Federal Acquisition Servicethecgp.org/images/SRM+CyberEOWG-Briefing050913.pdf · Cyber Security Policies RFI and Milestones Draft Recommendations 1 . ... Internal program-level successes

Federal Acquisition Service

U.S. General Services Administration

Briefing to CGP

May 9, 2013

Supplier Relationship Management

and

Joint Working Group on Improving Cybersecurity and Resilience

through Acquisition

Agenda

FAS Supplier Relationship Management (SRM)

Drivers, Vision and Goals for SRM

Supplier Perception Survey

Next Steps for FAS SRM

GSA-DoD Joint Working Group on Improving Cybersecurity

and Resilience through Acquisition

Cyber Security Policies

RFI and Milestones

Draft Recommendations

1

Drivers for Supplier Relationship Management (SRM)

Supplier relationships are priority of OFPP Administrator

Congressional testimony, Myth-Busters campaign

FAR guiding principles (best value, public trust, use of

contractors with demonstrated performance, and quality

communications with industry)

Business value from better supply chain relationship

management

Proven commercial best practice

Internal program-level successes leveraging SRM-like activity

Can lead to Customer Satisfaction & Savings

2

SRM in the Federal Acquisition Service

Vision Become the supply channel of choice by improving ease of use of FAS offerings;

increasing transparency of the supply chain; and collaborating with customers and

suppliers to create shared value and greater access to innovation.

Goal Provide a consistent business-wide approach to supplier management that combines

FAS’ industry engagement best practices with proven commercial SRM strategies.

SRM is an enterprise framework for:

1. Managing supply chain performance (scorecards, segmentation)

2. Communicating and collaborating with suppliers (shared customers)

3. Consistency, structure, and discipline in all FAS supplier engagements

4. Managing and reducing total costs of the supply chain for all stakeholders

3

Supplier Perception Survey Overview

Feb-Mar 2012; 5,086 contract holders from FAS Portfolios

80 / 20 Pareto distribution based on business volume

Top 20% – all contractors invited; Likert + narrative questions

Remaining 80% – random sample invited; Likert only

Surveyed on a 5-point scale where 1= “Much worse than

other business partners,” 3= “About the same as other

business partners,” and 5= “Much better than other business

partners.”

Overall response rate: 20%; large companies response: 35%

Highest scores in areas related to Loyalty

Lowest scores in Collaboration, Openness, and Communication

4

Survey is 23 questions (no narrative questions in FY13)

5

1. The timeliness of FAS’s communications

2. The quality of FAS’s communications

3. The completeness of information communicated by FAS

4. FAS’s integrity

5. FAS’s technical competence

6. FAS’s acquisition/procurement competence

7. FAS’s acquisition/procurement overall processes

8. FAS’s Program Management competence

9. The transparency of FAS’s acquisition/procurement processes

10. The extent to which FAS provides an effective interface between its management and

yours

11. FAS’s ability to present one face in your dealings across multiple functions

12. The extent to which FAS makes it easy for you to succeed in effectively providing the

goods and services you provide

13. FAS’s cooperation in resolving problems

14. Your commitment to FAS for a long term business relationship

15. The overall quality of the working relationship between FAS and your company

16. The extent to which your interactions with FAS contribute to your financial stability

17. FAS’s processes to allow you to provide best value

18. FAS’s effectiveness in sharing risk, thereby reducing your need to build risk into your

pricing

19. FAS’s effectiveness in focusing on Total Cost of Ownership (i.e., delivery, quality, technical

specifications)

20. FAS’s emphasis on quality and commitment to continuous improvement

21. The extent to which FAS asks for and implements your ideas to improve the quality of the

goods or services you provide

22. The extent to which FAS asks for and implements your ideas to improve the design or

technical specifications of the goods or services you provide

23. The extent to which FAS enables your firm to deliver environmentally sustainable services

and goods?

23 questions rated on a 5-point scale…

1. How does GSA hinder you in providing goods and

services?

2. How does GSA help you in providing goods and

services?

3. If you could make one change to improve the service

provided by GSA what would it be?

4. What innovative products, services, or solutions should

GSA add to its customer offerings (cloud, sustainability,

etc.)?

