the Price Reductions Clause based on that tracking, where a price reduction for GSA could be triggered when BOA/MFC pricing and GSA prices are out of an agreed-to alignment.
At first glance, one immediately sees a critical distinction between the use of TDR and the use of BOA/MFC benchmarking and pricing: data quality. Even under the best of circumstances, the use of BOA/MFC benchmarking involves referencing old data based on old variables. TDR, in contrast, utilizes data that is updated frequently, reflecting changes in the market for the goods and services involved. Further, because BOA/MFC benchmarks are set at a given point in time, they take on an almost hypothetical quality, leaving the Government to validate its price reasonableness with low data quality audits somewhat detached from market realities. In effect, instead of leveraging updated data for management purposes, the focus of government and contractor administrative activity, which can be significant, changes from an analysis of price reasonableness to a simple analysis of compliance with a potentially stale benchmark.
In addition, the benefits of Government access to real-time data under TDR are significant. Aside from improved data quality, the Government receives important market intelligence. It can see which products are being used by which customer agencies, how they are being purchased, and, importantly, whether changes are taking place in the commercial market, and how any such changes are affecting product availability and pricing. At a time when supply chains remain strained, this data can help guide purchasing decisions by driving improved efficiency in product purchases or investigations into alternative sources of supply.
In addition to supporting improved buying decisions, the use of TDR reduces administrative time and cost, which is especially important for small businesses. TDR use streamlines the reporting process for those businesses by eliminating the need for the development of costly regimes to facilitate BOA/MFC benchmark compliance. By so doing, it helps facilitate the Administration’s goal of increasing procurement spending with small businesses, and it comes none-too-soon. As we have said,
… [A]ccording to the SBA, the number of small business prime contractors decreased by 6%, from 69,400 in 2020, to 65,428 in 2021. Further, there is data from GAO and others indicating that, from FY2011 to FY2020, the number of small businesses receiving DoD contract awards decreased by 43% (dropping from 42,723 to 24,296). During that same period, GDP grew by 34% from 2011 ($15.6 T) to 2020 ($20.9 T), and the total number of businesses in the U.S. economy also grew, increasing 7% from 2010 to 2019 (U.S. Census Bureau, 2021).
The benefits of the use of TDR are not hypothetical. In a blog discussing the expansion of TDR’s use, GSA’s Senior Procurement Executive, Office of Government-wide Policy, Jeff Koses pointed out:
Looking at historical data, the pilot’s overall performance based upon a documented evaluation plan showed steady progress. This includes:
- FY 18 results revealed that overall price position was maintained, and burden lowered. However, data remained questionable, and no buying strategies resulted.
- FY 19 results revealed substantial improvement in data completeness and in small business performance. However, we saw that the data hadn’t been used and data policy gaps existed.
- FY 20 results revealed that data completeness, contract-level pricing, and small business metrics all exceeded targets.
***
Since FY 19, performance on all nine-evaluation metrics was maintained or showed improvement. Most importantly:
- For three years in a row, contract-level pricing was better when TDR was used than it was when under Most Favored Customer (MFC) Pricing.
- Small businesses participating with TDR generate much stronger sales growth than small businesses under the MFC pricing.
- The data is now 98 percent complete making it even more actionable; and
- Contracting officer usage of transactional data is improving, but there is more opportunity here to improve.
Last Fall, GSA’s Commissioner of the Federal Acquisition Service, Sonny Hashmi, pointed out that,
The future of how we buy in government is going to require real time data, and the price reduction clause, which served a particular purpose a decade ago, two decades ago, isn’t good enough. We have to rethink how […] we buy products and services in government. And programs like the TDR are the way forward[.]
We agree. As set forth above, the use of TDR provides Government data that is more reflective of market realities than the benchmarking measures of the past, as it derives from transactions at the order level. The government can leverage this quality data to measure and facilitate its contracting and program management. So too, the use of TDR reduces the administrative burden, especially for small businesses, and by so doing, removes a significant and costly market entry burden for firms. All told, market and management imperatives support expanding TDR across the MAS program. It is time to afford all MAS contractors with the option of moving to TDR, and the Coalition stands ready to assist the agency in such efforts.
House Committee Restructures Federal Oversight
Federal News Network reports that the new leadership of the House Oversight and Accountability Committee (previously named the Oversight and Reform Committee) plans to create two new subcommittees, changing the structure of oversight for Federal operations. The Government Operations and Federal Workforce Subcommittee will focus on the civil service, Federal property, public records, government operations and performance, and the Federal-state relationship, according to a draft obtained by FNN. On the other hand, the Cybersecurity, IT and Government Innovation Subcommittee will oversee information security, IT, and procurement.
