Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MAY 02, 2010 FBO #3081
SOLICITATION NOTICE

R -- Remote Hosting and support for the Laboratory Information Management System (LIMS)

Notice Date
4/30/2010
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
518210 — Data Processing, Hosting, and Related Services
 
Contracting Office
Department of Veterans Affairs;Technology Acquisition Center;260 Industrial Way West;Eatontown NJ 07724
 
ZIP Code
07724
 
Solicitation Number
VA118-10-RP-0298
 
Response Due
5/21/2010
 
Archive Date
7/20/2010
 
Point of Contact
Asif DamjiContract Specialist
 
E-Mail Address
Contract Specialist
(asif.damji@va.gov)
 
Small Business Set-Aside
N/A
 
Description
PERFORMANCE WORK STATEMENT (PWS) DEPARTMENT OF VETERAN AFFAIRS Office of Information & Technology Veterans Health Administration Laboratory Systems Reengineering Project (LSRP) Remote Hosting Option for Alpha/Beta Date: 4/20/2010 TAC-10-0135 PWS Version Number: 1.1 Contents 1.0BACKGROUND3 2.0OBJECTIVE3 3.0APPLICABLE DOCUMENTS3 4.0SCOPE OF WORK4 4.1CHANGES TO THE PERFORMANCE WORK STATEMENT4 5.0PEFORMANCE DETAILS5 5.1PERFORMANCE PERIOD5 5.2PLACE OF PERFORMANCE5 5.3TRAVEL5 5.4TYPE OF CONTRACT5 6.0SPECIFIC TASKS and DELIVERABLES5 7.0SCHEDULE FOR DELIVERABLES12 8.0GENERAL REQUIREMENTS13 8.1CONTRACTOR PERSONNEL SECURITY REQUIREMENTS13 8.2FORMAL ACCEPTANCE OR REJECTION OF DELIVERABLES16 8.3METHOD OF DELIVERY17 8.4DISTRIBUTION OF DELIVERABLES17 8.5FACILITY/RESOURCE PROVISIONS18 ADDENDUM A20 1.0 BACKGROUND In FY08, the Department of Veterans Affairs (VA), Laboratory Systems Re-engineering Project (LSRP) selected Cerner's Millennium PathNet solution as the Veterans Health Administration (VHA) Laboratory Information Management System (LIMS). The Alpha/Beta implementation of LIMS is in progress and the LSRP is evaluating go-forward technology options that will exceed the strategic goals established in the project's cost benefit analysis (CBA) justification and long-term deployment sustainment requirements. The VA is currently confronted with the decision to acquire and build the primary domain and disaster recovery infrastructure, as well as the decision to invest in personnel and training for the system technical staff and application support staff required to maintain the Cerner Millennium environment. This decision is not just limited to the initial capital cost of equipment and future hardware technology upgrades and refreshes, but also must address data center operations management, cost, security, space, HVAC, and power. One of the significant concerns facing VA is sourcing the experienced technical staff to support Millennium PathNet's on-going technical operations in addition to application support staff to support the day to day application once fielded. To further complicate the issue, these staffing decisions may be subject to constant personnel turnover due to contracting polices and/or terms. Labor is not only a considerable portion of the ongoing costs, it is sometimes the difference between an organization's deployment success and failure. 2.0 OBJECTIVE The objective of this Performance Work Statement (PWS) is to acquire contract support to assist the Laboratory Systems Re-engineering Project (LSRP) by providing Alpha/Beta remote hosting services for the Cerner Millennium PathNet system and systems and application management support for this solution. 3.0 APPLICABLE DOCUMENTS Documents referenced or germane to this PWS are listed below. The Contractor shall be guided by the information contained in the documents in performance of this PWS. 1.Federal Information Security Management Act (FISMA) of 2002; 2.VAAR 852.273-75 Security requirements for unclassified information technology resources (interim Oct 2008) 3.FIPS Pub 201, Personal Identity Verification for Federal Employees and Contractors, February 25, 2005 4.Section 2224 of title 10, United States Code, "Defense Information Assurance Program" 5.Software Engineering Institute Capability Maturity Model Integration, (CMMI) 6.Privacy Act of 1974 7.Title VI of the Civil Rights Act of 1964 8.VA Directive 0710 dated September 10, 2004 9.VA Directive 6102 10.VA Handbook 6102, Internet/Intranet Services 11.Health Insurance Portability and Accountability Act (HIPAA); 45 CFR Part 160, 162, and 164; Health Insurance Reform: Security Standards; Final Rule dated February 20, 2003 12.Electronic and Information Technology Accessibility Standards (36 CFR 1194) 13.OMB Circular A-130 14.U.S.C. 552a, as amended 15.32 CFR 199 16.An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, March 2005 17.Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998 18.Homeland Security Presidential Directive (12) (HSPD-12) 19.VA Handbook 6500, Information Security Program 20.OED ProPath Process Methodology (http://vaww.webdev.oed.oit.va.gov/process/propath/) NOTE: In the event of a conflict, OED ProPath takes precedence over other processes or methodologies. 21.NBS SP500-153, " Guide to Auditing for Controls and Security: A System Development Life-Cycle Approach," April 1988 22.Program Management Accountability System (PMAS) portal http://vaww.oed.portal.va.gov/pmas/Pages/default.aspx 23.Federal Travel Regulation (FTR) (www.gsa.gov/federaltravelregulation) 24.Technical Reference Model (TRM) 25.National Institute Standards and Technology (NIST) Special Publications 4.0 SCOPE OF WORK The scope of this effort is to remote host a technology platform to support the Cerner Millennium PathNet LIMS for the LSRP Alpha/Beta testing environments and provide systems and application management support for this solution. The hosted environment will be required to meet and exceed all VA specifications as well as minimize short and long term risk to the government. In addition the scope includes all staffing required supporting the system operations and maintenance, the application support and maintenance, all hardware, software licenses and sub-licenses. Disaster Recovery, high availability and business continuity are critical requirements in the scope of this PWS. Advocacy and maintenance of standardized lifecycle processes for VA tasks and projects shall also be provided. The Alpha/Beta environments include the production implementation of the Cerner Millennium PathNet LIMS at one Alpha site and two Beta Sites chosen by the VA. 4.1CHANGES TO THE PERFORMANCE WORK STATEMENT Any changes to this PWS shall be authorized and approved only through written correspondence from the Contracting Officer (CO). A copy of each change will be kept in a project folder along with all other products of the project. Costs incurred by the Contractor through the actions of parties other than the CO shall be borne by the Contractor. 