…FY12 narrative questions



6

2012 Supplier Perception Survey Results

FAS Enterprise / GWAC / Schedule 70

FAS rated highest on loyalty

Page 7

60

20

0

-20

-40

40

100%

80

Scale: 1=Much Worse than Other Business Partners; 3=About the Same as Other Business Partners; 5=Much Better than Other Business Partners

About the

Same as

other

Business

Partners

Much Better

Much Worse

% of Respondents

FAS's integrity Your commitment to

FAS for a long term

business relationship

The extent to which

FAS enables you to

deliver

environmentally

sustainable services

and goods

The overall quality of

the working

relationship between

FAS and your

company

FAS's concern for

your financial

stability

Average

Score 3.47 3.82 3.27 3.26 3.19

93%

-7%

92%

-8%

81% 78%

-22% -19%

FAS’ Highest-Scoring SPS Survey Questions

90%

-10%

FAS rated lowest on collaboration, openness, and communication

Page 8

100%

0

40

60

80

-40

-20

20

Scale: 1=Much Worse than Other Business Partners; 3=About the Same as Other Business Partners; 5=Much Better than Other Business Partners

% of Respondents

The extent to

which FAS

provides an

effective interface

between

management

FAS's

effectiveness in

soliciting &

implementing

ideas to improve

quality

The extent to

which FAS makes

it easy for you

effectively provide

goods and

services

FAS's ability to

present "one

face" in your

dealings across

multiple functions

FAS's

effectiveness in

soliciting &

implementing

ideas to improve

design

FAS's

effectiveness in

sharing risk,

reducing your

need to build risk

into pricing

Average

Score 2.78 2.72 2.73 2.72 2.65 2.63

61%

-39%

61%

-39%

60% 57%

-43% -40%

FAS’ Lowest-Scoring SPS Survey Questions

61%

-39%

60%

-40%

About the

Same as

other

Business

Partners

Much Better

Much Worse

FAS Interviews and Narrative Survey Responses

“Suppliers do not receive a single face or single

experience when working with FAS, we need to work to

standardize the experience.” FAS Regional Commissioner

“When a contractor asks a question, we will get a different

answer from every person in the GSA.” Executive, WOSB

“[Many CO’s act like]…inaction is an acceptable way of

doing business. …stop wasting my time on surveys.

Nothing is ever done at GSA; it would be nice to spend

this energy working on productive things.” Executive, Large Business

9

Survey Respondent Demographics for the GWAC

10

Total Number of GWAC Respondents: 33

Socioeconomic Status % of Respondents*

Other than Small 18.2%

Small 72.7%

Small Disadvantaged 48.5%

Women Owned 27.3%

Ec. Disadv. Women Owned 6.1%

Veteran Owned 30.3%

Serv. Disabled Vet. Owned 30.3%

HUBZone 3.0%

% of Revenue through FAS % of Respondents

Less than 5% 21.2%

5% to 25% 24.2%

25% or More 54.5%

# of Years as FAS Supplier % of Respondents

Less than 1 Year 3.0%

1 Year to less than 2 Years 0.0%

2 Years to less than 5 Years 3.0%

5 Years or More 93.9%

Survey Respondents Role % of Respondents

Executive 63.6%

Finance / Sales / Marketing 9.1%

Operations 18.2%

Other 9.1%

*Percentages may sum to more than 100% because respondents

maybe in multiple categories

GWAC

GWAC results compared to FAS-wide results

11

GWAC Supplier Perception Survey Results

GWAC Program Response

# of Survey Responses 33

Response Rate 25.2%

FAS Response


Response Rate 20.0%

Question GWAC

Score

FAS

Score

Your commitment to FAS for a long term

business relationship 4.06 3.82

FAS’s integrity 3.47 3.47

The extent to which your interactions with

FAS contribute to your financial stability 3.39 3.19

The extent to which FAS enables your firm

to deliver environmentally sustainable

goods and services

3.32 3.27

The overall quality of the working

relationship between FAS and your

company

3.22 3.26

Highest Scoring Questions:

Question GWAC

Score

FAS

Score

FAS’s effectiveness in sharing risk, thereby

reducing your need to build risk into your

pricing

2.47 2.63

The extent to which FAS asks for and

implements ideas to improve the quality of

the goods or services

2.62 2.72


implements ideas to improve the design or

tech. specifications of the goods or

services

2.69 2.65

FAS’s ability to present one face in your

dealings across multiple functions 2.71 2.72

FAS’s effectiveness in focusing on Total

Cost of Ownership 2.75 2.85

Lowest Scoring Questions:

GWAC

Detailed Survey Results for the GWAC (1 of 3)

12

Average

Scores Business Size % of Rev through FAS

# of years as FAS

Supplier

Survey Question FAS

Wide GWAC Large Small < 5%

5% -

25% > 25% <1 2 - 5 > 5

FA

S R

ela

tio

ns

hip


business relationship 3.82 4.06 4.67 4.00 4.00 3.50 4.33 4.00 5.00 4.03

FAS’s integrity 3.47 3.47 3.00 3.52 3.67 3.13 3.56 4.00 4.00 3.43

The overall quality of the working relationship

between FAS and your company 3.26 3.22 3.00 3.24 3.17 2.63 3.50 4.00 3.00 3.20


FAS contribute to your financial stability 3.19 3.39 4.00 3.32 3.00 2.75 3.78 4.00 3.37

