By Dante E. Milledge, U.S. Army Information Systems Engineering CommandOctober 23, 2019
Software acquisition doesn't really fit with the Federal Acquisition Regulation. What is it-a product or a service?
The world of software acquisition, which I work in, is often overlooked and misunderstood, and for good reason. When it comes to information technology (IT) acquisition, hardware is what usually comes to mind because it's the part you see and touch every day. I'd like to try to bring software out of the shadows so the challenges faced in acquiring it are more clearly understood.
The Federal Acquisition Regulation (FAR) governs the acquisition process by which executive agencies of the U.S. government acquire supplies and services by contract. Issued pursuant to the Office of Federal Procurement Policy Act of 1974, the FAR has been updated over the years. But when it comes to establishing a multiple-award, indefinite delivery, indefinite quantity (IDIQ) contract for commercial off-the-shelf software, sometimes the FAR requirements just do not fit.
IS SOFTWARE A SUPPLY OR SERVICE?
IDIQ contracts are used when the exact times or exact quantities of future requirements and deliveries are not known at the time of contract award. Multiple-award IDIQ contracts provide for an indefinite quantity of services for a fixed time. IDIQ contracts are most often used for acquiring services, but they fit software acquisition quite well. The government places delivery orders or task orders against a basic contract for individual requirements. Minimum and maximum quantity limits are specified in the basic contract as either number of units or dollar values. The government uses an IDIQ contract when it cannot predetermine the precise quantities of supplies or services that it will require during the contract period.
If, for example, you need a contract to acquire a software product for the entire Army that allows individual agencies and offices to place their own orders, then an IDIQ is for you. More on this later.
One of the first things an acquisition professional must do before developing the framework for a contract is to define the requirement. One of the questions that must be answered: "Is the requirement considered primarily a supply or a service?" The definitions provided in the FAR to make this first basic determination are below:
"Supplies" means all property except land or interest in land. It includes (but is not limited to) public works, buildings and facilities; ships, floating equipment and vessels of every character, type and description, together with parts and accessories; aircraft and aircraft parts, accessories and equipment; machine tools; and the alteration or installation of any of the foregoing.
"Service contract" means a contract that directly engages the time and effort of a contractor whose primary purpose is to perform an identifiable task rather than to furnish an end item of supply. A service contract may be either a nonpersonal or personal contract. It can also cover services performed by either professional or nonprofessional personnel, on an individual or organizational basis.
Commercial software is more like a service when it comes to government contracting. For clarification, I am not referring to software-as-a-service. I am referring to the familiar "term" and "perpetual" software license definitions. A traditional term license grants rights to use the software for a specified period of time. A traditional perpetual license grants rights to use the software indefinitely. In reality, the only thing perpetual about software is the relationship you will have with the people who make it, if you want the product to function safely and securely.
For example, the government spends millions of dollars on software like Microsoft Office. We install the program and expect our applications to work day after day. But when the developer stops supporting the software in favor of a new version, the support stops, and we no longer have access to bug fixes, security patches or upgrades. We may have a perpetual license and "own" the software, but it's no longer as secure as we need it to be without a support stream, and therefore it is useless.
Similar to an IT service contract, you purchase the service for the period of time it's funded for, and when that period is up, the service ends. In this regard, software is similar to an IT service contract: You purchase the service for the period of time and when that period is up, the service ends. With software, it's support that you purchase for a period of time; when that ends, so does the support.
DOES MEANINGFUL PRICE EVALUATION REALLY HAPPEN?
Just as there are different definitions for supply and service requirements, there are different instructions for how to establish contracts and evaluate proposals for these requirements. It's been my experience that commercial software does not always fit neatly into either the supply or service box when it comes to writing evaluation factors and conducting proposal evaluations.
When we conduct hardware acquisitions, writing salient characteristic requirements is usually black and white. For example, we can clearly define evaluation factors for hard drive size, amount of memory, processor performance, what temperatures the machine should be able to operate in and so on. This makes evaluation of hardware requirements more simple and straightforward. Who makes the hardware is not really that important. I can mix and match almost any keyboard and mouse, for example, and have no problem at all. We can award contracts to many different hardware manufacturers for the same hardware, and as long as the hardware meets the minimum requirements, it will function on the government's network.
When we acquire commercial software, it's not so simple. We cannot so easily mix and match software products on the government network. For this reason, we tend to contract for specific software products from a specific software vendor but from multiple sources. So that's where the "multiple" in multiple-award IDIQ comes in. Although the requirement is for Microsoft Office, the competition is between the various vendors on the multiple-award IDIQ contract that can offer it to the government. The software evaluation is now about evaluating the vendors offering to sell the software and not about the software at all, just like a services contract evaluation. The important evaluating factors become the company's corporate capability, customer service response and troubleshooting resolution times, supply-chain risk management, and adherence to specific license usage terms and conditions.
This is another case where software requires a hammer to fit the FAR. Anyone who has ever done a justification and approval knows what this hammer looks like. According to FAR 11.105, "Agency requirements shall not be written so as to require a particular brand-name, product, or a feature of a product, peculiar to one manufacturer, thereby precluding consideration of a product manufactured by another company," unless certain exceptions apply. Rather, FAR clause 52.211-6, "Brand Name or Equal," should be invoked.
