As a company that started as a small business and is now a 100% full and open large business, we recognize the important role small businesses play in achieving national objectives.

Partner with us

National objectives evolve. In response, we must transform our support to respond to our clients’ ever-changing needs. We rely on small business partners to augment and enhance our robust capability offerings, ensuring senior leaders continue to receive the insights and quality support they have come to trust.

If you are a small business and you are interested in becoming a trusted partner, please complete the Vendor Supplier Form found below and email it to

Vendor Supplier Form 

Small Business Form PDF

Data Security and Compliance

SPA recognizes the critical nature of our client data and has implemented systems and processes to ensure the security of the data within our possession.  Similarly, SPA is responsible for ensuring that our subcontractors have the appropriate protections in place to protect data provided under our subcontracts in accordance with Government laws and regulations.

Our partners should be aware of the following DFARS clauses and ensure compliance when required:

  • DFARS 252.204-7008 – Compliance with Safeguarding Covered Defense Information Controls 
  • DFARS 252.204-7009 – Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information 
  • DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting

 Subcontractors working on Department of Defense programs should also be aware of the Cybersecurity Maturity Model Certification (CMMC) program. Information can be found at