The OIGs report, Security Configuration Management of the Windows Server Operating System (AUD-19-004) (January 2019), noted that the FDIC hired [Blue Canopy] to assess certain security controls, including configuration management controls, for which the FDIC had also assigned the firm duties related to design and/or execution. Identify planned procurement of Critical Functions. GAO Recommendations. Management Oversight Strategy. In the first 18 months of contract performance, if the initial vendor is not successfully performing, both the MSSP and SPPS BOAs permit a quick transition to another vendor on the contract without a recompetition. We found that the FDIC did not have policies and procedures for identifying Critical Functions in its contracts, as recommended by the best practices in OMB Policy Letter 11-01 and embodied in industry standards. GSA, NASA, USDA, DOE, and OCC have policy and procedures to prevent over-reliance on a contractor, and specific corrective measures to address instances of contractor over-reliance. Based on our review of GAO and industry standards,25 procured services involving contractors result in a greater level of inherent risk than an agency directly performing these services. While Blue Canopy personnel were subject to the FDICs onsite information security protocols, more proactive controls should have been employed to validate that FDIC data had been retained onsite and not transferred to the contractors facilities or systems. FDIC: Doing Business with the FDIC - Federal Deposit Insurance Corporation Government agencies must ensure that (1) contractors do not perform work that should be reserved for Federal employees; and (2) Federal officials are appropriately managing and overseeing contractor performance. Blue Canopy performed Critical Functions as determined by OMB Policy Letter 11-01 and best practices; and. FDICs Execution and Oversight of the Blue Canopy Contracts. This ongoing oversight of the Blue Canopy contracts and the reconsideration of the underlying acquisition strategy for the services are key components of the procedures highlighted as best practices by the OIG in its audit and demonstrate the control asserted and maintained by the FDIC over these services. Footnote: 12 According to the FDICs Acquisition Procedures, Guidance and Information (January 2020), a Basic Ordering Agreement (BOA) is a written instrument of understanding negotiated between the FDIC and a contractor for future delivery of as yet unspecified quantities of goods or services. Ongoing efforts to improve the FDICs acquisition services and oversight management programs will incorporate additional structure and discipline around certain contracts that support essential functions or involve services needed in a business continuity event, consistent with the recommendations in the OIG report. 7.503), and the examples in Appendix A in OMB 11-01. Source: OIG analysis of OMB guidance, GAO reports, Industry guidance, and interview statements from Federal agencies. The GAO report, DHS Service Contracts: Increased Oversight Needed to Reduce the Risk Associated with Contractors Performing Certain Functions (GAO-20-417) (May 2020), found, in part, that DHS did not consistently plan for the level of Federal oversight needed for certain contracts because there was no guidance on how to document and update the number of Federal personnel needed to conduct oversight. 1819(a). We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Exhibit - FDIC International 2023 REGISTER NOW BOOK YOUR BOOTH SPACE Exhibit Network face-to-face with thousands of Fire & Rescue professionals from around the world at FDIC International. A Contract Management Plan must be developed for the acquisition of services having a total estimated value of $1 million and greater.
Houses For Sale Whitchurch, Cardiff, Tom Dearden Parents, Winchester Model 70 Serial Numbers Lookup, Recent Obituaries Gray Mortuary Pelzer, Sc, Articles F