Sources noted that there may still be tweaks to the subcommittee system, which includes three other committees covering health care and financial services; economic growth, energy policy and regulatory affairs; and national and border security. All five subcommittees must be ratified by the committee members. The committee will be chaired by Rep. James Comer (R-KY), with Rep. Jamie Raskin (D-NY) serving as ranking member.
Mark Your Calendars for Next Week’s Coalition Events
Next week, the Coalition will be hosting two events. First, our Small Business Committee will have a members-only briefing, the Year in Review for Small Business Contractors, on February 1 from 10 am – 12 pm EST. Our panelists will be Ken Dodds, Government Contracting Industry Expert at Live Oak Bank; David Black, Partner at Holland & Knight; and Jon Williams, Partner at PilieroMazza.
Both small and large businesses are encouraged to register for the event to hear a summary of 2022 laws, regulations, and court decisions impacting small business government contracting. Topics will include mentor-protégé, joint ventures, and subcontracting; Small Disadvantaged Business (SDB) goals; Small Disadvantaged Veteran Owned Small Business (SDVOSB) and Women-Owned Small Business (WOSB) certification; and the Nonmanufacturer Rule and affiliation.
To register for the event, click here. Please direct any questions to JSnyderwine@thecgp.org.
Then, on February 2, we will be hosting a webinar available to members and non-members, The Cost of Security – Cost Accounting Considerations for CMMC on February 2 from 12:00 – 1:00 pm EST, led by Chess Consulting’s Mike Tomaselli.
As investments in cybersecurity capabilities are made in preparation for CMMC, Department of Defense (DoD) contractors are experiencing a consequent increase in their costs. Along with concerns about meeting cyber requirements, there is much concern about the ability to recover these costs under DOD contracts. Join us for a discussion on government contract cost accounting standards and principles, including allowability and allocability, that we can apply to CMMC costs, with an aim towards compliance and competitiveness.
To register for the webinar, click here. Please direct any questions to MCahill@thecgp.org.
GSA Launches Workplace Innovation Lab
FCW reports that the General Services Administration (GSA) has opened its Workplace Innovation Lab at its Washington, DC headquarters in an effort to understand what Federal agencies need from their office spaces. The 25,000 square-foot Lab contains six distinct suites with novel furniture and technology products intended to enhance the hybrid work experience, like collaborative seating nooks and state-of-the-art climate control technology. Federal employees may reserve areas in the space at no cost to their agencies and without an agreement through 2023. GSA will collect data through feedback surveys and sensors within the space, which will be shared with industry to help them serve the Federal marketplace.
The Lab is part of GSA’s broader effort to help Federal agencies handle leasing, outfitting, and using spaces in a world with more remote and hybrid work. Other ongoing projects include GSA’s Workplace Engagement Service, which provides consulting on workplace design from GSA experts or commercial partners, and the GSA commercial coworking program, which agencies have used since 2021 to rent commercial coworking space to cover short term needs. The Public Building Service also put out guidance this week with suggestions for helping employees return to the office. The guidance emphasized the need for agencies to maintain the benefits gained from remote work as a result of COVID while also taking advantage of in-person networking and collaboration.
SBA Transitions Veteran Owned Status Certification to MySBA Platform
Starting January 9, Small Business Administration (SBA) has taken over responsibility for certifying the veteran-owned status of small businesses in Federal contracting, reports Federal News Network. The FY 2021 National Defense Authorization Act required the SBA to take over certification from the Department of Veterans Affairs (VA), and the change ends self-certification in Federal contracts for veterans. SBA has chosen to not migrate the VA’s certification management system and instead will be using its own Veteran Small Business Certification (VetCert) program.
The program will be hosted on its new unified digital platform, MySBA. Following the transition, SBA plans on also adding HUBZone certification to the MySBA platform. Eventually, all certifications will be consolidated on a single centralized platform to ease the process for small businesses who qualify for multiple certifications. SBA has granted a one-time, one-year extension to current veteran-owned small businesses previously verified by the VA.
GSA Stands Up FedRAMP Committee
FCW reports that GSA is seeking nominations for its new committee on FedRAMP, the Federal government’s security and authorization program for cloud services and computing. Congress required GSA to establish the new 15-member Federal Security Cloud Advisory Committee in last year’s 2023 National Defense Authorization Act. It will study how to improve the FedRAMP authorization process, raise agency compliance, and “serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.”
In addition to Federal officials, the committee must have at least five members from cloud providers—two of which must be small businesses—and at least one member who works at an organization that performs FedRAMP readiness assessments. The committee will be required to produce its first report within the next two years and then annually thereafter. Nominations should be submitted by the nominee using GSA’s official form. The deadline for submissions is February 9.
