How to Manage Offsite Issues on a Construction ProjectLarge projects tend to generate complaints from neighboring residents and businesses during construction. How a contractor deals with those complaints can be critical to a project’s overall success. Concerns can vary from minor noise complaints to more serious trespass and nuisance complaints regarding hazardous and non-hazardous construction materials. Regardless of the nature of the complaint or issue, a knowledgeable contractor can likely avoid or mitigate any potential fallout by being proactive and following these tips:

Don’t ignore complaints.

If you receive a complaint from a neighboring resident or business, make an effort to investigate and resolve the issue promptly. You shouldn’t admit fault, but you should try and work with your neighbor to find an amicable solution. This approach can help avoid turning a minor issue into a major problem.

For example, consider receipt of a noise complaint from a resident in a neighboring community. The neighbor is bothered by early morning jack hammering from your construction site. If you ignore that complaint, your neighbor may get frustrated and get folks from his or her neighborhood to file a formal complaint with the local municipality, which could result in the city imposing new restrictions on working hours for your project. The resulting productivity impact and delays could be difficult to overcome. In contrast, if you talk with the neighbor and work out a solution such as rescheduling the noisy work for later in the day once he or she goes to work, you might only have to deal with a minor disruption to your work.

Put relevant parties on notice.

If you receive a complaint from a neighbor regarding anything going on at your construction site that could adversely affect the schedule or cost or result in liability to third parties, put the relevant parties on notice. If an owner-provided civil grading plan results in flooding and erosion into a parking lot of a nearby business, put the owner and AE on notice immediately upon learning of the issue. If a neighbor complains that his or her sidewalk or driveway was damaged by heavy equipment from your jobsite and you know that equipment likely belongs to a subcontractor, put your subcontractor on notice of the complaint. In the above examples, you should also consider putting your insurer on notice of any potential claim along with any subcontractor or owner insurers under whose policies you have been named an additional insured.

You never know when a minor concern might become more serious. If you haven’t notified the responsible party in advance and given them an opportunity to investigate or remedy the issue, that party may be able to shirk responsibility later on when the potential liability becomes greater.

If you decide to make a payment or otherwise remediate an issue, get a release.

In certain circumstances, it may be beneficial for you to go ahead and make a payment or remediate an issue with a neighbor to avoid escalating a dispute. For example, a neighboring resident complains that he got a flat tire from a pothole on the road adjacent to your jobsite, and he claims your trucks and other equipment caused the pothole. He’s threatening to sue and to report you to the city, county or state department of transportation. In that situation, you may decide it’s better to pay the neighbor some marginal sum to avoid a potential lawsuit.

When you make such a payment, be sure to get a complete release of past and future claims from the complainant. You do not want to find yourself dealing with a repeat customer who comes back a few weeks later with a different, potentially frivolous complaint or who now claims the initial damages are worse than originally anticipated (e.g., that flat tire has now become a broken axle). You may want to talk with a lawyer to help you draft some appropriate language for the release to make sure you are adequately protected.

The above tips are not comprehensive, and, as with any construction job, there are unique circumstances which may warrant or require a different approach. However, keeping these thoughts in mind and making sure your onsite project folks are educated on the same can help you avoid or reduce potential liability from a variety of offsite incidents.

Final Countdown to DFARS Cybersecurity ComplianceMost federal defense contractors are aware that December 31, 2017, is the deadline for them to comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. However, many defense contractors (understandably) remain perplexed about not only the details of the requirements, but the basics. This article provides answers to some of the most basic, yet commonly asked, questions regarding the new requirements.

In a nutshell, what is required by December 31, 2017?

The Department of Defense amended the Defense Federal Acquisition Regulation Supplement (DFARS) in 2016 to provide for the safeguarding of Controlled Unclassified Information when transiting through or residing on a contractor’s internal network or information system. DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, requires contractors to implement NIST SP 800-171 to safeguard “covered defense information” that is stored on or processed in their internal network or information system. Additionally, DFARS Clause 252.204-7012 requires contractors to report, within 72 hours of discovery, any cyber incidents that may have affected “covered contractor information systems.” DFARS Clause 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, states that, by submitting an offer, “the Offeror represents that it will implement the security requirements specified by [NIST SP 800-171] . . . not later than December 31, 2017.”