5.0 PEFORMANCE DETAILS 5.1PERFORMANCE PERIOD The period of performance shall be eighteen (18) months. 5.2PLACE OF PERFORMANCE The remote hosting option shall be performed within the continental United States and the contractors who perform the remote hosting operations and associated technical and application support shall be located within the continental United States. 5.3TRAVEL There is no travel anticipated by the Contractor to support the remote hosting efforts described herein. The Contractor assumes responsibility for any travel they deem necessary to support remote hosting option for VA of the Cerner Millennium LIMS. 5.4TYPE OF CONTRACT Firm Fixed Price. 6.0 SPECIFIC TASKS AND DELIVERABLES The Contractor shall perform the tasks to create the prescribed deliverables specified herein. 6.1Remote Hosting of the Cerner Millennium PathNet System The Contractor shall provide a secure remote hosting environment for the Cerner Millennium PathNet system as described below: 6.1.1High Availability and Redundancy a.The Contractor shall supply N+1 redundancy (defined as a system configuration in which multiple components (N) have at least one independent backup component (1) to ensure system functionality continues in the event of a system failure). To be at a level of N+1, the overall system integrity should not be impacted by the failure of any one component, and should continue to function at acceptable performance levels after the loss of any component. b.The Contractor shall implement data backup procedures to ensure no loss of data. At a minimum incremental data and system back-ups shall be performed once daily and a full data and system back-up shall be performed once weekly or at the agreed to level to the Contractor's secondary data center 6.1.2Full Disaster Recovery Support (hardware and software) a.The data center shall meet Tier IV standards with purposeful exceptions (TIA/EIA SP-3-0092, TIA/EIA-942). The buildings and all components shall be designed to survive EF5 tornados and meet or exceed FEMA 361 Standards. The data center shall have N+1 redundancy where multiple components (N) have at least one independent backup component (1) to ensure system functionality continues in the event of a system failure. The Contractor shall ensure that multiple copies of the primary Oracle database are online at any given time and incremental archive logs are stored on separate storage guaranteeing quick recovery from any database issues including corruption. b.The Contractor's disaster recovery solution shall adhere to Federal Continuity Directive 1 (FCD-1), authority for which is NSPD-51/HSPD-20 national Continuity Policy. The vendor shall also include a tertiary cold disaster recovery solution. c.The Contractor shall provide a Business Continuity and Disaster Recovery Plan. Deliverable: Business Continuity and Disaster Recovery Plan 6.1.3Application and Technical Support a.The Contractor shall supply experienced Millennium proactive application and technical support 24 hours per day, 7 days per week, 365 days per year with response times as agreed to in the SLA. b.The Contractor shall manage and support the entire Cerner LIMS software solution including but not limited to: all server operating systems as well as Millennium, Oracle, Citrix, and MQSeries (WebSphere MQ) software. c.The Contractor shall support security, network, system, database, application and bi-directional interfaces to the VA. d.The Contractor shall install and provide support on front end services such as Windows Operating System, Active Directory, Web Interface Services and Antivirus monitoring. e.The Contractor shall supply all Server Services (Back End) required to support the Cerner LIMS software solution, including but not limited to installing and monitoring back-end systems and provide database support. f.The Contractor shall provide and support network connectivity and data center operations. g.The Contractor shall provide and support telecommunications between the remote hosted application and VA sites to which LIMS is delivered. h.The Contractor shall handle storage requests and maintenance/issues within the Storage Area Network. i.The Contractor shall provide, install and support the servers required for lab instruments that will be housed in each VA data center. j.The Contractor shall provide proactive system monitoring and management, system optimization, performance and availability. k.The Contractor shall provide service pack management and new release upgrades with minimal impact to the VA. 6.1.4Technology Changes a. The High Availability configuration and the day-to-day responsibility of managing this environment is exclusively the Contractor's responsibility. The Contractor bears the risk for any changes in the underlying technology needed to support Millennium (such as hardware obsolescence). Regardless of how Oracle, or any other layered software (Citrix, MQSeries, etc) changes the way they are licensed or supported, the Contractor bears the risk. If additional skill sets for future technologies are needed, the Contractor is responsible for providing those resources. 