FY2023 NDAA Makes Notable Changes to FedRAMP Program
The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.
By Moriah Daugherty, Susan B. Cassidy, Ashden Fein, Robert Huffman & Ryan Burnette, Covington & Burling
On December 23, 2022, President Biden signed the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) into law. As described in Covington’s Client Alert, FY23 NDAA: Provisions of Interest for Almost All Government Contractors, the FY23 NDAA contains provisions of interest for almost all U.S. Government contractors. One provision likely to be of particular interest to U.S. contractors who provide or plan to provide cloud computing services to the U.S. Government is the FedRAMP Authorization Act (the “Act”), which codifies the Federal Risk and Authorization Management Program (“FedRAMP”).
Of note, the Act creates a “presumption of adequacy” that cloud providers with authorization from one agency can use that authorization with other agencies. This is an expansion compared to the current process which allows authorizations by the FedRAMP Joint Authorization Board, but not authorizations from individual agencies, to serve as the basis for an agency’s own authorization process. It also creates the Federal Secure Cloud Advisory Committee, comprised of 15 members of the public and private sector, to provide recommendations regarding FedRAMP and the acquisition of cloud services more generally.
The Act adds certain sections to Chapter 36 of Title 44, United States Code, which addresses the management and promotion of electronic government services. Key provisions that may be of interest to U.S. Government contractors who provide or plan to provide cloud computing services to the U.S. Government include:
- Codifying the FedRAMP Program within GSA and Requirements to Identify and Assess Software Provenance. The Act codifies the FedRAMP program within the General Services Administration (“GSA”). GSA will be required to implement various processes to facilitate administration of the FedRAMP program, including implementing “a process to support agency review, reuse, and standardization, where appropriate, of security assessments of cloud computing products and services” and publishing guidance designed to “increase the speed, effectiveness, and transparency of the authorization process.” See § 3609. Additionally, GSA is required to, in coordination with other stakeholders, “determine the sufficiency of underlying requirements to identify and assess the provenance of the software in cloud services and products.” It is possible that this requirement may lead to increase scrutiny of foreign developed software in FedRAMP systems.
- Establishing the FedRAMP Board. The FedRAMP Board will be comprised of no more than seven senior officials and experts from U.S. Government agencies with “technical expertise in domains relevant to FedRAMP,” such as cloud computing, cybersecurity, privacy, and risk management. The FedRAMP Board is charged with providing “input and recommendations” related to the “requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.” See § 3610.
- Creating a Presumption of Adequacy. The Act establishes a “presumption of adequacy” for cloud computing services that have received a FedRAMP authorization. In addition, the Act requires U.S. Government agencies to confirm whether a cloud computing product or service has already received authorization prior to beginning the authorization process and, to the extent practicable, reuse existing assessments of security controls and materials. See § 3613. Although the legislation caveats that agencies may still impose their own security requirements where necessary, this statutory presumption may help to reduce costs and effort for FedRAMP providers seeking to sell the same service to multiple Government customers.
- Establishing the Federal Secure Cloud Advisory Committee (the “Committee”). The Committee will be comprised of no more than fifteen “qualified representatives” from the U.S. Government and the private sector, including at least one representative from an “independent assessment service” and at least five representatives from “unique businesses that primarily provide cloud computing services or products,” including at least two representatives from “a small business concern” as defined under the Small Business Act. The Committee is charged with providing advice and recommendations on “technical, financial, programmatic, and operational matters regarding secure adoption of cloud computing products and services.” See § 3616.
- Foreign Interests of Independent Assessment Services. The legislation requires that any independent assessment service that assists FedRAMP with determining whether to use a cloud service must annually submit to GSA information relating to any foreign interest, foreign influence, or foreign control of the service. Assessments services must also certify to the accuracy and completeness of this information, and notify GSA within 48 hours of changes in foreign ownership or control.
The legislation, including its codification of key aspects of the existing FedRAMP program, signals not only that the FedRAMP program is here to stay, but that Congress is taking an increased interest in security oversight, including in the areas of software provenance and foreign influence. U.S. contractors who provide or plan to provide cloud computing services to the U.S. Government may wish to continue monitor developments as the FedRAMP Authorization Act is implemented, including by monitoring guidance published by GSA in the future.
