POLARIS: It’s GO Time

 

Still reeling from CIO-SP4? Trying to make sense of the latest draft RFP? Prepping for the alleged release on December 21? Ready to ruin your Christmas vacation? Come listen to our experts debate strategy, teaming arrangements, racking up points on the scorecard and legal lessons learned from CIO-SP4. Our goal is to provide an engaging, candid discussion that will help your company make the right decisions to pursue or not and what teaming strategies you should employ.

What does it cost to become CMMC Level 1 compliant?

CMMC Level 1 or “Basic Cyber Hygiene” consists of 17 controls that dictate some basic security measures that you may already have in place. Your outsourced IT services company should already have most of these controls configured for you. If you have internal IT staff, they need to make sure these controls are configured, tested, and enforced. In most cases these controls/systems are already available to you and just need to be turned on or configured. Depending on which systems you are currently using, meeting the technical requirements of CMMC Level 1 should cost little or nothing at all. 

What is CMMC? 

Cybersecurity Maturity Model Certification (CMMC) is an updated set of guidelines primarily built upon existing security frameworks, such as the NIST 800-171, to help the DoD identify the security level of GovCons who are competing for contracts. CMMC is broken down into 5 Levels each of which identifies how secure your infrastructure is in order to qualify your eligibility to compete for and perform work on DoD contracts. 

 

When do we need to be CMMC compliant? 

The DoD intended to roll out CMMC compliance requirements for new contracts in the beginning of 2021 with the expectation that by the end of 2025 every active DoD contract would have CMMC requirements in place. The CMMC implementation deadlines have changed several times causing confusion and creating a sense of urgency for GovCons to become CMMC ready. In addition, CMMC submissions must be audited by certified third-party assessor organizations(C3PAO) for certification unlike previous self-assessed and self-attested NIST submissions. Delays in the finalization of the CMMC compliance process have removed some pressure, the CMMC certification requirement is inevitable. 

At this and you can’t be “certified” and even though the CMMC process timeline has shifted, your company should already have the CMMC level 1 requirements in place. Being CMMC level 1 ready means your company is meeting the practices listed as part of the Federal Acquisition Regulation (FAR) 48 CFR 52.204-21 (which is required on all existing DoD contracts). 

What do we have to do to be CMMC level 1 ready? 

Depending upon your IT support, you may be ready, or you may have several steps to take to qualify. The list below features some of the Level 1 requirements that your IT Support company or in-house IT staff should be providing for you. While your IT team might be implementing the technical functions, to meet the CMMC certification, your company will need properly documented company policies and procedures that align with the technical requirements. In addition, certification requires appropriate supporting artifacts (evidence or documentation to demonstrate compliance). Your IT team can provide you with reports from their management systems to facilitate gathering that information. 

Samples of CMMC Level 1 or “Basic Cyber Hygiene” Controls: 

  • Access Control & Identification and Authentication Controls o IT infrastructure must prevent unauthorized access 
  • Use of unique usernames 
  • Require secure passwords 
  • Enable higher-level security such as multi-factor authentication 
  • Media Protection Controls. o Systems and media containing company information, federal contract information (FCI) or controlled unclassified information (CUI) must be protected 
  • Device Encryption in place on all systems 
  • Encryption of data at rest 
  • Physical and Environmental Controls o Physical restrictions to prevent access to your office 
  • Procedures to document and supervise visitors to your office 
  • Systems and Communications Protection Controls o Firewalls 
  • End-point protection tools (Anti-Virus, Anti-Malware, etc.) 
  • Encryption of data in transit 
  • System and Information Integrity Controls o Monitoring of systems and data 
  • Backup of data 

 

The Bottom Line 

“Basic Cyber Hygiene” should be an integral part of your company’s infrastructure and implementing and maintain it should be your IT team’s primary mission. We have spoken with companies who have been quoted as much as $20,000 from their incumbent IT services provider for remediation to become CMMC Level 1 ready. This charge was in addition to a significant monthly fee for supporting the company systems. We have also worked with companies who were being up charged $50 or more per month for each user to be CMMC Level 1 ready. While some additional outlay may be justified to offset 

the cost of the enhanced security services required to meet higher levels of CMMC, companies should not be paying extra for “Basic Cyber Hygiene.” 

