Compliance Management In Projects

Yesterday, Pierre Jeremie and I published the 2nd paper in our series ‘Achieving the EU's Energy Ambitions’ for the Institut Montaigne. In it, we put forward recommendations for accelerating and financing the deployment of low-carbon energy conversion, transmission, distribution and storage capacities. The main thrust of this series of three notes is that decarbonisation is an existential challenge for the European Union: for the #climate, but also for energy security, as the Union has few fossil resources and these can be used to its detriment (as it has been the case for gas since 2021). Achieving carbon neutrality is a formidable challenge, and many obstacles can already be perceived or anticipated. These three notes set out to identify what we consider to be the main obstacles at European level, and to propose concrete solutions to overcome them. In this 2nd note dedicated to accelerating the deployment of low-carbon energy infrastructures, our proposals are structured around a new European Energy Security Act (EESA). In this piece of legislation, we propose a number of measures aimed at : - speeding up low-carbon energy projects (production, networks, storage), by standardising and speeding up procedures, ‘unovertransposing’ European law into national law (much of the red tape does not come from the European Union but from Member States' transposition of European law), etc. ; - finance the projects: end support for production during periods of negative prices when the mechanisms do not include a halt to production at those times, create sinking accounts managed by the EIB with an EU guarantee to finance the adaptation of networks, align the EIB's actual lending policy with the 2019 guidelines (which recognise the possibility of financing nuclear energy), create a European energy security fund and an EIB equity intervention pocket for the transition of the energy system, etc. - take proper account of taxation issues: end subsidies for fossil fuels (which are a waste of public money, as they conflict with investments in decarbonisation), prioritisation of taxation based on the carbon intensity of energy sources and vectors, etc. This second note follows on from a first, published in November, which dealt with the challenges of reforming energy-climate governance. These notes will be followed in a few months' time by a third, dedicated to energy market issues, and more specifically flexibility. The first two notes are available on the website of the Institut Montaigne : https://lnkd.in/egMYmpxX

Running procurement without Contract Management is like driving blindfolded. You might get somewhere, but the crash is inevitable. Contract Excellence | 11 NOV 2025 - Contract management is the process of overseeing contracts throughout their entire life cycle, from drafting, negotiation, execution, compliance monitoring to renewal, termination or closure. Procurement secured a great price...Fantastic! But without robust contract management, that "win" is fragile. Here's why: 7 Reasons Why Contract Management is Non-Negotiable for Procurement. #1. Value Protection ↳Ensures negotiated terms are delivered. ↳Prevents price creep and scope drift. #2. Risk Mitigation ↳Manages regulatory/internal compliance. ↳Ensures obligations e.g insurance are met. #3. Visibility & Control ↳Stops maverick spending dead in its tracks. ↳Provides a single source of truth for contract administration. #4. Efficiency Gains: ↳Automates renewals, approvals, and alerts. ↳Frees procurement from firefighting to focus on strategic sourcing. #5. Supplier Relationship Health ↳Enables proactive performance reviews. ↳Promotes collaborative issue resolution based on agreed terms. #6. Data-Driven Decisions ↳Provides performance and compliance data. ↳Enhance smarter sourcing strategies, supplier development, and future negotiations. #7. Unlocks Innovation ↳Facilitates clear terms and good governance. ↳Creates stable foundation for suppliers to propose innovative solutions Contract Management is a crucial bridge between negotiation & value realization. Without active contract management, even the best deals unravel: 🚫Savings promised is lost in invalidated invoices. 