c ontractor access to sensitive information
Download
Skip this Video
Download Presentation
C ontractor Access to Sensitive Information

Loading in 2 Seconds...

play fullscreen
1 / 33

contractor access to sensitive information - PowerPoint PPT Presentation


  • 229 Views
  • Uploaded on

C ontractor Access to Sensitive Information . Background. For years contractors have submitted sensitive information in responding to NASA solicitations. Similarly, contractors have submitted sensitive information in performing contracts. Background.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' contractor access to sensitive information ' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
background
Background
  • For years contractors have submitted sensitive information in responding to NASA solicitations.
  • Similarly, contractors have submitted sensitive information in performing contracts.
background3
Background
  • Traditionally, only government employees have received, analyzed, and used contractor submissions.
  • Federal felony for government employees to disclose sensitive information to unauthorized people/entities.
background4
Background
  • Felony protection of sensitive came from the Trade Secrets Act.
    • Applies only to government employees.
    • Prohibits government employees from disclosing “trade secrets” to unauthorized parties.
  • Threat of felony prosecution gave contractors confidence to submit sensitive information.
background5
Background
  • Statute defined “Trade Secret” broadly:
    • Information on processes, operations, style of work, amount or source of income, profits, losses, or expenditures.
  • Defined prohibition vaguely:
    • Government employees may not disclose “to any extent not authorized by law.”
background6
Background
  • Apparent assumptions behind Trade Secrets Act:
    • Except when authorized by law, one contractor should not have access to another’s sensitive information.
    • Property law has always authorized owner to consent to disclosure.
background7
Background
  • FAR 9.505-4 implements these concepts for government procurement.
    • Classifies access to another contractor’s information as organizational conflict of interest.
    • Requires specific parties to resolve conflict before disclosure can occur.
background8
Background
  • Owner and contractor receiving access must agree in writing on disclosure.
  • Contracting officer must obtain copy of terms and ensure properly executed.
  • Maintain in contract file.
background9
Background
  • Implicitly, FAR 9.505-4 assumed situation would arise rarely.
  • Labor-intensive, formal process.
  • Parties must be known in advance and willing to agree on terms of disclosure.
background10
Background
  • In procurement context, FAR 9.505-4 assumes:
    • Contractor has been selected to perform specific tasks using identified data.
    • Owner is willing to allow identified party controlled access for specific purposes.
background11
Background
  • Implicit dynamics behind FAR 9.505-4:
    • Before any disclosure occurs, owner receives notice.
    • Notice allows owner to reject disclosure.
    • Or, owner can control use of information and impose protection procedures.
background12
Background
  • FAR 9.505-4 stayed same since 1984.
  • Since then, practical realities and policy shifts have changed procurement environment.
background13
Background
  • Practical pressures for change:
    • Significant downsizing of government.
    • Agencies must still support activities and functions.
background14
Background
  • Policy pressures for change:
    • “Competitive Sourcing” initiative drives agencies to private sector for support.
    • Exception for “Inherently governmental functions” limited to establishing policy and spending tax dollars.
proposed solution
Proposed Solution
  • FAR 9.505-4 not adequate for NASA in today’s environment.
  • Would require multiple, inter-related protection agreements.
  • At time when parties, needed information, and type of protections are all unknown.
proposed solution16
Proposed Solution
  • FAR 9.503 allows agency head to waive any conflict of interest rule.
  • Requires written finding why compliance is not in the Government’s interest.
  • NASA waived FAR 9.505-4 consistent with above discussion.
proposed solution17
Proposed Solution
  • Waiver will allow NASA to pursue broad competition among service providers to support activities and functions.
  • Developed self-executing system of procurement policy, procedures, and clauses.
    • Flexible to cover full range of operations.
    • Provides sufficient protection of information.
proposed solution18
Proposed Solution
  • New system recognizes NASA can define only services needed.
  • Exact information necessary to provide support may not be known in advance.
  • To provide support, must have access to all necessary information.
proposed solution19
Proposed Solution
  • Owning contractors may fear access could compromise competitive positions.
  • Narrowing definition of “sensitive information” could allay fear of compromise.
  • Yet, narrow definition may block service provider from performing needed support.
proposed solution20
Proposed Solution
  • As alternative, NASA will use reciprocal clauses to address:
    • Cannot identify service provider before award.
    • Cannot define precise information needed to perform support.
  • One clause= access with commitments.
  • One clause= consent with defined protections.
proposed solution21
Proposed Solution
  • “Access to Sensitive Information” clause: in any contract to perform support that may need access to sensitive information.
  • “Release of Sensitive Information” clause: in all contracts to document consent to release information needed by service provider.
proposed solution22
Proposed Solution
  • “Access” clause: limits extent of information necessary to perform specified services.
  • “Release” clause: allows access only to information needed to perform specified services.
proposed solution23
Proposed Solution
  • “Access” clause: service provider must keep information in own organization and train employees in protection procedures.
  • “Release” clause: to get access, service provider’s contract must contain “Access” clause.
proposed solution24
Proposed Solution
  • “Access” clause: employees must provide written affirmations training was received.
  • “Release” clause: access to information conditioned on affirmations about training.
proposed solution25
Proposed Solution
  • “Access” clause: service provider agrees to monitor compliance, report breaches, and take corrective actions.
  • “Release” clause: conditions access to information on service provider agreeing to monitor, report, and correct.
proposed solution26
Proposed Solution
  • “Access” clause: use information only for specified services, prevent unauthorized uses, and limit use to those who need it.
  • “Release” clause: recognizes access for limited uses, subject to safeguards, and only as needed to perform services.
proposed solution27
Proposed Solution
  • “Release” clause: owning contractor shall identify sensitive information entitled to protection.
  • “Release” clause: contracting officer shall evaluate claims that information is sensitive.
  • “Release” clause: unless grounds to challenge claim, service provider will comply with protections.
nasa final rule
NASA Final Rule
  • After lengthy notice and comment process, publish final revisions to NASA FAR Supplement in June.
  • Just began using new approach, but in time seems likely to be workable solution.
proposed far solution
Proposed FAR Solution
  • DAR Council has now tasked Acquisition Law Team to consider FAR coverage.
  • Focus on enabling commercial support for government operations that require access to sensitive information.
  • Try to avoid intellectual property problems that have plagued FAR writers since 1984.
proposed far solution30
Proposed FAR Solution
  • Case must specifically address how to deal with FAR 9.505-4.
  • Coverage to consider recognized organizational conflict of interest.
  • FAR could leave to agency discretion whether to waive.
proposed far solution31
Proposed FAR Solution
  • FAR definition of “sensitive information” may need expressly to exclude “technical data,” as discussed in FAR Part 27.
  • Main focus of coverage is financial and administrative information.
  • NASA left definition broad in case access to technical data needed by service provider supporting source selections.
proposed far solution32
Proposed FAR Solution
  • Except for one industry association, NASA coverage did not elicit many comments.
  • Proposed FAR coverage likely to get more attention during public comment phase.
proposed far solution33
Proposed FAR Solution
  • FAR touches much broader spectrum of interest groups.
  • Agency concerns with technical data issues have varied for years.
  • Vocal and diverse interest groups should improve quality and precision of coverage.
ad