5 FAM 150
SERVICE AGREEMENTS
(CT:IM-227; 11-13-2018)
(Office of Origin: IRM/BMP/GRP)
5 FAM 151 PURPOSE AND SCOPE
(CT:IM-174; 02-11-2016)
a. Service agreements provide the Department of State
(DOS) and the Bureau of Information Resource Management (IRM) with the insights
and expectations required to deliver services to the DOS bureaus, federal
agencies, or other organizations.
b. This policy applies to all agreements to which IRM
is a party, pertain to IRM services, or involve systems and networks for which
IRM is the information system owner, domestically and abroad.
c. Domestically, agreements are routed through the
Performance Management Division (IRM/BMP/GRP/PFM). PFM coordinates and manages
all aspects of IRM agreements including the drafting and clearance process.
PFMs agreements team can be reached at IRMAgreements@state.gov. Overseas
posts should coordinate with IRM/Foreign Operations at IRM/FO_FTES_DL@state.gov.
5 FAM 152 AUTHORITIES
(CT:IM-179; 07-07-2016)
The authorities for this policy are found in:
(1) Subpart 617.500 of the DOS Acquisition Regulation
(DOSAR);
(2) Economy Act of 1932, 31 U.S.C. 1535 and Section
632(b) of the Foreign Assistance Act (FAA) of 1961 as amended;
(3) Section 405 of the Government Reform Act of 1994 (31
U.S.C. 331(b) (1));
(4) Procurement Information Bulletin (PIB), 2013-3
Acquisition Agreements, January 30, 2013;
(5) PIB 2014-5 Non-Acquisition Interagency Agreements,
January 23, 2014;
(6) Treasury Financial Manual, Volume I, Part 2,
Chapter 4700 and Chapter 4706 Appendix 10, Intragovernmental Business Rules, as
revised;
(7) Statement of Federal Financial Accounting
Standards (SFFAS), Number 4; and
(8) Delegation of Authorities from the Chief
Information Officer (CIO) to the Deputy Chief Information Officer (DCIOs),
August 19, 2013.
5 FAM 153 DEFINITIONS
(CT:IM-164; 07-24-2015)
Interagency Agreement: An
Interagency Agreement (IAA) defines the financial details of an order, terms of
reimbursement, itemized costs, and financial obligations when one agency
performs services or provides items to another agency. Services and items are
either provided directly or by contract with a private party then charged for
reimbursement. An IAA is often used with a corresponding Memorandum of
Agreement (MOA), which describes the general terms and conditions (GT&C) of
the service. All parties must agree to the IAAs terms and conditions, and an
authorized official from each agency involved must sign it.
Interconnection Security Agreement: An
Interconnection Security Agreement (ISA) documents and formalizes a network or
communications interconnection between parties and specifies any security
safeguards needed to protect the interconnected systems. An ISA supports the
MOA or Memorandum of Understanding (MOU) between the parties. (See 5 FAH-11 H-820,
Establishing Connectivity)
IRM Steering Committee: The
IRM Steering Committee (SC) is the governing body for review and disposition of
all control gates for IRM projects. The IRM SC approves project charters,
baselines, tailoring requests, and baseline change requests. Accordingly, the
IRM SC establishes SLAs, governance policies and processes for IRM. (Charter
approved July 2013)
Master Service Level Agreement:
A Master Service Level Agreement (MSLA) is an SLA that defines the core
services available to a customer by virtue of the customers affiliation with
an organization, in this case the Department of State. Generally, these are
the underlying services provided to customers at no charge, but which are
required for value-added business services to function. These are often
provided on a best effort basis.
Memorandum of Agreement: A
Memorandum of Agreement (MOA) defines an agreement between parties to work
together on a project or meet an objective where funds for services are
anticipated. MOAs do not obligate funds themselves, but rather establish the
terms of service. MOAs are often more specific in nature than MOUs and pertain
to the goods and/or services identified in the agreement. Generally, the responsibilities
of each party within the MOA are dependent on those of the other parties.
Memorandum of Understanding: A
Memorandum of Understanding (MOU) defines an agreement between parties. It
captures an end-state goal that is agreed to by the parties involved but does
not involve fund transfers. MOUs are a means to coordinate and support
programs between IRM, the DOS, and other federal agencies domestically and
abroad. Generally, the responsibilities of each party within the MOU are
independent of those of the other parties.
Operational Level Agreement: An
Operational Level Agreement (OLA) is an agreement between the service provider
and another part of IRM that supports and defines the service providers
delivery of services to customers.
Process Improvement Governance Board:
The Process Improvement Governance Board (PIGB) is a governing body that sets
objectives and priorities, charters and sponsors process working groups,
monitors their results, and manages change throughout the life of the working
groups.
Service Level Agreement: A
Service Level Agreement (SLA) defines the performance targets required to
deliver services based on customer requirements. SLA performance targets
provide a basis of understanding that allows the DOS to determine the necessary
resources required to meet those targets and define the method of reimbursement
for the service. SLAs are established per the Service Design Package approved
through the Process Improvement Governance Board (PIGB).