🚫Performance guarantees is forgotten 🚫Compliance requirements is Ignored 🚫 Renewal deadlines are missed True procurement success is measured after the ink dries. Don't let your hard-won deals vanish into a black hole. Integrate contract management deeply into your procurement lifecycle. Only way to capture and sustain the value you fought for. Neglecting Contract Management turns procurement into a transactional function! Embracing it elevates procurement to a strategic value protector and business partner. ♻️ Repost to help someone in your network. ➕️ Follow Frederick for more procurement insights. #Procurement #ContractManagement #RiskManagement #ValueCreation

CMMC has arrived! The DFARS CMMC Acquisition regulation (DFARS 252.204-7021) has cleared its final review, which means it's expected to be published in the Federal Register in the next 1–3 weeks, and become enforceable within 60 days of publication. This is a monumental step for the CMMC program and signals that the time for preparation is over—it is now time for action. What does this mean for the Defense Industrial Base (DIB)? • 𝗡𝗼 𝗪𝗮𝗶𝘁𝗶𝗻𝗴 𝗣𝗲𝗿𝗶𝗼𝗱: The rule isn't designated as "economically significant," so the DoD may begin including CMMC requirements in contracts immediately. We expect this to happen no later than October 2025. • 𝗔𝗰𝗰𝗲𝗹𝗲𝗿𝗮𝘁𝗲𝗱 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲: The DoD may use its discretion to require a C3PAO certification for any contracts involving Controlled Unclassified Information (CUI) in the 5 Defense Groups in the CUI Registry. • 𝗧𝗵𝗲 𝗧𝗶𝗺𝗲 𝗳𝗼𝗿 𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘀 𝗡𝗼𝘄: This accelerated timeline underscores the DoD's commitment to strengthening cybersecurity across the supply chain. For organizations handling Federal Contract Information (FCI - Level 1) and CUI (Levels 2 & 3), finalizing your CMMC preparations should be a top priority. Take These Immediate Action Steps: • Remediate any gaps in your current cybersecurity posture. • Double-check your compliance against the CMMC Level 2 requirements (NIST SP 800-171A – the 320 Assessment Objectives). • Contact a C3PAO to schedule a Level 2 assessment. Many are already booked through the end of the year and into Q1 2026, so act quickly! #CMMC #CMMCReadiness #CyberAB #DoD #Cybersecurity #GovernmentContracting #GovCon #NIST800171 Katherine K. Sara Cole Alex Bennett Aaron Russell Kris Dyer Steve O’Sullivan Ryen Buchanan Kelley Runner Jason Ricupero Gabrielle Ricupero

Stop letting HMRC take more than their fair share. If you’re a freelancer or sole trader, Tax can be tricky, but it doesn’t need to trip you up. (if you know where the pitfalls are) Here’s how you can stay compliant, avoid surprises, and keep more money in your pocket 👇 👉 Claim All Your Allowable Expenses Many freelancers leave money on the table by not claiming everything they’re entitled to. Home office costs: A portion of your rent, utilities, and internet can be claimed. Travel expenses: Mileage, public transport, and even hotel stays (if it’s work-related). Software & subscriptions: Think accounting software, design tools, or project management apps. If it’s used exclusively for business, it’s likely deductible, so don’t be shy about claiming. 👉 Set Aside Enough for Tax & NI Contributions Freelance income isn’t taxed at source, so it’s on you to stay ahead. Put away 25-30% of each invoice into a separate account. Remember, National Insurance (Class 2 & 4) adds up quickly too. Nothing stings more than being hit with a big tax bill you weren’t prepared for. 👉 Know the VAT Threshold Once your turnover exceeds £90,000 in 12 months, you must register for VAT. Keep an eye on your rolling income so it doesn’t sneak up on you. Consider Flat Rate VAT to simplify your bookkeeping. The bottom line? Taxes don’t have to be stressful if you’re proactive. A little organisation goes a long way. And it could save you thousands. Got questions about expenses or taxes? Drop me a DM.

