Private BetaThis platform is in private beta. Data is source-backed where possible, but always verify official documents before bidding.
Back to Education Center

Module 15

Compliance Essentials: Labor, Cybersecurity, Ethics, and OCI

Recognize major compliance areas that can affect eligibility, pricing, and performance.

3 lessons3 min read

Beginner Summary

This topic matters because labor, cyber, ethics, and OCI issues can become bid/no-bid issues and post-award liabilities.

Module Overview

This topic matters because labor, cyber, ethics, and OCI issues can become bid/no-bid issues and post-award liabilities.

By the end of this module, learners should be able to explain the topic in plain English and apply it to a real opportunity or business decision.

Lesson 1

Labor Compliance Basics

Service and construction contracts may trigger labor rules that affect wage rates, fringe benefits, payroll records, and pricing. Service Contract Act wage determinations set prevailing wages and fringe benefits for covered service employees in specified geographic areas. Construction wage requirements apply to many federal construction, alteration, or repair contracts over $2,000.

Contractors should not price labor until they review the wage determination, labor classifications, locality, fringe requirements, and any applicable option-year adjustment terms.

Why This Matters

Compliance terms are not decorative. They can affect pricing, bid/no-bid decisions, performance obligations, and legal risk.

How This Works in Practice

Example: A contractor classifies workers as lower-paid laborers when the actual duties match a higher-paid classification. That can create underpayment and compliance problems.

Reality Check

Labor rules are not abstract regulations; they become payroll obligations. If you price the wrong labor classification or ignore fringe, the problem shows up in both compliance and profit.

Key Takeaways

  • Labor rules can materially change contract cost.
  • Wage determinations are not suggestions.
  • Fringe benefits must be understood and priced.
  • Wrong labor classification can create compliance risk.

Common Mistakes

  • Using commercial wage rates without reviewing federal wage requirements.
  • Ignoring fringe benefit obligations.
  • Misclassifying labor categories.
  • Failing to maintain payroll records.

Practical Checklist

  • Identify whether service or construction wage rules apply.
  • Review wage determinations.
  • Map each role to the proper labor classification.
  • Include wage and fringe costs in pricing.
  • Maintain required records.
  • Search solicitations for labor, cyber, and ethics-related clauses.
  • Do not treat clauses as harmless boilerplate.
  • Confirm whether subcontractors also carry compliance obligations.
  • Keep representations, invoices, and compliance claims truthful.

Mini Quiz

Why are wage determinations not optional?

Because they may establish required minimum wage and fringe obligations for covered labor.

Lesson 2

Cybersecurity, FCI, CUI, and CMMC

Federal contracts can include cybersecurity obligations. FAR 52.204-21 requires basic safeguarding for covered contractor information systems when federal contract information may reside in or transit through contractor systems. DoD contracts may include DFARS cybersecurity clauses and CMMC requirements.

FCI is Federal Contract Information. CUI is Controlled Unclassified Information, which can trigger stronger safeguarding requirements. Contractors should treat cyber clauses as real performance obligations, not boilerplate.

Why This Matters

Compliance terms are not decorative. They can affect pricing, bid/no-bid decisions, performance obligations, and legal risk.

How This Works in Practice

Example: A small manufacturer receives drawings marked as CUI under a DoD contract. Storing them in ordinary email and consumer file sharing may not meet the required controls.

Reality Check

Cyber clauses are not filler. If federal information touches your systems or DoD work involves CUI/CMMC, cybersecurity becomes a contract performance requirement, not just an IT preference.

Key Takeaways

  • Cyber clauses can be bid/no-bid issues.
  • FCI and CUI are not the same.
  • DoD work may trigger DFARS and CMMC requirements.
  • Subcontractors may also need cyber compliance through flow-downs.

Common Mistakes

  • Assuming commercial IT practices are enough.
  • Ignoring cyber incident reporting obligations.
  • Bidding DoD work without understanding CMMC requirements.
  • Failing to flow cyber requirements to subcontractors.

Practical Checklist

  • Search the solicitation for FAR 52.204-21, DFARS 252.204-7012, and CMMC clauses.
  • Determine whether FCI or CUI is involved.
  • Confirm internal systems can meet requirements.
  • Review subcontractor cyber obligations.
  • Search solicitations for labor, cyber, and ethics-related clauses.
  • Do not treat clauses as harmless boilerplate.
  • Confirm whether subcontractors also carry compliance obligations.
  • Keep representations, invoices, and compliance claims truthful.

Mini Quiz

Why can cyber be a bid/no-bid issue?

Because the contractor may not have systems, controls, documentation, or certifications required to handle the information.

Lesson 3

Ethics, Procurement Integrity, and OCI

GovCon requires clean conduct. Contractors must not seek nonpublic source selection information, competitor proposal information, improper favors, or unfair inside access.

Organizational Conflict of Interest, or OCI, can arise when a contractor helped write the requirement, has unequal access to nonpublic information, or may be asked to evaluate work connected to itself. False claims and misrepresentations can create serious legal and financial risk.

Why This Matters

Compliance terms are not decorative. They can affect pricing, bid/no-bid decisions, performance obligations, and legal risk.

How This Works in Practice

Example: A contractor helped draft requirements and then wants to bid the same work. That may create biased-ground-rules OCI risk and should be reviewed before pursuit.

Reality Check

Good capture means becoming known for capability, not hunting for unfair inside information. Clean behavior protects eligibility, reputation, protests, and long-term trust.

Key Takeaways

  • Capture is allowed when done properly, but unfair inside information is not.
  • Eligibility claims are official representations.
  • OCI can affect whether a contractor may compete.
  • False certifications, false invoices, and false performance claims are serious risks.

Common Mistakes

  • Thinking relationships mean backroom deals.
  • Claiming certifications or compliance inaccurately.
  • Using nonpublic information improperly.
  • Ignoring OCI risk when helping shape requirements.

Practical Checklist

  • Follow solicitation communication rules.
  • Avoid gifts, favors, and improper influence.
  • Do not seek source selection or competitor information.
  • Review OCI risk when involved before solicitation release.
  • Keep certifications and invoices truthful.
  • Search solicitations for labor, cyber, and ethics-related clauses.
  • Do not treat clauses as harmless boilerplate.
  • Confirm whether subcontractors also carry compliance obligations.
  • Keep representations, invoices, and compliance claims truthful.

Mini Quiz

What is OCI?

A situation where a contractor’s role, access, or interests may create unfair advantage or impaired objectivity.

Key Terms

Service Contract Labor StandardsWage determinationFringe benefitsDavis-BaconFCICUICMMCDFARSOCIProcurement integrityFalse Claims Act

Action Steps

  • Identify whether service or construction wage rules apply.
  • Review wage determinations.
  • Map each role to the proper labor classification.
  • Include wage and fringe costs in pricing.
  • Maintain required records.
  • Search solicitations for labor, cyber, and ethics-related clauses.
  • Do not treat clauses as harmless boilerplate.
  • Confirm whether subcontractors also carry compliance obligations.

Important Cautions

  • Using commercial wage rates without reviewing federal wage requirements.
  • Ignoring fringe benefit obligations.
  • Misclassifying labor categories.
  • Failing to maintain payroll records.
  • Assuming commercial IT practices are enough.
  • Ignoring cyber incident reporting obligations.
  • Bidding DoD work without understanding CMMC requirements.
  • Failing to flow cyber requirements to subcontractors.
  • Thinking relationships mean backroom deals.
  • Claiming certifications or compliance inaccurately.