FAR 15.404 requires price-cost analysis as an evaluation factor for multiple-award contracts. This price-cost analysis is completed so that prices may be established at the base-level contract. This refers back to the "multiple award" in multiple-award IDIQ. The awardees were not selling anything at the time the IDIQ contract was put in place. They were only given a contract that allows government agencies to purchase from them as needed for a specific period of time. This is known as the base contract. When an agency needs to purchase software, all the vendors on the multiple-award IDIQ will submit a quote that will then be evaluated for price. The software buys are called task orders or delivery orders. Once again, we are in trouble with the FAR as we have no real price comparison until agencies place task orders and delivery orders.
But there does actually appear to be a solution: It's called a deviation. A deviation allows you to not follow the FAR in very specific cases, and there happens to be a FAR deviation that appears to fit this issue. The FAR reads as follows: "Contracting officers, at their discretion, when issuing a solicitation that will result in multiple-award contracts issued for the same or similar services may exclude price or cost as an evaluation factor for the contract awards." The deviation permits contracting officers to evaluate cost or price only at the task-order level. Unfortunately this deviation does not apply to software acquisitions, but one like it would go a long way to mitigate the price evaluation issue.
When we conduct a price evaluation for hardware, we can start by going to Best Buy, Staples, Office Depot or any one of a zillion websites such as Amazon.com to research the price that a piece of hardware is generally being sold for. It's not as simple for commercial software. Most times, the government must contact the company directly to discuss baseline public-sector pricing. The price for one copy of a piece of software on the shelf in a store is not the same as when you purchase tens of thousands or sometime hundreds of thousands of software licenses. The unit cost of a license often goes down as the number of licenses purchased goes up, but the discount rate is not a fixed number. In many cases, you only get what you negotiate.
In addition, price evaluation cannot be done accurately by looking at previous prices paid by the government. Those previous prices take into account several variables: number of units purchased, end-of-quarter discounts, and whether the government does other business with the company. Another complexity when evaluating commercial software is the variety of use models (subscription, perpetual, as-a-service, etc.) and metrics. For example, say Company A has a commercial software product that can be sold or purchased in the following ways (metrics):
- Per device.
- Per virtual machine.
- Per processor.
- Per named user.
- Per operating system.
- Per portable license unit.
- Per server.
- Per powered-on virtual machine.
Just one commercial software product offering can generate hundreds of lines on a spreadsheet to list all the permutations. So, you can't simply compare two similar commercial software products; the ways in which they are sold must also be considered. Many times, an equal comparison can't be done, because not all like commercial software products can be sold in the same ways. Given a big enough hammer and a lot of time, something that satisfies the requirements of FAR 15.404 for price evaluation can be produced, but I question if it is meaningful or valuable for the time and effort spent.
The real competition and price evaluation take place in earnest at the delivery-order level; this is why the previously mentioned class deviation allows this task to be delegated at the order level. When a request for quote (RFQ) is placed for commercial software at the delivery-order level, multiple companies respond. It's at this time that the price can be compared and evaluated for a single product as specified in the customer's RFQ. Additional discounts above and beyond the base contract can also be negotiated because the requirement is firm; requirements are not firm when establishing a base-level IDIQ. The base-level IDIQ only contains broad, high-level nonnegotiable terms and conditions that can be enhanced if doing so would benefit the government, but cannot be diminished.
WHAT FACTORS ARE IMPORTANT?
Normally with an IT product, the technical factor is the most important part of the evaluation to determine if the product meets the customer's minimum specifications. Other factors, such as past performance, are important, but they typically are not considered if the minimum specification technical requirement has not first been satisfied.
With commercial software, we usually don't have a minimum technical specification to evaluate, as most traditional software contracts are for a single specific product or a range of products from a single maker. In the case of the Army Computer Hardware Enterprise Software and Solutions (CHESS) IDIQ contract, Information Technology Enterprise Solutions - Software (ITES-SW), we didn't know what products or brands would be offered until after the vendors proposed.
The ITES-SW contract is catalog-based. The vendors were given four categories in which to submit proposals. As long as a proposed product fit in one of the categories and was deemed worthy to be on the Army's network, it was accepted in the vendors' catalog. What products each vendor put in their catalog was unknown, and the catalogs are updated and changed often. The result is an evaluation that really focuses on the company's ability to fulfill the stated requirement and not so much on technical specifications.
Typically, software acquisition teams spend months working with software makers during acquisition development and negotiation, hammering out language for the base-level IDIQ that's agreeable to the vendor and the government. With all of this back-and-forth and round-and-round, I don't recall a single issue that was about a product. The primary effort was centered around the company's willingness and ability to agree on terms and conditions.
I recommend to first extend the FAR class deviation published in 2017 to supply contracts as well as service contracts. Doing so would give a contracting officer the discretion to exclude price or cost as an evaluation factor when developing software acquisitions. This would save significant time in the acquisition process currently being spent on a requirement that does not add value. It's time to revisit and revise how we classify commercial software and the procurement of commercial software in the FAR. Just as technology changes over time, the methods by which we acquire it should also change.
For more information, go to https://chess.army.mil/.
DANTE E. MILLEDGE is a computer scientist with the U.S. Army Information Systems Engineering Command, currently stationed at Fort Huachuca, Arizona, and provides software support for CHESS. He holds a bachelor's degree in computer science from Texas A&M University. He is Level III certified in engineering and Level II certified in acquisition life cycle logistics.
This article is published in the 2019 Fall issue of Army AL&T magazine.