Contracting for the federal government can open up many new work opportunities for your business. However, it does come with added responsibilities and compliance requirements. If you want to remain in good standing with the federal government and continue receiving contracts, you’ll need to comply with many regulations pertaining to your business’s accounting methods and your data security. While we specialize in providing compliant accounting methods for government contractors, we know how important the other aspects of your compliance are as well. Here are a few things you need to know about complying with DFARS and safeguarding any covered defense information your company handles.
Awareness and Training
The requirement to safeguard government data is often of the most time-consuming and complicated compliance issues for many businesses, alongside the compliance standards for your accounting methods. However, the basis for it begins with properly training all of your employees and any subcontractors you work with in how to properly handle the information related to your government contracts. Your employees should always be made aware when the information they’re working with is covered defense information, and it’s a good idea to have them sign agreements stating that they will not discuss any of the information handled. In some cases, you may need to require that they not discuss the work they’re performing at all.
Access Control
Access control is an important data security measure that many businesses utilize for protection of their own business information. As a government contractor, however, proper access control is a requirement, not a recommendation. This term simply means that you have measures in place to prevent any unauthorized personnel from accessing sensitive government information.
Generally speaking, sensitive information should be restricted to those who absolutely must know about the information in order to perform their duties effectively. If an employee can do their job without knowing sensitive details, then they should not be privy to covered defense information. This type of security is usually best implemented using proper data storage methods that utilize tiered access. These tools allow you to set access levels for every user, so they can access the information they need to do their jobs, but aren’t privy to private data.
System and Communications Protection
The federal government wants to know that any information they entrust to your company will be protected. This means that data needs to be protected both in transit and at rest, which requires encryption and other data security methods. Your business’s IT network should be as secure as possible, which typically means you should not be employing DIY data security or relying on self-installed firewalls and antivirus software. It’s a good idea for any government contractor to work with a data security expert that can help you create a network and establish data-sharing protocols that are iron clad, and safe from any attempts to intercept or extract sensitive defense information.
Incident Response
If an incident should occur that may have compromised federal defense data, you should have a clear and effective response process to these incidents. The government requires that their contractors and subcontractors report all cyber incidents immediately so that they can take appropriate measures to protect sensitive information. However, your company should also have a response plan. For example, if your network is infiltrated by ransomware—a type of software that encrypts your data so that you can’t use it until you pay the hackers a ransom—what will you do?
Many businesses ensure that they’re performing regular data backups so that damaged, encrypted, or deleted data can be quickly restored. This is one form of incident response that every contractor should consider. Again, consulting with a data security expert can help you establish a response plan for a variety of cyber incidents that may occur.
Audit and Accountability
Your accounting and audit practices are not entirely separate from your responsibility to protect defense information. Some sensitive data may be tied to your bookkeeping, invoices, and so on, so it’s equally important to protect this data from potential cyber incidents, while also remaining compliant with FARS accounting standards.
If you’re a government contractor looking for assistance with FARS-compliant accounting, contact Peter Witts CPA today. We specialize in working with government contractors and understand your unique accounting needs. We’ll help you maintain a compliant accounting system so that you can continue to receive those lucrative government contracts. Contact Peter Witts CPA now to schedule a consultation with one of our government contractor accounting specialists.