Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigating Risk 2015 SEWP Acquisition Summit and Training 1 December 8-10, 2015.

Published byGriselda Dorcas Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Mitigating Risk 2015 SEWP Acquisition Summit and Training 1 December 8-10, 2015."— Presentation transcript:

1 Mitigating Risk 2015 SEWP Acquisition Summit and Training 1 December 8-10, 2015

2 Information Flow As a central Program for decentralized Government Acquisition, SEWP is an information channel between Industry and Government and between Agency decision makers and their Acquisition teams 2

3 Definitions Definitions are important Supply Chain Supply Chain Risk Management (SCRM) Levels of Assurance Counterfeit/tainting Authorized reseller Gray market vs. Black market 3

4 Standards Standards and guidelines under development Over 100 groups Indicates both level of interest and degree of difficulty NIST NIST Special Publication 800-161. Supply Chain Risk Management. Practices for Federal Information. Systems and Organizations Workshops Open Trusted Technology Provider Standard: OTTP-S Included in SEWP V RFP Industry led with DoD and NASA SEWP participation http://www.opengroup.org/ 4

5 The Open Group Open Trusted Technology Provider™ Standard (O-TTPS) Mitigating Maliciously Tainted and Counterfeit Products The O-TTPS is an open standard containing a set of organizational guidelines, requirements, and recommendations for integrators, providers, and component suppliers to enhance the security of the global supply chain and the integrity of Commercial Off The Shelf (COTS) Information and Communication Technology (ICT) The O-TTPS™ Accreditation Program The O-TTPS Accreditation Program enables customers to identify secure and trusted technology providers and their products in the global supply chain Now an ISO standard: ISO/IEC International Standard (ISO/IEC 20243:2015) 5

6 SCRM Issues 100% Assurance impossible to achieve Risk can be identified and assessed There is a cost associated with lowering the risk Acquirer needs to do a risk/benefit analysis SEWP provides risk based information - product provenance 6

7 Supply Chain Risk Management Levels of Provider designation: ManufacturerAuthorized Reseller - All provider itemsAuthorized Reseller - Subset of provider items Provider does not have an authorized reseller program Authorized Partner or DistributorAuthorized Reseller - One Item / One TimeUnidentified or unknown source 7

8 Authorized Reseller For some large Manufacturers, “authorized reseller” Is a defined program/process that often requires technical knowledge and/or money Has repercussions if non-authorized reseller is used Manufacturer may not warrant the item Provenance cannot be established Some companies allow resellers to officially resell their products without being an official authorized reseller Many manufacturers and resellers utilize approved distributors 8

9 Other Issues Many manufacturers do not have Authorized Reseller Programs or do not distinguish between an Authorized Reseller and Distributor Resellers can be authorized for specific product lines SEWP handles/verifies partial authorization SEWP also allows for a single instance authorization 100% reliance on Authorized Reseller has negative connotations Small business effect Reduced competition Decision making as to which companies succeed or fail is fully in the hands of the manufacturer 9

10 Verification Process Authorization and verification process is not standard In some cases there are certification letters that are rubber stamped with a “Enter Reseller Name here” (we have seen these letter – mistakenly sent in) Who is authorizing – a close friend or an official person in the company? SEWP utilizes a verification process with the manufacturer 10

11 Steps for Assurance Verification 1.Contract Holder indicates relationship 2.Provides POC for company or distributer 3.POC receives email from SEWP to verify relationship 4.Provider relationship is removed if not valid 11 Ways customers can find information: Provider Lookup Tool Market Research Tool (MRT) Verification File

12 Quote Verification  Verifies items on contract and properly priced Shows discount off contract price Supply Chain – Level of Provider Authorization Trade Agreements Act (TAA) EPEAT/Energy Star compliance 12 Verification File

13 Small Business Most small businesses do not have the personnel and/or money to be authorized for all product lines Typically they use a distributer who is authorized to distribute the Manufacturer’s products SEWP recognizes that use of an authorized distributer can be a risk mitigator If all Government resellers were required to be directly authorized resellers for all products, most would have to go out of business – especially the smaller ones Trade-offs in recognition of Government policy encouraging small businesses needs to be considered 13

14 Some Recommendations Base decision on risk management: Critical parts of critical systems will need the lowest risk – authorized reseller requirement can reduce risk at this level Basic parts for general systems may be better served with allowing resellers obtaining products through a distributer channel Preferences can be given to provide price, technical, and risk trade-offs Know what the information means: For the given manufacturer, what is the meaning and effect of authorized reseller? 14

15 Order Fulfillment and Contract Adherence Regardless of Authorization level: Contract Holder must fulfill order as quoted All items must be authentic All items must be warrantable/maintainable Items must be new unless noted on Quote and allowed on RFQ Quote must match all aspects of customer requirement/specification 15