If you are currently working with an IT Services company to maintain your IT infrastructure, the cost to meet the CMMC Level 1 technical requirements should be minimal or simply included as part of your existing service plan. Although there may be some scenarios where your company needs to modify which services or licensing you are using, in most cases, those changes/costs should be reasonable. It should not cost you significantly more money for your IT team to provide you with “Basic Cyber Hygiene.” If your provider is telling you that they need to remediate your systems or significantly increase your monthly fees to be CMMC level 1 ready, then you are not working with the right service provider. 

Before signing off on a significant “remediation project” to become CMMC Level 1 ready, ask your existing service provider why the services that you are paying them to provide does not meet or exceed “Basic Cyber Hygiene”. 

 

For more information, reach out to Degree Six at [email protected] 

Leveraging OTAs as a Tool for Growth

On October 21, 2021 the govmates team hosted a virtual Institute to discuss Leveraging OTAs as a Tool for Growth. Our speakers included Bob Tuohy, Retired COO, Advanced Technology International (ATI), Jason Havel, VP, Alluvionic Inc and Jim Ghiloni, Director, Wolf Den Associates moderated by govmates Co-Founder Stephanie Alexander.

The panel provided several comments and important takeaways for businesses looking to utilize OTAs in their capture strategy.

What is the Biggest Mistake Small Businesses Make When Pursuing OTAs?

One of the biggest mistakes our panelists have seen is stretching themselves too thin and joining too many consortia whose technology areas may not be the best fit, instead of focusing on the 2 or 3 that best align with the company’s capabilities. In this case, more does not equal better. Invest your time and resources in consortia that actually compete for opportunities that align with your company’s skillset.

How can a company best utilize OTAs?

An important note made to kick off the discussion was that OTA’s are not magic bullets or get-out-of-jail-free schemes to circle around the government bureaucracy(though wouldn’t that be nice!). Instead, the panel suggested bringing the OTA opportunity to your customer and educating them about the option and how it will be beneficial to their mission. In essence, OTA’s are tools, and helpful ones at that. They provide for increased free and open collaboration, the opportunity to discuss the art of possible and understand how to best provide solutions to the real problems that need solving.

In a good model, you have collaboration events amongst the members.   Within OTA consortia, you’re incentivized to team. These collaborations build teams that may not have been built before, and open doors to new partners they you may not have met under conventional (FAR-based) circumstances.

How Do You Educate Your Government Customer About the Use of OTA Vehicles?

While OTAs might be an older vehicle, they may be very new to your customer. In that circumstance, don’t be alarmed if they determine they need to consult with others within their organization to determine if they want to move forward.

In short, start with the capability you’re selling. What solution or innovative capability do you have and how can you adequately convey the need for your solution, to your customer? Identify and present examples of other government customers who have used OTAs and the success they achieved. From there, get cozy with the program managers, contracting shop, and your points of contact. Establish a good relationship early on and continue to feed it as you move through the process.

 

Where is the Trend of OTA Use headed?

Wolf Den Associated identified significant growth from 2015 to present, in fact, a 92% growth.  The majority of the spend is still within DoD which resulted in about $16 billion in FY2020, up from less than $1 billion 5 years ago.  The vast majority of the spend is for R&D, while there is some spend in services and products (albeit minimal). There was a thought at one point about using OTAs to get to products but that’s not come to fruition yet. As they’re primarily being used for R&D a lot of the spend is flowing through consortia.

 

To take this further within OTA consortia, prototypes are moving into production which will be a key metric to measure.  The industry will see increased activity in that space especially when non-traditionals have reached the point where they can prime those production contracts.

 

Joining a Consortia

Sometimes it’s tough for small businesses to know which consortia to join.  It’s helpful if you look at the last batch of RFPs that went thru a consortium to determine if it’s a good fit for you. If those RFPs align with your trajectory, then it’s worth giving thought to joining.  Additionally, If you see your competitors in the consortia, then that could mean (depending on your school of thought) it might be an opportunity for you as well.

