Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF JUNE 13, 2014 FBO #4584
DOCUMENT

70 -- SURVERYS - Attachment

Notice Date

6/11/2014
 

Notice Type

Attachment
 

NAICS

511210 — Software Publishers
 

Contracting Office

Department of Veterans Affairs;VA Sierra Pacific Network (VISN 21);VA Northern California HealthCare System;5342 Dudley Blvd. Bldg 98 (90/CCA);McClellan CA 95652-1012
 

ZIP Code

95652-1012
 

Solicitation Number

VA26114Q0593
 

Response Due

6/20/2014
 

Archive Date

8/19/2014
 

Point of Contact

David Yee
 

Small Business Set-Aside

Total Small Business
 

Description

This document is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation, proposals are being requested, and a written solicitation will not be issued The proposed contract action is for supplies or services for which the Government intends to solicit competitive offers. Interested persons may submit offers, and all eligible offers received prior to July 14, 2011 will be considered by the Government. This acquisition is 100% set-aside for small businesses. The NAICS code is 511210 and the size standard is $ 35 million. This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular (FAC) 2005-73. Only emailed requests received directly from the requester are acceptable. Please list contract line item number(s) and items, quantities and units of measure. Please note all of the line items are designated Brand Name or Equal: CLIN w/DESCRIPTION/QTY/UNIT/UNIT PRICE/TOTAL AMOUNT 0001 License for DatStat Illume application (v 7.4.1) or equal Contractor shall comply with the section titled: Scope of Work. POP 07/1/2014-06/30/2015 $___________________ $____________________ Delivery, acceptance, and FOB Destination Point: ITEMS ALL QUANTITYALL See periods of performance above SHIP TO: Palo Alto Health Care System 3801 Miranda Ave Palo Alto, CA 94304-1290 VA Point of Contact: David Yee SALIENT CHARACTERISTICS Any "Or Equal" products being offered must have the following salient characteristics: Introduction The National Center for Posttraumatic Stress Disorder (PTSD) Dissemination and Training Division serves our nation's Veterans by providing education and training opportunities for VA clinicians to provide Veterans who suffer from PTSD with innovative and up-to-date care. The Center offers educational products and services that reach Veterans in order to help them recover from PTSD. Scope of Work This is expected to provide continued survey development services specified below. The following requirements apply to the Performance Period: Survey/Feature Requirements "Unlimited surveys "Minimum 25,000 responses (PE requires 20,000+ per year) "Skip logic "Common off-the-shelf item templates "Custom item banks with the capability to include multiple response options within the same row "Piping of participant and user response data "Validated and non-validated surveys "Real-time variable calculations "Interactive maps/graphics "Survey summary page and email feature (for participants to send themselves a summary of responses) Developer Requirements "Develop and administer surveys without requiring specialized skill (most users will have limited knowledge of html) "Keep track of participant responses in real-time and have the capability to send pre-programmed automated reminders. These capabilities that we require of the vendor, but the product/data is used, accessed and monitored by VA employees. The developer provides the product capabilities, we perform the tasks using their product. "Track participants across time for longitudinal studies and/or automate some portion of multiple survey launch dates based on prior participant responses "Download participant data in one of several formats (SPSS syntax, Excel, text, html) with variable and response option labels included if desired. VA currently has a site license with SPSS. "At participant request, edit or delete entire entries or responses to individual items submitted in error prior to downloading "Summarize participant data in tables or graphical displays without downloading "Access to unlimited, ongoing end-user technical support System/VA Requirements "Storage of participant data on secure servers "Option to store participant data on VA secure servers Place of Performance Place of performance shall be provided at the Contractor's site within the Continental United States. Section 1: General Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). Section 2: Access to VA Information and Info Systems Contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Section 3: Custodial Language VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor's information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA's information is returned to the VA or destroyed in accordance with VA's sanitization requirements. VA reserves the right to conduct on-site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. Section 4: (If Applicable) Info System Design and Development NA Section 5: Info System Hosting For information systems that are hosted, operated, maintained, or used on behalf of VA at non-VA facilities, contractors/subcontractors are fully responsible and accountable for ensuring