16 Post-Award Correspondence If a company/non-awardee tells the CO that the awardee cannot fulfill an order; is using counterfeit parts; cannot maintain the products; etc: Do not assume provided information is correct regardless of source Even the manufacturer may have a stake in a different award Awardee MUST fulfill order as quoted with authentic and maintainable parts Notify SEWP of any legitimate concerns (help@sewp.nasa.gov)help@sewp.nasa.gov Contact awardee (ccing the SEWP Office) for confirmation 16

17 Other Important Points about SCRM Rely only on SEWP provided information, not industry Customer can indicate requirements in RFQ Customer can state “Authorized only” If a quote is returned with non-authorized, ignore and notify help@sewp.nasa.govhelp@sewp.nasa.gov Contract Holder must identify products quoted as used/refurbished Customers can require other proof of SCRM mitigation such as OTTP-S certification or other ISO/IEC International Standards 17

18 Future SCRM Plans for SEWP Use of assessed list Companies/products that are assessed & cleared by an agency (ex. NASA 516 Rule) Adding address of parent company to Market Research Tool Flag for compliance with ISO/OTTP-S in QRT and verification file Authorized reseller button in QRT for customer to request authorized quotes only Be careful – this may limit competition or not allow for any responses 18

19 Questions? 19

Download ppt "Mitigating Risk 2015 SEWP Acquisition Summit and Training 1 December 8-10, 2015."

Similar presentations

MASBO February 2010. Information to purchase Services Information to purchase Construction.

MASBO February Information to purchase Services Information to purchase Construction.
The Quote Request Model Joanne Woytek. 2 Symposium ‘12 Acquisition is a Team Effort.

The Quote Request Model Joanne Woytek. 2 Symposium ‘12 Acquisition is a Team Effort.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.

Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
No U.S. Government export controlled content. No U.S.G. export restrictions apply 1 DoD Public Meeting: Detection and Avoidance of Counterfeit Electronic.

No U.S. Government export controlled content. No U.S.G. export restrictions apply 1 DoD Public Meeting: Detection and Avoidance of Counterfeit Electronic.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
Michele Moss Lead Associate Booz | Allen | Hamilton Do You Have The Right Practices In Your Cyber Supply Chain Tool Box?

Michele Moss Lead Associate Booz | Allen | Hamilton Do You Have The Right Practices In Your Cyber Supply Chain Tool Box?
Federal Acquisition Service U.S. General Services Administration Information Technology Government Council ITIGC Quarterly Meeting Policy Update Mark J.

Federal Acquisition Service U.S. General Services Administration Information Technology Government Council ITIGC Quarterly Meeting Policy Update Mark J.
香港民航處 Civil Aviation Department Hong Kong 1 ICAO Recommended Security Control Guidelines for Screening Liquids, Gels & Aerosols (LAGs) HK CAD 10 July 2007.

香港民航處 Civil Aviation Department Hong Kong 1 ICAO Recommended Security Control Guidelines for Screening Liquids, Gels & Aerosols (LAGs) HK CAD 10 July 2007.
NASA SEWP Joanne Woytek NASA SEWP PM Nov 2015.

NASA SEWP Joanne Woytek NASA SEWP PM Nov 2015.
2 SEWP Solutions for Enterprise-Wide Procurement  IDIQ Vehicle for purchase of IT Product Solutions  Authorized by OMB as a Government-Wide Acquisition.

2 SEWP Solutions for Enterprise-Wide Procurement  IDIQ Vehicle for purchase of IT Product Solutions  Authorized by OMB as a Government-Wide Acquisition.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
1 Conference Call December 7 th 2006 13 h 30 Agenda 1.Concerns on wording and inclusion of glossary of terms; 2.Issues: 3.Scope of RFP equipment required;

1 Conference Call December 7 th h 30 Agenda 1.Concerns on wording and inclusion of glossary of terms; 2.Issues: 3.Scope of RFP equipment required;
SEWP: The Quoting Process. 2 Conference ‘10 Contract Groups Origins  SEWP RFP broken up into two Categories Category A: Computer /Server contracts -Mostly.

SEWP: The Quoting Process. 2 Conference ‘10 Contract Groups Origins  SEWP RFP broken up into two Categories Category A: Computer /Server contracts -Mostly.
The Contract Holder Model Darlene Coen / Al Marshall.

The Contract Holder Model Darlene Coen / Al Marshall.
Purchasing Overview Purchasing Purchasing Activity

Purchasing Overview Purchasing Purchasing Activity
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
The Quote Request Model Joanne Woytek. 2 Conference ‘11 Why Use the Quote Request Tool  Only recommended method for: Determining what is available on.

The Quote Request Model Joanne Woytek. 2 Conference ‘11 Why Use the Quote Request Tool  Only recommended method for: Determining what is available on.
How to Grow Revenues Through Supply Chain Relationship Management Bill Burke President, CEO ePlains, Inc.

How to Grow Revenues Through Supply Chain Relationship Management Bill Burke President, CEO ePlains, Inc.
Quality Management Systems

Quality Management Systems

Similar presentations

Ads by Google