My Favorites


Part 504 - Administrative Matters

Part 504 - Administrative Matters

      Subpart 504.1 - Contract Execution

           504.101 Contracting officer’s signature.

           504.103 [Reserved].

      Subpart 504.2 - Contract Distribution

           504.201 Procedures.

           504.203 Taxpayer identification information.

      Subpart 504.4 - Safeguarding Classified Information Within Industry

           504.402 General.

           504.470 Acquisitions involving classified information.

                504.470-1 [Reserved].

                504.470-2 [Reserved].

           504.471 Processing security requirements checklist (DD Form 254).

           504.472 Periodic review.

           504.473 Recurring procurement.

           504.474 Control of classified information.

           504.475 Return of classified information.

           504.476 Breaches of security.

      Subpart 504.5 - Electronic Commerce in Contracting

           504.500 [Reserved].

           504.502 Policy.

           504.570 [Reserved].

      Subpart 504.6 - Contract Reporting

           504.604 Responsibilities.

           504.605 Procedures.

                504.605-70 Federal Procurement Data System Public–Access to Data.

           504.606 Reporting Data.

      Subpart 504.8 - Government Contract Files

           504.800 Scope of subpart.

           504.802 Contract files.

           504.803 Contents of contract files.

           504.804 [Reserved]

                504.804-5 Procedures for closing out contract files.

           504.805 Storage, handling, and disposal of contract files.

      Subpart 504.9 - Taxpayer Identification Number Information

           504.902 General.

           504.904 Reporting contract information to the IRS.

      Subpart 504.11 - System for Award Management

           504.1103 Procedures.

      Subpart 504.13 - Personal Identity Verification of Contractor Personnel

           504.1301 Policy.

           504.1303 Contract clause.

           504.1370 Credentials and Access Management.

      Subpart 504.16 - Unique Procurement Instrument Identifiers

           504.1603 Procedures.

      Subpart 504.70 - Supply Chain Risk Management

           504.7000 Scope of subpart.

           504.7001 Definitions.

           504.7002 Policy.

           504.7003 General procedures.

           504.7004 [reserved]

           504.7005 Post-award procedures.

      Subpart 504.71 - Acquisition Reviews

           504.7100 Scope of subpart.

           504.7101 Purpose.

           504.7102 General.

           504.7103 Head of the contracting activity responsibilities.

           504.7104 Acquisitions and contract actions requiring SPE review and approval.


Subpart 504.1 - Contract Execution


504.101 Contracting officer’s signature.

Contract, contract modifications, blanket purchase agreements, and task and/or delivery orders may be executed manually or electronically using a digital signature. In the absence of the original contracting officer, another contracting officer with appropriate warrant authority may sign. Always type or stamp the name and title of the contracting officer signing the contract on the document, unless it is electronically signed. An electronic contract which includes the name of the contracting officer satisfies the typed, stamped or printed requirement found in FAR 4.101. GSA Order CIO 2162.2 (GSA Digital Signature Policy) is the guidance for the use of digital signatures as the preferred means of providing signatures for GSA documents, forms, correspondence, and emails.


504.103 [Reserved].


Subpart 504.2 - Contract Distribution


504.201 Procedures.

      (a)  The contracting officer must send documentation to the paying office on all contracts for which GSA generates a delivery or task order.

           (1)  For Federal Acquisition Service contracts entered into the FSS-19 system, the contracting officer must send a system generated contract listing.

           (2)  For all other contracts, the contracting officer must send a “Duplicate Original” of the entire contract or modification.

      (b)  The contracting officer must certify that the “Duplicate Original” is a true copy of the contract, modification, task and/or delivery order, if not electronically signed, by writing your signature, in ink, on the award or modification form (i.e., SF 26, 33, 1442, etc.). The contracting officer must certify all contracts except:

           (1)  Leases of real property.

           (2)  Schedule contracts.

           (3)  Standard or GSA multipage purchase/delivery/task order carbon forms.


504.203 Taxpayer identification information.

FAR 4.203(a) does not apply to leases of real property (see 504.904) or FAR 38 Federal Supply Schedule Contracting.


Subpart 504.4 - Safeguarding Classified Information Within Industry


504.402 General.

      (a)  This subpart prescribes procedures for safeguarding classified information required to be disclosed to contractors in connection with the solicitation of offers, and the award, performance, and termination of contracts.

      (b)  As used in this subpart, the term “Contractor(s)” means prospective contractors, subcontractors, vendors, and suppliers.


504.470 Acquisitions involving classified information.

HCA’s must consider how adequate security will be established, maintained, and monitored before accepting a reimbursable agreement for a requirement involving classified information. Further, HCAs are responsible for ensuring that the contracting officers, other procurement personnel, and contracting officer representatives (CORs) assigned to the acquisition have the appropriate security clearances, prior to accepting a reimbursable agreement involving access to, or generation of, classified information.


