jonmjohnson Posted April 7, 2011 Report Share Posted April 7, 2011 I have a question that I was hoping that someone may be able to address. Here is the hypothetical: A winning vendor for a big IT BPA wants to set up their help desk services abroad. Nothing was mentioned in the RFP/RFQ concerning CONUS for help desk support, though CONUS was mentioned in terms of other facilities. There is no FAR regulation that I see that would prohibit such an arrangement, as it is an TAA country. It is more of a security question that would be dependent on the ordering activity. Does anyone know of any active regulation that would prohibit this? I thank you in advance for your help. JJOHNSON Link to comment Share on other sites More sharing options...
joel hoffman Posted April 7, 2011 Report Share Posted April 7, 2011 I have a question that I was hoping that someone may be able to address. Here is the hypothetical: A winning vendor for a big IT BPA wants to set up their help desk services abroad. Nothing was mentioned in the RFP/RFQ concerning CONUS for help desk support, though CONUS was mentioned in terms of other facilities. There is no FAR regulation that I see that would prohibit such an arrangement, as it is an TAA country. It is more of a security question that would be dependent on the ordering activity. Does anyone know of any active regulation that would prohibit this? I thank you in advance for your help. JJOHNSON [Edited on 4/10/2011] 1) What agency is this for? 2) Did the RFP or RFQ mention anything at all about technical approach for Help Desk services or does the contract address data security or integrity? 3) Does the proposal response to the solicitation address what I asked about in number 2, above? 4) Is overseas or non-CONUS operation of an IT help desk acceptable to the agency, if it is likely that govt data might be accessible to the service desk reps? If the reps can get into computers remotely, then they will have access to data. I would think that there would be a concern with security of data or concern about controlling security, using foreign personnel in a remote location. 5) If there is a concern and if the RFP/RFQ didn't address such security concerns, can you amend and then conduct discussions? 6) Can you consider an overseas help desk a security threat and downgrade the proposal or quote without an amendment? 7) You asked: "Does anyone know of any active regulation that would prohibit this?" Your ordering activity IT personnel should be familiar with the information security regulations I'm quite sure that DoD has regulations that address data surety requirements. Our "internal Taliban" (my code name for the IT folks) watches over everything and our yearly training discusses security of IT data. Link to comment Share on other sites More sharing options...
FAR Fetched Posted April 8, 2011 Report Share Posted April 8, 2011 Is it class, SBU or non-class information. Link to comment Share on other sites More sharing options...
.gif)
Recommended Posts