Riya, a talented freelance graphic designer, had been working with clients across India and even getting projects from the US. Business was booming, but one day, she received an email from an Indian client: “Hey Riya, can you share your 𝗚𝗦𝗧 𝗱𝗲𝘁𝗮𝗶𝗹𝘀 𝗳𝗼𝗿 𝗶𝗻𝘃𝗼𝗶𝗰𝗶𝗻𝗴?” Riya froze. GST? Wasn’t that only for big businesses? She quickly Googled and realized she might be missing something important. 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗚𝗦𝗧 𝗮𝘀 𝗮 𝗙𝗿𝗲𝗲𝗹𝗮𝗻𝗰𝗲𝗿 Riya discovered that GST applies to freelancers too! The rules were straightforward: ✅ If her income from services exceeded ₹20 lakhs (₹10 lakhs in special category states), she needed GST registration. But what about her earnings from international clients? The 18% GST & Export Rules GST on services was 18%, but there was good news for freelancers working with overseas clients: • If she filed a Letter of Undertaking (LUT), she wouldn’t have to charge GST on her export invoices. • If she didn’t file an LUT, she would have to charge GST and then claim a refund later. 𝗔𝗻𝗱 𝘁𝗵𝗲𝗻 𝗰𝗮𝗺𝗲 𝗮 𝗯𝗶𝗴𝗴𝗲𝗿 𝘀𝘂𝗿𝗽𝗿𝗶𝘀𝗲—𝗘-𝗰𝗼𝗺𝗺𝗲𝗿𝗰𝗲 𝘀𝗲𝗹𝗹𝗲𝗿𝘀 𝗵𝗮𝗱 𝘁𝗼 𝗿𝗲𝗴𝗶𝘀𝘁𝗲𝗿, 𝗻𝗼 𝗺𝗮𝘁𝘁𝗲𝗿 𝘁𝗵𝗲𝗶𝗿 𝘁𝘂𝗿𝗻𝗼𝘃𝗲𝗿. If she sold design templates on marketplaces like Etsy or Creative Market, GST was mandatory. 𝑺𝒉𝒐𝒖𝒍𝒅 𝑺𝒉𝒆 𝑹𝒆𝒈𝒊𝒔𝒕𝒆𝒓 𝑽𝒐𝒍𝒖𝒏𝒕𝒂𝒓𝒊𝒍𝒚? Even though she was just under the ₹20 lakh limit, Riya saw the benefits of voluntary registration: ✔ Claiming Input Tax Credit – She could get back the GST she paid on software subscriptions, gadgets, and online courses. ✔ Better Credibility – Big clients preferred working with GST-registered professionals. ✔ No Last-Minute Panic – If her income suddenly shot up, she’d already be compliant. 𝑻𝒉𝒆 𝑰𝒏𝒗𝒐𝒊𝒄𝒊𝒏𝒈 & 𝑭𝒊𝒍𝒊𝒏𝒈 𝑹𝒆𝒂𝒍𝒊𝒕𝒚 Riya realized that GST invoicing was necessary and that she’d need to include her GSTIN and tax breakdown in every bill. Plus, she had to file GST returns—quarterly if her turnover was up to ₹1.5 crores, or monthly if it was higher. 𝑯𝒆𝒓 𝑫𝒆𝒄𝒊𝒔𝒊𝒐𝒏? Riya didn’t wait. She got her GST registration done, filed an LUT for exports, and structured her invoices properly. No more client confusion, and best of all—she could now claim back the GST she had been paying all along! 𝑴𝒐𝒓𝒂𝒍 𝒐𝒇 𝒕𝒉𝒆 𝑺𝒕𝒐𝒓𝒚? ✅ If you’re freelancing or selling online, GST isn’t optional—it’s essential. Get ahead of it now, and let your business grow without surprises! Need help with GST? Let’s sort it out for you! Follow CA Sangita Biswas for more! #gst #gstindia #casangitabiswas

Defense Contractors: 𝐍𝐞𝐰 𝐆𝐮𝐢𝐝𝐚𝐧𝐜𝐞 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐃𝐨𝐃 𝐂𝐈𝐎 𝐨𝐧 𝐍𝐈𝐒𝐓 𝐒𝐏 800-171 𝐑𝐞𝐯. 3 𝐎𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧-𝐃𝐞𝐟𝐢𝐧𝐞𝐝 𝐏𝐚𝐫𝐚𝐦𝐞𝐭𝐞𝐫𝐬 (𝐎𝐃𝐏𝐬)! The DoD has issued official guidance 𝐞𝐬𝐭𝐚𝐛𝐥𝐢𝐬𝐡𝐢𝐧𝐠 𝐯𝐚𝐥𝐮𝐞𝐬 𝐟𝐨𝐫 𝐎𝐃𝐏𝐬 within NIST SP 800-171 Revision 3. 