504.470-1 [Reserved].


504.470-2 [Reserved].


504.471 Processing security requirements checklist (DD Form 254).

      (a) The contracting officer must prepare DD Form 254, Contract Security Classification Specification (illustrated in FAR 53.303-DD-254), for contracts involving contractor access to classified information. This form identifies for contractors the areas of classified information involved. The contracting officer may use written notice of classification for research or service contracts.

      (b)  Obtain instructions or guidance on completing DD Form 254 from the Security and Emergency Management Division, Office of Mission Assurance (OMA).


504.472 Periodic review.

      (a)  The contracting officer in coordination with the appropriate program security officer must review DD Form 254 at least once a year, or whenever a change in the phase of performance occurs, to determine if the classified information can be downgraded or declassified.

      (b)  The contracting officer must inform the contractor of the results of the review by one of the following means:

           (1)  Issuance of a revised specification.

           (2)  Written instructions instead of DD Form 254, if authorized.

           (3)  Written notification if the review results in no change in the classification specifications.

      (c) The contracting officer must prepare a final checklist upon termination or completion of the contract in accordance with FAR 4.805-5.


504.473 Recurring procurement.

The contracting officer must prepare a new DD Form 254 only if a change occurs in either of the following:

      (a)  End item.

      (b)  Previous security classification.


504.474 Control of classified information.

      (a)  The contracting officer must record, mark, handle, and transmit classified information in accordance with the requirements of the Security Branch Chief, Security and Emergency Management Division, Office of Mission Assurance (OMA).

      (b)  The contracting officer must obtain the consent of the originating agency before releasing classified information to a contractor.


504.475 Return of classified information.

      (a)  Contracting officers must recover classified information, unless it has been destroyed as provided in Section 7 of Chapter 5 of the National Industrial Security Program Operating Manual (NISPOM). Information on NISPOM can be found at http://www.fas.org/sgp/library/nispom.htm.

      (b)  Contracting officers must ensure that classified information provided by the government is returned immediately after any of the following events:

           (1)  Bid opening or closing date for receipt of proposals by non-responding offerors.

           (2)  Contract award by unsuccessful offerors.

           (3)  Termination or completion of the contract.

           (4)  Notification that authorization to release classified information has been withdrawn.

           (5)  Notification that a facility:

                (i)  Does not have adequate means to safeguard classified information; or

                (ii)  Has had its security clearance revoked or inactivated.

           (6)  Whenever otherwise instructed by the authority responsible for the security classification.

      (c)  The Government agency that provided classified information to a GSA contractor is responsible for the return of the information.


504.476 Breaches of security.

GSA employees responsible for the protection of classified information must refer the facts of an unauthorized disclosure promptly to Security Branch Chief, Security and Emergency Management Division, Office of Mission Assurance (OMA).


Subpart 504.5 - Electronic Commerce in Contracting


504.500 [Reserved].


504.502 Policy.

Use of electronic signatures is encouraged and can be used to sign and route documents in GSA’s IT systems to contractually obligate funds. The method of authentication used for electronic signatures shall be consistent with the level (1-4) determined from the e-authentication risk assessment in accordance with OMB M-04-04, E-authentication Guidance for Federal Agencies, and the respective technology safeguards applicable to that level or risk from National Institute of Standards and Technology 800-63, Electronic Authentication Guideline.


504.570 [Reserved].


Subpart 504.6 - Contract Reporting


504.604 Responsibilities.

In accordance with FAR 4.604, the Senior Procurement Executive (SPE) has implemented the following policies to monitor and ensure the accurate and timely input of data into FPDS. Additional guidance is available on the GSA Acquisition Portal (https://insite.gsa.gov/fpdsvandv).

      (a)   Contract writing systems.

           (1) The responsibility of the contracting officer to report awards in FPDS per FAR 4.604 may be accomplished by a contract writing system that reports the contract action directly to FPDS.

           (2)  Contract writing systems capable of reporting directly into FPDS shall be configured to report as a condition of making an award.

           (3)  Contract actions reported through contract writing systems shall be routinely examined and compared to data contained in FPDS to ensure that those actions have been reported accurately to FPDS.

      (b)   Quarterly Reviews.

(1)  The HCAs are responsible for the following:

                (i)  Establishing a selection methodology for an appropriate random sample of contract files for review that is representative of their Service's contract actions. The sample does not need to be statistically significant.

                (ii)  Verifying and validating the accuracy of contract action reports (CARs) entered into FPDS through the reviews.

                (iii)  Submitting a certification of the accuracy of the CAR data to the Chief Acquisition Officer (CAO). Certifications are due no later than 30 business days after the end of the quarter.

           (2)  Any data discrepancies identified in the contract file during the verification and validation process shall be corrected.