 

We want to give a big thank you to our panelists and attendees for providing their thoughts on this discussion. To see the replay in full, please visit: https://youtu.be/BKmajxoEoeQ

govmates Partners with ATI to Support Non-Traditionals

Oct. 5, 2021 (SUMMERVILLE, S.C.)Advanced Technology International (ATI) is proud to launch the Innovation Resource Hub, the first-ever ecosystem of resources dedicated to helping non-traditional defense contractors succeed in federal R&D. ATI has partnered with govmates, the premier teaming partner platform for government contractors, to create the offering for all ATI-managed consortia.

The Innovation Resource Hub includes access to the govmates matchmaking platform, as well as a plethora of resources and support to common challenges for non-traditionals and small businesses, such as: access to capital, cyber and supply chain security, infrastructure support, legal and intellectual property rights, human capital, mergers and acquisitions support, and more.

With 23 active collaborations spanning various technology areas, ATI is adding to its suite of services offered to more than 3,700 collective consortia members.

“ATI is excited to join forces with govmates in launching the Innovation Resource Hub. The platform will offer a suite of services focused on supporting non-traditional contractors to better serve their federal Government clients,” said Chris Van Metre, President and CEO of ATI. “The ATI and govmates strategic partnership will enhance collaboration opportunities and foster teaming among consortia members and other companies seeking to expand their business into the government contracting market.”

The govmates matchmaking platform facilitates formulaic and methodical teaming introductions in support of federal contracts. With more than 29,000 matches and 5,600 teaming and procurement introductions across a membership of 4,500 non-traditionals, the govmates platform equips ATI consortia members with more capabilities to win government projects through greater visibility among government, industry, and academia.

“govmates chose to partner with ATI, because ATI shares our core values of ethics and collaboration,” said Katie Bilek, Co-Founder and Partner of govmates. “Together, we’re accelerating impact and supporting the continued evolution of innovation in support of the U.S. government.”

The partnership demonstrates ATI’s deep commitment to supporting the innovation community to help solve our nation’s greatest technological challenges. Both ATI and govmates are united in bringing forth the best and brightest technology providers of all backgrounds to deliver innovation that saves lives, enables the warfighter, and diversifies the industrial base. By leveraging the resources of ATI – the pioneer in R&D collaboration management – with the technology and agility of govmates, the federal government will receive more national security solutions to meet its mission-focused needs.

 

View the PR Newswire Here.

 

ABOUT ATI:

 

ATI, a public-service nonprofit based in Summerville, S.C., builds and manages collaborations that conduct research and development of new technologies to solve our nation’s most pressing challenges. Fueled by a community of experts from industry, academia, and government, ATI accelerates impact by using the power of collaboration to help the federal government quickly acquire novel technologies.

 

ATI.org | LinkedIn | Twitter | collaborATIon app

Shining a Spotlight on the Importance of Supply Chain Cybersecurity

Today Fortress Information Security and govmates, a technology scouting platform, launched a partnership to improve supply chain cybersecurity for companies providing products and services to the federal government.  

Pairing Fortress’ ability to identify, flag, and help remediate supply chain vulnerabilities with govmates’ approach to collaboration and rapid identification of innovative technologies, the partnership will help small and emerging businesses safely and profitably compete in the national security industrial space.

“We merge the best practices of technology and the human element to promote non-traditional defense contractors within the federal community. Given the cyber threats facing contractors and the national security workforce, as well as the speed of regulatory activity to combat these threats, it is critical that we help connect our members and government partners with the best technology available to address and stay ahead of both–Fortress’ Integrated Supply Chain Risk Management Solution does just that.” 

— Stephanie Alexander, govmates 

 

“New requirements and regulations can be time-consuming and costly without partners that understand both the threat and regulatory environment. By partnering together, we are helping to proactively address pain points that govmates member companies face in navigating this complex landscape. Our partnership will help us quickly and thoughtfully reach federal contractors of all sizes to assist in their security and compliance needs.” 

— Peter Kassabov, Executive Chairman and Co-founder at Fortress Information Security. 

 

The Challenge:  

​​Presently, the federal government, large integrators, and traditional defense primes rely more and more on partners and subcontractors for critical products and services. Information, communications, and operational technology (ICT/OT) users rely on interconnected systems to provide solutions to business and government challenges alike. The resultant outcome is an increased vulnerability to network intrusions, hacks, and more sophisticated cyber-attacks. When a supply chain is compromised, its security can no longer be trusted. This has become one of the most significant challenges facing government and business leaders in the current market. 