FAS’s cooperation in resolving problems 2.92 3.00 2.33 3.07 3.00 2.38 3.28 4.00 4.00 2.93

FA

S I

nn

ova

tio

n &

Va

lue

The extent to which FAS enables your firm to

deliver environmentally sustainable goods

and services

3.27 3.32 3.00 3.35 3.25 2.67 3.67 4.00 3.29

FAS’s emphasis on quality and commitment

to continuous improvement 3.08 3.11 3.00 3.12 3.00 2.86 3.27 4.00 3.00 3.08


implements ideas to improve the quality of the

goods or services

2.72 2.62 3.00 2.58 2.60 2.43 2.71 4.00 2.56



tech. specifications of the goods or services

2.65 2.69 3.50 2.63 2.60 2.57 2.79 4.00 2.64

Methodology: Color coded based upon number of standard deviations from the

mean of the supplier segments for each survey question <-2 <-1.5 <-1 <-.5 0 >2 >1.5 >1 >.5

GWAC


13

Average


# of years as FAS

Supplier

Survey Question FAS


5% -

25% > 25% <1 2 - 5 > 5

FA

S C

om

pete

nc

e

FAS’s acquisition / procurement competence 3.05 2.90 3.00 2.89 2.67 2.25 3.29 4.00 3.00 2.86

FAS’s Program Management competence 3.00 2.86 2.67 2.88 3.00 2.38 3.07 4.00 3.00 2.81

FAS’s technical competence 2.92 2.90 2.33 2.96 2.67 2.38 3.24 4.00 3.00 2.86

FAS’s effectiveness in focusing on Total Cost

of Ownership (i.e., delivery, quality, technical

specifications)

2.85 2.75 2.67 2.76 2.60 2.38 3.00 4.00 2.70



pricing

2.63 2.47 2.33 2.48 2.67 2.00 2.63 4.00 3.00 2.39

FA

S C

om

mu

nic

ati

on

The completeness of information

communicated by FAS 3.03 3.03 2.00 3.14 2.67 2.50 3.39 3.00 3.00 3.03

The quality of FAS’s communications 2.98 2.94 2.00 3.03 2.83 2.50 3.17 4.00 3.00 2.90

The timeliness of FAS’s communications 2.91 2.94 1.67 3.07 3.00 2.38 3.17 3.00 4.00 2.90

The extent to which FAS provides an effective

interface between its management and yours 2.78 2.84 2.67 2.86 2.83 2.75 2.88 4.00 4.00 2.76



GWAC


14

Average


# of years as FAS

Supplier

Survey Question FAS


5% -

25% > 25% <1 2 - 5 > 5

FA

S P

roc

es

s

The transparency of FAS’s acquisition /

procurement processes 3.03 3.20 3.00 3.22 3.00 3.00 3.38 4.00 3.00 3.18

FAS’s acquisition / procurement overall

processes 2.86 3.10 3.33 3.07 2.83 2.63 3.41 4.00 3.00 3.07

FAS’s processes to allow you to provide best

value 2.80 3.10 3.00 3.11 3.00 2.63 3.35 4.00 3.00 3.07

The extent to which FAS makes it easy for

you to succeed in effectively providing the


2.73 2.91 2.33 2.97 2.67 2.25 3.28 4.00 3.00 2.87


dealings across multiple functions 2.72 2.71 2.67 2.71 2.83 2.50 2.76 4.00 4.00 2.62



GWAC

Sample of Narrative Responses from GWAC Suppliers

15

“The process to add products and

services is very long and involved. As

with any large organization, it is very

difficult to find the right people to work

with.”

Executive, Large Business

“I can never get a response to emails and

phone calls. Some contracting officers

seem to make up their own rules as

they go and find any excuse they can

to arbitrarily reject requested contract

actions.”

Operations, Large Business

“Too many representatives, not only at FAS

but throughout the government, have

limited their discussions and

interaction with contractors so as not

to get in trouble. Unfortunately, this is a

detriment to both the government and the

contractors.”

Operations, Small Business

“In addition to a constant revenue stream

which helps us grow our small business,

FAS has been very receptive to new

ideas and involving us in ways other

customers do not.”

