“Defensible” is a word that gets used loosely in federal training. The loose usage covers something like we have records, or we follow the regulations, or we did the training. None of those is what defensibility actually means in operational federal-contract terms.
Defensibility answers two specific questions — and it answers them at the moment the question is asked, not later.
First: can you produce the evidence? When a DCMA surveyor, a contracting officer’s representative, an inspector general, an audit team, or opposing counsel in a contract dispute asks for the evidence supporting a specific claim about a specific employee on a specific date — can you produce it on demand, in the format the requester expects, within the time pressure of an actual inspection?
Second: does the evidence hold up? If you produce it, does the evidence actually support the claim being tested — or does it show gaps, contradictions, undocumented decisions, missing chain-of-trust links, or stale information that undermines the very claim it was meant to defend?
A program is defensible if and only if both answers are yes, for every reasonable question the relevant audiences might ask. A program that answers yes to the first question but no to the second has the appearance of records discipline without the substance — the records exist, but they do not actually defend anything. A program that answers no to the first question — the records are somewhere but cannot be produced in time — fails regardless of what they would have shown.
Graded on what you can prove
Federal contract performance is not graded on what is true about your program. It is graded on what you can prove is true about your program, at the moment proof is requested.
This is not a cynical observation. It is a structural feature of how federal acquisition oversight works. The contracting officer who writes the CPARS narrative is not present during day-to-day operations. The DCMA surveyor who inspects records on a given Tuesday has hours, not weeks, to form impressions. The source-selection official evaluating a future bid sees only the past-performance record on file — not the unrecorded reality of how the contractor actually operated. The IG investigator examining a complaint has access only to what the contractor can produce in response to data calls.
In every case, the substantive reality of the contractor’s program is filtered through what the contractor can produce as evidence on demand. The reality and the evidence are different things, and the gap between them is where defensibility lives or dies.
The evidence-producibility standard, stated operationally, has three conditions, and each one matters:
By the relevant person — not by the one specialist who knows where everything is buried in shared drives. Surveillance inspections do not wait for that person to come back from leave. The record has to be retrievable by whoever is in the room when the request comes.
In the format the requester expects — surveyors do not accept “I’ll email it to you tomorrow.” They expect the actual document, the actual audit trail, on screen or in print, in the inspection window. A 200-page LMS export that buries the answer in row 4,847 of an unsorted table is not, for inspection purposes, the evidence.
Within the time pressure of an actual inspection — a surveyor typically asks a question and expects an answer in minutes, not hours. Many surveillance visits arrive with little notice. The records architecture either supports time-pressured retrieval or it does not.
A program that meets all three conditions is defensible. A program that fails any one of them is not — even if the underlying training actually happened correctly. The training happened; the contractor cannot prove it efficiently; the resulting CPARS narrative, surveillance finding, or audit conclusion gets written based on what could be proven in the moment.
The test itself
The standard translates into a diagnostic any program can run on itself: the two-minute test.
A surveyor walks into a room with the program manager or the records officer and asks for a specific record about a specific person on a specific date:
“Show me the qualification record for trainee Smith from cohort 2024-03 — date completed, instructor, observed-performance evidence, qualification decision.”
“Show me documentation that the curriculum revision implemented in March 2024 was validated against subsequent outcome data.”
“Show me the inter-rater reliability calibration record for the evaluator cadre at this site, year-to-date.”
The clock starts. The contractor has two minutes to produce the record, in the format the surveyor expects, with the supporting audit trail intact.
Produce it cleanly within two minutes, and the program is operating at the defensibility standard for that record class.
Take longer — make phone calls, log into multiple systems, sift through email, find the one person who knows where the file lives, export from the LMS and filter down to the right row — and the program is technically compliant but not defensible at the inspection layer. The training may have happened and the records may exist in some form, but the architecture does not support inspection-grade retrieval.
Fail to produce it at all — never properly captured, lost in a system migration, living only in the head of someone who has since left — and the program has a defensibility failure that will surface in a Corrective Action Request, a CPARS finding, or worse.
Two minutes is not a regulatory threshold. It is an operational diagnostic. The number is approximate; the principle is rigid. Real surveillance inspections move at this pace because the surveyor has many questions and many records to check. A contractor whose records cannot keep up forces the surveyor to either wait — which is unusual — or write a finding, which is what actually happens.
The test is most useful as an internal exercise. Run it on yourself. Pick five records the surveillance team would plausibly ask for. Have the records officer produce them under timed conditions. Whatever fails in the practice run will also fail in the real inspection — and now you know where the architectural work is.
Two states, and only one counts
The two-minute test surfaces the principle that organizes all of federal-contract training records discipline: records exist in two states, and only one of them counts.
A record is producible when it is indexed, retrievable by the natural query patterns of the relevant audiences, format-validated, integrity-verified, and accessible to the personnel who would be asked for it.
