Leveraging OTAs as a Tool for Growth

On October 21, 2021 the govmates team hosted a virtual Institute to discuss Leveraging OTAs as a Tool for Growth. Our speakers included Bob Tuohy, Retired COO, Advanced Technology International (ATI), Jason Havel, VP, Alluvionic Inc and Jim Ghiloni, Director, Wolf Den Associates moderated by govmates Co-Founder Stephanie Alexander.

The panel provided several comments and important takeaways for businesses looking to utilize OTAs in their capture strategy.

What is the Biggest Mistake Small Businesses Make When Pursuing OTAs?

One of the biggest mistakes our panelists have seen is stretching themselves too thin and joining too many consortia whose technology areas may not be the best fit, instead of focusing on the 2 or 3 that best align with the company’s capabilities. In this case, more does not equal better. Invest your time and resources in consortia that actually compete for opportunities that align with your company’s skillset.

How can a company best utilize OTAs?

An important note made to kick off the discussion was that OTA’s are not magic bullets or get-out-of-jail-free schemes to circle around the government bureaucracy(though wouldn’t that be nice!). Instead, the panel suggested bringing the OTA opportunity to your customer and educating them about the option and how it will be beneficial to their mission. In essence, OTA’s are tools, and helpful ones at that. They provide for increased free and open collaboration, the opportunity to discuss the art of possible and understand how to best provide solutions to the real problems that need solving.

In a good model, you have collaboration events amongst the members.   Within OTA consortia, you’re incentivized to team. These collaborations build teams that may not have been built before, and open doors to new partners they you may not have met under conventional (FAR-based) circumstances.

How Do You Educate Your Government Customer About the Use of OTA Vehicles?

While OTAs might be an older vehicle, they may be very new to your customer. In that circumstance, don’t be alarmed if they determine they need to consult with others within their organization to determine if they want to move forward.

In short, start with the capability you’re selling. What solution or innovative capability do you have and how can you adequately convey the need for your solution, to your customer? Identify and present examples of other government customers who have used OTAs and the success they achieved. From there, get cozy with the program managers, contracting shop, and your points of contact. Establish a good relationship early on and continue to feed it as you move through the process.


Where is the Trend of OTA Use headed?

Wolf Den Associated identified significant growth from 2015 to present, in fact, a 92% growth.  The majority of the spend is still within DoD which resulted in about $16 billion in FY2020, up from less than $1 billion 5 years ago.  The vast majority of the spend is for R&D, while there is some spend in services and products (albeit minimal). There was a thought at one point about using OTAs to get to products but that’s not come to fruition yet. As they’re primarily being used for R&D a lot of the spend is flowing through consortia.


To take this further within OTA consortia, prototypes are moving into production which will be a key metric to measure.  The industry will see increased activity in that space especially when non-traditionals have reached the point where they can prime those production contracts.


Joining a Consortia

Sometimes it’s tough for small businesses to know which consortia to join.  It’s helpful if you look at the last batch of RFPs that went thru a consortium to determine if it’s a good fit for you. If those RFPs align with your trajectory, then it’s worth giving thought to joining.  Additionally, If you see your competitors in the consortia, then that could mean (depending on your school of thought) it might be an opportunity for you as well.


We want to give a big thank you to our panelists and attendees for providing their thoughts on this discussion. To see the replay in full, please visit:

What is an OTA

What is an OTA?

Stephanie Alexander and Katie Bilek explain what an Other Transaction Authority (OTA) is and how it helps government agencies find and attract innovative contractors.

Data Governance & the CMMC Framework

Data governance is the process of managing the availability, usability, integrity, and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. Effective data governance ensures data is consistent, trustworthy, and doesn’t get misused. Before we explore it’s role in CMMC, let’s explore the basics.


Data governance is a set of principles and practices that ensure high quality through the complete lifecycle of your data. According to the Data Governance Institute (DGI), it is a practical and actionable framework to help a variety of data stakeholders across any organization identify and meet their information needs.

How important is data governance for your company?

Data governance is a set of processes ensuring important data assets are formally managed throughout the enterprise. It also ensures that trusted information is used for critical business processes, decision making, and accounting.

