- July 30, 2017
- Posted by: Mark Stevens
- Categories: Cyber Security, DFARS, Export Administration Regulations
Organizations should closely analyze requirements from their customers who flow down regulatory requirements such as the FAR and/or DFARS to determine if conflicts exists. In an analysis of certain Defense Federal Acquisition Regulations Supplement, I noticed what could be a conflict for those organizations who may seek to use a Voluntary Disclosure as a result of an authorized export. However, if they follow the DFARS in it strictest sense, the VD would not be considered.
If conflicts exist between an organization’s policies and a customers’s or regulatory requirements then the organization should consider alternatives to policies and procedures in order to maintain compliance while not senselessly walking away from options that can protect the organization.