6.1.5Hardware Platform a.Contractor shall supply all hardware including: production, non-production, front-end, storage, and telecommunications equipment needed to run the Cerner Millennium PathNet solution, including servers required to support lab instruments housed at each VA data center. b.The Contractor shall be responsible for refreshing hardware regardless of the reason such as obsolescence, lack of sufficient capacity or age - at no additional cost to VA. c.The Contractor bears the risk of keeping the system available and performing at optimal levels regardless of the changes in technology or the requirements of Millennium. As Millennium requires more processing power, CPUs shall be added. As the database grows, additional storage shall be provided. If the bandwidth for telecommunication needs to be increased, the Contractor shall provide for that as well. All upgrades or changes shall be provided at no additional cost to the VA. d.The Contractor shall train the VA to perform VA-specific responsibilities including: the use and understanding of diagnostic and testing tools, utilities, processes and manuals required to triage, troubleshoot and identify problems, outages and failures to determine their source(s), cause(s) and required corrective action(s); how to initiate service requests when or if the problem and/or corrective action required falls outside the scope of VA responsibility and authority. e.Contractor responsible for Data Center Upgrades needed to meet industry standards. 6.1.6Sublicensed Software a.Contractor shall supply all sublicensed software such as: Oracle, MQSeries, Websphere, and Citrix for all system layers and resolve any capacity issues at no additional cost to VA. 6.1.7Maintenance and Support a.Contractor shall supply all maintenance and support for hardware, application, and sublicensed software. b.Contractor shall perform system health checks, tune-ups, and manufacturer best practices. c.Contractor shall perform all needed database modifications and application support. 6.1.8System Security a.Contractor shall sign and comply with an approved VA Memorandum of Understanding/Interconnection Security Agreement (MOU/ISA). b.National Institute of Standards and Technology (NIST) Special Publication (SP) 800-47, Security Guide for Interconnecting Information Technology Systems shall be followed. c.The data center shall be ISO 9001 Certified, HIPAA Compliant and SAS 70 (Type I and II) tested. d.Data center shall have Certification and Accreditation and an Authority to Operate (ATO) that meets the standards of Federal Information Security Management Act of 2002. 6.1.9Data Security a.Contractor shall not comingle VA data with other entities' data. If the Contractor shares SAN, VA data shall be stored on a physically different dedicated disk. b.All data in motion shall be encrypted using 256-bit encryption as per FIPS 140-2 standards. c.All data in storage shall be encrypted using 256-bit encryption as per FIPS 140-2 standards. d.All data on back-up media shall be encrypted using 256-bit encryption as per FIPS 140-2 standard. e.All drives shall be inventoried by serial number and certificates of destruction maintained after any drive failure or replacement. f.When a drive fails and the Contractor degausses the drive, the process shall include physical shredding of the drive to pulp as well as producing a certificate of destruction provided to VA according to the NIST SP 800-88, Guidelines for Media Sanitization and VA Handbook 6500.1, Electronic Media Sanitization. g.If the Contractor moves VA data from one disk to another, the original disk shall be wiped clean via a three-pass disk wipe as per Department of Defense standards (DoD 5220.22-M). The wipe clean process shall produce a certificate of destruction provided to VA. 6.1.10Network Connectivity a.Contractor shall provision a point-to-point connection to a primary and back-up approved VA gateway facility (aka, Trusted Internet Connection (TIC) interface). b.Contractor shall provide any demark equipment associated with the point-to-point connections to the gateways (such as routers and encryption hardware) that is FIPS140-2 compliant. 6.1.11Application Support Requirements a.The Contractor shall produce a Service Level Agreement (SLA) for the VA to review and approve that guarantees systems, networking and application performance, availability and response times. b.The Contractor shall propose and implement a compensation strategy if the agreed upon targets are not met. c.The Contractor shall provide the VA with 99.97% uptime (excluding planned maintenance). d.The Contractor shall provide network performance sufficient to meet the Cerner Millennium LIMS application needs. e.The Contractor shall produce a Systems Management Plan that includes a description of the operations, management, maintenance, monitoring, reporting and problem resolution for the systems, networking and telecommunications in support of the remote hosting option. f.The Contractor shall produce an Application Management Plan that includes a description of the management, maintenance, monitoring, reporting and problem resolution for the Cerner Millennium application. g.The Contractor shall produce System and Application Management monthly reports that include a status report, capacity and performance reports, and anticipated systems and application management tasks, including user impact and estimated downtime. Deliverables: Service Level Agreement, System and Application Management Plans, System and Application Management Monthly Reports 6.1.12Testing a.The Contractor shall provide assistance, consultation and expertise to validate end-to-end VA testing systems configuration and implementation. b.The Contractor shall provide direct assistance and consultation during VA design, analysis and execution of testing activities for the LSRP product as it is to be deployed in a remote hosting architecture. c.The Contractor shall provide expertise, consultation and assistance required to gather, contrast, compare and validate metrics associated with tracing and verifying round-trip responsiveness of the end to end, integrated testing configurations that includes the Contractor LIMS deployed with a non-remote hosting configuration and Contractor LIMS testing configurations deployed in a remote hosting environment using the proposed deployment architecture which includes the VPN gateway. d.The Contractor shall provide expertise and assistance to VA for designing proper Operational Readiness Testing (ORT) and persistent computing design and requirements including disaster recovery, backups, failover, and high availability. 