Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 08, 2012 FBO #3910
DOCUMENT

D -- Electronic Freedom of Information Act (E-FOIA) Software - Attachment

Notice Date
8/6/2012
 
Notice Type
Attachment
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of Veterans Affairs;Technology Acquisition Center;260 Industrial Way West;Eatontown NJ 07724
 
ZIP Code
07724
 
Solicitation Number
VA11812Q0581
 
Response Due
8/13/2012
 
Archive Date
9/12/2012
 
Point of Contact
David Sette
 
Small Business Set-Aside
N/A
 
Description
PERFORMANCE WORK STATEMENT (PWS) DEPARTMENT OF VETERANS AFFAIRS Office of Information & Technology Office of Privacy and Records Management Electronic Freedom of Information Act Support Date: June 27, 2012 TAC-FY-04466 PWS Version Number: 7.0 Contents 1.0BACKGROUND3 2.0APPLICABLE DOCUMENTS3 3.0 SCOPE OF WORK4 4.0PERFORMANCE DETAILS5 4.1PERFORMANCE PERIOD5 4.2PLACE OF PERFORMANCE5 4.3TRAVEL5 5.0SPECIFIC TASKS AND DELIVERABLES6 5.1PROJECT MANAGEMENT6 5.1.1PROJECT MANAGEMENT PLAN6 5.1.2REPORTING REQUIREMENTS6 5.2e-FOIA SYSTEM7 5.3MAINTENANCE SUPPORT8 5.4TRAINING8 5.5LESSONS LEARNED8 6.0GENERAL REQUIREMENTS9 6.1ENTERPRISE AND IT FRAMEWORK9 6.2POSITION/TASK RISK DESIGNATION LEVEL(S) AND CONTRACTOR PERSONNEL SECURITY REQUIREMENTS9 6.2.1LOW RISK DESIGNATION TASKS10 6.2.2MODERATE RISK DESIGNATION TASKS11 6.2.3HIGH RISK DESIGNATION TASKS11 6.2.4CONTRACTOR PERSONNEL SECURITY REQUIREMENTS11 6.3METHOD AND DISTRIBUTION OF DELIVERABLES12 6.4PERFORMANCE METRICS13 6.5GOVERNMENT FURNISHED PROPERTY14 ADDENDUM A15 ADDENDUM B20 ? 1.0 BACKGROUND The mission of the Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Office of Privacy and Records Management is to provide benefits and services to Veterans of the United States. In meeting these goals, OIT strives to provide high quality, effective, and efficient Information Technology (IT) services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of the Veterans' health care in an effective, timely and compassionate manner. VA depends on Information Management/Information Technology (IM/IT) systems to meet mission goals. In 2009, in order to manage Freedom of Information Act (FOIA) activities, the VA acquired a license to use a Commercial off the Shelf (COTS) software product, known as the Electronic (e-FOIA) System, with an ability to provide the requirements mandated by amendments to the Freedom of Information Act. The e-FOIA system is web-based, in order to comply with Executive Order (EO) 13392 and the Openness Promotes Effectiveness in our National (O.P.E.N.) Government Act, which amend the FOIA to require VA to provide more customer-oriented service by improving the management and administration of its FOIA program. 2.0 APPLICABLE DOCUMENTS In the performance of the tasks associated with this Performance Work Statement, the Contractor shall comply with the following: 1.44 U.S.C. § 3541, "Federal Information Security Management Act (FISMA) of 2002" 2.Federal Information Processing Standards (FIPS) Publication 140-2, "Security Requirements For Cryptographic Modules" 3.FIPS Pub 201, "Personal Identity Verification of Federal Employees and Contractors," March 2006 4.10 U.S.C. § 2224, "Defense Information Assurance Program" 5.Software Engineering Institute, Software Acquisition Capability Maturity Modeling (SA CMM) Level 2 procedures and processes 6.5 U.S.C. § 552a, as amended, "The Privacy Act of 1974" 7.42 U.S.C. § 2000d "Title VI of the Civil Rights Act of 1964" 8.Department of Veterans Affairs (VA) Directive 0710, "Personnel Suitability and Security Program," May 18, 2007 9.VA Directive 6102, "Internet/Intranet Services," July 15, 2008 10.36 C.F.R. Part 1194 "Electronic and Information Technology Accessibility Standards," July 1, 2003 11.OMB Circular A-130, "Management of Federal Information Resources," November 28, 2000 12.32 C.F.R. Part 199, "Civilian Health and Medical Program of the Uniformed Services (CHAMPUS)" 13.An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008 14.Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998 15.Homeland Security Presidential Directive (12) (HSPD-12), August 27, 2004 16.VA Directive 6500, "Information Security Program," August 4, 2006 17.VA Handbook 6500, "Information Security Program," September 18, 2007 18.VA Handbook 6500.1, "Electronic Media Sanitization," March 22, 2010 19.VA Handbook 6500.2, "Management of Security and Privacy Incidents," June 17, 2008. 20.VA Handbook 6500.3, "Certification and Accreditation of VA Information Systems," November 24, 2008. 21.VA Handbook, 6500.5, Incorporating Security and Privacy in System Development Lifecycle. 22.VA Handbook 6500.6, "Contract Security," March 12, 2010 23.Project Management Accountability System (PMAS) portal (reference PWS References -Technical Library at https://www.voa.va.gov/) 24.OIT ProPath Process Methodology (reference PWS References -Technical Library and ProPath Library links at https://www.voa.va.gov/) NOTE: In the event of a conflict, OIT ProPath takes precedence over other processes or methodologies. 