Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF JULY 29, 2018 FBO #6092
DOCUMENT

S -- Security Guard for Appleton CBOC, Green Bay HCC and Cleveland CBOC - Attachment

Notice Date

7/27/2018
 

Notice Type

Attachment
 

NAICS

561612 — Security Guards and Patrol Services
 

Contracting Office

Department of Veterans Affairs;Great Lakes Acquisition Center (GLAC);115 S 84th Street, Suite 101;Milwaukee WI 53214-1476
 

ZIP Code

53214-1476
 

Solicitation Number

36C25218Q9733
 

Response Due

8/1/2018
 

Archive Date

8/6/2018
 

Point of Contact

Frederick C Weddington III
 

Small Business Set-Aside

Veteran-Owned Small Business
 

Description

1 SECURITY GUARD PROCUREMENT SOURCES SOUGHT SYNOPSIS FOR SMALL BUINSESSES ONLY. The Department of Veterans Affairs is issuing this sources sought synopsis as a means of conducting market research to identify Veteran Owned Small Business parties having an interest in and the resources to support a requirement for professional and courteous, uniformed and unarmed Security Guard services for the Department of Veterans Affairs (VA) Northeast Wisconsin Ambulatory Care Clinics (Green Bay HCC, Appleton VA CBOC and Cleveland VA CBOC. The result of this market research will contribute to determining the method of procurement. The applicable North American Industry Classification System (NAICS) code assigned to this procurement is 561612 Security Guards and Patrol services. THERE IS NO SOLICITATION AT THIS TIME. This request for capability information does not constitute a request for proposals; submission of any information in response to this market survey is purely voluntary; the government assumes no financial responsibility for any costs incurred. Requirements: Coverage: The Contractor shall provide Security Guard services to ensure coverage for the periods stated in the Price/Cost Schedule and as noted in this Statement of Work. Security Guard Normal Hours of Coverage: Appleton Number of Guards Bldg 1 Period of Coverage Number of Guards Bldg 2 Period of Coverage Sunday 0 0 Monday 1 6:00AM -7:00 PM 1 6:00AM -7:00 PM Tuesday 1 6:00AM -7:00 PM 1 6:00AM -7:00 PM Wednesday 1 6:00AM -7:00 PM 1 6:00AM -7:00 PM Thursday 1 6:00AM -7:00 PM 1 6:00AM -7:00 PM Friday 1 6:00AM -7:00 PM 1 6:00AM -7:00 PM Saturday 1 7:30AM -1:00 PM 0 Holiday 0 0 Cleveland Number of Guards Period of Coverage Sunday 0 Monday 1 Patrol at CBOC a minimum of two hours a week between 8:00AM -4:30PM Tuesday 1 Wednesday 1 Thursday 1 Friday 1 Saturday Holiday 0 Green Bay Number of Guards Period of Coverage Sunday 0 Monday 1 6:00AM -6:00 PM Tuesday 1 6:00AM -6:00 PM Wednesday 1 6:00AM -6:00 PM Thursday 1 6:00AM -6:00 PM Friday 1 6:00AM -6:00 PM Saturday 1 7:30AM -1:00 PM Holiday 0 If additional services are required outside of the hours of coverage specified herein, the Contractor must receive prior written approval from the Contracting Officer (CO) via contract modification. Any additional services performed by the Contractor without this authorization will be performed at no additional cost to the Government. Per hour prices for such additional services shall be at the same rate as prices charged in the contract during each respective period of performance. If an emergency situation should arise, a verbal approval can be obtained from the CO, however, the Contractor must submit a written proposal for such additional work to the CO within twenty-four (24) hours of the commencement of these additional services. If accepted, a modification will be issued to the Contractor and the contract price shall be adjusted accordingly. All emergencies must be reported to the VA Police supervisor or designee and the Contracting Officer s Representative (COR) on-site. The Contractor is not required to provide service on the following holidays, nor will the Contractor be paid for these holidays. The following holidays are observed by the Federal Government: New Year s Day January 1st Martin Luther King s Birthday Third Monday in January President s Day Third Monday in February Memorial Day Last Monday in May Independence Day July 4th Labor Day First Monday in September Columbus Day Second Monday in October Veterans Day November 11th Thanksgiving Day 4th Thursday in November Christmas Day December 25th Personnel: Contractor personnel performing services under this contract shall have no criminal record. Contractor employees shall be subject to a background investigation as further defined in this Statement of Work (see Paragraph 21). Contractor employees shall not commence work until the Contracting Officer receives notification that the investigation has been initiated. The Contractor shall bear the expense of obtaining this background investigation for each Contractor employee performing services under this contract. A favorable adjudication must be received in order for a Contractor employee to continue