6.1.13Capacity Planning a.The Contractor shall provide expertise, assistance, and metrics associated with determining messaging volumes per laboratory events (i.e., order entry, auto-instrumentation, result reporting) and the implication on LAN and WAN of increased messaging. b.The Contractor shall provide expertise, assistance, and metrics associated with performance criteria, as well as with measuring performance and response time requirements for laboratory business events. 6.1.14Operations and Maintenance a.The Contractor shall provide expertise and assistance to VA as needed related to architecting and determining strategies for deployment of infrastructure components. b.The Contractor shall use Information Technology Infrastructure Library (ITIL) change management processes when making changes to VA hosted hardware/software. This will include VA membership to a weekly Contractor Change Control Board (CCB). The VA will have authority to approve or disapprove all VA LIMS change requests. c.The Contractor shall be responsible for security patches and OS upgrades on all VA LIMS Contractor hosted systems. The Contractor shall allow the VA to routinely scan Contractor owned systems located within the VA WAN to validate compliance with VA security policy. The Contractor shall supply a process for the VA to notify the Contractor of non-compliance. The Contractor shall be responsible for mitigating any security violations. d.The Contractor shall work with the VA to define support roles and delineation of responsibilities in a detailed Service Level Agreement (SLA). This shall include resource requirements, end-to-end system monitoring architecture, troubleshooting responsibilities, security requirements and implementation, and performance. e.The Contractor shall provide effective communication, escalation and mitigation processes, and incident management processes to ensure smooth and uninterrupted continuity of operations and document them in the Business Continuity and Disaster Recovery Plan, Deliverables: Remote Hosting Environment of the Cerner Millennium PathNet System. 6.2TRANSITION AND ORIENTATION SUPPORT The Contractor shall collaborate with the VA to develop and deliver a Phase-In/Phase-Out Transition Plan in the event that all or part of the tasks outlined in this PWS are terminated or is required at end of the period of performance to allow transition. The Contractor shall submit details for the phase out portion of the Transition Plan. All transition actions shall be completed prior to the PWS expiration date. At a minimum, the Contractor shall address the following areas in their transition plan: 1.Inventory, review, evaluation, and transition of current VA OI&T provided VA-furnished property (GFP) and other items such as: a.Hardware/software b.Laptops/PCs c.Pagers/cell phones/calling cards 2.Data/databases. The Contractor shall provide the LIMS data to the VA in any format desired by VA. The Contractor shall remove all VA data from their data center via a three-pass disk wipe as per Department of Defense standards (DOD 5220.22-M). The wipe clean process shall produce a certificate of destruction provided to VA. 3.Inventory and transition of historical data (e.g., memos, letters, correspondence, regulations, reports, documents, transition agreement documents, software licensing agreements, hardware maintenance agreement, memorandums of agreement/ understanding, and inter-service agreements) 4.Procedural manuals/guidelines 5.Operating instructions 6.Data and workflow process 7.Scheduling process 8.Any templates used in day-to-day operations 9.An orientation phase to introduce the Contractor personnel, programs, and users to the incoming team, explaining tools, methodologies, and business processes 10.Procedures to introduce VA personnel, programs, and users to the Contractor's team, tools, methodologies, and business processes 11.The Contractor strategy regarding personnel staffing and training during the transition period 12.Process for transfer of existing on-hand inventory 13.Transition checklist 14.Signed turnover agreements Deliverables: Transition Plan and any documentation or code developed during the project 7.0 SCHEDULE FOR DELIVERABLES If for any reason, any deliverable cannot be delivered in the time schedule, the Contractor shall provide a written explanation to the Contracting Officer. This written transmittal shall include a firm commitment of when the work shall be completed. This notice to the Contracting Officer shall cite the reasons for the delay, and the impact on the overall project. The Contracting Officer will then review the facts and issue a response in accordance with applicable regulations. Note: Days used in the table below refer to calendar days unless otherwise stated. Deliverables with due dates falling on a weekend or holiday shall be submitted the following government work day after the weekend or holiday. TaskDeliverable DescriptionDue Date 6.1Remote Hosting Environment of the Cerner Millennium PathNet System for the Alpha SiteWithin one hundred and twenty (120) calendar days of contract award. 6.1Remote Hosting Environment of the Cerner Millennium PathNet System for the two Beta SitesWithin sixty (60) calendar days of Government notification. 6.1.11Service Level Agreement (SLA)Draft due within thirty (30) calendar days of contract award and final document due within fifteen (15) days of receiving Government feedback. 6.1.11Systems Management PlanDraft due within sixty (60) calendar days of contract award and final document due within fifteen (15) days of receiving Government feedback. 6.1.11Application Management PlansDraft due within sixty (60) calendar days of contract award and final document due within fifteen (15) days of receiving Government feedback. 6.1.11Systems and Application Management Monthly ReportMonthly beginning thirty (30) calendar days after contract award and by the fifth business day of each month thereafter 6.1.2Business Continuity and Disaster Recovery PlanDraft due within thirty (30) calendar days of contract award and final document due within fifteen (15) days of receiving Government feedback. 