A U.S. – based advanced materials and device manufacturer and software development company set out to understand and address the compliance demands pushed on to them by their Department of Defense primary contractors and commercial clients.
The client was faced with three critical, business-impacting challenges related to their IT compliance:
- Remain qualified to work for their defense related customers handling controlled unclassified information (CUI) by demonstrating compliance with relevant Defense Federal Acquisition Regulations (DFAR), Department of Defense (DoD) information security and compliance requirements, and International Trade in Arms Regulations (ITAR).
- Establish an information technology compliance program compatible with their existing top-secret compliance regime.
- Increase their preparedness, decrease the cost of preparation and improve their score in their ongoing DoD onsite IT compliance program audits.
The client received a “Comply or Die” letter calling out the lack of a proper compliance program. Their contracts, like most contracts in what is called the “DoD supplier chain-of-custody,” require demonstratable, auditable compliance programs be in place and allow for recourse in the form of:
- Revenue claw back – money already paid to a DoD subcontractor must be returned to the Primary contractor under certain non-compliant conditions
- Removed from approved vendor list
- Cancellation of existing and new contracts
BostonCOMPLY – Practical Compliance Automation™ Solution:
Rapidly identify the client’s Information Technology compliance demands at a granular level, determine the applicable frameworks and regulations and bring them into compliance in a sustainable, cost-effective, maintainable way so that they can continue selling within the DoD supplier network while easing the burden of ongoing audits.
- Assess current compliance posture and impact of required standards
- Perform a gap analysis on the internal controls and procedures
- Prepare a compliance strategy
- Develop and implement a compliance program appropriate for the client’s size, infrastructure, operational complexity and resources
- Establish a compliance program within a maintainable, verifiable system that provides a compliance system-of-record with audit support
BostonCOMPLY was brought in to address the “Comply or Die” compliance situation, understand the scope of our client’s business, the interaction with their prime contractors and commercial customers, and ultimately create a practical compliance program tailored to their specific needs.
Within days of being engaged, BostonCOMPLY worked directly with the prime contractor’s vendor management office and secured relief from regulatory and impending fiscal penalties to get our client back to business as usual while implementing their practical compliance program.
We accomplished this by:
- Highlighting details of the BostonCOMPLY Practical Compliance Program library
- Providing irrefutable evidence of how each of the missing controls is inherently addressed with a properly implemented and maintained instance of BostonCOMPLY
- Showcasing the Practical Compliance Automation™ SaaS platform with its dashboard, scorecard and workflow management capabilities
- Promoting our ability to create and deliver a practical compliance program within the client environment in 45-90 days
Bottom Line – A very happy customer:
If you are a government contractor, or, like this advanced materials manufacturing company, in the DoD chain of custody, failure to meet these requirements will result in the loss of your contracts and potential revenue claw backs.
If your business is experiencing compliance concerns, our team of senior level professionals can provide guidance and support while attaining a practical solution.
At BostonCOMPLY We Fix the Compliance Problem!