Operations, Small Business

GWAC

Survey Respondent Demographics for the IT70

16

Total Number of IT70 Respondents: 264

Socioeconomic Status % of Respondents*

Other than Small 29.5%

Small 58.0%

Small Disadvantaged 23.9%

Women Owned 14.4%

Ec. Disadv. Women Owned 4.5%

Veteran Owned 14.0%

Serv. Disabled Vet. Owned 8.3%

HUBZone 1.1%

% of Revenue through FAS % of Respondents

Less than 5% 32.6%

5% to 25% 32.6%

25% or More 34.8%

# of Years as FAS Supplier % of Respondents

Less than 1 Year 1.1%

1 Year to less than 2 Years 4.2%

2 Years to less than 5 Years 17.0%

5 Years or More 77.7%

Survey Respondents Role % of Respondents

Executive 51.5%

Finance / Sales / Marketing 15.2%

Operations 15.2%

Other 18.2%

*Percentages may sum to more than 100% because respondents

maybe in multiple categories

IT70

IT70 Supplier Perception Survey results compared to FAS-wide results

17

IT70 Supplier Perception Survey Results

IT70 Program Response


Response Rate 12.8%

FAS Response


Response Rate 20.0%

Question IT70

Score

FAS

Score


business relationship 3.81 3.82

FAS’s integrity 3.44 3.47

The extent to which FAS enables your firm

to deliver environmentally sustainable

goods and services

3.22 3.27

The overall quality of the working

relationship between FAS and your

company

3.19 3.26


FAS contribute to your financial stability 3.17 3.19

Highest Scoring Questions:

Question IT70

Score

FAS

Score



pricing

2.64 2.63



tech. specifications of the goods or

services

2.65 2.65




2.70 2.73


implements ideas to improve the quality of

the goods or services

2.71 2.72


dealings across multiple functions 2.74 2.72

Lowest Scoring Questions:

IT70

Detailed Survey Results for the IT70 (1 of 3)

18

Average


# of years as FAS

Supplier

Survey Question FAS

Wide IT70 Large Small < 5%

5% -

25% > 25% 1 - 2 2 - 5 > 5

FA

S R

ela

tio

ns

hip


business relationship 3.82 3.81 3.88 3.78 3.56 3.71 4.14 3.22 3.73 3.85

FAS’s integrity 3.47 3.44 3.42 3.44 3.39 3.41 3.50 3.00 3.31 3.48

The overall quality of the working relationship

between FAS and your company 3.26 3.19 3.13 3.21 3.00 3.12 3.41 3.00 3.07 3.22


FAS contribute to your financial stability 3.19 3.17 3.10 3.19 2.53 3.10 3.78 2.75 2.97 3.23

FAS’s cooperation in resolving problems 2.92 2.84 2.68 2.90 2.70 2.80 2.99 3.14 2.81 2.83

FA

S I

nn

ova

tio

n &

Va

lue

The extent to which FAS enables your firm to

deliver environmentally sustainable goods

and services

3.27 3.22 3.16 3.24 3.13 3.17 3.35 3.00 3.08 3.26

FAS’s emphasis on quality and commitment

to continuous improvement 3.08 3.08 2.98 3.11 2.97 3.09 3.15 3.38 2.90 3.09


implements ideas to improve the quality of the

goods or services

2.72 2.71 2.66 2.73 2.63 2.63 2.87 3.14 2.42 2.73



tech. specifications of the goods or services

2.65 2.65 2.60 2.67 2.53 2.57 2.82 2.80 2.52 2.65



IT70


19

Average


# of years as FAS

Supplier

Survey Question FAS


5% -

25% > 25% 1 - 2 2 - 5 > 5

FA

S C

om

pete

nc

e

FAS’s acquisition / procurement competence 3.05 3.05 2.94 3.09 2.92 3.04 3.18 2.78 2.90 3.09

FAS’s Program Management competence 3.00 2.99 2.98 2.99 2.86 3.03 3.09 2.88 2.90 3.00

FAS’s technical competence 2.92 2.84 2.68 2.90 2.79 2.85 2.89 2.75 2.68 2.88

FAS’s effectiveness in focusing on Total Cost

of Ownership (i.e., delivery, quality, technical

specifications)

2.85 2.86 2.56 2.97 2.83 2.73 3.03 2.71 2.59 2.92



pricing

2.63 2.64 2.30 2.75 2.54 2.58 2.78 2.71 2.49 2.66

FA

S C

om

mu

nic

ati

on

The completeness of information

communicated by FAS 3.03 3.00 2.96 3.02 3.00 2.92 3.08 3.20 2.93 3.00

The quality of FAS’s communications 2.98 2.96 2.88 2.98 2.85 2.90 3.10 3.10 2.82 2.97

The timeliness of FAS’s communications 2.91 2.86 2.87 2.86 2.85 2.81 2.91 2.90 2.76 2.88