Healthcare Corner:
Federal Leaders in Health IT Address Agency Adoption of Zero Trust
HealthTech Magazine reports that agencies’ transition to a Zero Trust framework was a key focus at the 2023 AFCEA Bethesda Health IT Summit. Jon McKeeby, CIO for the National Institutes of Health Clinical Center, noted the struggle of balancing Zero Trust requirements with needs for clinical and patient care. As organizations reckon with establishing Zero Trust infrastructure to protect data, they must also balance the need to access that data in order to provide necessary information to researchers, scientists, clinicians, and administrators. To quote Gerald J. Caron, CIO and Assistant Inspector General for IT at the U.S. Department of Health and Human Services’ Office of the Inspector General: “We need to do a better job of managing effectiveness over compliance. To be effective at cybersecurity, being compliant is not enough. We need to know what we’re doing well, where we need to do more and where we have gaps.”
By Ken Dodds, Live Oak Bank
The following blog does not necessarily represent the views of the Coalition for Government Procurement.
Size Recertification Revelations
The Army’s RS3 contract is a multiple award IDIQ contract with large and small business contractors, which allows the agency to set aside orders for small business. There has been a great deal of litigation concerning whether a firm must be small at the time of offer for a set-aside order under the RS3 contract, or whether size for a set-aside order should be determined based on the firm’s size for the underling contract. In a recent size appeal decision, we learned two things. First, according to OHA the RS3 contract requires firms to be small at the time of offer for the set-aside order. It does not matter if the solicitation for the order explicitly requested size representations or certifications at the time of offer for the order. Second, SBA’s 2020 rule change which provides that firms must recertify their size in connection with orders set aside for small business under full and open contracts (like RS3), applies to solicitations for orders issued after the effective date of the rule (November 16, 2020). Language in the preamble stating that the rule did not have “retroactive effect” for purposes of compliance with Executive Order 12988 did not directly address whether the rule should apply to solicitations for contracts issued after the effective date, or should apply to solicitations for orders issued after the effective date under contracts awarded prior to the effective date.[1] Other language in the rule indicated that SBA intended to address the issue prior to expiration of all existing full and open contracts.[2]
In a Federal Circuit case involving RS3, 22nd Century was a small when it submitted an offer for the contract on May 9, 2015. The Army awarded 22nd Century a contract on March 1, 2019. On December 29, 2020, the Army issued a solicitation for an order that was set aside for small business. The solicitation for the order required firms to certify that they were small at the time of offer for the order. 22nd Century submitted an offer for the order and represented that it was small at the time of its offer for the RS3 contract. The Army awarded the order to 22nd Century, and two unsuccessful offerors protested. On June 4, 2021, the Area Office issued two size determinations finding 22nd Century other than small and ineligible for the order. 22nd Century appealed to OHA and OHA denied the appeal on September 21, 2021. The Army terminated the award to 22nd Century.
On September 28, 2021, 22nd Century filed a bid protest at the Court of Federal Claims (COFC) seeking to overturn the OHA decision and enjoin the Army from terminating the award of the order. The Federal Acquisition Streamlining Act (FASA) bars bid protests in connection with orders unless the order increases the scope, period or maximum value of the contract or the value of the order exceeds $25 million.[3] 22nd Century did not allege that either exception applied and COFC dismissed the protest.
22nd Century appealed to the Federal Circuit. While COFC can consider a size protest in connection with a bid protest over which it has jurisdiction, it does not have jurisdiction to independently review a size protest. The Federal Circuit found that the value of the order did not exceed $25 million, and thus the protest was barred by FASA. Further, the Federal Circuit rejected 22nd Century’s argument that even though it was not alleged in the complaint, its challenge was instead a claim under the Contract Disputes Act (CDA). 22nd Century did not allege that it had filed a claim with the contracting officer and had received a final decision. Further, there is no precedent for an injunction of a contract termination under the CDA. Thus, the Federal Circuit affirmed COFC’s dismissal for lack of jurisdiction.[4]
Do you have a topic you wish to be covered or a question on how Live Oak Bank can support your business? Email me at ken.dodds@liveoak.bank.
[1] 85 FR 66146, 66176.
[2] Avenge, Incorporated, SBA No. SIZ-6178 (November 15, 2022).
[3] 10 USC 3406(f).
[4] 22nd Century Techs. Inc. v. United States, Fed. Cir., No. 2022-1275, (Fed. Cir. 2023) 2023 WL 139156.
GAO Recommendations to Establish a Comprehensive National Cyber Strategy
The Government Accountability Office (GAO) published a report last week entitled Challenges in Establishing a Comprehensive Cybersecurity Strategy and Performing Effective Oversight as the first of a four-part series devoted to significant cybersecurity risks. The report notes that risks to essential technology infrastructure, such as energy, transportation, communications, and financial systems, are increasing, particularly through cyberattacks. GAO designated information security as a governmentwide high-risk area in 1997 and expanded the risk area to include protection of critical cyber infrastructure in 2003, and then again to include protecting the privacy of personally identifiable information in 2015.