𝐓𝐡𝐞𝐬𝐞 𝐩𝐚𝐫𝐚𝐦𝐞𝐭𝐞𝐫𝐬 𝐚𝐥𝐥𝐨𝐰 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧𝐬 𝐭𝐨 𝐭𝐚𝐢𝐥𝐨𝐫 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐬 𝐛𝐚𝐬𝐞𝐝 𝐨𝐧 𝐭𝐡𝐞𝐢𝐫 𝐮𝐧𝐢𝐪𝐮𝐞 𝐫𝐢𝐬𝐤 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐬𝐭𝐫𝐚𝐭𝐞𝐠𝐢𝐞𝐬; however, the DoD has now defined values to drive consistency across the DIB. We (me and some others) originally expected contractors to define these parameters, but the DoD took a different approach. NIST designed ODPs to provide Federal Agencies with flexibility in implementation, but in the case of 800-171 Rev. 3, the DoD is stepping in to create standardization. These DoD-defined values will help: 1. 𝐏𝐫𝐨𝐦𝐨𝐭𝐞 𝐮𝐧𝐢𝐟𝐨𝐫𝐦 𝐬𝐚𝐟𝐞𝐠𝐮𝐚𝐫𝐝𝐢𝐧𝐠 𝐨𝐟 𝐂𝐔𝐈. 2. 𝐒𝐮𝐩𝐩𝐨𝐫𝐭 𝐦𝐨𝐫𝐞 𝐜𝐨𝐧𝐬𝐢𝐬𝐭𝐞𝐧𝐭 𝐚𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭𝐬 3. 𝐂𝐥𝐚𝐫𝐢𝐟𝐲 𝐢𝐧𝐭𝐞𝐧𝐭 𝐛𝐞𝐡𝐢𝐧𝐝 𝐯𝐚𝐠𝐮𝐞 𝐨𝐫 𝐟𝐥𝐞𝐱𝐢𝐛𝐥𝐞 𝐜𝐨𝐧𝐭𝐫𝐨𝐥 𝐥𝐚𝐧𝐠𝐮𝐚𝐠𝐞 Some parameters are clearly defined, while others are still left as guiding principles for contractor interpretation. This effort was developed in coordination with DoD components, UARCs, FFRDCs, and industry, ensuring the recommendations are both realistic and aligned to the mission. 𝐀𝐜𝐜𝐞𝐬𝐬 𝐭𝐡𝐞 𝐨𝐟𝐟𝐢𝐜𝐢𝐚𝐥 𝐃𝐨𝐃 𝐝𝐨𝐜𝐮𝐦𝐞𝐧𝐭 𝐡𝐞𝐫𝐞 (reference Attachment A): https://lnkd.in/g3BgE7bW 𝐓𝐡𝐢𝐬 𝐢𝐬 𝐚 𝐌𝐔𝐒𝐓-𝐑𝐄𝐀𝐃 for anyone affected by DFARS 252.204-7012 and for anyone managing compliance efforts tied to the DoD CUI Program and CMMC. #ProtectCUI #cui #nist800171 #nist800171r3 #cmmc #CuickTrac Joy Belinda Beland Derek White Jacob Horne Jacob Hill Carter Schoenberg Jason Sproesser Derek Kernus Vincent Scott Glenda R. Snodgrass, CCP/CCA Richard “RJ” Williams Fernando Machado, CISSP, CISM, CCA, CCP Kyle Lai Ozzie Saeed Robert Metzger Eric Crusius Amanda Adams James Harper James Goepel Matthew Titcombe Koren Wise Amira Armond Tony Buenger Dan Ciarlette Regan Edens Linda Rust Jeff Carden Caleb Leidy

While speaking at Cloud Security and Compliance Series - CS2 Reston I was approached with numerous questions about DFARS Clause 252.204-7012. What struck me most wasn’t just the volume of questions but their nature… Many were focused on the fundamental application and basic requirements of DFARS. This highlighted a critical gap: even though these requirements have been in place for years, there’s still widespread uncertainty around their practical implications. This experience has led me to create a series of posts to break down DFARS requirements clearly. My goal is to ensure that the Defense Industrial Base (DIB) not only understands these critical compliance points but also appreciates why they’re essential for our collective national security. So, why does DFARS matter? DFARS (Defense Federal Acquisition Regulation Supplement) requirements protect sensitive government data, specifically Controlled Unclassified Information (CUI). Compliance isn’t simply about checking boxes; compliance is the starting point for building a strong cybersecurity posture, it’s about maintaining trust, ensuring operational resilience, and safeguarding our national security interests. Here’s a quick snapshot of key DFARS clauses impacting the DIB: - DFARS 252.204-7012: Requires protecting CUI according to NIST SP 800-171 and mandates