           (3)  File selection and review may begin immediately after the end of each quarter using the selection methodology determined by the HCA in paragraph (b)(1)(i) of this section.

      (c)   Annual Reviews.

(1) In accordance with FAR 4.604(c), the CAO shall annually sample the GSA FPDS records and provide a list of transactions to each HCA for verification, validation, and certification.

           (2)  The verification and validation shall be conducted by an organization or person that did not award the contracts being reviewed. HCAs may institute any appropriate process that complies with this requirement.

           (3)  The process to verify and validate shall include comparisons of contract file data to FPDS data entries and comparisons of FPDS data to contract writing system data to determine completeness and accuracy, if applicable.

           (4)  HCAs shall provide certifications of the accuracy and validity of their FPDS data to the CAO based on the list of transactions provided to HCAs under paragraph (c)(1) of this section.

           (5)  Certifications to the CAO shall include a description of the means used to verify the accuracy and completeness of the data and a statement that all discrepancies found have been corrected.


504.605 Procedures.

      (a)   Uniform procurement instrument identification. This subpart:

           (1)  Prescribes procedures for identifying contracts, orders, and other procurement instruments regardless of dollar threshold.

           (2)  Applies to all contracting activities, except real property leasing.

      (b)   Transition of procurement instrument identifier (PIID) numbering.

      (c)   Policy.

(1)  Contracting officers shall use the uniform PIID numbering requirements for procurement instruments reported to FPDS.

           (2)  Complete the contract number block provided on the applicable forms. If a space is not reserved for the prescribed number, place the number in the upper right-hand corner of the form.

           (3)  Each contracting office must maintain records to ensure continuity and control of PIID numbering.

      (d)   Activity Address Codes (AACs).

           (1)  AACs are made up of the following:

                (i)  The first two characters of the AAC must be “47” to identify GSA.

                (ii)  The third character must be the service/office code identified as follows:

Service/Office Code

Letter Designation

Office of the Administrator

A

Office of the Chief Financial Officer

B

Office of Human Resources Management

C

Office of Mission Assurance

D

Office of Small Business Utilization

E

Office of GSA IT

F

Civilian Board of Contract Appeals

G

Office of Administrative Services

H

Office of Inspector General

J

Office of General Counsel

L

Office of Governmentwide Policy

M

Public Buildings Service

P

Federal Acquisition Service

Q

Congressional & Intergovernmental Affairs

S

Technology Transformation Service

T

Office of Communications and Marketing

Z

                (iii)  The remaining characters are determined by each service organization, and can be found at https://insite.gsa.gov/aac.

           (2)  Central Service Point (CSP) individuals are responsible for establishing and updating AAC assignments in the Department of Defense Activity Address Directory (DoDAAD). Additional guidance on AAC assignments and updates can be found at https://insite.gsa.gov/aac.


504.605-70 Federal Procurement Data System Public–Access to Data.

      (a)   The FPDS database. The General Services Administration awarded a contract for creation and operation of the Federal procurement Data System (FPDS) database. That database includes information reported by departments and agencies as required by FAR subpart 4.6. One of the primary purposes of the FPDS database is to provide information on Government procurement to the public.

      (b)   Fee for direct hook-up. To the extent that a member of the public requests establishment of real-time integration of reporting services to run reports from another application, a one-time charge of $2,500 for the original integration must be paid by the requestor. This one-time charge covers the setup and certification required for an integrator to access the FPDS database and for technical assistance to help integrators use the web services. The fee will be paid to the FPDS contractor and credited to invoices submitted to GSA by the FPDS contractor.


504.606 Reporting Data.

      (a)  Reporting requirements. Detailed specification of FPDS data reporting requirements is contained in the FPDS-NG FAQs document (available at https://www.fpds.gov/wiki/index2.php/FPDS-NG_FAQ). Reporting offices are encouraged to use automated information systems for FPDS data reporting, provided that the systems contain all required FPDS data elements via the machine-to-machine process and the automated acquisition system has received the proper certification from the FPDS system manager.

      (b)  The GSA FPDS Sustainability Coding Guidelines at http://insite.gsa.gov/sustainableacquisition must be followed when selecting codes for the following sustainability data elements:

           (1)  Recovered Materials/Sustainability.

           (2)  Use of EPA Designated Products.

      (c)  FPDS reporting for acquisitions supporting customer agencies.

(1)  GSA-funded acquisitions. There are instances where GSA conducts an acquisition in support of a customer agency but also provides the predominance of funding for the contract award. In these instances, GSA’s Activity Address Codes (AACs) must be used for the contracting agency codes (e.g. Contracting Office ID) and funding agency codes (e.g. Funding Office ID) in FPDS. Examples of GSA funded acquisitions may include those made in support of—

                (i) Requisitions. These transactions are transfers of property conducted in accordance with the Federal Property Management Regulation (FPMR) (41 CFR 101-26). Examples of programs that facilitate requisitions from customer agencies include GSA stock supply programs and GSA motor vehicle purchasing. Customer agencies submit requisitions (sometimes referred to as “orders”) to GSA for items under these programs in accordance with the FPMR. GSA then acquires these items from suppliers through contracts or orders in accordance with the FAR and GSAM.

