DOE 952.223-76 Conditional payment of fee or profit-safeguarding restricted data and other classified information and protection of worker safety and health. Basic (Dec 2010) (Current)

As prescribed at 923.7003(f), except as prescribed in 970.1504-8(c), the contracting officer shall insert the clause at 952.223-76, Conditional Payment of Fee or Profit—Safeguarding Restricted Data and Other Classified Information and Protection of Worker Safety and Health, in all contracts that contain both the clause at 952.204-2, Security Requirements, and the clause at 952.250-70, Nuclear Hazards Indemnity Agreement.

Conditional Payment of Fee or Profit—Safeguarding Restricted Data and Other Classified Information and Protection of Worker Safety and Health (DEC 2010)

(a) General. 

    (1) The payment of fee or profit (i.e., award fee, fixed fee, and incentive fee or profit) under this contract is dependent upon the Contractor's compliance with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information (i.e., Formerly Restricted Data and National Security Information) and relating to the protection of worker safety and health, including compliance with applicable law, regulation, and DOE directives. The term “contractor” as used in this clause to address failure to comply shall mean “contractor or contractor employee.”

    (2) In addition to other remedies available to the Federal Government, if the Contractor fails to comply with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information or relating to the protection of worker safety and health, the Contracting Officer may unilaterally reduce the amount of fee or profit that is otherwise payable to the Contractor in accordance with the terms and conditions of this clause.

    (3) Any reduction in the amount of fee or profit earned by the Contractor will be determined by the severity of the Contractor's failure to comply with contract terms and conditions relating to the safeguarding of Restricted Data or other classified information or relating to worker safety and health pursuant to the degrees specified in paragraphs (c) and (d) of this clause.

(b) Reduction amount. 

    (1) If in any period (see paragraph (b)(2) of this clause) it is found that the Contractor has failed to comply with contract terms and conditions relating to the safeguarding of Restricted Data or other classified information or relating to the protection of worker safety and health, the Contractor's fee or profit of the period may be reduced. Such reduction shall not be less than 26 percent nor greater than 100 percent of the total fee or profit earned for a first degree performance failure, not less than 11 percent nor greater than 25 percent for a second degree performance failure, and up to 10 percent for a third degree performance failure. The Contracting Officer must consider mitigating factors that may warrant a reduction below the specified range (see 48 CFR 904.402(c) and 48 CFR 923.7002(a)(2)). The mitigating factors include, but are not limited to, the following ((v), (vi), (vii), and (viii) apply to worker safety and health (WS&H) only :

        (i) Degree of control the Contractor had over the event or incident.

        (ii) Efforts the Contractor had made to anticipate and mitigate the possibility of the event in advance.

        (iii) Contractor self-identification and response to the event to mitigate impacts and recurrence.

        (iv) General status (trend and absolute performance) of: Safeguarding Restricted Data and other classified information and compliance in related security areas; or of protecting WS&H and compliance in related areas.

        (v) Contractor demonstration to the Contracting Officer's satisfaction that the principles of industrial WS&H standards are routinely practiced (e.g., Voluntary Protection Program Star Status).

        (vi) Event caused by “Good Samaritan” act by the Contractor (e.g., offsite emergency response).

        (vii) Contractor demonstration that a performance measurement system is routinely used to improve and maintain WS&H performance (including effective resource allocation) and to support DOE corporate decision-making (e.g., policy, WS&H programs).

        (viii) Contractor demonstration that an Operating Experience and Feedback Program is functioning that demonstrably affects continuous improvement in WS&H by use of lessons-learned and best practices inter- and intra-DOE sites.

    (2)(i) Except in the case of performance-based, firm-fixed-price contracts (see paragraph (b)(3) of this clause), the Contracting Officer, for purposes of this clause, will at the time of contract award, or as soon as practicable thereafter, allocate the total amount of fee or profit that is available under this contract to equal periods of [insert 6 or 12] months to run sequentially for the entire term of the contract (i.e., from the effective date of the contract to the expiration date of the contract, including all options). The amount of fee or profit to be allocated to each period shall be equal to the average monthly fee or profit that is available or otherwise payable during the entire term of the contract, multiplied by the number of months established above for each period.

