1. FAR Part 39 – Acquisition of Information Technology FAR Study Group 28 Jan 2014 Acquisition Policies and Procedures

2. Definition – Information Technology “Information technology” (IT) means any equipment, or interconnected system(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. IT includes: computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources. It does NOT include any equipment that-- (i) Is acquired by a contractor incidental to a contract; or (ii) Contains embedded information technology that is used as an integral part of the product, but the principal function of which is not the acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. For example, HVAC (heating, ventilation, and air conditioning) equipment such as thermostats or temperature control devices, and medical equipment where information technology is integral to its operation, is not information technology.embedded

3. Contracts-Information Technology Setting up a contract Speed of advancements in technology  1 st generation lack of testing  1 st generation lack of support Information Life Cycle (Data)  Gather, Compute, Store and Archive Data Information Systems Life Cycle (Software/Hardware)  Startup, Develop Systems, Make Systems Work and Disposal of Systems

4. Definitions  Modular Contracting – use of one or more contracts to acquire IT systems in successive, interoperable increments Modular Contracting  National Security System – any telecom or information system operated by the US government, the function, operation, or use of which involves intelligence, or cryptologic activities, command/control of military forces, equipment that is an integral part of a weapons system, or is critical to the direct fulfillment of military or intelligence missions. National Security System  Y2K – Year 2000 compliance means the software correctly processes dates prior to and following the year 2000 Y2K

5. FAR 39.1 General  Agencies may only acquire IT that is Y2K compliant  Follow OMB Circular No. A-127 Financial Management Systems to acquire such systemsOMB Circular No. A-127 (Agencies are required to adopt the standard government business processes established by the Financial Systems Integration Office (FSIO) )  Follow IT Requirements OMB Circular No. A-130 (Management of Federal Information Resources)OMB Circular No. A-130 (How to manage the information life cycle Dissemination, Consider public, Government, new IT needs share with others, training, protect info, privacy)  Electronic Product Environmental Assessment (EPEAT) standards, and consider the rapidly-changing nature of ITEPEAT (For example- appropriate disposal and data destruction)

6. FAR 39.1 General  Include appropriate IT security policies, including those of the National Institute of Standards & Technology (NIST) (NIST)  Analyze risks, benefits and costs prior to entering IT contracts.  Clinger-Cohen Act of 1996 requires use of modular contracting when acquiring major IT systems – to reduce program risk and incentivize contractor performance Clinger-Cohen Act of 1996

7. FAR 39.103 Modular Contracting  Modular Contracting advantages:  Acquisition is divided into smaller increments  Easier to manage, increases likelihood of obtaining workable systems  Provides opportunity for subsequent increments to take advantage of technology evolutions  Reduces program risk by isolating & avoiding custom- designed components of the system

8. FAR 39.103 Modular Contracting  Consider the following factors:  Use common or commercially-available standards to promote compatibility  Performance requirements of each increment should be consistent with the performance of the completed overall system  Use appropriate contracting techniques (contract type and method, multiple awards, options, etc.) (Firm fixed price)  Award contract within 180 days of solicitation issue date to maximum extent

9. FAR 39.104 &39.105  IT Services contracts should be performance-based IT Services contracts should be performance-based  IT contracts shall address the protection of privacy (Privacy Act), with specific requirements for IT services that require the contractor to design/develop/operate a “system of records”Privacy Act

10. FAR 39.2 Electronic & Information Technology (EIT)  Implements Section 508 of the Rehabilitation Act of 1973Section 508  Agencies acquiring Electronic and Information Technology (EIT) must ensure that federal employees and members of the public seeking information who have disabilities have access comparable to those without disabilities.  Acquisition of EIT supplies/services must meet the applicable accessibility standards (Make sure software, e.g. keyboard navigation & focus captions are available, Audio for training, access to peripherals etc.)

11. FAR 39.2 Electronic Information Technology (EIT)  If the agency justifies it has an “undue burden” then an exception determination may be executed to be able to include supplies or services that are non-compliant with Section 508 – these are rare.  Accessibility requirements at FAR 39.203 do not apply to EIT that:  Is purchased as a micro-purchase, is for a national security system  Is acquired by a contractor incidental to a contract  Is in the “back-office,” or that would impose an “undue burden” on the agency (requires “undue burden” determination unless acquiring commercial items)