Being a Tier contractor or sub supplier to the US Government demands stringent control over your defence supply chain, your contracts and awareness of the critical importance of regulatory adherence and the consequences if breach of export control appears.
We, as an industry, united in purpose, stand together to raise awareness of these critical aspects, in this regard, it was thrilling to attend the Annual FAR/DFARS seminar in Oslo, arranged by FSi, Nammo and Kongsberg. And the attendance of the European Defence Industry this year was record breaking with 180 registered participants!
Credibility, personal approach, documentation, supply chain control, more documentation and documentation. All key takeaways from this week’s FAR/DFARS seminar in Oslo.
A record-breaking industry attendance, offered good networking opportunities, an arena for sharing knowledge and experience and expanding skills in U.S. Defense Regulations. As long-time attendees of these seminars, we can attest that the speakers are among the most experienced experts in their fields.
Stephen D. Knight, Senior Counsel, Haynes and Boone, guided us through the jungle of basics on US Government Acquisition Regulations. Mark Smith, Chief Government Compliance Officer, BAE Systems, provided an update on CMMC: What do we need to know for our contracts and subcontracts? Audits involving US DoD might sound both scary and terrifying, with input from Jay Peterson, Director of Government Finance & Compliance, Lockheed Martin, the attendees know what to expect, what to deny and how to handle it in best practice.
While FAR and DFARS might be as familiar as coffee and cookies to some, with over 50% of attendees being first timers at the event, it was beneficial to simplify the discussion. Ingveig Nøkleby, Trade Compliance Officer and Kirsti Mengshoel, Legal Counsel at Nammo Raufoss leaded us back to the basics and the important clauses, both in terms of Cyber Security Compliance, and, what you need to flow down to the sub-contractors. Their key takeaway was:
- Know that the FAR and DFARS references in your contracts are important because they define your obligations and rights.
- Get familiar with, and know the clauses.
- Know what to look for as a non-US defense contractor.
- Know how to identify and use exceptions set out in the FAR/DFARS.
- Be aware of data clauses and have a Cyber Security strategy.
When touching into CMMC, data security, supply chain protection and cyber control, NIST is a natural topic. NIST is integral to DFARS because it provides the essential framework and standards for protecting CUI, ensuring compliance, managing risks, and maintaining a standardized approach to cybersecurity within the defense supply chain. The risk for cyber breaches is increasing, the creativity and smartness in attempts for breach the same. High risk, high responsibility – as said during a presentation. “You have the responsibility; lack off cyber control can take down business systems and an entire company”
Document, document and document, its key in securing the supply chain and prepare for Government audits. A regular cadence and communication of best and worst practices can position you to maintain compliant ratings.
Do you have control of the requirements? However, do you have control of the supply chain?
Credibility is key when negotiating with the US Government, which is why it’s of the highest importance to control the supply chain, internal and external processes and documentation.
Then how to be compliant when you are a small company? Seek education, have control of systems, costs, allowances/unallowable costs, have policies and procedures in place, involve partners you trust, have control of your data and who has access to them. Then you are prepared when asked by governments.
Questions one should ask in the process of tracking a compliant supply chain, is:
Do you use Cloud Systems for data handling?
Do you allow file transfer through e-mail?
Do you have access Control?
Are you a Foreign Instrumentality?
Do you have Travel and timekeeping policy
Do you offer Controlled Environments?
Do you self-audit or involve third party assistance?
At Confidee we see ourselves as partners, building long time relationships, with focus on a compliant and transparent PCB supply chain. We empower compliance.
With this approach, it was delightful to listen to Marc Salko, Corporate VP – Government Compliance & Accounting, DRS Technologies (Leonardo), talking about the importance of partnerships.
“Be a partner, not just a supplier or vendor. It’s like a marriage, for better or worse.”
At Confidee we are here to support our customers, providing predictability, documentation and transparency. What does that mean? We will always inform you of changes in documentation, design or manufacturer. It’s a collaboration, we do business as partners.
Our commitment to compliance and export control is the reason why we are contracted and approved by Tier 1 Defense and Aerospace companies, and also why we are AS9120 certified.
It is vital to conduct an Integrity Due Diligence (IDD) of your subcontractors to ensure they adhere to the necessary regulations, conduct the required audits. Explain to your supply chain who they should contact if they have a challenge and the applicable consequences, if they knowingly or unknowingly breach compliance. One simple place to start is to always ask for, and document Country of Origin for every single article in your products.
Another place to start, is early registration to next year’s FAR/DFARS seminar in Oslo is mandatory, considering the popularity of the event and the value one gets.
Thank you FSi, Nammo and Kongsberg – we are ready for next year’s adventure.