25.Technical Reference Model (TRM) (reference at http://www.ea.oit.va.gov/Technology.asp) 26.National Institute Standards and Technology (NIST) Special Publications 27.VA Directive 6508, VA Privacy Impact Assessment, October 3, 2008 28.VA Directive 6300, Records and Information Management, February 26, 2009 29.VA Handbook, 6300.1, Records Management Procedures, March 24, 2010 30.5 U.S.C. 552 The Freedom of Information Act, as amended 31.National Institute of Standards and Technology (NIST) Special Publication 800-37, Guide for Applying the Risk Management Framework 3.0 SCOPE OF WORK The Contractor shall provide a system, operations and maintenance support, and training for an Electronic-FOIA system to improve the management of the VA FOIA program. 4.0 PERFORMANCE DETAILS 4.1PERFORMANCE PERIOD The period of performance shall be 12 months from date of award, with three options for one year each. Work shall not take place on Federal holidays or weekends unless directed by the Contracting Officer (CO). There are 10 Federal holidays set by law (USC Title 5 Section 6103) that VA follows: Under current definitions, four are set by date: New Year's DayJanuary 1 Independence DayJuly 4 Veterans DayNovember 11 Christmas DayDecember 25 If any of the above falls on a Saturday, then Friday shall be observed as a holiday. Similarly, if one falls on a Sunday, then Monday shall be observed as a holiday. The other six are set by a day of the week and month: Martin Luther King's BirthdayThird Monday in January Washington's BirthdayThird Monday in February Memorial DayLast Monday in May Labor DayFirst Monday in September Columbus DaySecond Monday in October ThanksgivingFourth Thursday in November 4.2PLACE OF PERFORMANCE Tasks under this PWS shall be performed at Contractor facilities. 4.3 TRAVEL The Government does not anticipate travel under this effort to perform the tasks through the period of performance. Include all estimated travel costs in your firm-fixed price line items. These costs will not be directly reimbursed by the Government. 5.0 SPECIFIC TASKS AND DELIVERABLES 5.1PROJECT MANAGEMENT 5.1.1CONTRACTOR PROJECT MANAGEMENT PLAN The Contractor shall deliver a Contractor Project Management Plan (CPMP) that lays out the Contractor's approach, timeline and tools to be used in execution of the contract. The CPMP should take the form of both a narrative and graphic format that displays the schedule, milestones, risks and resource support. The CPMP shall also include how the Contractor shall coordinate and execute planned, routine, and ad hoc data collection reporting requests as identified within the PWS. The initial baseline CPMP shall be concurred upon and updated monthly thereafter. The Contractor shall update and maintain the VA PM approved CPMP throughout the period of performance.. Deliverable: A.Contractor Project Management Plan 5.1.2REPORTING REQUIREMENTS The Contractor shall provide the Contracting Officer's Representative (COR) with Monthly Progress Reports in electronic form in Microsoft Word and Project formats. The report shall include detailed instructions/explanations for each required data element, to ensure that data is accurate and consistent. These reports shall reflect data as of the last day of the preceding Month. The Monthly Progress Reports shall cover all work completed during the reporting period and work planned for the subsequent reporting period. The report shall also identify any problems that arose and a description of how the problems were resolved. If problems have not been completely resolved, the Contractor shall provide an explanation including their plan and timeframe for resolving the issue. The Contractor shall monitor performance against the PMP and report any deviations. It is expected that the Contractor will keep in communication with VA accordingly so that issues that arise are transparent to both parties to prevent escalation of outstanding issues. Deliverable: A.Monthly Progress Reports 5.2E-FOIA SYSTEM The Contractor shall provide an e-FOIA system that can handle 450 VA employees with read-write access and handle 450 employees with read-only access. The e-FOIA system shall be web-based to allow data entry access at any VA field site. The Contractor shall provide an e-FOIA system that supports the following: 1.Generates information needed to accurately complete the Department of Justice (DOJ) Annual FOIA Report, the snapshot report, and ad hoc reports for each VA organization, while accommodating reporting modifications required by oversight agencies. The e-FOIA system reporting functions shall: a)Meet the reporting requirements of the Congress and Administration under the Health Insurance Portability and Accountability Act (HIPAA) b)Meet the reporting requirements under the Freedom of Information Act (FOIA) and amendments to the FOIA involving electronic records c)Provide ad hoc reporting capability to address Congressional or Administrative reporting d)Meet the Executive Order #13392, the "OPEN Government Act" requirements for agency implementation and the FOIA Backlog Report by providing the capability to query, select, and print Agency FOIA requests greater than twenty (20) days e)Track progress of requests using electronic means 2.Ability to generate FOIA billing invoices 3.Access by multiple users in different locations 4.Generate case numbers for new requests and provide the requestors with a unique identifying number to track their requests 5.Role based access rights for multiple users in multiple locations a)Read-Write Access shall be limited to the designated FOIA Officers and their alternates but Read Only capability shall be available for reporting to managers. 