What if my company cannot fully comply by December 31, 2017?

A December 2016 update to NIST SP 800-171 (Revision 1) provides some relief to covered contractors who cannot fully comply with the requirements by December 31, 2017.  Revision 1, which provides guidance on the use of System Security Plans (or SSPs) and Plans of Action and Milestones (or POAMs), states in relevant part:

Nonfederal organizations should describe in a system security plan, how the specified security requirements are met or how organizations plan to meet the requirements. The plan describes the system boundary; the operational environment; how the security requirements are implemented; and the relationships with or connections to other systems. Nonfederal organizations should develop plans of action that describe how any unimplemented security requirements will be met and how any planned mitigations will be implemented.

Then, in September 2017, the Director of Defense Pricing/Defense Procurement and Acquisition Policy issued a memorandum addressing implementation of DFARS Clause 252.204-7012. This memorandum provides additional guidance on SSPs and POAMs as follows:

To document implementation of the NIST SP 800-171 security requirements by the December 31, 2017, implementation deadline, companies should have a system security plan in place, in addition to any associated plans of action to describe how and when any unimplemented security requirements will be met, how any planned mitigations will be implemented, and how and when they will correct deficiencies and reduce or eliminate vulnerabilities in the systems. Organizations can document the system security plan and plans of action as separate or combined documents in any chosen format.

The memorandum further states that a “solicitation may require or allow elements of the system security plan which demonstrates/documents implementation of NIST SP 800-171, to be included with the contractor’s technical proposal, and may subsequently be incorporated (usually by reference) as part of the contract[.]” However, the memorandum reiterates that “DFARS Clause 252.204-7012 requires the contractor that is performing a contract awarded prior to October 1, 2017, to notify the DoD [Chief Information Officer] of any requirements of NIST SP 800-171 that are not implemented at the time of contract award.”

Must my subcontractors comply?

Yes. Covered defense contractors must include DFARS Clause 252.204-7012 in subcontracts, or “similar contractual instruments,” for “operationally critical support” or for which performance will involve “covered defense information.” Among other things, covered contractors must also require subcontractors to “[p]rovide the incident report number, automatically assigned by DoD, to the prime Contractor (or next higher-tier subcontractor) as soon as practicable, when reporting a cyber incident to DoD” as required in DFARS Clause 252.204-7012. Moreover, given that most covered prime contractors will be required, either explicitly or implicitly, to certify compliance with the requirements, prime contractors would be wise to require subcontractors to certify their own compliance to the prime contractor.

What are some of the consequences for non-compliance?

Potential consequences for noncompliance with DFARS Clause 252.204-7012 and NIST SP 800-171 include, but certainly are not limited to, losing a contract award; being subjected to a bid protest; being found to have breached an awarded contract; being terminated for default; and/or negative past performance reviews. Potential consequences for falsely certifying compliance may include, but are not limited to, False Claims Act liability; liability under the various false statement statutes; default termination; negative past performance reviews; suspension; and/or debarment.

Wait, I have more questions!

If you have any questions about any of the foregoing requirements or any related issues, please do not hesitate to contact Aron C. Beezley, the head of Bradley’s Government Contracts Cybersecurity team.

Aron C. BeezleyBradley is pleased to announce that Aron Beezley was appointed vice chair of the American Bar Association’s Bid Protest Committee. The committee’s mission is to provide timely information on developments and a forum for discussing significant issues involving the resolution of bid protests within the federal government, including the agencies, the GAO, and judicial forums. The committee also conducts studies on the efficacy of the system for resolving bid protests of federal agency procurements.

If you have any bid protest-related questions, please feel free to contact Mr. Beezley.