Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MARCH 01, 2018 FBO #5942
DOCUMENT

R -- RiskVision Maintenance and Technical Support - Attachment

Notice Date
2/27/2018
 
Notice Type
Attachment
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
Department of Veterans Affairs;Technology Acquisition Center;23 Christopher Way;Eatontown NJ 07724
 
ZIP Code
07724
 
Solicitation Number
36C10B18R2675
 
Response Due
1/30/2018
 
Archive Date
4/28/2018
 
Point of Contact
Joseph.Pignataro@va.gov
 
E-Mail Address
joseph.pignataro@va.gov
(joseph.pignataro@va.gov)
 
Small Business Set-Aside
N/A
 
Award Number
36C10B18C2636
 
Award Date
2/27/2018
 
Awardee
OASYS INTERNATIONAL CORPORATION;1750 TYSONS BLVD STE 1500;MC LEAN;VA;22102
 
Award Amount
$1,704,153.24
 
Description
RiskVision Maintenance and Technical Support Control Number TAC-18-48093 1 JUSTIFICATION FOR OTHER THAN FULL AND OPEN COMPETITION 1. Contracting Activity: Department of Veterans Affairs (VA) Office of Procurement, Acquisition and Logistics Technology Acquisition Center 23 Christopher Way Eatontown, New Jersey 07724 2. Description of Action: The proposed action is for a sole source, firm-fixed-price (FFP) contract with Oasys International to procure software maintenance and technical support services for the brand name Agiliance RiskVision Open Governance Risk and Compliance (GRC) tool. 3. Description of the Supplies or Services: VA requires software maintenance and technical support services to ensure the RiskVision OpenGRC tool remains operational. The RiskVision OpenGRC tool (RiskVision) serves as the enterprise-wide application for collecting and inventorying over one million information technology assets used by over 4,000 VA employees. VA currently utilizes RiskVision to support critical operational information security services across all VA systems and facilities. RiskVision allows users to monitor the security status of systems, protects sensitive Veteran information, and provides mechanisms to remediate vulnerabilities. No new software or licenses will be procured under this action. VA is in the process of replacing RiskVision with a Government off the Shelf solution entitled Enterprise Mission Assurance Support Service (eMASS). However, implementation of eMASS is not anticipated for at least 12 months. Delays of implementing eMASS were due to capturing emerging requirements that were recently discovered and needed to be captured. The required software maintenance and support services on the existing RiskVision tool are currently being provided through a stand-alone contract with Oasys International which expires on January 27, 2018. Considering the new solution will not be implemented for at least 12 months, a sole source, follow-on contract with Oasys International is required to continue support and maintenance on the RiskVision tool. The required services include project management, application software maintenance, configuration enhancements, workflow implementation, and help desk support. The period of performance will include a 12 month base period, and two 6 month option periods. The total estimated value of the proposed action inclusive of the option periods is $ 4. Statutory Authority: The statutory authority permitting other than full and open competition is Section 41 U.S.C. 3304(a)(1) as implemented by the Federal Acquisition Regulation (FAR) Subpart 6.302-1 entitled, Only One Responsible Source and No Other Supplies or Services Will Satisfy Agency Requirements. 5. Rationale Supporting Use of Authority Cited Above: The proposed source for this action is Oasys International, and verified Service Disable Veteran Owned Small Business (SDVOSB). Based on market research as described in paragraph 8 of this document, it was determined that no competition is available for this procurement. Oasys International was awarded the current contract on January 28, 2015 on a competitive basis among certified service partners of Agiliance. Agiliance, Inc. is the Original Equipment Manufacturer (OEM) of RiskVision. Agiliance System Engineers or Agiliance s certified service partners are the only sources that can provide software maintenance and support services for the RiskVision tool due to proprietary data constraints. Access to this data is also required to ensure all the services provided are properly configured. Furthermore, Agiliance approved certified service partners are given specialized training and access to the Agiliance proprietary data which shows the complex software architecture inner workings and the unique coding environment which is critical to provide software maintenance and support services on the RiskVision OpenGRC tool.   Not utilizing an Agiliance certified service partner would invalidate the current VA enterprise license and violate Agiliance s proprietary rights, and would put VA at risk of deploying capabilities not supported by Agiliance, impacting software capabilities and manufacturer warranties. Additionally, RiskVision was deployed with software connectors that are implemented with Agiliance proprietary data. These connectors are proprietary in nature as they are developed in partnership with the certified service partners. Every GRC commercial product has data connectors that are proprietary to their tool. Therefore, utilizing a non- certified service partner would require additional VA and contractor support services to re-engineer the unique data connectors and reprocess over 250 application Authority-to-Operate determinations already processed in RiskVision. Doing so would require dismantling the RiskVision tool and redeveloping a completely new GRC tool from the initial prototype stage at a duplicated cost that would exceed $15 million and take over three years to accomplish. Based on the above information, the Government s technical experts concluded that only Agiliance certified service partners have the required access to maintain RiskVision OpenGRC and provide associated services in order to preserve the warranties and ensure critical security updates are provided to the Government. Furthermore, as the contractor currently providing the maintenance and support, Oasys was required to develop proprietary capabilities that support VA s deployment of the RiskVision GRC tool. Specifically, VA required unique and custom connector scripts to be developed (coded) to allow for the collection, aggregating, and reporting of critical security data associated with assets inventoried in Risk Vision. These custom connector scripts are separate from the aforementioned