 

The Solution: 

govmates manages an ecosystem of over 4,000 non-traditional defense contractors, industry partners, academic institutions, and government stakeholders.  Their members represent multiple technology verticals and capabilities in both the federal and commercial sectors. The govmates matchmaking technology enables the federal government and industry primes to rapidly identify desired technologies and solutions.  Utilizing algorithms and relevance scoring, govmates takes a formulaic and methodical approach to facilitating teaming partnerships in the federal contracting community. 

 

Fortress Information Security is at the leading edge in ensuring the technology businesses and federal agencies use won’t be used against them by adversaries or cybercriminals. Fortress uses its proprietary AI technology to allow companies to quickly assess their digital and physical supply chain for potential vulnerabilities. Traditional security programs consistently operate according to priorities and paradigms from past eras, resulting in antiquated and inadequate security systems. The Fortress Platform addresses the most current supply chain risks integrating and conducting multidimensional risk analysis and remediation of supply chain, manufacturing, IT, InfoSec, corporate governance, and contract risks. The result is a fact-based picture of where vulnerabilities exist and how they can be fixed before they become a contract disqualifier or a threat to national security. 

Recap: Back to School | Teaming with Academic Organizations and Research Institutions

On September 16, 2021, govmates hosted a virtual panel event to discuss teaming with academic organizations and research institutions through the Small Business Technology Transfer (STTR) program. Our panelists included Sidney Chocron, R&D Manager at the Southwest Research Institute, Matt Barsotti, Principal at Protection Engineering Consultants, David Stevens, Principal Engineer at Protection Engineering Consultants, and Ted Reutzel, Director of Center for Innovative Materials Processing at The Applied Research Laboratory at Penn State University. Mr. Chocron and Mr. Reutzel offered their views as members of large research institutions with STTR experience, while Mr. Barsotti and Mr. Stevens provided the perspective of a small business that has successfully completed STTR awards.

Why choose to pursue an STTR?

The STTR program is different from other federal opportunities in that the end customer is not looking for a product or service, rather a problem to be solved. STTRs are research-heavy and have aggressive timelines. Small businesses may choose to pursue an STTR because it allows the company to develop new skills and capabilities.

The program offers an avenue for both the small business and the research institution to explore a niche R&D priority. A research institution can get substantial funding if a project moves from Phase I to Phase II. Academic institutions specifically are excited about the opportunity to involve graduate students and further their research goals.

How do I find a teaming partner?

It typically falls on the small business to find a teaming partner. The right teaming partner may be an institution with access to specialty equipment, or a university with plenty of graduate students to spare for the project.  The small business must consider their own capability gaps and requirements before reaching out to prospective partners.

As our panelists emphasized, it is so important for the small business to go to the research institution with a clear plan and an open mind. The small business is usually the lead on the project; they must come to the table with the motivation and drive to win while still allowing their team members to be full and equal partners.

How does the teaming partnership work?

Finding the right partner is not easy. Our small business panelists emphasized that it is important to find a partner willing to work on your timeline. STTRs often move fast, sometimes requiring work to start before an agreement is official. Universities and other research institutions are also allowed to work on multiple Phase I proposals at once. There may be multiple companies vying for the attention of a single research institution; that institution can work with as many or as few as feels appropriate.

What other advice do you have for companies interested in pursuing an STTR?

  1. If possible, talk to the STTR technical point of contact (TPOC) about the solicitation. Find out what the end customer wants and why they chose to go through the STTR program. This will help focus and refine the research priorities.
  2. Intellectual property agreement negotiations can take a long time, especially when dealing with a university. Start working on an IP agreement as soon as possible to ensure everything is in place by the STTR due date.
  3. Ensure that all parties are happy with the workshare agreement. Teams should have complementary skillsets and clearly defined tasks with an agreed-upon timeline. Partnerships that work well together have a better chance of winning a Phase II award!

Pursuing an STTR and need a teaming partner?  Contact us at [email protected] today!