5 FAM 154 GUIDELINES FOR ESTABLISHING
MOUS, MOAS, IAAS, AND ISAS
(CT:IM-227; 11-13-2018)
a. The OMB Circular A-130 requires that system
interconnections be supported by written management authorizations based on
acceptance of risk to the systems. The DOS and other agency officials must
implement technical and non-technical safeguards in accordance with guidance
issued by the National Institute of Standards and Technology (NIST).
b. Installation and operation of the DOS network
extensions and applicable hardware are established in 5 FAM
1064.1-2(A), 12 FAM 642.4-4,
and supplemented by 5 FAH-11 H-830.
c. Performance measures and standard reporting
techniques documented in service agreements must be implemented to keep IRM management
abreast of service performance in response to the OMB and the NIST guidelines,
and Government Accountability Office (GAO) and the Office of Inspector General
(OIG) audits. (See 5
FAM 130).
d. An MOU may only be effective indefinitely when
required by a treaty or obligation. Agreements should be effective for as
short a period as is practical, often five (5) years, but not to exceed nine (9)
years absent a determination of need by the CIO.
e. IRM is typically the service provider for MOAs it
signs. With technology and budgets changing frequently, MOA effective dates
must not exceed three (3) fiscal years absent a determination of need by the
CIO.
f. The effective dates of an IAA must not exceed one
(1) fiscal year. If the Department of Treasury's Financial Management and
Budget Standardization (FMS) forms are used, the GT&C should not exceed
three (3) fiscal years absent a determination of need by the CIO.
g. An ISA must be reviewed annually from date of
signature, including a review of the interconnections system security plans
and controls, or whenever a significant modification (as defined in the
agreement) to the interconnection or the partys system occurs. ISA effective
dates should not exceed three (3) fiscal years absent a determination of need
by the CIO.
h. All agreements must maintain Federal Information
Security Management Act (FISMA) and related Federal compliance standards. If
standards cannot be met and the risk to the DOSs infrastructure can be
documented, IRM may consider the agreement null and void if the customer cannot
comply.
i. Procedures established by IRM are used in the
drafting and clearance process for all MOUs, MOAs, IAAs, and ISAs.
5 FAM 154.1 Approval and Signature
Authority for MOUs, MOAs, IAAs, and ISAs
(CT:IM-179; 07-07-2016)
a. The CIO or Acting CIO approves and signs all
agreements that:
(1) Have an impact on policy initiatives or contain
significant policy change;
(2) Have an impact on relations between or among the
DOS, bureaus, state and local governments, other organizations, or the public;
(3) Are controversial in nature; or
(4) Require a financial reimbursement above $50,000.
b. The DCIOs and acting DCIOs have the authority to:
(1) Approve and sign renewals of existing agreements
and their supporting documents; and
(2) Approve and sign new agreements and their
supporting documents to provide IRM services for which the annual reimbursable
costs do not exceed $50,000.
c. The CIO approves and signs all new ISAs and the Chief
information security officer (CISO) approves and signs ISA renewals.
d. IAAs may be signed by the DCIOs, the IRM Executive
Director, or a Contracting Officer. (See PIB 2013-3 Page 1 through 5, GT&C
Remainder of Attachment 5, and PIB 2014-5)
e. Signature authority may not be re-delegated.
f. Go to the Fillable InterAgency Agreement (IAA) form for instructions on who should sign
reimbursable interagency agreements first.
5 FAM 155 Guidelines for establishing
SLAs
(CT:IM-161; 04-08-2015)
a. All SLAs are overseen by the designated PIGB working
group.
b. The SLA remains active for the term documented
within the agreement or until the DOS retires the service.
c. Procedures developed by PFM and approved by the
PIGB are used in the drafting and clearance process for all SLAs.
d. SLA reviews are documented within the SLA along with
a review schedule to establish standard review periods. The SLA reviews
include all relevant service stakeholders. A review also occurs if the
service, or any aspect of service delivery, incurs modifications that may
affect the documented service targets. The review ensures that the service and
service targets remain relevant to the delivery of the service.
e. Performance targets documented in the SLA originate
from the requirements gathered from IRM customers. The SLA targets define the
necessary levels of achievement required to deliver the IRM service balancing
customer needs, security, cost, state of current technology, and the physical
time it takes to actually complete work.
5 FAM 155.1 Approval and Signature
Authority for SLAs
(CT:IM-161; 04-08-2015)
SLAs are approved by the IRM Steering Committee or its
designee.
5 FAM 156 GUIDELINES FOR ESTABLISHING
OLAS
(CT:IM-164; 07-24-2015)
a. The OLA is reviewed on a regular basis by all stakeholders
per the review schedule documented in the SLA for the service. A review also
occurs if any party incurs or implements a change that may affect the supported
service. The review ensures that the relationship between the parties and the
tasks and activities performed in support of the service(s) remain relevant to
the delivery of the service(s).
b. Performance targets documented in the OLA align with
the targets documented in the supported SLA. The OLA targets define the
necessary levels of achievement and the associated party required to deliver
the IRM service.
c. All OLAs are overseen by the designated PIGB
working group.
d. The OLA remains active for the term documented
within the agreement or until the DOS retires the service.
e. Procedures developed by PFM and approved by the PIGB
are used in the drafting and clearance process for all OLAs.
f. Where services are provided in coordination with an
office in another bureau, OLAs will be treated as MOUs or MOAs, as appropriate.
5 FAM 156.1 Approval and Signature
Authority for OLAs
(CT:IM-164; 07-24-2015)
The Office Directors for the program offices responsible
for service delivery have signature authority.
5 FAM 157 through 159 UNASSIGNED