Acquisition of Information Technology
FAR Part 39 sets the foundational requirements for acquiring information technology, emphasizing risk management, modular contracting, privacy, and accessibility compliance.
Overview
FAR Part 39 establishes the policies and procedures for the acquisition of information technology (IT) by federal agencies. It provides a framework for ensuring that IT procurements are conducted efficiently, manage risk, protect privacy, and comply with federal standards. The Part is organized into general requirements and specific provisions for information and communication technology (ICT), including accessibility and exceptions. It covers definitions, applicability, risk management, modular contracting, IT services, privacy considerations, and required contract clauses. Subpart 39.2 specifically addresses ICT, including scope, definitions, applicability, exceptions, and exemptions, with a focus on compliance with accessibility standards and other federal mandates.
Key Rules
- General IT Acquisition Policy
- Agencies must follow established policies for acquiring IT, including risk management and modular contracting approaches.
- Risk Management
- Agencies are required to assess and manage risks associated with IT acquisitions.
- Modular Contracting
- Encourages breaking large IT projects into manageable, incremental modules to reduce risk and improve outcomes.
- Privacy and Security
- Contractors and agencies must address privacy and security requirements in IT acquisitions.
- ICT Accessibility
- ICT acquisitions must comply with federal accessibility standards unless exceptions or exemptions apply.
Responsibilities
- Contracting Officers: Ensure compliance with IT acquisition policies, risk management, modular contracting, and inclusion of required clauses.
- Contractors: Adhere to privacy, security, and accessibility requirements; provide documentation as required.
- Agencies: Oversee IT procurement processes, manage risk, and ensure compliance with federal standards and reporting obligations.
Practical Implications
- FAR Part 39 exists to ensure that IT acquisitions are efficient, secure, and accessible, reducing project risk and protecting sensitive information.
- It impacts daily contracting by requiring careful planning, risk assessment, and compliance with accessibility and privacy standards.
- Common pitfalls include failing to address accessibility, not managing risk adequately, or omitting required contract clauses.