A record is merely stored when it exists somewhere — on a server, in a folder, in an LMS, in an email archive, in a personal file — but is not indexed, not natively retrievable by those query patterns, not format-validated, not integrity-verified, or not accessible to the people who would be asked for it.
The two states look identical from the outside. Both involve the record existing. But they are different things for defensibility purposes. Only producible records actually defend anything. Merely-stored records create the false impression of compliance while leaving the program exposed to whatever the surveyor cannot find.
Every defensible program therefore treats a record as not yet defensible until it is confirmed producible against the query patterns the relevant audiences actually use. The work of moving a record from merely-stored to producible — indexing, multi-key retrievability, format validation, access control, integrity verification, currency tracking, audit-trail integrity — is the architectural work. It is invisible to anyone who is not running the surveillance scenarios. It is also exactly the work that separates programs that earn Exceptional CPARS narratives from programs that earn Satisfactory.
Documentation versus evidence
A subtle but critical distinction runs through every layer of this: the difference between documentation and evidence.
Documentation is what exists — the record that an action occurred. A training event happened, a certificate was issued, an instructor was credentialed, a qualification decision was rendered. Documentation answers did the thing happen?
Evidence is what proves the thing was done correctly and that the documentation accurately reflects what occurred. Evidence answers can we demonstrate, at the level of proof that survives challenge, that the documented thing was actually performed to standard, by whom, to what observed standard, traceable to what curriculum authority, retrievable on demand?
A training certificate is documentation. A training certificate plus the syllabus the training followed plus the instructor’s qualification file plus the observed-performance rubric scores plus the documented qualification decision plus the audit trail showing the certificate was issued by an authorized authority and not retrospectively altered — that constellation is evidence.
A great many federal training programs have abundant documentation and very little evidence. The events happened. The certificates were issued. The records exist. But the chain of trust that would survive a determined surveyor’s inquiry is fragmentary. The certificate proves something happened; it does not prove the thing that happened was the thing the contract required.
This matters because most federal-training failures under surveillance pressure are evidence failures, not documentation failures. The contractor has all the certificates. The contractor cannot prove the chain of trust behind them. The surveyor writes the finding.
Three questions you can run today
A program manager can assess their own defensibility posture — before any outside firm is engaged — by running three questions against any record class in the program.
Indexed retrievability. If I asked you to produce the [record] for [specific person] from [specific date or cohort], how long would it take and what systems would you need? If the answer is “under two minutes, from one system, by the records officer working alone,” that record class is defensible. If it involves multiple systems, multiple people, or wait time exceeding the inspection window, it is not.
Chain-of-trust integrity. For that record, can you also produce the upstream evidence — the syllabus, the instructor qualification, the curriculum approval, the authority decision — that backs the record’s substantive claim? If the chain is producible end-to-end with no gaps, you are at the evidence level. If it has gaps, or links that exist in principle but cannot be produced in time, you are at the documentation level only.
Audience-natural query coverage. Can the record be retrieved by all the natural query patterns the relevant audiences would use — by employee, by date, by cohort, by instructor, by curriculum version, by contract task order, by qualification decision? If retrieval by all relevant patterns is supported, the architecture is mature. If only one or two patterns work and the rest require manual sifting, the architecture is partial — and it will fail certain surveillance inquiries even though it satisfies others.
These three questions are not a complete assessment instrument, but they are a fast first pass that surfaces the defensibility posture of any record class. A program manager who can answer all three with “yes, cleanly” for every record class in scope is running a defensible program. A program manager who has to qualify the answers, or admits to gaps, has just identified the architectural work that needs doing.
What comes next in this series
This is the second of ten posts I’m writing this summer drawn from Reference Volume 5 of the McLean Performance Group practice library — Federal-Contract Training Defensibility: The Architect’s Reference for CPARS-Exceptional Programs.
The next post, Tuesday June 16, takes the defensibility test into the place contractors most often assume there is no value to add: the stack of mandatory federal training every cleared employee has to complete. The training is the government’s. The certificate is the government’s. So where, exactly, does a contractor add value above record-keeping? There are three places — and each one is a recurring federal-contract failure mode.
If federal training defensibility is on your operational plate — as program manager, proposal lead, contracting officer representative, or senior consulting principal — this series is written for you.
Adam J. McLean, PhD, is Founder & Principal of McLean Performance Group. As Deputy Program Manager on a $563M DoD human-dimensions training contract, the program he directed earned all-Exceptional CPARS across all four years of his DPM tenure. McLean Performance Group is a Service-Disabled Veteran-Owned Small Business based in Madison, Alabama, focused on training compliance architecture for federal contractors and regulated industries.
© 2026 Bust Out Performance LLC dba McLean Performance Group · McLeanPerformanceGroup.com