incident reporting. - DFARS 252.204-7019 & 7020: Obligate contractors to conduct cybersecurity self-assessments and submit scores through the Supplier Performance Risk System (SPRS). - DFARS 252.204-7021: Introduces the Cybersecurity Maturity Model Certification (CMMC), involving third-party verification of compliance. Compliance starts with awareness and clarity. How comfortable are you with DFARS requirements today? What specific questions or challenges are you facing? Let’s start a conversation—I’d love to hear your experiences and insights below. #Cybersecurity #DFARS #NIST #CMMC #DefenseIndustrialBase #Compliance

🔒 Working under the 𝗗𝗲𝗳𝗲𝗻𝗰𝗲 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝘆 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 (#DISP)? Don't know what that is? It is an Australian Government initiative managed by the Department of Defence and provides a framework for companies that work with Defence (or want to) to ensure they meet strict security standards when handling Defence information, personnel, and assets. 🖲️But, if your in the DISP program, the rules have changed and fast. As of September 2024 (and rolling changes into 2025), all participants and applicants are required to meet the full set of Australian Signals Directorate's Essential Eight (#E8) mitigation strategies at Maturity Level 2 (#ML2), rather than just the previous “Top 4” safeguards. What do you 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗸𝗻𝗼𝘄? ➡️ Expanded Cyber Requirements: It’s no longer enough to patch systems, restrict admin rights, and whitelist apps. DISP now demands multi-factor authentication, backups, application hardening, and stricter application controls. ➡️ Stronger Assurance & Uplift: Compliance isn’t “set and forget”. Organisations must complete a Cyber Security Questionnaire (CSQ), submit Annual Security Reports, and undergo ongoing suitability assessments and audits. ➡️ Eligibility & Membership Levels Tied to Classification: DISP membership levels (Entry through Level 3) align with how sensitive information an organisation is handling, this is OFFICIAL through TOP SECRET. The level determines how rigorous your security controls must be. 𝗞𝗡𝗢𝗪 𝗬𝗢𝗨𝗥 𝗟𝗘𝗩𝗘𝗟. What can you do to stay ahead, or even ahead of the curve? ✅Automated Gap Assessments : Services that scan your current environment against E8 ML2 controls and highlight deficiencies instantly. ✅ Remediation & Monitoring Pipelines : Implement automated workflows (patching, MFA rollout, application control enforcement) to close gaps quickly. ✅ CSQ & Reporting Automation : Utilise systems with pre-built templates and dashboards that auto-populate your security posture, making your Annual Security Reports straightforward. ✅Ongoing Uplift Support : Small to LARGE ongoing review cycles, help with implementing changes recommended in audits, and ensuring you maintain ML2 over time (not just at one point). ⚠️ Bottom line: These DISP changes aren’t just about ticking boxes, they impact eligibility for Defence contracts, demand 𝗣𝗥𝗢𝗢𝗙, audit risk, and organisational resilience. A proactive, automated #compliance strategy isn’t optional, it’s essential to protecting contracts, reputation and national security. 