Author: Hannah Altman, Program Analyst

Subcontracting Compliance

As we previously wrote, the Federal Acquisition Regulation (FAR) limitations on subcontracting (LOS) rule was recently revised to more closely mirror the U.S. Small Business Administration’s (SBA) LOS regulation. However, because the changes to the FAR do not account for more-recent revisions to SBA’s LOS rule, inconsistencies between the two sets of regulations remain. Recognizing this disconnect, the Civilian Agency Acquisition Council has released a memorandum authorizing civilian agencies to issue FAR class deviations to better align the FAR’s and SBA’s LOS. In a welcome step towards regulatory conformity, the Department of Defense (DOD) has also acted to bridge the divide between these regulations. On September 10, 2021, DOD issued a class deviation (Deviation), effective immediately, that recognizes certain exclusions from the LOS for small businesses that are outlined in SBA’s regulations but have not yet been added to the FAR. This Deviation should provide greater clarity for small businesses when measuring compliance with the LOS under DOD set-aside contracts.

SBA’s LOS rule provides that, for service contracts (except construction), prime contractors may not pay more than 50% of the amount paid to them by the government to firms that are not similarly situated. Critically, the SBA rule provides that the following services may be excluded from the 50% limitation: (1) other direct costs (to the extent they are not the principal purpose of the acquisition and small business concerns do not provide the service), such as airline travel, work performed by a transportation or disposal entity under a contract assigned the environmental remediation North American Industry Classification System code (562910), cloud computing services, or mass media purchases; and (2) work performed overseas on awards made pursuant to the Foreign Assistance Act of 1961 or work required to be performed by a local contractor. These exclusions are not in the FAR.

However, as explained in the Deviation, DOD is now requiring that all contracting officers use a revised version of the FAR’s LOS clause that expressly recognizes the foregoing exclusions from the 50% limitation for services contracts. The Deviation will remain in effect until incorporated into the FAR or until otherwise rescinded.

If you have any questions regarding the Deviation or the LOS, please contact Sam Finnerty, the author of this blog, or a member of PilieroMazza’s Government Contracts Group.

Federal Contractors and the COVID-19 Vaccination Mandate

In an effort to curb the spread of COVID-19, on September 9, 2021 President Biden announced an Executive Order (Order) Ensuring Adequate COVID Safety Protocols for Federal Contractors mandating federal contractors’ employees receive a COVID-19 vaccination as a condition of employment. This builds off the President’s announcement back in July where these employees only had to attest to their vaccination status or face restrictions. The President has charged the Safer Federal Workers Taskforce (the Task Force) with ironing out the mandate’s specifics by September 24, 2021. Hopefully, they will answer many outstanding questions.

For now, what we do know is the Order is effective immediately; however it expressly states it applies to a contract or contract-like instrument that is entered into, extended, renewed, or has an option exercised on or after October 15, 2021. A “contract-like instrument” will have the meaning set-forth in the Department of Labor’s proposed-rule, “Increasing the Minimum Wage for Federal Contractors.”

Applicable contracts are:

  • Services, construction, or leasehold interest in real property;
  • Services covered by the Service Contract Act;
  • Concessions; and
  • Work in connection with federal property or lands and related to offering services for federal employees, their dependents, or the general public.

 

There are some explicitly exempt contracts. Specifically, federal grants, Indian Tribes, those contractors working outside of the United States, contracts equal to or less than the simplified acquisition threshold, and subcontractors solely for the provision of products.

We also know the mandate will apply to “any workplace location as specified by the Taskforce where a worker is working on or in connection with a federal government contract or contract-like instrument.”   With this said, it could be interpreted as requiring remote workers and employees working at the contractor’s facility to have to get the vaccine. We hope this will be one of the items the Task Force addresses in greater detail.

Finally, written in the Order are specifics the Task Force must address:

  • Definitions to relevant terms for contractors and subcontractors,
  • Explanations of the protocol required of contractors and subcontractors to comply with workplace safety guidance, AND
  • Any exceptions to the Task Force that apply to contractor and subcontractor workplace locations and individuals in those locations working on or in connection with a Federal Government contract or contract-like instrument.”

Again, these items will have to be spelled out by September 24. However, this date could be extended.