Since 2010, GAO has made approximately 335 recommendations addressing cyber risk. As of December 2022, 190 of these recommendations have not been addressed or implemented.
The report focuses on four areas in which the Federal Government should act, including:
- Developing and executing a more comprehensive Federal strategy for national cybersecurity and global cyberspace – GAO recommends that the National Security Council work with agencies to update cybersecurity strategy documents to include performance measures, resource information, goals, and more. According to the Office of the National Cyber Director, the Administration is currently working on a national strategy.
- Mitigating global supply chain risks – GAO’s December 2020 review of 23 agencies found that none had fully implemented all seven foundational practices for supply chain risk management. 14 agencies had not implemented any of these practices. GAO recommends that these agencies fully implement the practices in their supply chain risk management approaches.
- Developing a governmentwide reform plan to address the cybersecurity workforce shortage – GAO has made several recommendations to address cybersecurity workforce challenges, such as developing a governmentwide workforce plan and other supporting documentation. In 2022, responsibility for addressing the governmentwide cyber workforce transitioned from OMB and DHS to the Office of the National Cyber Director, created in 2021. The office intends to address these issues through a national strategy.
- Ensuring the security of emerging technologies – In December, GAO reported on four agency initiatives to protect Internet of Things (IoT) and operational technology (OT) devices and systems. GAO found that these agencies had not developed assessment metrics or conducted IoT and OT cybersecurity risk assessments. GAO made eight recommendations to these agencies to establish metrics and evaluate IoT and OT cyber risks. GAO also reported on quantum technologies, stating that while they could bolster capabilities, they also pose a major cyber threat. Therefore, the Federal Government should ensure that its cybersecurity infrastructure evolves to address these potential threats.
Off the Shelf: Trends Shaping the Federal Procurement Market
This week, Brian Friel, Co-Founder of BD Squared, LLC, joined Off the Shelf for a wide-ranging discussion of the Federal procurement market, including the impending re-competes of major governmentwide contract vehicles.
Friel discussed the key trends that have shaped the Federal procurement market over the last decade, the increase in overall procurement spending, the growth of services, the efforts to consolidate contract vehicles, the effect of category management, and the rise of Best In Class contracts.
He also provided his insights and analysis on the evolution of source selection criteria from a traditional best value tradeoff model to a scorecard model with self-scoring by offerors.
Friel addressed how data analysis supports companies competing for contract awards on RFPs using a scorecard methodology, and provided an update on POLARIS, CIO-SP4, OASIS+, Alliant 3, and NASA SEWP VI.
SBA Seeking Candidates for IPA Talent Exchange Program
The Partnership for Public Service recently launched its Intergovernmental Personnel Act (IPA) Talent Exchange Program. The IPA enables experienced professionals from outside the Federal government—including state government, academia, and nonprofits—to serve in a Federal agency for up to two years before going back to their home organization. Candidates forgo the traditional hiring process and gain valuable professional experiences, their home organizations develop lasting relationships with participating agencies, and agencies receive targeted, diverse talent who will provide necessary expertise to government programs.
The Office of Government Contracting & Business Development at the SBA is seeking candidates for the Program Development Leader role. The position is a leadership role within the SBA’s executive team focused on providing policy and implementation guidance on a portfolio of programs that implement the Biden-Harris Administration’s goals around racial equity, manufacturing, supply chain, and government contracting. Candidates will bring unique policy perspectives and econometric/data analytics skills to recommend and evaluate the merits of policy interventions, ensuring that program designs incorporate the perspectives of state, local, and tribal government, as well as local entrepreneurial communities.
This IPA assignment will last for one year and is hybrid at SBA’s DC Office. You can read the full role description under the SBA header here.
To apply for an IPA assignment, click here.
For information on the program, click here.
AMSUS-SM and Coalition Webinar: Medical Device Cybersecurity from a VHA Perspective
On Wednesday, the Coalition and AMSUS-SM held a joint webinar, “Medical Device Cybersecurity from a VHA Perspective,” which covered how to initiate the cybersecurity approval process for medical devices, terminology and roles, and what contractors can expect during the VHA’s process.
Those who were unable to attend or would like to view the webinar again may find it here. Our thanks to the speakers, Robert Steldt, Chair of the Medical Device Security Working Group and Healthcare Technology Manager, VISN 12 at the VA, and Megan Friel, Acting Director Office of Healthcare Technology Management, and the moderator Alan James, MBA, HCISPP, CC, Senior Government Account Manager, Stryker.