What are some core principles of data governance?

There are certain core principles which drive a successful data governance implementation:

Recognizing data as an asset – In any organization, data is the most important asset.

Data classification – The process of organizing data into categories making it is easy to retrieve, sort, and store for future use. A well-planned data classification system makes essential data easy to find and retrieve. This can be of particular importance for risk management, legal discovery, and compliance.

Data ownership and accountability – In a successful data governance process, ownership and accountability of data must be clearly defined.

Data retention – Data retention is an important step in helping protect an organization’s data and avoid financial, civil, and criminal penalties that increasingly accompany poor data management practices.

What are the business drivers for data governance?

Regulatory compliance – This is affecting all organizations. And, at the lowest denominator, all organizations need to comply with their own country’s financial regulations. Then there are region specific data privacy regulations, some stricter than others, but noncompliance to those can also end up costing the organization large sums of money, as well as bad publicity. This tends to score high in the list of data governance drivers because of the high risks and costs associated with noncompliance.

Data driven decision making – This is an umbrella for a few drivers, so sometimes you might see this stated simply as “implementing a Business Intelligence (BI) program.” Other times you hear about “starting data analytics” or “big data adoption;” even improving overall efficiency and customer satisfaction. You should consider all of these under one driver because they all fall into the idea of knowing the best decisions to make based on your company’s data.

The quality of your data – It all boils down to data quality (the reason why a lot of organizations point to this as the main driver). Even those who want to start a BI program, ensure regulatory compliance, become more efficient, increase customer satisfaction, and so on – need to ensure the data is clean and accurate, as well as in agreement with the data quality dimensions that matter to the business. If you don’t have good data quality, then you won’t accurately know that the right customer unsubscribed from your newsletters and you’re still continuing to send to them. You might overcharge someone, send inaccurate financials to the IRS, mislabel ingredients on a product, incorrectly categorize those medical lab tests, or draw inaccurate conclusions from revenue projections. The state of quality of your data can make or break everything –and for this you need a good data governance.


The concept of Data Governance is a focal point in the CMMC world. Identifying information as FCI, CUI, or CTI is crucial in knowing how to handle the information at hand and to be able to classify and label it accordingly.

Knowing how to classify your data is key in managing Access Control (AC); as an example, AC.2.16, a level 2 practice, talks explicitly about controlling the flow of CUI in accordance with approved authorizations. Knowing how to classify your data is key in knowing who in your organization is authorized to access CUI to manage their access accordingly.

Example 1: When it comes to Data Classification, companies should know in advance whether a Team or SharePoint site will contain CUI data when it is provisioned. The Community Service Team should be open to all personnel and data about the unit’s volunteer opportunities should be free to be widely shared. However, the unit’s readiness report is probably sensitive information. As such, it needs to be labeled “CUI” and live in a Team site that is clearly marked as such. In other words, the Community Service Team can be labeled “public” while the Readiness Team should be labeled “Readiness – Restricted – CUI.”

Example 2: When it comes to Lifecycle Management, a good Data Governance policy includes a Lifecycle Management plan. Periodic reviews or certain events (for example, the end of a contract) should initiate an archiving process that may even include the deletion of the workspace. This eliminates sprawl and can reduce clutter, which in turn also reduces the attack surface of the environment.

Data is a critical asset for every business, and it is a powerful asset when well-governed. Remember, ad-hoc approaches to how to handle your business data are likely to come back to haunt you. Data governance has to become systematic, as big data multiplies in type and volume and people seek to answer more complex business questions. That means setting up standards and processes for acquiring and handling data, as well as procedures to make sure those processes are being followed. That said, achieving enterprise-wide Data Governance is a not trivial task. It makes sense to break that initiative down into more manageable steps.

Some things you should consider:

  • Identifying current and desired data governance levels
  • Focusing on strategic quick wins to build support
  • Building toward the facets of a sound data governance framework/program

Most organizations do not have the people, nor do they have the expertise, to tackle such an important program. Involving a third-party is often critical for success; an organization with the expertise to help you map out a Data Governance framework specific to your business and industry and let you decide how mature you would like that program to be over time.