FAR Part 39 – Acquisition of Information Technology

FAR Study Group

28 Jan 2014

Acquisition Policies and Procedures

Definition – Information Technology“Information technology” (IT) means any equipment, or interconnected system(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. IT includes: computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources. It does NOT include any equipment that--

(i) Is acquired by a contractor incidental to a contract; or

(ii) Contains embedded information technology that is used as an integral part of the product, but the principal function of which is not the acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. For example, HVAC (heating, ventilation, and air conditioning) equipment such as thermostats or temperature control devices, and medical equipment where information technology is integral to its operation, is not information technology.

Contracts-Information TechnologySetting up a contract

Speed of advancements in technology 1st generation lack of testing

1st generation lack of support

Information Life Cycle (Data) Gather, Compute, Store and Archive Data

Information Systems Life Cycle (Software/Hardware) Startup, Develop Systems, Make Systems Work and Disposal of Systems

Definitions

Modular Contracting – use of one or more contracts to acquire IT systems in successive, interoperable increments

National Security System – any telecom or information system operated by the US government, the function, operation, or use of which involves intelligence, or cryptologic activities, command/control of military forces, equipment that is an integral part of a weapons system, or is critical to the direct fulfillment of military or intelligence missions.

Y2K – Year 2000 compliance means the software correctly processes dates prior to and following the year 2000

FAR 39.1 General

Agencies may only acquire IT that is Y2K compliant

Follow OMB Circular No. A-127 Financial Management Systems to acquire such systems(Agencies are required to adopt the standard government business processes established by the Financial Systems Integration Office (FSIO) )

Follow IT Requirements OMB Circular No. A-130 (Management of Federal Information Resources) (How to manage the information life cycle Dissemination, Consider public, Government, new IT needs share with others, training, protect info, privacy)

Electronic Product Environmental Assessment (EPEAT) standards, and consider the rapidly-changing nature of IT(For example- appropriate disposal and data destruction)

FAR 39.1 General

Include appropriate IT security policies, including those of the National Institute of Standards & Technology (NIST)

Analyze risks, benefits and costs prior to entering IT contracts.

Clinger-Cohen Act of 1996 requires use of modular contracting when acquiring major IT systems – to reduce program risk and incentivize contractor performance

FAR 39.103 Modular Contracting

Modular Contracting advantages: Acquisition is divided into smaller increments

Easier to manage, increases likelihood of obtaining workable systems

Provides opportunity for subsequent increments to take advantage of technology evolutions

Reduces program risk by isolating & avoiding custom-designed components of the system

FAR 39.103 Modular Contracting

Consider the following factors: Use common or commercially-available standards to promote

compatibility

Performance requirements of each increment should be consistent with the performance of the completed overall system

Use appropriate contracting techniques (contract type and method, multiple awards, options, etc.)

(Firm fixed price)

Award contract within 180 days of solicitation issue date to maximum extent

FAR 39.104 &39.105

IT Services contracts should be performance-based

IT contracts shall address the protection of privacy (Privacy Act), with specific requirements for IT services that require the contractor to design/develop/operate a “system of records”

FAR 39.2 Electronic & Information Technology (EIT)

Implements Section 508 of the Rehabilitation Act of 1973

Agencies acquiring Electronic and Information Technology (EIT) must ensure that federal employees and members of the public seeking information who have disabilities have access comparable to those without disabilities.

Acquisition of EIT supplies/services must meet the applicable accessibility standards(Make sure software, e.g. keyboard navigation & focus captions are available, Audio for training, access to peripherals etc.)

FAR 39.2 Electronic Information Technology (EIT) If the agency justifies it has an “undue burden” then an

exception determination may be executed to be able to include supplies or services that are non-compliant with Section 508 – these are rare.

Accessibility requirements at FAR 39.203 do not apply to EIT that: Is purchased as a micro-purchase, is for a national security

system

Is acquired by a contractor incidental to a contract

Is in the “back-office,” or that would impose an “undue burden” on the agency (requires “undue burden” determination unless acquiring commercial items)