connectors that were implemented as part of Agiliance s commercial RiskVision offering. RiskVision contains technical connectors for commercial companies that serve a security purpose; however, VA required additional VA specific custom connectors to be developed by Oasys separate and apart from the RiskVision connectors. These custom connectors were coded, compiled, and deployed by Oasys to support VA specific use cases, including those associated with eMASS, Veterans Administration Systems Inventory  (VASI), and Nessus Enterprise Web Tool (NEWT), among others. No other resellers have these connectors. The custom connectors contain source code that is proprietary to Oasys, and therefore, neither Agiliance system engineers or other Agiliance certified service partners can access these custom connectors which is required to perform the required maintenance and technical support services; specifically the collection, aggregation, and reporting of critical security data. Having to bring on any other maintenance provider, including resellers of RiskVisions items, would require additional VA and contractor support services to re-engineer and implement new custom data connectors with a development and implementation timeframe of up to twelve months at an additional duplicated cost in excess of $1.9M. This estimate is based on previous efforts to develop these scripts. As a result, Oasys is the only company that is capable of providing continued software maintenance and technical support services on the RiskVision Tool for the next 12 to 24 months while implementation of eMASS as the replacement solution is complete. 6. Efforts to Obtain Competition: Market research was conducted, details of which are in the market research section of this document. No competition is anticipated. In accordance with FAR 5.201, the proposed action will be synopsized on the Federal Business Opportunities Page (FBO) and this justification will also be made publicly available within 14 days after contract award in accordance with FAR 6.302-1(c). Any responses received from the synopsis posting will be evaluated. 7. Actions to Increase Competition: Future acquisitions for RiskVision maintenance and support are not anticipated. RiskVision is in the process of being replaced by eMASS. The current planned timeline for eMASS implementation has an initial operating capability scheduled for July 2018 with full operating capability scheduled for October 2018. If this planned schedule is maintained, decommissioning activites on the RiskVision tool will take place between October 2018 and January 2019. Two 6-month options periods are being included to accommodate any potential slippages to this planned schedule. 8. Market Research: Market research was conducted in December 2017 and January 2018 to determine if the required software maintenance and technical support services for the RiskVision OpenGRC tool can be performed by other service providers. The market research consisted of a review of the capabilities of other services providers in the market including other authorized resellers of RiskVision such as Three Wire Systems and Merlin International. The results of the analysis confirmed that only Agiliance certified service partners have the specific access to the Agiliance proprietary software architectures and the unique coding environment to provide the necessary software maintenance and support services. Further, the market research confirmed that the custom connectors developed by Oasys under the current effort contain proprietary source code that only Oasys can access. These custom connectors are essential to maintain and support the RiskVision tool as they provide for the collection, aggregation, and reporting of critical security data associated with assets inventoried in Risk Vision. No other source, including Three Wire Systems or Merlin International, has the required connectors out of the box, and would therefore have to develop and implement new custom connectors in order to effectively maintain and support the RiskVision tool. As a result, the market research confirmed that Oasys is the only service provider capable of meeting the Government s requirements for this effort. 9. Other Facts: None. 10. Technical and Requirements Certification: I certify that the supporting data under my cognizance, which are included in this justification, are accurate and complete to the best of my knowledge and belief. Date: ______________________ Director, Certification Program Office Signature:__________________ 11. Fair and Reasonable Cost Determination: I hereby determine that the anticipated price to the Government for this contract action will be fair and reasonable based on comparison of proposed prices received in response to the solicitation and comparison to the Independent Government Cost Estimate. Date: ______________________ Procuring Contracting Officer Signature: ______________________ 12. Procuring Contracting Officer Certification: I certify that this justification is accurate and complete to the best of my knowledge and belief. Date: ______________________ Procuring Contracting Officer Signature: ______________________ Approval In my role as procuring activity Advocate for Competition, based on the foregoing justification, I hereby approve the acquisition of software maintenance and support services for brand name Agiliance RiskVision Open GRC tool, on an other than full and open competition basis pursuant to the statutory authority cited in paragraph 4 above, subject to availability of funds, and provided that the property and services herein described have otherwise been authorized for acquisition. Date: ____________ Signature: _________________________________ Advocate for Competition Technology Acquisition Center Office of Procurement, Acquisition and Logistics JUSTIFICATION Justification For Other Than Full and Open Competition Date Concur/Non-Concur Director, Procurement Services E Technology Acquisition Center Office of Procurement, Acquisition and Logistics Department of Veterans Affairs
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/ae43da7048a6d4f7f695e1188e673b35)
 
Document(s)
Attachment
 
File Name: 36C10B18C2636 36C10B18C2636_1.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4112012&FileName=36C10B18C2636-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4112012&FileName=36C10B18C2636-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN04836683-W 20180301/180227231711-ae43da7048a6d4f7f695e1188e673b35 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.