performance. The parties agree that Contractor personnel working under this contract shall not be considered VA employees for any purpose and shall be considered employees of the Contractor Guards must be capable of being bonded and the successful Contractor shall provide proof of bonding prior to the commencement of services. Each employee shall be given a physical examination at no additional cost to the Government, and medical certification attesting to the final results of this examination shall be furnished to the Contracting Officer on Standard Form 78 at least five (5) days prior to assignment of the employee to duty. All Contractor employees providing services specified under this contract must undergo a psychological assessment at no additional cost to the Government. This psychological assessment must be carried out in accordance with accepted professional standards by a physician or licensed practitioner authorized to conduct such examinations. For detailed policy, see the Federal Personnel Manual, Chapter 330, Medical Qualification Determinations. These Security Guard duties will include personal encounters with patients, visitors, and employees of the Government. Encounters are often with mentally ill, irrational or disturbed persons, who, even if behaving in an assaultive or destructive manner, must be handled with understanding, full control of force, and unimpeded judgment. Personnel with emotional and/or mental condition(s), which could result in a hazard to self or others, shall not be allowed to perform services under this contract. In addition, Contractor employees shall undergo annual physical and psychological examination at no additional cost to the Government and these results shall be provided to the Contracting Officer and COR. The Contractor shall assign a Point of Contact (POC) for the purpose of ensuring compliance with all provisions of this contract. The Contractor POC shall be available to report on site if requested and have the ability to address performance issues. Qualification Requirements of Contractor Personnel: Supervisor: The Contractor shall provide a supervisor on site for weekly inspections and problem corrections. In addition, the Supervisor shall be available for direct communication with Security Guard(s) on duty during their entire shift. Supervisors shall have a background with a minimum of two (2) years of successful experience in field supervision (civil community law enforcement, military service law enforcement or security, commercial or industrial guard service or security). The Contractor shall provide the name(s), telephone number(s), and addresses of the on-site or in-field supervisor, in writing, to the Contracting Officer prior to performance under this contract. The term "on-site supervisor" means a person designated, in writing, by the Contractor, who has authority to act, for the Contractor, on a day-to-day basis at the worksite or vicinity. Supervisors will monitor the hours of duty of personnel to ensure compliance with the requirements of this contract. Field Supervisors must periodically visit the VA Facility. The payments for leave, including sick leave or vacation time, are the responsibility of the Contractor. The Contractor shall provide the level of supervision to ensure that employees are properly performing all duties as specified in accordance with the contract. The on-site or in-field supervisor shall assure that Security Guard(s): Are in uniform and present a neat appearance; Maintain a continued state of proper training; Possess the necessary permits, authority, etc.; Maintain continued liaison with the COR or designated alternate Documentation is accurate Security Guards Minimum Qualification Standards: Education / Experience: Must possess a high school diploma or equivalency. Must demonstrate the ability to read, understand and apply printed rules, detailed orders, instruction, and training materials. Must have the ability to construct and write clear, concise, accurate and detailed reports. Must be literate in English to the extent of reading and understanding printed regulation, detailed written orders, training instruction and material, and shall be able to compose reports which convey complete information in a clear and concise manner. Must have the ability to maintain poise and self-control under stress. Must have the ability to meet and deal with the general public in a professional manner.                                               