                (ii) Shared Services. Under this model, common administrative services-those activities that are common across all agencies-are conducted by an agency (e.g. shared service provider) with expertise in a particular area to reduce duplication and redundancy. In turn, the customer agency reimburses the shared service provider for its costs. Often, shared service providers must conduct acquisitions in order to provide services to other agencies. Accordingly, only the contract/order awarded by the shared service provider to a contractor is reported in FPDS.

           (2)  Customer-funded acquisitions. There are instances where GSA conducts an acquisition in support of a customer agency but the customer agency provides the predominance of funding for the contract action. In these instances, GSA’s AACs must be used for the contracting agency codes (e.g. Contracting Office ID) but the customer agency's AACs must be used for funding agency codes (e.g. Funding Office ID) in FPDS. Examples of customer-funded acquisitions may include—

                (i) Reimbursable Work Authorizations (RWAs). An RWA is an interagency agreement between GSA and a tenant (e.g. federal agency or non-federal source when authorized by statute) whereby GSA recovers its costs for altering, renovating, repairing, or providing services in GSA-managed space over and above the basic operations financed through rent paid by the tenant.

                (ii) Assisted acquisitions (see definition at FAR 2.101). GSA regularly acts as the servicing agency in this type of interagency acquisition, where it performs acquisition activities on a customer (requesting) agency's behalf, such as awarding and administering a contract, while the requesting agency provides the required funding.


Subpart 504.8 - Government Contract Files


504.800 Scope of subpart.

      (a) This subpart prescribes a contract file format standard for all contracts that exceed the micro-purchase threshold. This subpart may be applied to purchases at or below the micro-purchase threshold.

      (b) The purpose of this standard is to ensure that the documentation in the file complies with FAR 4.801(b)(1) and FAR 4.802(c) requirements.


504.802 Contract files.

      (a)   Contract files shall be maintained electronically, unless otherwise determined, in writing, by the HCA to be prohibitively burdensome.

      (b) The contracting officer must place all information and documentation required by FAR 4.802 and 4.803 in the contract file and organize the file in the format as set out in each individual contracting activity's contract file standard.

      (c)  Contracting officer responsibilities.

           (1)  The contracting officer is responsible for the official contract file. Individuals creating documents relating to the contract must provide those documents to the contracting officer for inclusion in the file. Other members of the acquisition team may be responsible for the maintenance and archival of any delegated responsibilities (e.g., contract administration and delegated contract administration function) according to prescribed contracting activity policies and procedures.

           (2)  The contracting officer shall-

                (i) Place all information and documentation required by the FAR (see FAR subpart 4.8), the GSAM, and any other policy and procedure in the contract file.

                (ii)  Include an index or checklist identifying the location of any documentation contained in the contract file when such identification is not already prescribed by policy. The index or checklist can be electronic.

                (iii)  Identify in a clear and logical manner, within the contract file, any documentation maintained in another location.

                (iv)  Comply with applicable file and document naming convention/nomenclature requirements.

           (3)  When responsibility for a contract transfer from one contracting officer to another contracting officer (e.g., employee departure, transfer of assignments, or redelegation of contract administration authority (intraoffice or interoffice))-

                (i)  The successor contracting officer shall review the files being transferred. The purpose of the review is to identify any issues with the contract file (e.g., missing or incomplete documentation or information).

                (ii)  The successor contracting officer shall attempt to resolve any issues identified during their review of the transferred files. The successor contracting officer should write a memo-to-file that documents any issues with the contract file that were not able to be resolved as part of the transfer.

      (d)  Head of contracting activity responsibilities. Head of contracting activities consistent with their delegated authorities are responsible for-

           (1)  Developing policies and procedures that discuss, at a minimum, the following:

                (i) The different types of files identified in FAR 4.801(c) along with any other files that are to be established (e.g., unsolicited proposals);

                (ii)  The location where file documentation is to be stored (e.g., an electronic contract filing system, another official system of record, or some type of combination thereof). If file documentation must be stored in different locations, the policy and procedure shall discuss the rationale for the need (e.g., separation of classified and unclassified documentation) and medium (e.g., paper) to be used;

                (iii) The approach used to identify the documents to be retained within a contract file (see FAR 4.803) and any other files established per paragraph (d)(1)(ii) of this section (e.g., use of a checklist or index that includes the citation of the authority for retaining a document);

                (iv) The organization(s) or individual(s) responsible for maintaining file documentation when such responsibility does not reside with the contracting officer (see 504.802(b));

                (v)  The filing and document convention/nomenclature to be used;

                (vi) The content, access, and other applicable requirements for contracting officer representative (COR) contract files (see FAR 1.604) and any other files (see paragraph (a) of this section); and

                (vii)  The internal controls (e.g. quarterly review by the contracting activity) to be used for ensuring compliance with FAR, GSAM, and other requirements.