compliance with all HIPAA, Privacy Act, FISMA, NIST, FIPS, and VA security and privacy directives and handbooks. This includes conducting compliant risk assessments, routine vulnerability scanning, system patching and change management procedures, and the completion of an acceptable contingency plan for each system. The contractor's security control procedures must be equivalent, to those procedures used to secure VA systems. A Privacy Impact Assessment (PIA) must also be provided to the COTR and approved by VA Privacy Service prior to operational approval. All external Internet connections to VA's network involving VA information must be reviewed and approved by VA prior to implementation. Adequate security controls for collecting, processing, transmitting, and storing of Personally Identifiable Information (PII), as determined by the VA Privacy Service, must be in place, tested, and approved by VA prior to hosting, operation, maintenance, or use of the information system, or systems by or on behalf of VA. These security controls are to be assessed and stated within the PIA and if these controls are determined not to be in place, or inadequate, a Plan of Action and Milestones (POA&M) must be submitted and approved prior to the collection of PII. The contractor/subcontractor's system must adhere to all FISMA, FIPS, and NIST standards related to the annual FISMA security controls assessment and review and update the PIA. Any deficiencies noted during this assessment must be provided to the VA contracting officer and the ISO for entry into VA's POA&M management process. The contractor/subcontractor must use VA's POA&M process to document planned remedial actions to address any deficiencies in information security policies, procedures, and practices, and the completion of those activities. Security deficiencies must be corrected within the timeframes approved by the government. Contractor/subcontractor procedures are subject to periodic, unannounced assessments by VA officials, including the VA Office of Inspector General. The physical security aspects associated with contractor/subcontractor activities must also be subject to such assessments. If major changes to the system occur that may affect the privacy or security of the data or the system, the C&A of the system may need to be reviewed, retested and re-authorized per VA Handbook 6500.3. This may require reviewing and updating all of the documentation (PIA, System Security Plan, Contingency Plan). The Certification Program Office can provide guidance on whether a new C&A would be necessary. The contractor/subcontractor must conduct an annual self-assessment on all systems and outsourced services as required. Both hard copy and electronic copies of the assessment must be provided to the COTR. The government reserves the right to conduct such an assessment using government personnel or another contractor/subcontractor. The contractor/subcontractor must take appropriate and timely action (this can be specified in the contract) to correct or mitigate any weaknesses discovered during such testing, generally at no additional cost. All electronic storage media used on non-VA leased or non-VA owned IT equipment that is used to store, process, or access VA information must be handled in adherence with VA Handbook 6500.1, Electronic Media Sanitization upon: (i) completion or termination of the contract or (ii) disposal or return of the IT equipment by the contractor/subcontractor or any person acting on behalf of the contractor/subcontractor, whichever is earlier. Media (hard drives, optical disks, CDs, back-up tapes, etc.) used by the contractors/subcontractors that contain VA information must be returned to the VA for sanitization or destruction or the contractor/subcontractor must self-certify that the media has been disposed of per 6500.1 requirements. This must be completed within 30 days of termination of the contract. Section 6: Security Incident Investigation The C&A requirements do not apply and a Security Accreditation Package is not required. The term "security incident" means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor's notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. Section 7: Data Breach This is a low risk area as there is no PII, such as full name, social security number, date of birth, home address, account number, nor disability codes. Section 8: Security Controls Compliance Testing On a periodic basis, VA, including the Office of Inspector General, reserves the right to evaluate any or all of the security controls and privacy practices implemented by the contractor under the clauses contained within the contract. With 10 working-days' notice, at the request of the government, the contractor must fully cooperate and assist in a government-sponsored security controls assessment at each location wherein VA information is processed or stored, or information systems are developed, operated, maintained, or used on behalf of VA, including those initiated by the Office of Inspector General. The government may conduct a security control assessment on shorter notice (to include unannounced assessments) as determined by VA in the event of a security incident or at any other time. Section 9: Training All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior. Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; Successfully complete the appropriate VA privacy training and annually complete required privacy training; and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document - e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal INSTRUCTIONS TO OFFERORS Only electronic offers will be accepted. Offers are due to David.Yee@va.gov 3:00 PM PDT June 17 2014 FAR 52.211-6 Brand Name or Equal (Aug 1999) (a) If an item in this solicitation is identified as "brand name or equal," the purchase description reflects the characteristics and level of quality that will satisfy the Government's needs. The salient physical, functional, or performance characteristics that "equal" products must meet are specified in the solicitation. (b) To be considered for award, offers of "equal" products, including "equal" products of the brand name manufacturer, must- (1) Meet the salient physical, functional, or performance characteristic specified in this solicitation; (2) Clearly identify the item by- (i) Brand name, if any; and (ii) Make or model number; (3) Include descriptive literature such as illustrations, drawings, or a clear reference to previously furnished descriptive data or information available to the Contracting Officer; and (4) Clearly describe any modification the offeror plans to make in a product to make it conform to the solicitation requirements. Mark any descriptive material to clearly show the modification. (c) The Contracting Officer will evaluate "equal" products on the basis of information furnished by the offeror or identified in the offer and reasonably available to the Contracting Officer. The Contracting Officer is not responsible for locating or obtaining any information not identified in the offer. (d) To the maximum extent practicable, offerors are encouraged to respond to this solicitation using pre-existing materials (such as brochures, catalogs, marketing documents) rather than creating new documents. (e) Offerors shall annotate the salient characteristics listed above to indicate the location of the relevant information used to meet the specification (document name and page number). (f) Unless the offeror clearly indicates in its offer that the product being offered is an "equal" product, the offeror shall provide the brand name product referenced in the solicitation. (End of provision) 52.212-2 EVALUATION--COMMERCIAL ITEMS (JAN 1999) (a) The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factor shall be used to evaluate offers: 1.Meeting the salient characteristics in the Scope of Work above. The Government will award to the lowest price, technically acceptable offeror. (b) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award. (End of Provision) ADDITIONAL SOLICITATION PROVISIONS/CONTRACT CLAUSES: FAR 52.252-2 Clauses Incorporated by Reference (Feb 1998) For the purpose of this clause, the fill-ins are http://www.acquisition.gov/far/index.html and http://www1.va.gov/oamm/oa/ars/policyreg/vaar/index.cfm, respectively. FAR 52.212-4 Contract Terms and Conditions -- Commercial Items (May 2014). FAR 52.212-5 Contract Terms and Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items (May 2014) For the purposes of this clause, items (b) 4, 8, 14, 25, 28, 29,30,31,33, 40,41,44,45, and 51 are considered checked and apply. FAR 52.227-14(d) (1). VAAR 852.203-70 Commercial Advertising (Jan 2008) VAAR 852.211-70 Service Data Manuals (Nov 1984) VAAR 852.211-73 Brand Name or Equal (Jan 2008) VAAR 852.252-70 Solicitation provisions or clauses incorporated by reference ( Jan 2008) VAAR 852.273-76 Electronic Invoice Submission (Interim - October 2008) FAR 52.252-1 Solicitation Provisions Incorporated by Reference (Feb 1998) For the purpose of this provision, the fill-ins are http://www.acquisition.gov/far/index.html and http://farsite.hill.af.mil/vfvara.htm, respectively. FAR 52.212-1 Instructions to Offerors - Commercial Items (Jun 2008). FAR 52.212-3 Offeror Representations and Certifications -- Commercial Items (Apr 2011): Offerors must return this provision with their proposal. They may either (1)complete all relevant portions of the provision or (2) complete paragraph (b) of the provision and indicate that it has completed official representations and certifications online at https://www.sam.gov FAR 52.232-38 Submission of Electronic Funds Transfer Information with Offer (May 1999)
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VANCHCS/VANCHCS/VA26114Q0593/listing.html)
 

Document(s)

Attachment
 

File Name: VA261-14-Q-0593 VA261-14-Q-0593.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1420826&FileName=VA261-14-Q-0593-000.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1420826&FileName=VA261-14-Q-0593-000.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Place of Performance

Address: VA Palo Alto Healthcare System;3801 Miranda Ave.;Palo Alto;California

Zip Code: 94304-1290
 

Record

SN03391780-W 20140613/140611234852-d95cb51681bc21459d05fe71274f61ab (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |