Supplier Performance Risk System (SPRS) Consulting
You thought you needed to be CMMC compliant, and then the rules changed.
At the end of September, 2020, the Department of Defense (DoD) announced an Interim Rule where a new mandatory construct, the DoD Assessment Methodology, would serve as a temporary certification process before CMMC is fully in place.
The Interim Rule went into effect November 30, 2020, although full CMMC implementation will not be in readiness until 2025 (see DFARS 252.204-7021).
Breakdown of the Interim Rule:
As of November 30, 2020, contracting officers will check the Supplier Performance Risk System (SPRS) database to confirm that a contracting agency has an active SPRS Assessment prior to the award of a new contract or the continuation of an existing one.
While you can now self-assess using the SPRS database, it is not as straightforward as you might think (or want). Here are a few lessons learned as we have been walking some of our clients through the process.
- You must have an account with the DLA, the Defense Logistics Agency.
- You must have the DLA’s Wide Area WorkFlow (WAWF) set up for your organization. The WAWF is a secure, web-based system for electronic invoicing, receipt, and acceptance. It is also where you set up your contract admin.
- You also may have to work with DLA to ensure your WAWF contains a SAM’s CAGE code with the same admin assigned.
Step-by-step Guide to SPRS Assessment Submission
Step 1: Set up Your Account.
Step 2: Access the Supplier Performance Risk System (SPRS).
Step 3: Select SPRS Cyber Vendor User.
Step 4: Add Roles.
Step 5: Complete the Agreement.
Step 6: Admin Approval of Cage Code.
Step 7: Submit Your Assessment Score.
Your Wide Area WorkFlow (WAWF)
If your WAWF is not completed correctly and your contract does not have an admin assigned to it, you will be unable to continue past step #6 – Roles in the self-assessment process.
Now you might think since your organization already does business with the federal government that these pieces would be in place. That is not necessarily true.
If you are subcontractor who mainly subs to prime contractors, you would send that prime your invoice so they can pay you. As a result, some clients have not set up their WAWF because they have never needed it in the past. It is something that catches them unprepared as they begin the self-assessment process.
The DOD is adamant that to continue to do business with them, primes and subcontractors must demonstrate compliance. We don’t want anyone to be rejected by not being able to get through the process or demonstrate a low SPRS score to the DOD.
Duffy Compliance Services conducts a CMMC Gap Analysis to give both a starting point in the CMMC process as well as to create a score for the DOD Supply Performance Risk System (SPRS).
Let Us Guide You
Let Duffy Compliance Services guide you through the process or provide support information
when setting up your SPRS or DLA WAWF account.