Some action items to consider:

  • Determine if you are a federal contractor or subcontractor
  • Determine your contract applicability
  • Determine which form of proof of vaccination you will accept
  • Create a COVID-19 Vaccination Requirement Procedure policy

https://www.capgroupfinancial.com/insights/federal-contractors-and-the-covid-19-vaccination-mandate

 

Federal Contractors and Companies Requiring Vaccinations

Recently, the Biden administration announced new measures to encourage vaccinations among Americans. Focusing primarily on increasing vaccinations at the federal level, President Biden stated that all federal government employees and on-site federal contractors are required to attest to their vaccination status. This order only applies to onsite contractors.

At this time, federal or contractor employees can refuse to attest to their vaccination status and still work if they are not yet vaccinated. However, there are implications to this choice. First, all unvaccinated/non-attesting employees and contractors will be required to wear masks while working on location, physically distance themselves while working, and test for COVID one to two times a week. Additionally, unvaccinated federal employees and contractors will be restricted from traveling for work.

As of now, federal contractors only need to attest to their vaccination status. President Biden has not ordered that on-site contractor employees receive the COVID vaccine. However, the stagnant vaccine rate, increasing infection numbers, and the severity of the Delta variant may lead this position to change.

If you are a federal contractor, it is important to ensure that all your workers are vaccinated or strictly follow CDC guidelines. These actions will not only protect your workforce, but they will allow you and your employees to avoid these additional burdens placed on unvaccinated employees. Further, there could be real contractual implications if a contractor employee violates CDC guidelines and causes a COVID outbreak.

Vaccination Trends: More Companies Are Considering Mandating (or Have Already Mandated) Vaccines as Delta Variant Spreads

Recently, employers have been showing more interest in required vaccinations. Despite initial ambiguity over the legality of an employer-imposed COVID-19 vaccine mandate in 2020, 2021 has brought a series of decisions and opinions from federal authorities and the judiciary clarifying that an employer vaccine mandate is legal as a condition of employment.

These court decisions and opinions could result in a potential increase of vaccine mandates enacted by private businesses in the wake of the new state and federal government regulations. As the coronavirus pandemic has tightened its grip on the U.S. yet again this summer, more employers are getting onboard with a workplace vaccine mandate.

In the private sector, companies including Morgan Stanley, Saks, Delta Air Lines, The Washington Post, United Airlines, and Facebook have all announced their own vaccine requirements for employees in recent weeks. Recently, Google announced it was delaying its return-to-office plans until October, and that employees must be vaccinated to go back in-person.

In terms of what’s legally allowed, employers do have the right to set the terms and conditions of employment. Employers can require employees be vaccinated against Covid-19, or to submit to mandatory Covid screenings. With that said, employers creating a vaccine requirement must be open to requests for reasonable accommodations as required by law, such as for workers who refuse for religious or medical reasons, including pregnancy. All such requests must be assessed individually, and employers have right to ask for supporting documentation

Vaccination Inquiries: Who Needs to Know?

Vaccination information is confidential medical information and can be disclosed only on a need-to-know basis. Considerations include:

  • Company Policy determines who needs to know. For example, if fully vaccinated employees do not have to wear masks in the office, their direct supervisors might have a need-to-know vaccine status in order to enforce that policy.
  • If an employer has mandated vaccinations and someone is not vaccinated because of an accommodation, that person’s supervisor would need to know this information so that the accommodations (which likely would involve social distancing and some wearing of masks in common areas) would be recognized and enforced.

Mask Guidance & Mandates by State

When it comes to requiring masking or not, it is apparent that things are very much in a state of flux. The Delta variant, CDC guidance, and ever-evolving state and local requirements will have significant impacts on all employers, including those that had recently dropped mask mandates for vaccinated individuals and those planning to reopen their worksites in the fall.

The Centers for Disease Control and Prevention (CDC’s) most updated guidance recommends that fully vaccinated persons in areas with substantial or high rates of COVID-19 transmission resume wearing masks in public indoor settings. The guidance also encourages all fully vaccinated persons who have a known exposure to COVID-19 to take a COVID-19 test three to five days after exposure, and to wear masks in public indoor settings for 14 days or until receiving a negative COVID-19 test.