6.Ability to scan paper copy requests and responses to establish electronic files 7.Provide both soft redaction (can be changed) and hard redaction (can't be changed) a)Automatically generate a customized "Final FOIA Response Letter" that correlates to the redactions in the matching letter b)Generate and show the specific FOIA Exemption in the margin of the letter 8.Provide a library of Form Letter Templates a)Allow agency to modify, add, and delete templates 9.Track referrals once they have been inputted into the database (open/close request) a)Track requests that have been either withdrawn or gone to appeal 10. Capability to run statistical reports based upon user ID on any agency within VA 11. Reliability of no more than 24 hours downtime per month Deliverable: A.e-FOIA System 5.3MAINTENANCE SUPPORT The Contractor shall provide system maintenance support, including help desk and On-Call support, five days per week from 7:00 am to 7:00 pm Eastern Standard time. The Contractor shall notify the COR within 30 minutes of an e-FOIA system failure. The Contractor shall provide On-Call support and repair any e-FOIA system problems within 24 hours of a problem report. The Contractor shall provide a maintenance log document to record all maintenance actions for the system including help desk and On Call support calls. Deliverable: A.Maintenance Log 5.4TRAINING The Contractor shall provide Web-based training for the e-FOIA System that allows users to simulate access to the e-FOIA system, run reports, and enter/ update e-FOIA requests. The Contractor shall provide a training plan to accommodate up to 900 personnel at all VA sites. The Contractor shall provide all training materials. Deliverable: A.Training Plan B.Training Materials 5.5LESSONS LEARNED The Contractor shall provide a lessons learned report from all activities in this contract. Deliverable: A. Lessons Learned Report 6.0 GENERAL REQUIREMENTS 6.1ENTERPRISE AND IT FRAMEWORK The Contractor shall support the VA enterprise management framework. In association with the framework, the Contractor shall comply with OIT Technical Reference Model (One-VA TRM). One-VA TRM is one component within the overall Enterprise Architecture (EA) that establishes a common vocabulary and structure for describing the information technology used to develop, operate, and maintain enterprise applications. One-VA TRM includes the Standards Profile and Product List that collectively serves as a VA technology roadmap. Architecture, Strategy, and Design (ASD) has overall responsibility for the One-VA TRM. Where applicable, the Contractor solution shall support the latest Internet Protocol Version 6 (IPv6) requirements and compliance standards established by Federal Acquisition Regulation (FAR) and NIST for IPv6 for Federal Government Agencies. IPv6 technology must be included in all infrastructure and application design and development efforts. The Contractor shall support VA efforts in accordance with the Project Management Accountability System (PMAS) that mandates all new VA IT projects/programs use an incremental development approach, requiring frequent delivery milestones that deliver new capabilities for business sponsors to test and accept functionality. Implemented by the Assistant Secretary for IT, PMAS is a VA-wide initiative to better empower the OIT Project Managers and teams to meet their mission: delivering world-class IT products that meet business needs on time and within budget. The Contractor shall utilize ProPath, the OIT-wide process management tool that assists in the execution of an IT project (including adherence to PMAS standards). It is a one-stop shop providing critical links to the formal approved processes, artifacts, and templates to assist project teams in facilitating their PMAS-compliant work. ProPath is used to build schedules to meet project requirements, regardless of the development methodology employed. 