        (ii) Under this clause, the total amount of fee or profit that is subject to reduction in a period in which a performance failure occurs, in combination with any reduction made under any other clause in the contract that provides for a reduction to the fee or profit, shall not exceed the amount of fee or profit that is earned by the Contractor in the period established pursuant to paragraph (b)(2)(i) of this clause.

    (3) For performance-based firm-fixed-price contracts, the Contracting Officer will at the time of contract award include negative monetary incentives in the contract for Contractor violations relating to the safeguarding of Restricted Data and other classified information and relating to protection of worker safety and health.

(c) Safeguarding restricted data and other classified information. Performance failures occur if the Contractor does not comply with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information. The degrees of performance failures relating to the Contractor's obligations under this contract for safeguarding of Restricted Data and other classified information are as follows:

    (1) First Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have resulted in, or that can reasonably be expected to result in, exceptionally grave damage to the national security. The following are examples of performance failures or performance failures of similar import that will be considered first degree:

        (i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating a risk of, loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other information classified as Top Secret, any classification level of information in a Special Access Program (SAP), information identified as sensitive compartmented information (SCI), or high risk nuclear weapons-related data.

        (ii) Contractor actions that result in a breakdown of the safeguards and security management system that can reasonably be expected to result in the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data, or other information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

        (iii) Failure to promptly report the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

        (iv) Failure to timely implement corrective actions stemming from the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other classified information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

    (2) Second Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have actually resulted in, or that can reasonably be expected to result in, serious damage to the national security. The following are examples of performance failures or performance failures of similar import that will be considered second degree:

        (i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating risk of, loss, compromise, or unauthorized disclosure of Secret Restricted Data or other information classified as Secret.

        (ii) Contractor actions that result in a breakdown of the safeguards and security management system that can reasonably be expected to result in the loss, compromise, or unauthorized disclosure of Secret Restricted Data, or other information classified as Secret.

        (iii) Failure to promptly report the loss, compromise, or unauthorized disclosure of Restricted Data or other classified information regardless of classification (except for information covered by paragraph (c)(1)(iii) of this clause).

        (iv) Failure to timely implement corrective actions stemming from the loss, compromise, or unauthorized disclosure of Secret Restricted Data or other information classified as Secret.

    (3) Third Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have actually resulted in, or that can reasonably be expected to result in, undue risk to the common defense and security. In addition, this category includes performance failures that result from a lack of contractor management and/or employee attention to the proper safeguarding of Restricted Data and other classified information. These performance failures may be indicators of future, more severe performance failures and/or conditions, and if identified and corrected early would prevent serious incidents. The following are examples of performance failures or performance failures of similar import will be considered third degree:

        (i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating risk of, loss, compromise, or unauthorized disclosure of Restricted Data or other information classified as Confidential.

        (ii) Failure to promptly report alleged or suspected violations of laws, regulations, or directives pertaining to the safeguarding of Restricted Data or other classified information.

        (iii) Failure to identify or timely execute corrective actions to mitigate or eliminate identified vulnerabilities and reduce residual risk relating to the protection of Restricted Data or other classified information in accordance with the Contractor's Safeguards and Security Plan or other security plan, as applicable.

        (iv) Contractor actions that result in performance failures which unto themselves pose minor risk, but when viewed in the aggregate indicate degradation in the integrity of the Contractor's safeguards and security management system relating to the protection of Restricted Data and other classified information.

