During this period, the supplier is generally required to implement or expand a comprehensive staff training program, a confidential disclosure program, written standards and guidelines and to designate a compliance officer and committee if these matters are not already done.  The SAAs also require the establishment of procedures for the management and notification of « reported events ». Reportable events include overcounts, ongoing investigations or legal proceedings, potential violations of criminal, civil, or administrative laws applicable to any federal health program that may be authorized for sanctions or exclusions, and employment or contract with an unauthorized person.  ASCI create a framework within which the company must operate so as not to be excluded from participation in public health programs.  States use ASCI as part of their enforcement efforts.  :9. . . .