6.2 Transition Plan and any documentation or code developed during the projectThirty (30) working days prior to contract completion. 8.0 GENERAL REQUIREMENTS 8.1CONTRACTOR PERSONNEL SECURITY REQUIREMENTS The following security requirement must be addressed regarding Contractor supplied equipment: Contractor supplied equipment, PCs of all types, equipment with hard drives, etc. for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE). Security Requirements include: a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within the VA; Bluetooth must be permanently disabled or removed from the device, c) Equipment must meet all sanitization requirements and procedures before disposed of as defined in VA Handbook 6500.1 Electronic Media Sanitization. The COTR, CO, the Project Manager, and the ISO must be notified and verify all security requirements have been adhered to. All Contractor employees who require access to the Department of Veterans Affairs' computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the Contractor will be responsible for the actions of those individuals they provide to perform work for VA. 1. Position Sensitivity The position sensitivity for contractors with direct access to VA data and systems (database administrators, system administrators, etc.) has been designated as: 0Low 0Moderate 1High The position sensitivity for contractors with incidental access to VA data and systems (facilities maintenance, cleaning personnel, etc.) has been designated as: 1Low 0Moderate 0High 2. Background Investigation - The level of background investigation commensurate with the required level of access may be National Agency Check with Written Inquiries (NACI), Minimum Background Investigation (MBI), or Background Investigation (BI). Position SensitivityBackground Investigation Required LowNational Agency Check with Written Inquiries (NACI) A NACI is conducted by OPM and covers a 5-year period. It consists of a review of records contained in the OPM Security Investigations Index (SII) and the DOD Defense Central Investigations Index (DCII), FBI name check, FBI fingerprint check, and written inquiries to previous employers and references listed on the application for employment. In VA it is used for Nonsensitive or Low Risk positions. ModerateMinimum Background Investigation (MBI) A MBI is conducted by OPM and covers a 5-year period. It consists of a review of National Agency Check (NAC) records [OPM Security Investigations Index (SII), DOD Defense Central Investigations Index (DCII), FBI name check, and a FBI fingerprint check], a credit report covering a period of 5 years, written inquiries to previous employers and references listed on the application for employment; an interview with the subject, spouse, neighbors, supervisor, co-workers; and a verification of the educational degree. High Background Investigation (BI) A BI is conducted by OPM and covers a 10-year period. It consists of a review of National Agency Check (NAC) records [OPM Security Investigations Index (SII), DOD Defense Central Investigations Index (DCII), FBI name check, and a FBI fingerprint check report], a credit report covering a period of 10 years, written inquiries to previous employers and references listed on the application for employment; an interview with the subject, spouse, neighbors, supervisor, co-workers; and a verification of the educational degree. 3. Contractor Responsibilities 1.The Contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain the appropriate Background Investigation, and are able to read, write, speak and understand the English language. The Contractor shall provide the name, address, and date of birth, Social Security Number and any other pertinent and relevant information of the Contractor personnel assigned to this project to the COTR and CO prior to Project Kickoff Meeting. 2.The Contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel Management (OPM), the Contractor shall reimburse VA within thirty (30) days. 3.The Contractor shall submit or have their personnel submit the required forms (SF 85P - Questionnaire for Public Trust Positions, SF 85P-S - Supplemental Questionnaire for Selected Positions, FD 258 - U.S. Department of Justice Fingerprint Applicant Chart, VA Form 0710 - Authority for Release of Information Form, Optional Form 306 - Declaration for Federal Employment, and Optional Form 612 - Optional Application for Federal Employment) to the VA Office of Security and Law Enforcement within 30 calendar days of receipt. 4.All costs associated with obtaining clearances for Contractor provided personnel shall be the responsibility of the Contractor. Further, the Contractor shall be responsible for the actions of all individuals provided to work for VA under this contract. In the event that damages arise from work performed by Contractor provided personnel, under the auspices of this contract, the Contractor shall be responsible for all resources necessary to remedy the incident. 5.The Contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract. 6.Failure to comply with the Contractor personnel security requirements may result in termination of the contract for default. 4. Government Responsibilities 1.The VA Office of Security and Law Enforcement will provide the necessary forms to the Contractor or to the Contractor's employees after receiving a list of names and addresses. 2.Upon receipt, the VA Office of Security and Law Enforcement will review the completed forms for accuracy and forward the forms to OPM to conduct the background investigation. 