Read Part 5
Part 6 of 6
Key Details: Navigating the compliance maze in the government contracting industry can be a daunting task. Understanding the fundamental compliance requirements is essential for any government contractor looking to succeed in this highly regulated industry.
In this 6-part series, we break down some of the most critical compliance areas that every government contractor should be aware of. This article series covers the following topics:
Every government contractor’s compliance requirement may vary significantly depending on their company size, the nature of contracts, and the specific government agencies they work with. As such, it is critical to consult with a trusted advisor to understand the requirements specific to your company. Note that the items included in this article are not wholly exhaustive but are intended to be used as a guide as you build your compliance program.
At Ryan & Wetmore, we work closely with contractors to ensure they meet relevant requirements and avoid potential pitfalls. To assist in this process, we offer a detailed compliance questionnaire designed to help you assess your unique compliance needs. Speak with a Ryan & Wetmore advisor today to learn more.
Other Compliance Considerations
Ryan & Wetmore’s other general compliance section of the questionnaire encompasses a wide range of responsibilities and requirements that contractors must manage to ensure they meet federal regulations and contractual obligations. The following list is not exhaustive; contact Ryan & Wetmore for a more exhaustive list.
- If your company participates in a set-aside program, ensure the necessary compliance requirements and other participation criteria are met. For example, the 8(a) Business Development Program has specific net worth and adjusted gross income requirements, while the HUBZone program has requirements on business size and employee location.
- Review and ensure that your business is certified for each set-aside program you participate in. This includes renewing certifications as required and maintaining documentation for review.
- Confirm your company’s size based on industry standards (e.g., revenue or employee count) and update it if the business expands or changes.
- If your company is a prime contractor on a large government contract, you may be required to implement a subcontracting plan that allocates a portion of work to small businesses. Ensure that your plan meets the requirements of the FAR and is submitted to the government agency overseeing the contract.
- Review joint venture agreements, including SBA Mentor-Protégé program participation, to ensure requirements have been met in regard to reporting, limitations on subcontracting, and contract performance / workshare. Additionally, review and be aware of how these programs may affect affiliation and receipts/employees attributable to joint venture partners under SBA size standards.
- Assess the types of data your company handles and determine what cybersecurity regulations you are required to meet.
- FAR 52.204-21 - Basic Safeguarding of Covered Contractor Information Systems: This regulation mandates basic cybersecurity measures to safeguard controlled unclassified information (CUI) in contractor information systems. Assess your company’s information systems and implement required safeguards if applicable.
- DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting: If your company handles defense-related information, you must comply with this clause, which requires incident reporting and the safeguarding of CUI. Establish processes for reporting cyber incidents to the government.
- Determine if the Cybersecurity Maturity Model Certification is required and conduct an internal assessment of compliance.
- Establish protocols for reporting any cyber incidents to the appropriate government authorities. Federal regulations require contractors to report incidents involving CUI or covered defense information.
- Review your company’s IT policies and cybersecurity strategies to ensure they meet federal and industry standards. Conduct regular cybersecurity training for your employees, focusing on best practices like password management, phishing awareness, and secure handling of sensitive data.
- Ensure compliance with the Buy American Act (BAA) if applicable, which requires the use of domestic products in government contracts. Verify whether the products you supply meet BAA’s requirements for domestic end products and construction materials.
- Understand whether your contract falls under the Trade Agreements Act and the requirements under this.
Conclusion and Action Plan
Navigating the complexities of government contracting requires a rigorous and proactive approach. From adhering to FAR requirements and ensuring proper accounting practices to maintaining ethical standards and labor law compliance, government contractors must remain vigilant in meeting all federal requirements.
To learn more about your compliance requirements or to discuss our compliance questionnaire, contact Ryan & Wetmore today.
Today’s Thought Leaders
About Peter Ryan
Partner, Co-founder, & CPA
Peter T. Ryan co-founded Ryan & Wetmore in 1988 with business partner Michael J. Wetmore. Peter provides clients with the best strategies for success. His expertise extends across various industries. Peter obtained a Master of Business Administration in Finance from the University of Baltimore and a Bachelor of Arts in Accounting from the Catholic University of America.
Read Pete’s full bio.
About Rosie Cheng
Finance Consultant
Rosie Cheng is a Finance Consultant at Ryan & Wetmore. She focuses on government contracting services and produces many of the firm’s government contracting newsletters. Rosie graduated from Georgetown University with a Master of Science in Management and from William and Mary with a Bachelor of Business Administration.