🎯Need an independent assessment of your organisation against ML2? Want a Managed Service that meets DISP at ML2 out of the box? Then why not talk to the team at ASE Tech to make 𝙨𝙪𝙧𝙚 you are covered. #ShiftHappens #EssentialEight #CyberSecurity

There is not such thing as 𝙜𝙡𝙤𝙗𝙖𝙡 payment. Every transaction has a border and it is the jurisdiction that defines that border. The origin and endpoint of the transaction determine which rules apply, the level of risk involved, and the associated costs, such as interchange, cross-border fees, and compliance obligations. When a payment is processed, it moves through multiple layers of infrastructure, compliance checks, and financial institutions, each of which plays a key role in establishing the legal, regulatory, and operational frameworks that govern a transaction. This becomes even more complex when dealing with transactions where one party is located in a different jurisdiction from the other, leading to unique operational and regulatory challenges. ◾Licensing requirements, as different jurisdictions impose distinct licensing and AML regulations. Some markets require local acquiring or issuing licences, while others may allow non-domestic financial institutions to operate under passporting agreements. ◾Settlement timelines, unlike domestic transactions that typically settle within the same payment infrastructure, a one-leg out transaction may rely on correspondent banking networks, international clearing systems, or third-party intermediaries. ◾In card payment, the cross-border interchange fees (the fees paid by the merchant’s bank to the cardholder’s bank) are typically higher than domestic fees. Visa and Mastercard set different cross-border interchange rates based on regions and transaction types. For example, Intra-EEA transactions (where both the issuer and acquirer are in the EEA) typically have lower interchange fees than EEA to non-EEA transactions (e.g., Europe to US). ◾Cross-border transactions also carry higher fraud risk due to varying levels of security and authentication standards across jurisdictions. This can trigger stricter fraud screening, increasing the chances of false positive declines and adding friction to payments. ◾Currency conversion, where the originating currency differs from the settlement currency. This can lead to additional costs, including FX markups, conversion spreads, and potential delays due to intermediary bank involvement. 👉🏽This looks simple on paper but plays out very differently in real setups, right? #CrossBorderPayments --- 𝘗𝘢𝘺𝘮𝘦𝘯𝘵𝘴 𝘢𝘳𝘦 𝘯𝘰𝘵 𝘢 𝘤𝘰𝘴𝘵 𝘧𝘶𝘯𝘤𝘵𝘪𝘰𝘯. 𝘛𝘩𝘦𝘺’𝘳𝘦 𝘢 𝘴𝘦𝘳𝘪𝘦𝘴 𝘰𝘧 𝘶𝘱𝘴𝘵𝘳𝘦𝘢𝘮 𝘥𝘦𝘴𝘪𝘨𝘯 𝘥𝘦𝘤𝘪𝘴𝘪𝘰𝘯𝘴 𝘸𝘪𝘵𝘩 𝘥𝘰𝘸𝘯𝘴𝘵𝘳𝘦𝘢𝘮 𝘤𝘰𝘯𝘴𝘦𝘲𝘶𝘦𝘯𝘤𝘦𝘴! 𝘐 𝘸𝘰𝘳𝘬 𝘸𝘪𝘵𝘩 𝘵𝘦𝘢𝘮𝘴 𝘳𝘦𝘴𝘩𝘢𝘱𝘪𝘯𝘨 𝘩𝘰𝘸 𝘵𝘩𝘦𝘪𝘳 𝘱𝘢𝘺𝘮𝘦𝘯𝘵 𝘢𝘳𝘤𝘩𝘪𝘵𝘦𝘤𝘵𝘶𝘳𝘦 𝘥𝘦𝘵𝘦𝘳𝘮𝘪𝘯𝘦𝘴 𝘤𝘰𝘴𝘵, 𝘤𝘰𝘯𝘵𝘳𝘰𝘭, 𝘳𝘦𝘴𝘪𝘭𝘪𝘦𝘯𝘤𝘦, 𝘢𝘯𝘥 𝘢𝘤𝘤𝘰𝘶𝘯𝘵𝘢𝘣𝘪𝘭𝘪𝘵𝘺. 𝘛𝘩𝘪𝘴 𝘸𝘰𝘳𝘬 𝘩𝘢𝘱𝘱𝘦𝘯𝘴 𝘢𝘵 𝘴𝘺𝘴𝘵𝘦𝘮 𝘭𝘦𝘷𝘦𝘭, 𝘯𝘰𝘵 𝘧𝘦𝘢𝘵𝘶𝘳𝘦 𝘭𝘦𝘷𝘦𝘭. 👉 intro@paypr.work #payprwork #paymentstrategy #card #acquiring Merchant Hub: Merchant Voice, Amplified! Paypr.work [ˈpeɪpəwəːk] #PaymentLeadership