           (2)  Designating a point of contact within its organization for purposes of supporting file audits and reviews by internal and external organizations (e.g., the Procurement Management Review (PMR) office). Support may include, but not be limited to:

                (i)  Providing copies of applicable policies and procedures;

                (ii)  Assisting in resolving issues (e.g., locating a contract file) and questions;

                (iii)  Providing access to files and systems; and

                (iv)  Notifying the contracting officer of the status of the review or audit.


504.803 Contents of contract files.

In addition to the examples of contract file documents described in FAR 4.802 and listed in FAR 4.803, the contract file shall include, if applicable, the following:

      (a)  GSA Form 2689 (see 519.502-70 for applicability), and

      (b)  Checklist documenting review of the small business subcontracting plan (see 519.705-4 for applicability).

      (c)  Documents required by individual contracting activity in accordance with such activity's internal policies and procedures.


504.804 [Reserved]


504.804-5 Procedures for closing out contract files.

      (a) HCAs are directed to take appropriate steps to ensure that physically completed contracts are formally closed in accordance with the procedures at FAR 4.804, GSAM 504.804-5, and guidelines provided below for simplified acquisitions and contracts with residual balances. HCAs are reminded that when closing out contract actions at FAR 4.804-1(a)(2), (3), and (4), the contracting officer shall use the closeout procedures at FAR 4.804-5. However, these closeout actions may be modified to reflect the extent of administration that has been performed. Contracting activities that have supplemented the FAR procedures with instructions pertinent to the specific contract types, business systems, and resources employed are encouraged to continue the use of such supplements.

      (b)  Contracting officers must be vigilant and proactive with respect to proper contract closeout procedures. They must not allow completed contracts to remain open indefinitely or allow a failure to conduct timely closeout to violate regulatory or statutory requirements, or negatively impact GSAs accurate and timely financial reporting.

      (c) Under FAR 4.804-1(a)(1), the contracting officer only needs evidence of receipt of goods and services and final payment to closeout the contract files. For contracts awarded under the simplified acquisition procedures, contracting officers shall ensure that the contract award document and the statement of work includes the following statement:

     “For payment purposes, the contractor shall mark its final invoice for payment as Final Invoice for Payment.”

           (1)  For task and delivery orders awarded under these procedures, the orders shall also include the statement above.

           (2)  Contracting officers shall instruct contracting officer representatives or project managers receiving supplies and services under the simplified acquisition procedures to forward copies of the receiving report and final invoice to the contracting officer for contract close-out purposes.

      (d)  Cancellation of open items with residual balances.

           (1)  Open item balances (remaining) of $100,000 and below should be canceled if deemed invalid following the procedures below. Service and Staff Office (SSO) funds managers (persons certifying the availability of funds) will have the authority and responsibility to cancel balances if deemed invalid. Only valid obligations should be retained in the financial accounting system.

           (2)  The following procedures should be followed to cancel invalid obligations:

                (i)  The SSO funds managers will generate a list of proposed deobligations and present it to the contracting officer and his/her director for review and approval.

                (ii)  The contracting officer or director shall respond to the SSO funds manager within 45 days, justifying in writing why any open item on the list should not be canceled.

                (iii)  If the funds manager receives no response from the contracting officer, the funds manager is authorized to take appropriate steps to deobligate the open items in the accounting and business systems.

                (iv)  When a contracting officer approves the cancellation of obligation under items b or c, above, the contracting officer shall prepare the appropriate documents necessary (e.g., contract modification) for the contract file.

      (e)  These actions by the SSO funds managers shall be considered an internal financial accounting action and shall have no bearing on the Government’s rights and duties under the contracts until the contracting officer officially closes the contract.

      (f)   Non-contracting officer acquisitions. For newly created open items that did not require the signature of a contracting officer (GSAM 501.603-1(f)) the funds manager has the authority to correct or cancel any open item not deemed valid. Examples of such document types include micropurchases using the governmentwide commercial purchase card, internal GSA orders and security clearances (e.g., IX, IY, GX). The funds managers should follow the financial systems procedures outlined in this memorandum for cancellation and should inform the originator of the open item of the cancellation.


504.805 Storage, handling, and disposal of contract files.

The contracting officer’s accountability for contract files ends when the following three conditions exist:

      (a)  The files’ retention period expires.

      (b)  The contracting officer receives the notice of disposal from the National Archives and Records Administration.

      (c)  The records liaison officer whose organization has functional responsibility for the files approves disposal.