Possible ‘Next Steps to Consider’ for Employers

At this time, employers may consider varying options to find the best way to implement appropriate safety measures for their businesses. As the CDC continues to advise that the risks of transmission are significantly increased among unvaccinated individuals, employers may want to consider implementing a vaccine mandate for employees working at their establishment, restricting entry only to fully vaccinated individuals, requiring the use of masks and Staying current on changing mask mandates for private employers, which vary by state. All these approaches have different pros and cons, and there is not a one-size-fits-all approach that will work for every employer. Considering current trends, we expect even more changes at state and local levels, and we encourage businesses to monitor these developments closely.

Key Solutions Inc

How to Get the Most Value From SMEs to Write a Winning Proposal

Subject matter experts (SMEs) are necessary to almost every proposal. They are the ones who design and build the product (or provide the service).

They most likely work on contract for your customer, so they know what to do, how to do it, when and where to do it, and who is responsible for it. They can provide lessons learned to improve your methodology, identify reasonable quality metrics and measurements, and make recommendations for continuous process improvements. SMEs often know the real decision-makers and have insight into their preferences.

What SMEs likely can’t do though, is write effectively for your proposal. There are two reasons for that:

1. Because of their deep product knowledge, SMEs “know too much.”

They know there is no simple answer; everything depends on the customer environment, system configurations, SLAs, other vendors involved, and so on. They often struggle to respond only to what the RFP requires.

2. SMEs may not actually write frequently, but if they do, it’s probably in a style very different from what proposals require.

For example, user manuals are dry, short, and to the point, providing precise, logically organized instructions. Technical specifications are heavy on jargon and metrics with little prose. Conversely, scientific and research papers provide heavily detailed theories, methodologies, rationales, and results leading up to conclusions.

These experts are ill-prepared to work within a stringent compliance-driven proposal outline, which makes a hash of any lengthy technical discussion and imposes ridiculous page limits. Closely related material may defy logical order and be split into multiple sections, with seemingly unrelated material stuck in the middle. Asking your SME to learn to write in this fashion will be frustrating at best, and is not the best use of their time or expertise.

FREE DOWNLOAD: COMPLIANCE MATRIX TEMPLATE

Still, there is another, even more germane reason not to task SMEs with writing proposal responses: a proposal is not a technical document. It is a customer-oriented response to specific requirements. SOWs and SLAs and technical volumes notwithstanding, a proposal must above all persuade the evaluator that your solution is the best combination of not only technical, but also management, security, customer support, cost, and other relevant factors.

Precisely because SMEs are experts on product design, features and benefits, they write from that perspective. They often “push their product across the table,” trying to sell what they already have. Proposals, meanwhile, are all about solving the customer’s problem. The product is merely part of the solution, and may need substantial modifications to meet requirements. A well written proposal inspires the customer to “pull the solution to their side of the table.”

So how do you get the most value from your SMEs?

Bring in a seasoned proposal writer to turn your SME’s data into “proposalese.” Proposal writers start with the RFP requirements to understand what the proposal must provide. They absorb or even help develop win themes, discriminators, and value propositions. Then they work with the SMEs through interviews, Q&A sessions, and read/review/edit cycles, to craft a compliant, compelling response to the convoluted RFP requirements.

So what is “proposal style” writing, and why does it require dedicated proposal writers?

Essentially, it’s very much like what I learned a lifetime ago in Journalism 101. In that class the basic assumptions were:

  • Few people read past the headlines
  • Even fewer people read past the third paragraph
  • Only diehards ever read to the end

To satisfy a newspaper audience then, a journalist must put the most important points up front. Backup data comes later. Think of a triangle, point down, or a funnel: at the top, the broadest point, is where your conclusion goes – the most important material that you want the reader to remember. After that come the proof points or substantiation for those who continue reading. Additional details and background information follow, to satisfy the diehards who want the whole story.

This is pretty much exactly what you need to do in proposals: assume the audience (evaluator) will spend very little time with your proposal, so put all the most important information right up front so the evaluator can find it with little effort.

Proof points, like references to similar successful efforts, should follow, as validation for your approach. Extensive details can bolster your argument, especially when summarized effectively with a features/benefits table or similar device to reinforce your solution.

This article was originally published in June 2013 and updated in August 2021.

https://info.ksiadvantage.com/blog/articles/how-to-get-the-most-value-from-subject-matter-experts

 

This article was originally created and published for the Key Solutions blog. Key Solutions, Inc. (KSI) is full-service bid and proposal consulting firm that helps companies win government contracts.