Health and Physical Fitness Requirements: Be capable of detaining person(s) while VA Police or Local Police are notified and are able to report to the scene. Possess binocular vision correctable to 20/30 (Snellen). Be free of color blindness. Be capable of hearing ordinary conversation at 15ft with either ear without the benefit of a hearing aid. Be physically able to perform all general duties, functions, and activities as described in this Statement of Work. Be free of any communicable diseases. Have documented tuberculosis testing (TB) every two years. Must have tested as TB-free prior to starting work on this contract. Be in good general health without physical defects or abnormalities, which would interfere with the performance of these duties. May be subject to urinalysis to screen for illegal drug use on a random basis. Government-Furnished Property and Services: The following resources shall be provided to the Contractor for their use: Standard Operation Procedures (SOP): Copies of the SOP s for VA facilities will be available at the duty post and shall contain complete duty instructions for the post and include instructions for emergency and other procedures. SOP shall not be removed from Government property, or reproduced or copied in any manner unless properly authorized by the Contracting Officer. VA reserves the right to update the SOP as required by regulations, policies, procedures or Executive Orders issued by the President of the United States. Most changes should be minor in nature and have no impact on the terms and conditions of this contract. In the event of major changes, the Contracting Officer shall address the issues in writing to the Contractor. As far as possible the Contractor s staff shall implement any change immediately and address any conflicts or issues through the Contractor to the Contracting Officer. Guard Area: The guard will be provided a workspace. Security Equipment: Currently the Green Bay HCC and Appleton Bldg 1 CBOC has intrusion, motion sensors, fire alarm, and panic button systems. The Cleveland CBOC has fire and panic button system. The Appleton Bldg 2 CBOC has panic button system. Communications: A telephone will be available for the Contractor s staff to use to fulfill the requirements of this contract. The use of the telephones for other than VA related business is prohibited and may be grounds for removal of the Contractor personnel. In addition, the Security Guard(s) will have access to VA Police radios and two way radios to communicate with VA Police and designated staff within the building. Keypad: The VA currently operates a keypad system to control the fire and intrusion alarms at Green Bay HCC and Appleton Bldg 1 CBOC. A unique pass code shall be issued to the Contractor s staff members providing services under this contract. The unique pass code shall not be shared or disclosed to any other party for any reason. Contractor-Furnished Property and Supplies: The Contractor shall furnish and maintain in acceptable condition, all uniform items, equipment and supplies necessary to perform the services required of this contract (except for the items listed in Paragraph 4 above). A partial listing of these items is provided below. This listing is not all-inclusive. Communication Equipment: The Contractor shall provide a separate two way communication system (radio or cell phone) to communicate with the other Security Guard on duty (when applicable) and their supervisor/the Contractor. Uniforms: Contractor personnel shall wear professional uniforms at all times while in the performance of his/her duties. The color of the Contractor s guard force uniforms shall be a color in general use by large guard or police organizations. All Contractor employees performing services under this contract shall wear the same color and style of uniform. Appropriately lettered breast and cap badges, indicating the jurisdiction from which authority is obtained, shall be worn as part of the uniform (providing such authority is grantable under state and local laws). Shoulder patches lettered to indicate the identity of the Contractor shall be worn on the left shoulder of the uniform jacket and shirt. Identification nametags shall be worn over the right breast shirt pocket. No other identification of the Contractor or employee shall be worn or displayed on the uniform, with the exception of the VA ID badge. Vehicle: Contractor shall provide a vehicle to allow for security guard to travel between the three VA facilities. Security Guard Duties: Assignments may include but are not limited to the following: Observation: Observe suspicious personnel or personnel behaving inappropriately, showing hostility, and/or possibly carrying weapons. Monitor potentially unauthorized personnel (e.g., children unaccompanied by adults, or solicitors). Assistance: Assist VA Police and VA personnel with incapacitated patients as needed. Customer Service: Meet and interact with the general public in a manner that promotes a positive image of the VA. Maintain poise and self control under stress. Keep conversations with visitors to the facility cordial and brief. Security Guards shall not allow personal conversation or activity interrupt patrol movement. Emergencies: In the case of an emergency, the Security Guard shall respond in accordance with the SOP, VA provided training and the Contractor s provided training. Security Guards shall remain calm and professional in emergency situations. If the Security Guard that responds to an emergency situation is required to leave their post in order to comply with VA or Law Enforcement directives, the time away from the duty post will not be considered as a failure of the Contractor to provide services. Inspections: Perform package inspection when required. Sign for incoming packages and letters delivered to the clinic (UPS, FedEx, US Mail, etc.). Building/Grounds Surveillance: Serve at fixed posts or patrol assigned areas on foot or by vehicle. Conduct patrols in accordance with VA training and direction. Maintain an operations journal, documenting all security related activity. Maintain visitor logs. See Paragraph 20 on Records Management requirements. In addition, Security Guards are responsible for raising and lowering the United States Flag. The United States Flag (and other flags, as authorized) shall be flown as directed by MP-1, Part I, Chapter 8. Note: Cleveland CBOC will be patrolled at least two hours a week between 8-430pm. Traffic: Direct traffic (vehicle and/or pedestrian), control parking, and issue courtesy violation notices, etc., as trained by VA. Security and fire systems: Monitor, operate, test and report incidents with the (to appropriate personnel) building fire alarm and intrusion detection systems and other protection devices or building equipment. Make necessary notifications to appropriate Fire Department, Law Enforcement agency, VA Police Supervisor and NEWAC Administrator, should an alarm be received or fail. Conduct monthly alarm inspections and maintain reports. Control desk: Security guards maybe assigned control desk duties; ie., monitoring various alarm systems, computer security camera systems, and telephone and radio networks. Guards serving at the control desk relay messages, maintain logs, and assist in dispatching personnel and equipment to meet emergency situations. Building rules and regulations: Observe building occupants and visitors for compliance with posted rules and regulations. Report issues to the VA Police Supervisor or COR and file a report regarding the incident. Lost and found: Receive, issue receipt, and store found articles pending disposition using established VA Form. Law and order: Maintain law and order within the areas of assignment. Unauthorized access: Discover and detain persons attempting to gain unauthorized access to the property. Hazardous conditions: Report daily, in accordance with the procedures in the Standard Operating Procedures, potentially hazardous conditions and items in need of repair, including inoperative lights, leaky faucets, toilet stoppages, broken or slippery floor surfaces, etc. Additional duties: Turn off unnecessary lights, open and secure doors, ensure sensitive recycling containers are secured, etc. Reports and records: Maintain VA forms necessary to document daily or special events as trained. Prepare required reports at the frequency indicated. Perform routine clerical duties associated with this position. See Paragraph 20 on Records Management requirements. Civil disturbances: Perform other functions as necessary to assist in the event or occurrence of situations that adversely affect the security and safety of the Government, its employees, its property and the general public, such as, civil disturbances or other criminal acts. Injury or illness: In the event of injury or illness to Government employees or others while in the building or on VA Grounds, obtain professional assistance in accordance with procedures outlined in the SOP. Other: Security Guard(s) shall be present at the VA facility and shall perform the required services for the period specified. Invoices shall only be paid for actual hours that Security Guards are present and on duty. The Contractor shall have Security Guard(s) at the VA Facility at all times during the hours of coverage as listed herein. Contractor Furnished Training: The Contractor shall submit, to the Contracting Officer, written certification that each Contractor employee has been trained in the subject areas outlined in paragraph 7 (c) prior to assignment under this contract. In addition, the Contractor shall submit, to the Contracting Officer, written certification that each Contractor employee completed the items in paragraph 7(b), within the timeframes specified. For replacement or new employees, documentation of prior training must be submitted or the individual contract employee must complete the required training before being used in support of this contract. The Contractor shall provide follow-up orientation, for each employee, 14 days after the initial assignment to duty. This