Subpart 504.9 - Taxpayer Identification Number Information


504.902 General.

      (a)   Debt collection. The Debt Collection Improvement Act of 1996 requires each contractor doing business with GSA to furnish its Tax Identification Number (TIN). The Government is required to include with each certified voucher prepared and submitted to a disbursing official, the TIN of the contractor receiving payment under the voucher. The TIN may be used by the Office of Financial Policy and Operations to collect and report on any delinquent amounts arising out of the contractor's relationship with the Government.

      (b)   Information reporting to the IRS. The TIN is also required for Office of Financial Policy and Operations reporting of certain contract information (see FAR 4.903) and payment information (see GSAM 504.904) to the IRS.


504.904 Reporting contract information to the IRS.

      (a)  The Office of Financial Policy and Operations reports to IRS on payments made to certain contractors for services performed and to lessors for providing space in buildings. This is required by 26 U.S.C. 6041 and 6041A and implemented in 26 CFR. To assist the Office of Financial Policy and Operations in reporting to the IRS, contracting officers must indicate on obligating documents sent to Finance (e.g., purchase, delivery, or task orders; contracts; the GSA Form R-620 for leases; or certified invoices) the contractor's organizational structure (e.g., corporation, partnership) and taxpayer identification number (TIN)


Subpart 504.11 - System for Award Management


504.1103 Procedures.

In addition to the requirements found in FAR 4.1103, prior to awarding a contractual instrument the contracting officer must-

      (a)  Verify that the prospective contractor’s legal business name, Doing-Business-As (DBA) name (if any), physical street address, and Data Universal Number System (DUNS) number or DUNS+4 number, as found in the System for Award Management (SAM), match the information that will be included in the contract, order, or agreement resulting from the vendor's quote or proposal. Correct any mismatches by having the vendor amend the information in the SAM and/or the quote or proposal. The SAM information can be accessed through the SAM website (www.sam.gov) by creating a user account.

      (b)  Ensure that the contractor’s address code exists in Pegasys and that it is SAM enabled with the contractor’s DUNS or DUNS+4 number. This can be done by searching Pegasys records using the contractor’s Taxpayer Identification Number (TIN). If no code exists, request that a new address code be established by the Finance Center for SAM compliance.

      (c)  Ensure that the contractor’s identifying information is correctly placed on the contractual instrument, using special care to ensure that the legal name and “remit to” name match exactly. (Note: Lockbox names or numbers should not be used to replace the contractor’s name in the remittance block on the contractual instrument.)

      (d) Unless one of the exceptions to registration in SAM applies (see FAR 4.1102(a)), the contracting officer must not award a contract to a prospective contractor who is not registered in SAM. If no exceptions are applicable, and the needs of the requiring activity allows for a delay in award, see FAR 4.1103(b)(1).


Subpart 504.13 - Personal Identity Verification of Contractor Personnel


504.1301 Policy.

Contracting officers must follow the procedures contained in CIO P2181.1 - GSA HSPD-12 Personal Identity Verification and Credentialing Handbook, which may be obtained from the CIO Office of Enterprise Solutions, to ensure compliance with Homeland Security Presidential Directive-12 (HSPD-12) “Policy for a Common Identification Standard for Federal Employees and Contractors,” Office of Management and Budget Memorandum M-05-24, and Department of Commerce FIPS PUB 201.


504.1303 Contract clause.

Insert the clause at 552.204-9, Personal Identity Verification Requirements, in solicitations and contracts when it is determined that contractor employees will require access to federally controlled facilities or information systems to perform contract requirements.


504.1370 Credentials and Access Management.

      (a)  Procedures.

           (1) The CIO P 2181.1 - GSA HSPD-12 Personal Identity Verification and Credentialing Handbook details the credentials and access management procedures for contracts or orders including FAR clause at 52.204-9, Personal Identity Verification of Contractor Personnel and GSAR clause at 552.204-9, Personal Identity Verification Requirements.

           (2) The CIO P 2181.1 - GSA HSPD-12 Personal Identity Verification and Credentialing Handbook includes guidance for–

                (i)  Managing credentials;

                (ii)  Ensuring credentials are returned to the GSA Office of Mission Assurance when a contractor employee leaves the contract or when a contract ends; and

                (iii)  Ensuring access to information technology is disabled when a contractor employee leaves the contract or when a contract ends.

           (3) The CIO P 2181.1 - GSA HSPD-12 Personal Identity Verification and Credentialing Handbook, as well as additional resources for implementing the credentials and access management requirements, can be found on the Acquisition Portal at: https://insite.gsa.gov/hspd12inprocurement.

      (b)  Delegating Responsibilities. Contracting officers must ensure any contracting officer's representative delegation letter includes language for credentials and access management responsibilities. Standard delegation language can be found on the Acquisition Portal at: https://insite.gsa.gov/hspd12inprocurement.


