1. Home
  2. |Experience
  3. |Government Contracts
  4. |Supply Chain Security and Risk Management

Supply Chain Security and Risk Management

Overview

In the constantly evolving world of government contracts compliance, risks emerging from the defense industrial base supply chain pose perhaps the most complex and daunting set of challenges confronting prime defense contractors and their supply chain participants today. Treated increasingly as risks to security and mission readiness—rather than simply a matter of contract performance and regulatory compliance—supply chain risks are prompting the rapid development and imposition of new requirements, while simultaneously creating novel intersections with existing compliance obligations and liability regimes. 

Whether manifesting as threats to cybersecurity, the introduction of counterfeit or nonconforming parts, or gaps in compliance with export control restrictions, meeting the challenge of securing the supply chain demands a fresh look at the risks of exposure, together with proactive engagement across a range of disciplines.  

Services and Experience

Our cross-cutting Supply Chain Team assists a wide range of clients in responding to virtually every challenge posed by supply chain security and risk management, including:

  • Government Contracts Compliance and Supply Chain Flow Down. Our team of world class government contracts lawyers routinely advises clients in flowing contract requirements to and managing compliance by their suppliers, including requirements set forth in U.S. export controls, the Buy American Act, Trade Agreements Act and other domestic preference programs, as well as restrictions on foreign investment and ownership in the United States such as reviews conducted by the Committee on Foreign Investment in the United States (CFIUS) and measures to mitigate Foreign Ownership, Control, or Influence (FOCI).
  • Privacy and Cybersecurity in the Supply Chain. On a daily basis our team is counselling contractors on risk-based, practical approaches to complying with some of the government’s most complicated requirements aimed at ensuring the security of the federal supply chain, including DFARS 252.204-7012, FAR 52.204-21, FAR 52.224-3, the National Industrial Security Program Operating Manual (NISPOM), Privacy Act, and Federal Information Security Management Act (FISMA), and how contractors can practically manage the risks presented by those provisions throughout the supply chain. Our experience covers not only formal subcontracting arrangements, but also less visible yet equally important vendor management programs.
  • Supply Chain Investigations. Our teams possesses extensive experience conducting investigations into non-compliance , potential misconduct, and threats to security arising within the supply chain, and are especially adept at managing the amplification of exposure to liability driven by intersections with a myriad of existing regimes, including the False Claims Act, the Mandatory Disclosure Rule under FAR 52.203-13, and Suspension and Debarment threats.
  • Procurement and Bid Protests. As supply chain security continues to emerge as a foundational pillar of the Department of Defense’s acquisition planning, contract awards and protests driven by supply chain security metrics will become increasingly common. Our attorneys have substantial depth, experience, and success in identifying and mitigating risks discovered during the solicitation and proposal submission process as well as pursuing and defending bid protests in all forums. 

Insights

Client Alert | 1 min read | 04.15.24

New FAR Part 40 to Address Supply Chain and Information Security Requirements

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years....

|

Professionals

Insights

Client Alert | 1 min read | 04.15.24

New FAR Part 40 to Address Supply Chain and Information Security Requirements

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years....