The SPRS is a shared web-enabled data warehouse that details a vendor’s performance on current or completed contracts. Compliance with DFARS, NIST 800-171, and other requirements, whether short-term or long-term, are verified through the SPRS with the submission of assessment results as well. The SPRS application is available to Acquisition officials with the need to know and contractors who are able to view their own data on the SPRS. The SPRS is the DoD’s single, authorized application to retrieve suppliers’ performance information.
Procurement Integrated Enterprise Environment
All SPRS users from government agencies to vendors access the warehouse through the Department of Defense Procurement Integrated Enterprise Environment (PIEE). This platform allows a single sign-on capability for a variety of acquisition-related applications. Government vendors, suppliers, and contractors can access the SPRS and their company data through PIEE registration.
Vendor Threat Mitigation
Housed within the SPRS are vendor threat mitigation (VTM) reports. The VTM is a process to assess and mitigate the risks posed by vendors and suppliers supporting the DoD operations outside of the U.S. This was previously referred to as “vendor vetting.” The VTM Module in the SPRS provides acquisition professionals with visibility of vendor threat vetting outcomes so contracts can be awarded to company’s found to be in compliance with government requirements.
One of the requirements for winning a DoD contract may involve your company conducting a self-assessment of its basic cybersecurity procedures, policies, and processes including the handling of controlled unclassified information (CUI). Even if your organization doesn’t believe it has any CUI, it is best to complete the self-assessment or allow a third-party provider to do it for you. You can find and download a NIST SP 800-171 Self-Assessment DoD Score Worksheet here.
The results of the self-assessment along with other compliance audit reports should be submitted to the SPRS. A contract officer may disqualify a company for not having an assessment so it’s best to have one on file in the SPRS to be safe.
Having your proverbial ducks in a row and your company registered with the PIEE is imperative if your organization wishes to conduct business with the DoD. Furthermore, your business information needs to be uploaded to the SPRS to allow your business to remain competitive in the DoD acquisition process.
Dox Electronics is happy to assist businesses and organizations of every size with self-assessments, submittal of reports to the SPRS, and other regulation compliance. For more information, visit Dox online or call (585) 473-7766. The call is free and there is no obligation.