Subpart 504.16 - Unique Procurement Instrument Identifiers


504.1603 Procedures.

      (a)   Elements of a PIID. The PIID consists of 13 alphanumeric characters as follows:

Character(s)

Content

Content Description Location

Example

1-6

Activity Address Code

See 504.605(c)

47PA01

7-8

Last Two Digits of Fiscal Year of Number Assignment

15

9

Instrument Code

See 504.1603(b)

F

10-13

Serial Number

See 504.1603(c)

0001

      (b)   Procurement Instrument Type Codes. Indicate the type of instrument consistent with the letter designation provided in FAR 4.1603(a)(3). The letter designations for the identified type of instruments unique to agency policy are identified as follows:

Instrument

Letter Designation

Purchase orders (open market simplified acquisition) - manual

M

Request for information

N

Standing price quote (SPQ)

T

      (c)   Serial Number Codes.

           (1)  A separate series of numbers may be used for each basic instrument type (see 504.1603(b)).

           (2)  For delivery or task orders, each order issued by contracting office must receive a consecutive serial number. That is, orders are numbered in sequence as issued by the contracting office, but they are not in sequence under any individual contract.

           (3)  At the beginning of each fiscal year, the first number assigned is 0001.

           (4)  Alphanumeric characters are serially assigned after the numeric series is exhausted.

           (5)  The allowable numeric and alphanumeric sequences, excluding alpha I and O are–

                (i)  0001 through 9999;

                (ii)  A001 through A999, B001 through B999;

                (iii)  and so on to Z001 through Z999.

           (6)  Each issuing office is responsible for controlling serial number assignments.


Subpart 504.70 - Supply Chain Risk Management


504.7000 Scope of subpart.

This subpart prescribes acquisition policies and procedures mitigating supply chain risks in the post-award phase of a procurement funded by GSA. Procedures in this subpart apply to all GSA funded contracts and orders. These procedures apply regardless of the estimated value of the contract.


504.7001 Definitions.

“Prohibited article” means any prohibited product, system, or service that the contractor provides that conflicts with the supply chain terms or conditions of the contract (e.g., GSA CIO Order, counterfeit items, or a FAR clause, including without limitation the FAR Clause at 52.204-23, Prohibition on Contracting for Hardware, Software, Products and Services Developed or Provided by Kaspersky Lab and Other Covered Entities).

“Supply chain” means a linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer.


504.7002 Policy.

      (a) The Federal Information Security Modernization Act of 2014 and associated National Institute of Standards and Technology (NIST) guidance requires Federal agencies to manage supply chain risks for Federal information systems.

      (b) OMB Circular A-130, “Managing Information as a Strategic Resource,” directs agencies to implement supply chain risk management principles to protect against the insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software, as well as poor manufacturing and development practices throughout the system development life cycle.

      (c) The SECURE Technology Act (Public Law 115-390) requires GSA to have a lead representative of the agency on the Federal Acquisition Security Council as well as address supply chain risks posed by the acquisition of covered articles.


504.7003 General procedures.

      (a) Each service and staff office must provide a supply chain risk management point of contact to GSA’s representative to the Federal Acquisition Security Council or designee to assist in providing recommended guidance to mitigate supply chain risks.

      (b) GSA contracting activities may discuss supply chain concerns with the relevant Supply Chain Risk Management Point(s) of Contact listed on the GSA Acquisition Portal (http://insite.gsa.gov/scrm) at any time, including during acquisition planning and requirements development.


504.7004 [reserved]


504.7005 Post-award procedures.

      (a) Supply Chain Event Report.

           (1) If a prohibited article is discovered within the supply chain of a procurement, the contracting officer shall immediately submit a supply chain event report using the online form on the GSA Acquisition Portal (http://insite.gsa.gov/scrm) to ensure appropriate service and staff offices within GSA are notified.

           (2) The supply chain event report must include the following information:

                (i) Contract information, including contract number and contractor name;

                (ii) GSA contracting office;

                (iii) Prohibited article name; and

                (iv) Reason why prohibited article is banned on contract.

           (3) The contracting officer shall provide as much information as is available at the time of report submission.

           (4) GSA’s representative to the Federal Acquisition Security Council or designee will notify the contracting officer to confirm receipt of the report.

      (b) Supply Chain Event Risk Mitigation. The contract administration procedures under FAR part 43 (e.g.cure notice, termination for cause, past performance review) can be utilized as needed to address immediate or future supply chain event concerns. Additional guidance on contract administration procedures is available on the GSA Acquisition Portal (http://insite.gsa.gov/scrm).

      (c) Past Performance Evaluation. The contracting officer shall report any contractor non-compliance with supply chain requirements within the “Other Areas” portion of any applicable past performance evaluation form.