6.2POSITION/TASK RISK DESIGNATION LEVEL(S) AND CONTRACTOR PERSONNEL SECURITY REQUIREMENTS Position SensitivityBackground Investigation (in accordance with Department of Veterans Affairs 0710 Handbook, "Personnel Security Suitability Program," Appendix A) LowNational Agency Check with Written Inquiries (NACI) A NACI is conducted by OPM and covers a 5-year period. It consists of a review of records contained in the OPM Security Investigations Index (SII) and the DOD Defense Central Investigations Index (DCII), FBI name check, FBI fingerprint check, and written inquiries to previous employers and references listed on the application for employment. In VA it is used for Non-sensitive or Low Risk positions. ModerateModerate Background Investigation (MBI) A MBI is conducted by OPM and covers a 5-year period. It consists of a review of National Agency Check (NAC) records [OPM Security Investigations Index (SII), DOD Defense Central Investigations Index (DCII), FBI name check, and a FBI fingerprint check], a credit report covering a period of 5 years, written inquiries to previous employers and references listed on the application for employment; an interview with the subject, law enforcement check; and a verification of the educational degree. High Background Investigation (BI) A BI is conducted by OPM and covers a 10-year period. It consists of a review of National Agency Check (NAC) records [OPM Security Investigations Index (SII), DOD Defense Central Investigations Index (DCII), FBI name check, and a FBI fingerprint check report], a credit report covering a period of 10 years, written inquiries to previous employers and references listed on the application for employment; an interview with the subject, spouse, neighbors, supervisor, co-workers; court records, law enforcement check, and a verification of the educational degree. The Tasks identified below and the resulting Position Sensitivity and Background Investigation delineate the Background Investigation requirements by Contractor individual, based upon the tasks the particular Contractor individual will be working. The submitted Contractor Staff Roster must indicate the required Background Investigation Level for each individual, based upon the tasks the Contractor individual will be working, based upon their submitted proposal. 6.2.1LOW RISK DESIGNATION TASKS a)Position Sensitivity and Background Investigation - The position sensitivity and the level of background investigation commensurate with the required level of access for task(s) NONE within the Performance Work Statement is: 0Low/NACI 6.2.2MODERATE RISK DESIGNATION TASKS a)Position Sensitivity and Background Investigation - The position sensitivity and the level of background investigation commensurate with the required level of access for task(s) 5.1 through 5.5 within the Performance Work Statement is: 1Moderate/MBI 6.2.3HIGH RISK DESIGNATION TASKS b)Position Sensitivity and Background Investigation - The position sensitivity and the level of background investigation commensurate with the required level of access for task(s) NONE within the Performance Work Statement is: 0High/BI 6.2.4 CONTRACTOR PERSONNEL SECURITY REQUIREMENTS Contractor Responsibilities: a.The Contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain the appropriate Background Investigation, and are able to read, write, speak and understand the English language. b.The Contractor shall bear the expense of obtaining background investigations. c.Within 3 business days after award, the Contractor shall provide a roster of Contractor and Subcontractor employees to the COR to begin their background investigations. The roster shall contain the Contractor's Full Name, Full Social Security Number, Date of Birth, Place of Birth, and individual background investigation level requirement (based upon Section 6.2 Tasks). d.The Contractor should coordinate the location of the nearest VA fingerprinting office through the COR. Only electronic fingerprints are authorized. e.For a Low Risk designation the following forms are required to be completed: 1.OF-306 and 2. DVA Memorandum - Electronic Fingerprints. For Moderate or High Risk the following forms are required to be completed: 1. VA Form 0710 and 2. DVA Memorandum - Electronic Fingerprints. These should be submitted to the COR within 5 business days after award. f.The Contractor personnel will receive an email notification from the Security and Investigation Center (SIC), through the Electronics Questionnaire for Investigations Processes (e-QIP) identifying the website link that includes detailed instructions regarding completion of the investigation documents (SF85, SF85P, or SF 86). The Contractor personnel shall submit all required information related to their background investigations utilizing the Office of Personnel Management's (OPM) Electronic Questionnaire for Investigations Processing (e-QIP). g.The Contractor is to certify and release the e-QIP document, print and sign the signature pages, and send them to the COR for electronic submission to the SIC. These should be submitted to the COR within 3 business days of receipt of the e-QIP notification email. h.The Contractor shall be responsible for the actions of all personnel provided to work for VA under this contract. In the event that damages arise from work performed by Contractor provided personnel, under the auspices of this contract, the Contractor shall be responsible for all resources necessary to remedy the incident. i.A Contractor may be granted unescorted access to VA facilities and/or access to VA Information Technology resources (network and/or protected data) with a favorably adjudicated