Contractor Representations Regarding Cybersecurity Compliance/Capabilities: An Increasingly Fertile Ground for Bid Protests

The significance of accuracy in contractor proposal representations concerning cybersecurity compliance/capabilities, and the rising variety of bid protests based mostly on alleged proposal inaccuracies concerning the identical, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. Apr. 21, 2022).

In Related International Options, the Division of Protection, U.S. Transportation Command (TRANSCOM) issued a request for proposal (the RFP) looking for transferring companies to accommodate army members when altering responsibility stations. The RFP contemplated a contract price as much as $20 billion over a decade if all choices had been exercised. The RFP included an IT companies analysis issue that required contractors to offer and preserve an accessible, safe, web-based, and mobile-device-compatible IT system capable of handle the transferring and relocation companies.

American Roll-on Roll-off Provider Group, Inc. (ARC) filed a bid protest with the Authorities Accountability Workplace (GAO) alleging, inter alia, that awardee HomeSafe Alliance, LLC’s proposal contained a “material misrepresentation about the impact level to which a key component of its approach to meeting the Secure Access requirement has been authorized.” Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. Mar. 3, 2022). Extra particularly, ARC alleged that whereas HomeSafe’s proposal represented that it will make the most of web-based IT companies that had been rated FedRAMP degree “high,” the precise ranking of the proposed companies was “medium.” GAO rejected ARC’s argument, discovering that data offered by the awardee, and publicly out there data from the proposed web-based IT vendor, supported HomeSafe’s illustration that it might make sure the web-based companies proposed could be FedRAMP “high” compliant.

ARC subsequently filed a grievance with the U.S. Court docket of Federal Claims (COFC), once more alleging that HomeSafe misrepresented its FedRAMP compliance as “high,” and requested go away to conduct restricted discovery targeted on the idea for the representations in HomeSafe’s proposal concerning FedRAMP standing. The COFC famous that when materials misrepresentation within the bidding course of is alleged, courts don’t look at the subjective mindset of the awarding company, however “‘instead look to whether or not the statement itself constitutes misrepresentation[.]’” Subsequently, the court docket famous it will not contemplate data that was earlier than the company, however as a substitute should contemplate the conduct of and knowledge out there to the awardee. In consequence, the court docket ordered HomeSafe to answer two interrogatories (and a request for admission) surrounding its representations concerning FedRAMP “high” compliance in its proposal. The COFC reasoned that the 2 interrogatories had been “pertinent” and the executive report may not have all of the required data for the court docket to correctly evaluate the misrepresentation allegations.

Key Takeaways

Whereas accusations of proposal misrepresentations are usually not new, allegations of misrepresentations concerning a contractor’s cybersecurity compliance and capabilities symbolize a fertile floor for bid protests. As cybersecurity necessities relevant to federal procurements improve in quantity and complexity, bid protests difficult an offeror’s representations concerning compliance with the identical could nicely additionally improve.

Related International Options additionally underscores the significance of documenting and sustaining proof of the bases for materials proposal representations concerning contractor cybersecurity compliance/capabilities. Contractors ought to contemplate rigorously checking the accuracy of proposal data and using inner controls for proposal evaluate and submission. Even with such protocols in place, bid protests surrounding contractor cybersecurity compliance/capabilities can nonetheless happen, and might result in pricey penalties. 

Source link