FAR Part 39: The Ins and Outs of Buying IT

Do you procure IT products and services?

Read on for a quick summary of FAR Part 39 which provides guidance for the procurement of all things IT!

FAR Part 39 Acquisition of Information Technology (IT) provides guidance for the acquisition of IT products and services.?A rather short FAR Part, it only takes 10 minutes to read! This section presents some very important guidance, some of which is complex such as the NDAA 889 requirements (covered in a previous #FARFriday), guiding principles when procuring IT such as modular contracting and is packed full of additional resource documents which we’ll discuss. ?Read on for a brief overview of important considerations and resources when procuring IT.

So what is considered IT?

It’s a simple question but the answer can be complex. FAR Part 39 prescribes the policies and procedures for the acquisition of information technology and communications technology (ICT) that is used by or for agencies or the public and financial management systems. ICT includes the following: equipment, systems, technologies, or processes, where the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information and any associated content. Equipment means things like computers; information kiosks and transaction machines; telecommunications equipment; customer premises equipment; multifunction office machines; software; applications; websites; videos; and electronic documents among many others!

Of course, there are some exceptions to the ICT definition (FAR 2.101) such as if it’s a national security system or for use by a contractor to perform a contract. Check out at all the exceptions and exemptions at FAR 39.204.

IT Buying Considerations

Now that we know what IT is according to the FAR, see some of the considerations identified below that are important when procuring it. The FAR provides several points to consider in the IT buying process:

• Security and protection of privacy information in accordance with Privacy Act and Freedom of Information (FAR 39.105)
• National security and emergency preparedness (e.g., if internet goes down for a critical system, what is the back-up plan?) (See OMB A-130 for more information)
• Accessibility to IT for individuals with disabilities in accordance with Section 508 of the Rehabilitation Act of 1973 (FAR 39.203)
• Use of energy efficient products such as those that meet Electronic Product Environmental Assessment Tool (EPEAT) standards or employing energy-efficient management of servers and Federal data centers. (FAR 39.101)
• Modular contracting and use of agile methodologies (referred to in FAR as increments) and leveraging and use of common or commercially accepted IT standards to promote compatibility (FAR 39.103)
• Prohibition on product or services developed by Kaspersky Lab as well as prohibition on covered telecommunications equipment or services or buying from an entity that uses either.
• Management of risk during the procurement planning process (FAR Part 7). Including technical obsolescence, which can pose significant risk given how quickly technologies change and the need for contracts to be awarded in a way that accounts for changes and risks of this nature; contract type risks; funding and program management risks; impacts of best practices such as those published by the National Institute of Standards and Technology (NIST); and finally benefits and costs/risks (FAR 39.102)
• Use of OMB A-127 Circular when procuring financial management systems which provides guidance on developing, operating, evaluating, and reporting on financial management systems

It is highly recommended to review OMB Circular A-130 which further details these considerations. The Circular is designed to help drive transformation and the way the Federal Government “builds, buys, and delivers technology by institutionalizing more agile approaches intended to facilitate the rapid adoption of changing technologies, in a way that enhances information security, privacy, and management of information resources across all Federal programs and services.”?