CRM Considerations and Policies for Businesses that Work with Government Agencies
We’ve compiled some resources and information for CRMs for B2G businesses. If you work with government agencies, especially with the Department of Defense (DoD), there are several considerations you must know before choosing a CRM, customer relationship management tool, for your business.
Remember a CRM is housing customer data, which can often be personal and therefore sensitive. When housing government agency data, you are required to uphold security standards and ensure procedures are put in place to protect this data from a breach.
CRMs for B2G – Working with DoD
As of January 2020, for those working with the DoD there are additional laws and regulations you must follow under the Cybersecurity Maturity Model Certification (CMMC). These laws build upon the current Defense Federal Acquisition Regulation Supplement (DFARS) and the National Institute of Standards and Technology (NIST) frameworks. If you are already working with or planning to work with the DoD, even as a subcontractor, you need to be certified through the CMMC for at least Level 1 by 2025.
Most companies who work with the DoD are already at Level 1 because this has always been required as part of the FAR 52.204-21 requirements, though CMMC now requires that your business is audited and certified by a third-party auditor. The DoD will give first preference to those who are already compliant under DFARS and NIST.
There are 17 controls that cover basic security hygiene and are the minimum requirements. Though to house any Controlled Unclassified Information (CUI), you must have at least a Level 3 certification. For more details about the different levels, please check out this blog by Focal Point.
We suggest starting the process as soon as possible because it does take time. Start by checking your compliance with NIST 800-171 requirements. Make a plan for how you will achieve compliance and formulate a budget that covers costs for security system enhancements and any additional features or procedures you may need to implement.
CRMs for B2G – Compliance with CRM
To ensure you are compliant, you want to look for a CRM that is NIST 800-171 or NIST 800-53 compliant until more platforms jump on board with using the term CMMC compliant. Ultimately, it is the CRM cloud service provider’s responsibility to ensure security of data, although there are additional steps you should take internally to guarantee that you are protecting sensitive information. Ideas of safety and security measures for CRMs can be found in our The Ultimate Guide to CRMs for Small Businesses blog.
Any of the CRMs we’ve listed in our Top 5 CRMs for Small Businesses blog will work for businesses working with the government. Though you may want to try the Government Contractors CRM, designed specifically for your industry. It offers a complete CRM with marketing and automation, lead and sales management, and detailed analytics created for businesses that work with government agencies. This company also has some great resources for anyone looking to do government contracting.
For more information about CRMs, check out our Ultimate Guide to CRMs for small businesses. If you aren’t sure where to start as a government contractor, contact us today for a free consultation.
Sources:
