Contributed by Todd Morris, Vice President Commercial Division, CB Insurance
Whether you are a government contractor or small business owner, cyber security is becoming an increasingly complex topic—affecting not only the integrity of information technology systems, but the security of the information contained within. As we all know, when an organization—government or small business—experiences a security breach, there are long-term and possibly even permanent consequences.
As such, it’s wise for all businesses to take note of the recent amendments made to the General Services Administration Acquisition Regulation (GSAR). These amendments will affect contracts awarded after January 6, 2012 that provide the GSA with technology supplies, services, and systems with security requirements. The amended acquisition rules are meant to strengthen the security of services procured via prime- and sub-government contractors.
Contractors are now required to produce IT security plans within 30 days of the contract award, and they are required to submit written proof of IT security authorization within six months after the award—along with verification that their IT security plan remains valid annually.
According to the GSA, the requirements for submission of an IT plan will be in solicitations that, again, include information technology supplies, services, or systems in which the contractor will have physical or electronic access to government information that directly supports the mission of the GSA.
While these amendments to the GSAR place a new responsibility on government contractors to provide IT security plans, it is a necessary and appropriately cautious step in the right direction to securing sensitive information.
Contact Todd Morris at 719.477.4275 for information on an upcoming cyber security seminar to be held at Bancorp Plaza at 8:30 a.m. on Tuesday, February 7, 2012.