3.The VA facility will pay for investigations conducted by the Office of Personnel Management (OPM) in advance. In these instances, the Contractor will reimburse the VA facility within 30 days. 4.The VA Office of Security and Law Enforcement will notify the CO and Contractor after adjudicating the results of the background investigations received from OMB. 8.2FORMAL ACCEPTANCE OR REJECTION OF DELIVERABLES Unless otherwise specified, VA PM and the COTR will have a maximum of ten (10) business days from the day the draft deliverable is received to review the document, provide comments back to the Contractor, and approve or disapprove the draft deliverable(s). The Contractor will also have a maximum of five (5) business days from the day comments are received to incorporate all changes and submit the final deliverable to the COTR. VA PM will have five (5) business days to review each document and provide feedback/comments. The Contractor shall have five (5) business days to incorporate comments. Certification by the COTR that satisfactory services have been provided is contingent upon the Contractor performing efforts in accordance with the terms and conditions of this PWS. Deliverables and support services shall be completed in accordance with the specifications, schedules, and criteria specified. The determination of acceptability and completion, made by the COTR will be based on the accuracy, completeness, and conformance with the requirements. The Contracting Officer shall negotiate timeframes for re-submission of any rejected deliverables. The COTR will review, for completeness, preliminary or draft documentation that the Contractor submits, and may return it to the Contractor for correction. The Contacting Officer (CO) will notify the Contractor either in writing or electronic form of any rejection or final approval/acceptance. The CO notification of approval and/or acceptance means that a task is complete. General quality measures, as set forth below, will be applied to each work product received from the Contractor under this PWS. 1.Accuracy Work Products shall be accurate in presentation, technical content, and adhere to accepted elements of style. 2.Clarity Work Products shall be clear and concise. Any/All diagrams shall be easy to understand and be relevant to the supporting narrative. 3.Consistency to Requirements All work products must satisfy the requirements of this PWS. 4.File Editing All text and diagrammatic files shall be editable by the VA in Windows-based or Adobe environments/platforms. 5.Format - Follow specified VA Directives or Manuals and/or best business practices. See Section 8.3 for accepted electronic file formats. 6.Timeliness Work Products shall be submitted on or before the due date specified in the schedule or submitted in accordance with a later scheduled date determined by the CO. General work product standards, as set forth below, will be applied to each work product received from the Contractor under this PWS. Work products will be accurate, and reflect a comprehensive synthesis of results and recommendations and include relevant stakeholder input. 1.Presentations - Presentations shall be clear, concise, executive-focused, and written in plain, clear English with minimal jargon, understandable by lay persons. The quality of deliverables directly contributes to the Office of Enterprise Development (OED) communications. 2.Project Plan - Project Plan shall be comprehensive; recognize and address authority, perceptions, and concerns of stakeholders; incorporate scope of requisite requirements across the OED. 3.Reports - There shall be no omissions in the reports, documents or functional requirements. 4.Publications and other documents - Deliverables shall be in formats appropriate to target audiences; user friendly, clear, thorough and comprehensive. 5.Meeting support - Pre-meeting preparations and logistics; smooth meeting operations; comprehensive post-meeting summaries to include but not limited to: Minutes, Action Items, Attendees, Program Objectives and Milestones and major decision points. 6.Analyses and Assessments - Analyses and assessments are performed with accuracy, completeness and adherence to industry best practices. 7.Obtain stakeholder input. Deliverables shall consist of the timely implementation of input mechanisms, and shall consist of an accurate and comprehensive synthesis of results and recommendations. Integration of relevant stakeholder input documented for deliverable. 8.3METHOD OF DELIVERY VA will accept delivery of documentation in both hard copy and/or electronic media. The Contractor shall minimize delivery cost, utilizing electronic media to the maximum extent possible. Unless otherwise directed, the Contractor shall provide electronic copies of all deliverables to the points of contact listed, and in accordance with the schedule identified above. Acceptable electronic media include: MS Word 2000/2003/2007, MS Excel 2000/2003/2007, MS PowerPoint 2000/2003/2007, MS Project 2000/2003/2007, MS Access 2000/2003/2007, MS Visio 2000/2002/2003/2007, CAD 2002 and Adobe Postscript Data Format (PDF). 8.4DISTRIBUTION OF DELIVERABLES Unless otherwise directed, the Contractor shall provide electronic copies of all deliverables and whenever possible, post to an electronic portal, to the points of contact listed below. VA Contracting Officer Kevin Loesch Department of Veterans Affairs Technology Acquisition Center (TAC) 260 Industrial Way West Eatontown, NJ 07724 (732) 578-5487 kevin.loesch@va.gov Cheryl Latham Program Manager Department of Veterans Affairs Office of Information and Technology (4th Floor) 113 Holland Avenue Albany, NY. 12208 Cheryl.Latham@va.gov Madeline Blendell Project Manager Department of Veterans Affairs Office of Information and Technology (4th Floor) 113 Holland Avenue Albany, NY. 12208 Madeline.Blendell@va.gov 8.5FACILITY/RESOURCE PROVISIONS The Government shall provide office space, telephone service and system access when authorized contract staff work at a Government location as required in order to accomplish the Tasks associated with this PWS. All procedural guides, reference materials, and program documentation for the project and other Government applications will also be provided on an as-needed basis. The Contractor shall request other Government documentation deemed pertinent to the work accomplishment directly from the Government officials with whom the Contractor has contact. The Contractor shall consider the COTR as the final source for needed Government documentation when the Contractor fails to secure the documents by other means. The