Multiple headlines appeared last week on one particular federal news site:
Watchdog:18F’s Slack Security Exposed GSA Data
OPM’s Sensitive Data on Feds Still Not Encrypted
FDIC Shakeup Over ‘Major Incident’ Revelations
From reading the articles that go with these headlines, it is uncertain what, if any, punishment the responsible parties in the first two articles will face and it is not at all clear that the FDIC “shakeup” involves more than procedure changes. All of these headlines can lull contractors into believing that if feds won’t hold themselves responsible consistently for data breaches or other contract performance issues, industry must be eligible for similar lenient treatment. Don’t you believe it!
Contractors are consistently held to higher standards than their federal counterparts for a simple reason: they can be. You have none of the personnel protections of a federal employee. Plus, most government contracts are written with the presumption that contractors are responsible for most things that can go wrong during a project. Contractors must perform per the requirements of their contract or face dispute and/or default actions. A fed that doesn’t perform is given multiple chances to improve, and even then faces only an administrative panel where the odds of some type of favorable outcome are in his or her favor.
No matter how well your people on the ground think they’re getting along with the customer, badge type matters a lot if problems develop on your project. If you, or one of your employees, causes a data problem in an agency the best you can hope for is that you will be able to transfer the offending employee to another project with another agency. Total project failures come with larger consequences.
The latest example of this is the now-former company Imperatis. This company was hired by the Office of Personnel Management (OPM) to harden its computer systems against future hacks. Unfortunately for Imperatis, its business appetite was much larger than its capability stomach. The company folded. Now OPM may issue a default termination, making it impossible for Imperatis’ people to work for others on future government contracts for as long as three years.
OPM can also pursue the company, and its former executives, for re-procurement costs, fines and other penalties. It’s a cinch that, in addition to the stigmata associated with a default termination, the people involved from Imperatis will face some time on the Excluded Parties List.
Government contractors must take contract performance issues seriously. If problems do develop on a project, communicate. Communicate with everyone including the project manager, the contracting officer’s representative and, especially the CO.
Most companies with problems avoid their CO like the plague, yet this is the only person who can ultimately modify your contract to make it easier for you to overcome difficulties. Most CO’s do not want to have to stop the project, terminate your contract, and re-compete a piece of work they thought they’d already gotten off their desk. As such, they are more inclined to try and work with you on fixable items. They can only do this, however, if they know what the issues are. Avoiding the CO can make a bad situation worse.
If you haven’t read the penalties for non-performance in your current government contracts, do so immediately. Make sure that everyone from executives to people working on the client site understand that, while feds may slap themselves on the wrist, the consequences for you are much more substantial. Your performance is your reputation. Guard it accordingly.