The extent to which FAS provides an effective

interface between its management and yours 2.78 2.76 2.65 2.81 2.64 2.80 2.84 3.00 2.58 2.78



IT70


20

Average


# of years as FAS

Supplier

Survey Question FAS


5% -

25% > 25% 1 - 2 2 - 5 > 5

FA

S P

roc

es

s

The transparency of FAS’s acquisition /

procurement processes 3.03 2.95 2.95 2.94 2.84 2.95 3.05 3.13 2.77 2.97

FAS’s acquisition / procurement overall

processes 2.86 2.84 2.82 2.85 2.71 2.84 2.97 3.00 2.59 2.89

FAS’s processes to allow you to provide best

value 2.80 2.84 2.65 2.91 2.64 2.77 3.08 2.86 2.68 2.88




2.73 2.70 2.61 2.74 2.50 2.63 2.95 3.11 2.58 2.72


dealings across multiple functions 2.72 2.74 2.54 2.81 2.55 2.78 2.86 2.86 2.49 2.78



IT70

Sample of Open-ended Responses from IT70 Suppliers

21

“There is a lot of turnover with

Contracting Officers managing our

contract. The lack of consistency means

the processes are continuously changing

and there is a lot of knowledge loss.”


IT70

“Our product offerings are often outdated

on our GSA contract due to the time,

cost and burden of making contract

modification. GSA does not seem to

understand anything about our industry”

Employee, Small Business

“The people at GSA are very nice, but

nothing ever gets done. They ask for

industry’s input, nod their head, and never

implement anything.”


“Contracting officers are slow to respond to

our needs and take too long to approve

contract modifications. Part of this is

because the rules, processes and

points of contact are constantly

changing.”


Path Forward – FY13 and Beyond

Conduct FY13 Supplier Perception Survey

All FAS contract holders invited to participate

Milestones:

– Survey start – 29 Apr

Industry outreach throughout survey period

Number of responses to date (8 May): 943

– Survey complete – 31 May

– Portfolios briefed on results and recommendations – 30 Aug

Baseline & Manage Industry Engagement Activity

FAS industry engagement (internal inventory)

Develop and implement measures (e.g., discrete budget line)

22



23

Executive Order 13636

and

Presidential Policy Directive 21

Executive Order 13636 & Presidential Policy Directive 21

EO Sec 8(e): Within 120 days, joint report on feasibility, security benefits, and

merits of incorporating cybersecurity-relevant standards in acquisition planning

and contract administration; include actions to harmonize existing procurement

rules.

GSA-DoD Joint Working Group on Improving Cybersecurity and Resilience through

Acquisition chartered to write the Section 8(e) Report

PPD-21: DoD, DHS, and GSA to provide or support government-wide contracts

for critical infrastructure systems and ensure that such contracts include audit

rights for security of critical infrastructure.

To the extent applicable, the recommendations in the report will lay the foundation for

establishment or identification of the contracts required by the PPD

24

Working Group Update

RFI published in Federal Register May 13, 2013

Milestones/Upcoming activities

5/7 – Briefing to NSS/Cyber IPC principals

5/9 – Coalition for Government Procurement meeting

5/9 – Draft Report to ITF & Cyber IPC for comment

5/13 – Consultation with FAR Council on draft Report

5/22 – Internet Security Alliance Board of Directors meeting

5/24 – Complete Report; submit to SECDEF & GSA for

signature

25

Federal Register Notice - Request for Information

Feasibility How can the government increase cyber security in federal acquisitions

while minimizing barriers to entry?

Are there specific categories of acquisitions to which federal cyber

security standards should (or should not) apply?

Commercial Practice Is there a widely accepted cyber security risk analysis framework?

Harmonization What are conflicts in rules, standard practices, or terms and conditions

affecting procurement practices related to cyber security and how can

the federal government best resolve those conflicts?

26

DRAFT - Recommendations under consideration

1. Develop a common set of definitions for use in the federal acquisition

system that reconciles cyber security and acquisition terminology.

2. Categorize federal spend / prioritize acquisition categories by cyber

security risk / develop cyber security overlays for use in the

acquisition system.

3. Mandate formal approvals from agency cyber security experts as

part of the acquisition lifecycle.

4. Develop common, but targeted and role-specific, cyber security and

acquisition training.

5. Implement these recommendations in coordination with other

government-wide related cyber security activities.

27

Documents

Federal Acquisition Servicethecgp.org/images/SRM+CyberEOWG-Briefing050913.pdf · Cyber Security Policies RFI and Milestones Draft Recommendations 1 . ... Internal program-level successes