Special Agreement Check (SAC) or "Closed, No Issues" (SAC) finger print results, training delineated in VA Handbook 6500.6 (Appendix C, Section 9), and, the signed "Contractor Rules of Behavior." However, the Contractor will be responsible for the actions of the Contractor personnel they provide to perform work for VA. The investigative history for Contractor personnel working under this contract must be maintained in the database of r the Office of Personnel Management (OPM). j.The Contractor, when notified of an unfavorably adjudicated background investigation on a Contractor employee as determined by the Government, shall withdraw the employee from consideration in working under the contract. k.Failure to comply with the Contractor personnel security investigative requirements may result in termination of the contract for default. 6.3METHOD AND DISTRIBUTION OF DELIVERABLES The Contractor shall deliver documentation in electronic format, unless otherwise directed in Section B of the solicitation/contract. Acceptable electronic media include: MS Word 2000/2003/2007, MS Excel 2000/2003/2007, MS PowerPoint 2000/2003/2007, MS Project 2000/2003/2007, MS Access 2000/2003/2007, MS Visio 2000/2002/2003/2007, AutoCAD 2002/2004/2007/2010, and Adobe Postscript Data Format (PDF). 6.4 PERFORMANCE METRICS The table below defines the Performance Standards and Acceptable Performance Levels for Objectives associated with this effort. Performance ObjectivePerformance StandardAcceptable Performance Levels 1.Technical NeedsShows understanding of requirements Efficient and effective in meeting requirements Meets technical needs and mission requirements Offers quality services/productsSatisfactory or higher 2.Project Milestones and ScheduleQuick response capability Products completed, reviewed, delivered in timely manner Notifies customer in advance of potential problemsSatisfactory or higher 3. Project StaffingCurrency of expertise Personnel possess necessary knowledge, skills and abilities to perform tasksSatisfactory or higher 4. Value AddedProvided valuable service to Government Services/products delivered were of desired qualitySatisfactory or higher The Government will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of the contract to ensure that the Contractor is performing the services required by this PWS in an acceptable manner. The Government reserves the right to alter or change the surveillance methods in the QASP at its own discretion. FACILITY/RESOURCE PROVISIONS The Government will provide office space, telephone service and system access when authorized contract staff work at a Government location as required in order to accomplish the Tasks associated with this PWS. All procedural guides, reference materials, and program documentation for the project and other Government applications will also be provided on an as-needed basis. The Contractor shall request other Government documentation deemed pertinent to the work accomplishment directly from the Government officials with whom the Contractor has contact. The Contractor shall consider the COR as the final source for needed Government documentation when the Contractor fails to secure the documents by other means. The Contractor is expected to use common knowledge and resourcefulness in securing all other reference materials, standard industry publications, and related materials that are pertinent to the work. VA will provide access to VA specific systems/network as required for execution of the task via a site-to-site VPN or other technology, including VA specific software such as Veterans Health Information System and Technology Architecture (VistA), ClearQuest, ProPath, Primavera, and Remedy, including appropriate seat management and user licenses. The Contractor shall utilize Government-provided software development and test accounts, document and requirements repositories, etc. as required for the development, storage, maintenance and delivery of products within the scope of this effort. The Contractor shall not transmit, store or otherwise maintain sensitive data or products in Contractor systems (or media) within the VA firewall IAW VA Handbook 6500.6 dated March 12, 2010. All VA sensitive information shall be protected at all times in accordance with local security field office System Security Plans (SSP's) and Authority to Operate (ATO)'s for all systems/LAN's accessed while performing the tasks detailed in this PWS. For detailed Security and Privacy Requirements refer to ADDENDUM A and ADDENDUM B. 6.5GOVERNMENT FURNISHED PROPERTY NOT APPLICABLE
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/f66ec2a18541a9c6409f1cb4daaa626a)
 
Document(s)
Attachment
 
File Name: VA118-12-Q-0581 VA118-12-Q-0581.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=427795&FileName=VA118-12-Q-0581-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=427795&FileName=VA118-12-Q-0581-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN02828564-W 20120808/120806235817-f66ec2a18541a9c6409f1cb4daaa626a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.