Contractor integrity : stronger safeguards needed for contractor access to sensitive information : report to the Chairman, Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate.

Format:

Book

Government document

Author/Creator:

United States. Government Accountability Office

Contributor:

Needham, John K.

United States. Congress. Senate. Committee on Homeland Security and Governmental Affairs. Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security

Language:

English

Subjects (All):

United States. Office of Federal Procurement Policy--Rules and practice--Evaluation.

United States.

United States. Office of Federal Procurement Policy.

Government contractors--United States.

Government contractors.

Data protection--United States--Evaluation.

Data protection.

Access to Information--legislation & jurisprudence.

Confidentiality--legislation & jurisprudence.

Medical Subjects:

Access to Information--legislation & jurisprudence.

Confidentiality--legislation & jurisprudence.

Genre:

Rules and practice.

Physical Description:

1 online resource (iii, 66 pages) : forms

Other Title:

Stronger safeguards needed for contractor access to sensitive information

Contractor sensitive information safeguards

Place of Publication:

[Washington, D.C.] : U.S. Govt. Accountability Office, [2010]

Summary:

In performing agency tasks, contractor employees often require access to sensitive information that must be protected from unauthorized disclosure or misuse. This report assesses the (1) extent to which agency guidance and contracts contain safeguards for contractor access to sensitive information, and (2) adequacy of governmentwide guidance on how agencies are to safeguard sensitive information to which contractors may have access. To conduct this work, GAO identified key attributes involving sensitive-information safeguards, analyzed guidance and met with officials at three agencies selected for their extensive reliance on contractor employees, analyzed 42 of their contract actions for services potentially requiring contractor access to sensitive information, and analyzed the Federal Acquisition Regulation (FAR) and pending FAR changes regarding governmentwide guidance on contractor safeguards for access to sensitive information. GAO's analysis of guidance and contract actions at three agencies found areas where sensitive information is not fully safeguarded and thus may remain at risk of unauthorized disclosure or misuse. The Departments of Defense (DOD), Homeland Security (DHS), and Health and Human Services (HHS) have all supplemented the FAR and developed some guidance and standard contract provisions, but the safeguards available in DOD's and HHS's guidance do not always protect all relevant types of sensitive information contractors may access during contract performance. Also, DOD's, DHS's, and HHS's supplemental FAR guidance do not specify contractor responsibilities for prompt notification to the agency if unauthorized disclosure or misuse occurs. Almost half of the 42 contract actions analyzed lacked clauses or provisions that safeguarded against disclosure and inappropriate use of all potential types of sensitive information that contractors might access during contract performance. Additionally, DOD and HHS lack guidance on the use of nondisclosure agreements, while DHS has found that these help accountability by informing contractors of their responsibilities to safeguard confidentiality and appropriate use and the potential consequences they face from violations. There have been numerous recommendations for improved governmentwide guidance and contract provisions in the FAR, such as prohibiting certain types of contractor personnel from using sensitive information for personal gain. To address some of these areas, regulatory changes are pending to develop standardized approaches and contract clauses in the FAR that agencies could use to safeguard sensitive information, rather than developing such safeguards individually. However, similarly to issues identified in agency guidance, GAO found two key areas the FAR does not yet address. These include (1) agency use of nondisclosure agreements as a condition of contractor access to sensitive information, and (2) the need to establish clear requirements for contractors to promptly notify agencies of unauthorized disclosure and misuse of sensitive information. The ongoing rulemaking process provides an opportunity to address the need for additional FAR guidance in both areas. GAO recommends that the Office of Federal Procurement Policy (OFPP) ensure pending changes to the FAR address two additional safeguards for contractor access to sensitive information: the use of nondisclosure agreements and prompt notification of unauthorized disclosure or misuse of sensitive information. In oral comments, OFPP agreed with the recommendations. DHS also concurred with the recommendations, while DOD and HHS had no comment.

Contents:

Background

Safeguards to protect sensitive information not always available in agency guidance or included in contract actions

Efforts underway to improve governmentwide guidance in the FAR for contractor access to sensitive information

Conclusions.

Notes:

Title from cover screen (GAO, viewed Sept. 11, 2010).

"September 2010."

Includes bibliographical references.

"GAO-10-693."

"120836."

OCLC:

663791594