Subpart 504.71 - Acquisition Reviews


504.7100 Scope of subpart.

This subpart prescribes policies and procedures concerning acquisition reviews. FAR part 18 acquisitions are exempt from this subpart.


504.7101 Purpose.

The purpose of this subpart is to–

      (a) Support FAR parts 7, 10, and 11 to ensure requirements meet the needs of the customer, align and support the mission, are acquired efficiently and effectively, and comply with Federal and agency policies and procedures;

      (b) Establish a requirement for acquisition reviews for various types of acquisitions and contract actions; and

      (c) Promote early and frequent engagement by the SPE.


504.7102 General.

      (a) An acquisition review is a type of internal control as well as a best practice that provides an opportunity for collaboration and meaningful conversation amongst members of the acquisition team and stakeholders. Acquisition reviews enable information to be shared early and often during the acquisition life cycle.

      (b) The need for an acquisition review should be commensurate with the risk, complexity, and criticality of the acquisition or contract action. Criteria supporting the need for an acquisition review may include the criteria described in 507.105(c)(2).

      (c) An acquisition may require more than one acquisition review. An acquisition review may occur at any time during the various phases of the acquisition life cycle:

           (1) Market research phase;

           (2) Acquisition planning phase;

           (3) Pre-solicitation phase;

           (4) Pre-award phase; and

           (5) Post-award phase.

      (d) The following are examples of topics that may be a part of an acquisition review:

           (1) Requirement details (e.g., description of requirement, period of performance, estimated value);

           (2) Market research (e.g., techniques to be used, historical data, commerciality, industry capabilities and practices, potential sources, existing contract vehicles, expected usage by other agencies);

           (3) Acquisition strategy (e.g., degree of competition, small business consideration, contract type, category management, proposed evaluation factors);

           (4) Business and procurement risks (e.g., project scope, funding, life cycle, compliance, alignment to agency mission, political interest, other external factors or circumstances);

           (5) Important policies, procedures, and processes (e.g., IT requirements, customer agency requirements, class deviations, consolidation and bundling analyses, category management requirements);

           (6) Pre-award milestones (e.g., existing contract expiration date, planned solicitation date, anticipated date of award);

           (7) Debriefings, brief explanations, and other post-award communications;

           (8) Contract administration requirements and key activities (e.g., post-award orientation, contractor performance, government property, option renewal or award term review, disposal requirements); and

           (9) Post-award milestones, deliverables, and other important information.


504.7103 Head of the contracting activity responsibilities.

The head of the contracting activity consistent with their delegated authority shall establish acquisition policies, procedures and guidance concerning acquisition reviews for their respective organization(s) in support of this subpart.

      (a) These acquisition policies, procedures and guidance shall include, but be not limited to:

           (1) Commensurate with the risk, complexity, and criticality of the acquisition or contract action–

                (i) Pre-award acquisition reviews (e.g., contract review board, peer reviews); and

                (ii) Post-award acquisition reviews.

           (2) A process for capturing best practices and innovative approaches to share with the acquisition workforce.


504.7104 Acquisitions and contract actions requiring SPE review and approval.

Acquisitions and contract actions requiring SPE review or approval must conduct an acquisition review, consistent with HCA policy established under 504.7103.

      (a) General. The FAR, GSAM, Acquisition Letters, and other policies and procedures identify acquisitions and contracting actions that require SPE review or approval. The SPE may request review of any acquisition or contract action, in addition to those where SPE review or approval is required.

           (1) An HCA may notify the SPE according to paragraph (b) of this section of acquisitions or contract actions that otherwise do not require SPE review or approval. A reason may be to seek assistance, advice, or guidance from the SPE about a potential or planned acquisition, a contract action, or an award.

      (b) Notification. The SPE shall be notified of acquisitions and contract actions requiring SPE review or approval as early in the acquisition life cycle as possible. Notification shall be sent to spe.request@gsa.gov and include the following information:

           (1) Description of the need for SPE involvement (e.g., SPE approval of a consolidation determination);

           (2) Description of the requirement, including key dates (e.g., anticipated solicitation date, anticipated award date);

           (3) Date(s) of acquisition review(s); and

           (4) Any other important information.

      (c) Approval. Acquisitions and contract actions requiring SPE review or approval shall be sent to spe.request@gsa.gov and include the following information;

           (1) Description of the requirement, action required, and due date;

           (2) The document(s) requiring SPE review or approval;

           (3) Evidence of Service-level concurrences;

           (4) Evidence of legal concurrence;

           (5) Supporting attachments, if applicable; and

           (6) Any other important information.

      (d) Participants. Acquisition reviews involving the SPE are to include key members of the acquisition team as well as the following participants:

           (1) SPE or authorized designee;

           (2) Head of the contracting activity or authorized designee;

           (3) Office of Small Business Utilization; and

           (4) Other key stakeholders (e.g., GSA Office of Information Technology for GSA-funded technology acquisitions).