👉 𝗣𝗿𝗶𝗺𝗲𝘀 𝗮𝗻𝗱 𝗵𝗶𝗴𝗵𝗲𝗿-𝘁𝗶𝗲𝗿 𝗰𝗼𝗻𝘁𝗿𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝗿𝗲 𝗳𝗿𝗼𝗻𝘁-𝗿𝘂𝗻𝗻𝗶𝗻𝗴 𝘁𝗵𝗲 𝗖𝗠𝗠𝗖* 𝗣𝗵𝗮𝘀𝗲𝗱 𝗥𝗼𝗹𝗹-𝗼𝘂𝘁𝘀   The graphic is an excerpt from a 𝗛𝘂𝗻𝘁𝗶𝗻𝗴𝘁𝗼𝗻 𝗜𝗻𝗴𝗮𝗹𝗹𝘀 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝗶𝗲𝘀 (𝗛𝗜𝗜) document showing Level 2 Certifications a full year ahead of the DoD* Phased Roll-out. 🔹 In September HII wrote to their suppliers, “HII encourages all suppliers to obtain the appropriate CMMC level for your organization as soon as possible, if not already complete.” * 𝗦𝗲𝗲 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 for 🔗 links to sources and acronyms 👉 𝗣𝗿𝗶𝗺𝗲𝘀 𝗰𝗮𝗻 𝗺𝗼𝘃𝗲 𝗼𝗻 𝘄𝗵𝗮𝘁𝗲𝘃𝗲𝗿 𝘀𝗰𝗵𝗲𝗱𝘂𝗹𝗲 𝘁𝗵𝗲𝘆 𝗻𝗲𝗴𝗼𝘁𝗶𝗮𝘁𝗲. They’re not beholden to the DoD phased roll-out of CMMC. 🔹A colleague reports that a client is working fervently on CMMC after the VP of Sales got a direct phone call from their primary point of contact at 𝗥𝗧𝗫  stating an expectation of CMMC level 2 status by April 2026. Add the following selection to HII and RTX above then draw your own conclusions 🔹 𝗟𝗼𝗰𝗸𝗵𝗲𝗲𝗱 𝗠𝗮𝗿𝘁𝗶𝗻, June 2025 memo “By now, all DIB companies managing CUI should have fully implemented – and be confidently meeting – NIST SP 800-171 (r2) requirements.” 🔹 𝗕𝗼𝗲𝗶𝗻𝗴 memo “As part of the Defense Industrial Base, who will likely store, process or transmit CUI, your proactive engagement in achieving CMMC Level 2 compliance is crucial.” 🔹 𝗖𝗔𝗖𝗜 website “CACI suppliers are responsible for complying with the associated DFARS requirements … in order to perform the work for the DoD on behalf of CACI.” 🔹 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝗗𝘆𝗻𝗮𝗺𝗶𝗰𝘀 suppliers’ terms and conditions “GDMS [General Dynamics Mission Systems] will require its suppliers to certify at least annually to compliance with the CMMC Program requirements. This is a condition precedent for GDMS to award future purchase orders or subcontracts with CMMC requirements to its suppliers” This is 𝘔𝘢𝘳𝘬𝘦𝘵 𝘙𝘰𝘭𝘭-𝘰𝘶𝘵 correctly predicted by Jacob Horne Thanks to Vincent Scott for finding and sharing the HII timeline 👉 𝗝𝘂𝗺𝗽𝘀𝘁𝗮𝗿𝘁 𝘆𝗼𝘂𝗿 𝗖𝗠𝗠𝗖 𝗱𝗲𝗰𝗶𝘀𝗶𝗼𝗻 with one of our upcoming workshops for executives who need clarity – not complexity – on what CMMC means for their business 𝘽𝙪𝙨𝙞𝙣𝙚𝙨𝙨-𝙁𝙞𝙧𝙨𝙩 𝘾𝙈𝙈𝘾: 𝘼𝙘𝙩𝙞𝙤𝙣𝙖𝙗𝙡𝙚 𝙨𝙩𝙧𝙖𝙩𝙚𝙜𝙮 𝙛𝙤𝙧 𝙬𝙝𝙖𝙩’𝙨 𝙣𝙤𝙬 𝙖𝙣𝙙 𝙬𝙝𝙖𝙩’𝙨 𝙣𝙚𝙭𝙩 is designed to quickly review the authoritative sources in the business case, reveal the underlying logic, and allow leadership teams to reach their own conclusions. We cover:  • Budget benchmarks and cost drivers  • Legal risks and contract penalties  • Timeline and decision points  • M&A implications and future contract shifts More here: 👉 https://lnkd.in/gUsqaGXX