COMSATCOM SIN’s 132-54 & 132-55: The New IACC Form
For any of you out there pursuing the new COMSATCOM SIN's (132-54 &132-55) under Schedule 70, you may have noticed a pretty lengthy requirement called the 'Information Assurance Compliance Checklist'. Its 49 pages to be exact. At first glance, the form can seem pretty daunting and difficult to fill out. I've recently spent quite a bit of time on the phone with GSA in an attempt to figure out EXACTLY what they're looking for and it's pretty clear that they're still working through the requirements of the form, trying to determine precisely how they want to see the information requested.
Pros: The newness of the form allows a little bit of wiggle room when determining how to fill it out and you currently have an opportunity to communicate feedback and improvements to GSA;
Cons: It's long, confusing, and the lack of clear direction can be frustrating for anyone, which is evident with that fact there are only 2 awarded contractors with these SINs. A source at GSA tells me that roughly 70% of modification requests have been rejected thus far.
In order to help other potential contractors working through the IACC, I'd like to share the basic information I've received directly from those parties responsible for reviewing the form at GSA. Some tips:
- It is NOT acceptable to simply state that you are compliant with the outlined terms.
- GSA is looking for a BRIEF description of the current OR future controls that are in place or in progress (you may not have these controls in place right now, but show that you're working on it)
- The above control descriptions must provide sufficient information for GSA to determine that you understand the IA and Security concepts and the appropriate associated directives/commercial best practices.
- All company responses to checklist controls should be place in the column "Explain Your Current Compliance OR Actions to Become Compliant".
- You MUST respond to the requirements listed in [brackets] in the second column from the right—these responses should be placed in the same column as your compliance response; NOT in the column you find the bracketed items.
I think the biggest challenge you'll come across in filling out this form is finding the right people to fill in the information, since it's unlikely that one person will be able to accurately complete the entire form. My recommendation is that you select a small team (3-4 people) and set aside some time for everyone in the group to meet and fill in the form. Try making it a formal meeting and send out the information ahead of time so that people can get started in their spare time. Setting up a formal group and scheduling deadlines will make the process less painful and will prevent the task from holding up the entire offer submittal process. At least, until GSA issues a new Refresh to the IT Solicitation and changes the requirements again! Best of Luck!
About Steve Young
Steve serves as the Director of the Technology Resale division. Steve manages all aspects of Winvale’s GSA Schedule contracts. Steve also leads the company in RFP/RFQ responses where Winvale is the Prime Contractor. Responsible for over 60 manufacturers on Winvale’s GSA Schedule contracts, Steve insures that each manufacturer’s products or services are compliant and within scope of each GSA contract.