(d) Protection of worker safety and health. Performance failures occur if the contractor does not comply with the contract's WS&H terms and conditions, which may be included in the DOE approved contractor Integrated Safety Management System (ISMS). The degrees of performance failure under which reductions of fee or profit will be determined are:

    (1) First Degree: Performance failures that are most adverse to WS&H or could threaten the successful completion of a program or project. For contracts including ISMS requirements, failure to develop and obtain required DOE approval of WS&H aspects of an ISMS is considered first degree. The Government will perform necessary review of the ISMS in a timely manner and will not unreasonably withhold approval of the WS&H aspects of the Contractor's ISMS. The following performance failures or performance failures of similar import will be deemed first degree:

        (i) Type A accident (defined in DOE Order 225.1A, Accident Investigations, or its successor).

        (ii) Two Second Degree performance failures during an evaluation period.

    (2) Second Degree: Performance failures that are significantly adverse to WS&H. They include failures to comply with approved WS&H aspects of an ISMS that result in an actual injury, exposure, or exceedence that occurred or nearly occurred but had minor practical long-term health consequences. The following performance failures or performance failures of similar import will be considered second degree:

        (i) Type B accident (defined in DOE Order 225.1A, Accident Investigations, or its successor).

        (ii) Non-compliance with approved WS&H aspects of an ISMS that results in a near miss of a Type A or B accident. A near miss is a situation in which an inappropriate action occurs, or a necessary action is omitted, but does not result in an adverse effect.

        (iii) Failure to mitigate or notify DOE of an imminent danger situation after discovery, where such notification is a requirement of the contract.

    (3) Third Degree: Performance failures that reflect a lack of focus on improving WS&H. They include failures to comply with approved WS&H aspects of an ISMS that result in potential breakdown of the Contractor's WS&H system. The following performance failures or performance failures of similar import will be considered third degree:

        (i) Failure to implement effective corrective actions to address deficiencies/non-compliance documented through external (e.g., Federal) oversight and/or reported per DOE Manual 231.1-2, Occurrence Reporting and Processing of Operations Information, or its successor, requirements, or internal oversight of DOE Order 470.2B, Independent Oversight and Performance Assurance Program, or its successor, requirements.

        (ii) Multiple similar non-compliances identified by external (e.g., Federal) oversight that in aggregate indicate a significant WS&H system breakdown.

        (iii) Non-compliances that either have, or may have, significant negative impacts to workers that indicate a significant WS&H system breakdown.

        (iv) Failure to notify DOE upon discovery of events or conditions where notification is required by the terms and conditions of the contract.

(End of clause)
 

NONE

Prime’s Interest;
⚠ =952.204-2 Basic

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.

52.204-28 Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.

52.204-29 Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures.

52.204-30 Federal Acquisition Supply Chain Security Act Orders-Prohibition.

52.204-27 Prohibition on a ByteDance Covered Application.

252.204-7016 Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services—Representation.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

252.204-7000 Disclosure of Information.

252.204-7008 Compliance with Safeguarding Covered Defense Information Controls.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.239-7000 Protection Against Compromising Emanations.

252.239-7009 Representation of Use of Cloud Computing.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.245-7000 Government-Furnished Mapping, Charting, and Geodesy Property.

252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System.

1852.246-74 Contractor Counterfeit Electronic Part Detection and Avoidance

3052.204-72 Safeguarding of Controlled Unclassified Information.

3052.204-73 Notification and Credit Monitoring Requirements for Personally Identifiable Information Incidents.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.239-70 Information Technology Security Plan and Security Authorization.

552.239-71 Security Requirements for Unclassified Information Technology Resources.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

652.239-70 Information Technology Security Plan and Accreditation.

652.239-71 Security Requirements for Unclassified Information Technology Resources.

752.204-72 Access to USAID facilities and USAID's information systems.

752.239-70 Information Technology Authorization.

752.239-72 USAID-Financed Project Websites.

752.227-71 Planning, Collection, and Submission of Digital Information to USAID.

970.5203-1 Management controls.

970.5204-1 Counterintelligence.

970.5204-3 Access to and ownership of records.

952.204-77 Computer security.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.

Info

Works best with Chrome and Edge browsers!