Contractor is expected to use common knowledge and resourcefulness in securing all other reference materials, standard industry publications, and related materials that are pertinent to the work. The VA shall provide access to VA specific systems/network as required for execution of the task via a site-to-site VPN or other technology, including VA specific software such as Veterans Health Information System and Technology Architecture (VistA), Primavera, and Remedy, including appropriate seat management and user licenses. The Contractor shall utilize government-provided software development and test accounts, document and requirements repositories, etc. as required for the development, storage, maintenance and delivery of products within the scope of this PWS. The Contractor shall not transmit, store or otherwise maintain sensitive data or products in systems or media other than VA provided systems within the VA firewall. For detailed Security Requirements refer to ADDENDUM A. 9.0 ADDENDUM A 1.0Cyber and Information Security Requirements for VA IT Services The Contractor shall ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard PWS language, conditions, laws, and regulations. The Contractor's firewall and web server shall meet or exceed the VA minimum requirements for security. All VA data shall be protected behind an approved firewall. Any security violations or attempted violations shall be reported to the VA Program Manager and VA Information Security Officer as soon as possible. The Contractor shall follow all applicable VA policies and procedures governing information security, especially those that pertain to certification and accreditation. Each documented initiative under this contract incorporates the security clauses at VAAR 852.273-75 voiced in the Secretary's 27 February 2009 memorandum, "Protecting Information Security and Privacy" by reference as though fully set forth therein. The clauses shall also be included in every related agreement, contract or order. Referenced memoranda are attached below. Training requirements. The Contractor shall complete all mandatory training courses identified on the Intranet at the current VA training site Learning Management System (LMS) and will be tracked therein. The LMS may be accessed at https://www.lms.va.gov/plateau/user/login.jsp. Contractor employees shall complete a VA Systems Access Agreement if they are provided access privileges as an authorized user of the computer system of VA. 2.0VA Enterprise Architecture Compliance The applications, supplies, and services furnished under this contract must comply with One-VA Enterprise Architecture (EA), available at http://vaww.eas.vaco.va.gov/OneVAEA/ in force at the time of issuance of this contract, including the Program Management Plan and VA's rules, standards, and guidelines in the Technical Reference Model/Standards Profile (TRMSP). The VA reserves the right to assess contract deliverables for EA compliance prior to acceptance. 2.1.VA Internet and Intranet Standards: The Contractor shall adhere to and comply with VA Directive 6102 and VA Handbook 6102, Internet/Intranet Services, including applicable amendments and changes, if the Contractor's work includes managing, maintaining, establishing and presenting information on VA's Internet/Intranet Service Sites. This pertains, but is not limited to: creating announcements; collecting information; databases to be accessed, graphics and links to external sites. Internet/Intranet Services Directive 6102 is posted at (copy and paste the following URL to browser): http://www1.va.gov/vapubs/viewPublication.asp?Pub_ID=409&FType=2 Internet/Intranet Services Handbook 6102 is posted at (copy and paste following URL to browser): http://www1.va.gov/vapubs/viewPublication.asp?Pub_ID=410&FType=2 3.0Notice of the Federal Accessibility Law Affecting All Electronic and Information Technology Procurements (Section 508) On August 7, 1998, Section 508 of the Rehabilitation Act of 1973 was amended to require that when Federal departments or agencies develop, procure, maintain, or use Electronic and Information Technology, that they shall ensure it allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access to and use of information and data by other Federal employees. Section 508 required the Architectural and Transportation Barriers Compliance Board (Access Board) to publish standards setting forth a definition of electronic and information technology and the technical and functional criteria for such technology to comply with Section 508. These standards have been developed are published with an effective date of December 21, 2000. Federal departments and agencies shall develop all Electronic and Information Technology requirements to comply with the standards found in 36 CFR 1194. Section 508 - Electronic and Information Technology (EIT) Standards: The Section 508 standards established by the Architectural and Transportation Barriers Compliance Board (Access Board) are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure Electronic and Information Technology (EIT). These standards are found in their entirety at: http//www.section508.gov and http://www.access-board.gov/sec508/standards.htm. A printed copy of the standards will be supplied upon request. The Contractor shall comply with the technical standards as marked: _x_ 1194.21 Software applications and operating systems _x_ 1194.22 Web-based intranet and internet information and applications _x_ 1194.23 Telecommunications products _x_ 1194.24 Video and multimedia products x 1194.25 Self contained, closed products _x_ 1194.26 Desktop and portable computers The standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device, but merely require that the EIT be compatible with such software and devices so that it can be made accessible if so required by the agency in the future. 4.0Physical Security & Safety Requirements: The Contractor and their personnel shall follow all VA policies, standard operating procedures, applicable laws and regulations while on VA property. Violations of VA regulations and policies may result in citation and disciplinary measures for persons violating the law. 1.The Contractor and their personnel shall wear visible identification at all times while they are on the premises. 