Federal information technology purchasing often involves large amounts of money based on the small print of acquisition requirements. Arcane procurement language seemingly can have a big impact on transactions.
For IT vendors, provisions of recent legislation are prime examples of why it pays to scrutinize every line of the laws and regulations pertaining to federal acquisition programs. One example: For years federal agencies have been encouraged to utilize commercial off-the-shelf, or COTS, hardware and software versus more costly customized IT configurations.
Now, provisions of the National Defense Authorization Act for 2016, and the Federal Information Technology Acquisition Reform Act should increase both awareness and purchasing of COTS offerings. The FITARA law was enacted last year, but implementation is still in the early stages and its impact will be felt over the next several years.
“New realities in federal IT management create a shifting sales landscape for COTS manufacturers,” said Chris Wiedemann, market intelligence senior analyst atimmixGroup, at the company’s 2016 Government Sales Summit conference last month.
Matching Private Commercial Market
The use of commercial off-the-shelf procurement certainly is not new within the federal government. Federal COTS acquisitions involve commercially available items provided to the government in essentially the same form as they are offered in the general market.
The idea is that these items are less costly and can be used just as effectively for many purposes as substitutes for expensive and unnecessary customized products built especially for government agencies. In the IT realm, federal COTS products include both hardware and software.
In the government acquisition process, the new laws encourage agencies to move toward the COTS buy option, versus the customized build choice. Finding those provisions supporting COTS, however, can be challenging. For example, the NDAA for 2016 runs to 580 pages — but vendors would be encouraged by a small item tucked into the law addressing COTS.
The section requires the Department of Defense to issue procurement guidance that at a minimum provides that an agency head may not enter into a contract in excess of the simplified acquisition threshold for noncommercial IT products or services unless the head of the agency determines in writing that no suitable commercial items are available to meet the agency’s needs.
As the NDAA 2016 bill — and the COTS language — was being considered earlier this year, the COTS proposal in the bill “reinforces and essentially outlines the need for the DoD to conduct more market research to identify commercially available solutions,” noted Jason Glasser, director of federal programs atDOMA Technologies.
The language was “not just referring to information technology, but the department’s needs as a whole,” he said.
“The new NDAA has potential to start DoD on a path to better planning new projects by crafting the needs around what is commercially available,” Glasser said.
Acquisition Reform Act Spurs COTS
On the civilian side of federal IT procurement, the FITARA law is replete with guidance and requirements that promote more efficient IT contracting, with an emphasis on incremental IT procurement programs versus large one-shot projects that are expensive and limit flexible approaches to acquisitions. The FITARA bill has led to successive guidance and acquisition declarations within federal agencies that boost the concept of COTS procurements.
In early November, for example, Steve Cooper, the CIO at theU.S. Department of Commerce, appeared before the House Government Oversight and Reform Committee to discuss the department’s preparation of the 2020 census.
Among the steps that Commerce was taking was a “realization of the Census Bureau’s information technology guiding principles to simplify, innovate and engage by looking to the cloud first and emphasizing standard-based, commercial off-the-shelf solutions over custom development,” he said.
In addition to major departments such as Defense and Commerce, smaller agencies also are more aware of the COTS option.
In a capital planning and investment document issued earlier this year describing the agency’s response to the provisions of FITARA, the U.S. Nuclear Regulatory Commission noted that new IT acquisitions give preference to using available, suitable federal information systems, technologies and shared services or facilities, or to acquiring open source or COTS technologies over developing or purchasing custom or redundant solutions.
“COTS is for real, and has been for some time, and the continued direction from the Office of Management and Budget means that the focus is on agencies conducting market research to determine if there is a COTS solution that can meet their needs before deciding to move forward developing a custom solution, which can oftentimes prove costly and take an extended period of time,” said Tomas O’Keefe, market intelligence consultant at immixGroup.
“Hardware is a popular option for COTS, particularly hardware that can operate on an open-standards platform where an agency doesn’t get locked into one vendor’s total solution,” he told the E-Commerce Times. “Moving forward, we expect departments to try and avoid vendor lock-in so they have flexibility.”
Another potential COTS growth area will continue to be in cybersecurity, particularly tools geared toward insider threat prevention and defending against more sophisticated attacks against a department or agency’s networks, O’Keefe noted.
The COTS versus customizing situation doesn’t always have to be mutually exclusive. “There are often many customization options that come with COTS products, particularly for an enterprise like the government,” he added.
The impact of FITARA will be significant going forward, said Robert Haas, team chair for theProfessional Services Council’s Federal IT Budget Outlook.
The legislation “will start to drive transformation,” in federal IT procurement, he said at the PSC outlook forum in November.
As a component of transformation, “while it’s hard to divine what Congress has in mind for any particular issue, there are a couple of ways to think about” the COTS issue, Haas noted.
“One is a rallying cry to eliminate individual custom software implementations where a COTS product fulfills most if not all of the requirements. Moreover, the requirement gaps are opportunities to ask whether the process could be changed to simplify the IT support required,” he told the E-Commerce Times.
Agencies Express Strong Interest
“Another way to think about the COTS versus custom software implementation is as a risk reduction and replacement strategy. In this case, the focus is less about whether a specific COTS package needs to be tailored to an agency, and more about using standardized platforms that are supported with maintenance releases, bug fixes and so forth. In this scenario, there is a risk of customizing the COTS software to the point it is difficult to upgrade in the future. At that point, the total cost of ownership may favor a custom software implementation,” Haas said.
In either case, interviews among federal IT professionals conducted in conjunction with the PSC outlook forum “indicated that agency leaders are looking for cost effective and efficient methods” to modernize their IT systems. “COTS approaches are likely to be a good fit for some situations, while others require a different solution,” he said.
COTS strategies often work best where there is a high degree of standardization.
“Specifications are commonly understood in these types of procurements and can yield substantial savings” Haas noted. “These savings continue to accrue during the deployment and operations phases because standard configurations are easier to manage and support.”
"The section requires the Department of Defense to issue procurement guidance that at a minimum provides that an agency head may not enter into a contract in excess of the simplified acquisition threshold for noncommercial IT products or services unless the head of the agency determines in writing that no suitable commercial items are available to meet the agency’s needs."
…and yet, it’s both unrealistic and unwieldy to expect any head of an organization to know for sure if a COTS solution really exists in many cases. Sure a vendor can say they have a "solution for that," but they all say that…they’re running a business. What we often find is that the "solution for that" doesn’t account for all the issues/requirements that an organization faces. This is the same mess the government pulled with the Quality approach to things, where they assess that an outside organization can provide the same service that a military member can for a particular position. Sure, this may be true, but that military member also performs more than that one position’s duties…take away the military member, and then there’s more holes to fill that go unsatisfied.
Don’t get me wrong, I agree that custom solutions often leave other challenges, like a lack of continuity and supportability, etc., but the pendulum swings both ways. It’s not a one-size-fits-all solution to go one way or another.