2.The VA does not provide parking spaces at the work site; the Contractor must obtain parking at the work site if needed. It is the responsibility of the Contractor to park in the appropriate designated parking areas. The VA will not invalidate or make reimbursement for parking violations of the Contractor under any conditions. 3.Smoking is prohibited inside/outside any building other than the designated smoking areas. 4.Possession of weapons is prohibited. 5.The Contractor shall obtain all necessary licenses and/or permits required to perform the work, with the exception of software licenses that need to be procured from a contractor or Contractor in accordance with the requirements document. The Contractor shall take all reasonable precautions necessary to protect persons and property from injury or damage during the performance of this contract. 5.0Confidentiality and Non-Disclosure The Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations. The Contractor may have access to Protected Health Information (PHI) and Electronic Protected Health Information (EPHI) that is subject to protection under the regulations issued by the Department of Health and Human Services, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); 45 CFR Parts 160 and 164, Subparts A and E, the Standards for Privacy of Individually Identifiable Health Information ("Privacy Rule"); and 45 CFR Parts 160 and 164, Subparts A and C, the Security Standard ("Security Rule"). Pursuant to the Privacy and Security Rules, the Contractor must agree in writing to certain mandatory provisions regarding the use and disclosure of PHI and EPHI. 1.The Contractor will have access to some privileged and confidential materials of the VA. These printed and electronic documents are for internal use only, are not to be copied or released without permission, and remain the sole property of the VA. Some of these materials are protected by the Privacy Act of 1974 (revised by PL 93-5791) and Title 38. Unauthorized disclosure of Privacy Act or Title 38 covered materials is a criminal offense. 2.The VA Contracting Officer will be the sole authorized official to release in writing, any data, draft deliverables, final deliverables, or any other written or printed materials pertaining to this contract. The Contractor shall release no information. Any request for information relating to this contract presented to the Contractor shall be submitted to the VA Contracting Officer for response. 3.Contractor personnel recognize that in the performance of this PWS, Contractor personnel may receive or have access to sensitive information, including information provided on a proprietary basis by carriers, equipment manufacturers and other private or public entities. Contractor personnel agree to safeguard such information and use the information exclusively in the performance of this contract. Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations as enumerated in this section and elsewhere in this Contract and its subparts and appendices. 4.Contractor shall limit access to the minimum number of personnel necessary for contract performance for all information considered sensitive or proprietary in nature. If the Contractor is uncertain of the sensitivity of any information obtained during the performance this contract, the Contractor has a responsibility to ask the VA Contracting Officer. 5.Contractor shall train all of their employees involved in the performance of this contract on their roles and responsibilities for proper handling and nondisclosure of sensitive VA or proprietary information. Contractor personnel shall not engage in any other action, venture or employment wherein sensitive information shall be used for the profit of any party other than those furnishing the information. The sensitive information transferred, generated, transmitted, or stored herein is for VA benefit and ownership alone. 6.Contractor shall maintain physical security at all facilities housing the activities performed under this contract, including any Contractor facilities according to VA-approved guidelines and directives. The Contractor shall ensure that security procedures are defined and enforced to ensure all personnel who are provided access to patient data must comply with published procedures to protect the privacy and confidentiality of such information as required by the VA. 7.Contractor must adhere to the following: 8.The use of "thumb drives" or any other medium for transport of information is expressly prohibited. 9.Controlled access to system and security software and documentation. 10.Recording, monitoring, and control of passwords and privileges. 11.All terminated personnel are denied physical and electronic access to all data, program listings, data processing equipment and systems. 12.VA, as well as any Contractor (or Contractor) systems used to support development, provide the capability to cancel immediately all access privileges and authorizations upon employee termination. 13.Contractor PM and VA PM are informed within twenty-four (24) hours of any employee termination. 14.Acquisition sensitive information shall be marked "Acquisition Sensitive" and shall be handled as "For Official Use Only (FOUO)". 15.Contractor does not require access to classified data. 16.Regulatory standard of conduct governs all personnel directly and indirectly involved in procurements. All personnel engaged in procurement and related activities shall conduct business in a manner above reproach and, except as authorized by statute or regulation, with complete impartiality and with preferential treatment for none. The general rule is to strictly avoid any conflict of interest or even the appearance of a conflict of interest in VA/Contractor relationships.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/87b7f3d9bfcfb546fed7658c2351a72d)
 
Record
SN02137228-W 20100502/100430235342-87b7f3d9bfcfb546fed7658c2351a72d (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.