orientation may be accomplished while the guards are on duty. The Contractor shall certify the completion of the follow-up orientation, for each guard, to the COR, within 30 days following assignment to duty. The follow-up orientation will include the following subjects and instructional time periods, as well as other subjects, as may be required: General and specific orders for the facility (1 hour); Policy and specific procedures for responding to emergency alarms, bomb threats, incendiary devices in the facility (1-hour); Procedure for operating the security systems with the facility (1 hour); Procedure for and operation of the firefighting equipment within the facility (1 hour); Vehicle traffic and parking control (1 hour); VHA Supplement MP-1, Chapter 2, Change 42 (1 hour); Annually, the Contractor shall provide the following trainings and competencies to their employees and documentation of these shall be provided to the COR. Fire and Safety Infection control Disaster procedures General Privacy Awareness Training The Contractor shall ensure that the staff assigned shall be cognizant of the VA s sexual harassment and drug-free workplace policies. The Contractor may obtain a copy of this information from the COR or Contracting Officer. Identification, Parking, Smoking and Regulations: The Contractor's employees shall wear visible identification at all times while on the premises of the VA.   It is the responsibility of the Contractor to park in the appropriate designated parking areas.   Information on parking is available from the clinic manager.   The VA will not invalidate or make reimbursement for parking violations of the Contractor under any conditions.   Smoking is prohibited on VA property.   Possession of weapons is prohibited.   Enclosed containers, including tool kits, shall be subject to search.   Violations of VA regulations may result in citation answerable in the United States (Federal) District Court, not a local district, state, or municipal court.   Contracting Officer s Representative (COR): The Contractor shall not accept any instructions issued by any other person(s) other than the Contracting Officer. The Government may appoint a COR. If so, a Delegation of Authority letter shall be forwarded to the using service and the Contractor after the contract has been signed, identifying the individual(s) as the COR(s). Changes: The Contractor is advised that only the Contracting Officer, acting within the scope of the contract has the authority to make changes which affect the contract in terms of quality, quantity, price or delivery. In the event the Contractor effects any such change at the direction of any person other than the Contracting Officer, the change shall be considered to have been made without authority and no adjustment shall be made in the contract price to cover any increase in costs incurred as a result thereof. Personnel: The Government reserves the right to accept or reject Contractor s staff for the rendering of services. Complaints concerning Contract Personnel performance or conduct shall be dealt with by the Contractor, and/or the COR with the final decision made by the Contracting Officer. Contractor s Responsibilities: The Contractor shall maintain personal liability and property damage insurance prescribed by the laws of the Federal Government. He/she shall take all precautions necessary to protect persons and property from injury or damage during the performance of this contract. He/she shall be responsible for any injury to himself/herself, his/her employees, or others, as well as for any damage to personal or public property that occurs during the performance of this contract that is caused by him/her or his/her employees fault or negligence. Contractor shall comply with all VA safety standards, manufacturers/industry standards, FDA, OSHA, JCAHO and the latest edition of NFPA-99. Safety and Fire Prevention: In the performance of this contact, the Contractor shall take such safety precautions as necessary to protect the lives and health of the occupants of the building. Fire and safety deficiencies, which exist and are part of the responsibility of the Contractor, shall be immediately corrected. If the Contractor fails or refuses to correct deficiencies promptly, the COR may issue an order stopping all, or any part, of the work. The Contractor shall comply with applicable Federal, State, and local safety and fire regulations and codes, which are in effect during the performance period of the contract. The Contractor personnel shall follow applicable facility policies concerning fire/disaster programs. VA Sensitive Information & Data Security Requirements: Paper, plastic or other similar based media containing VA sensitive data that is not sent to the VA will be properly disposed of by the Contractor by methods such as shredders with no larger than 1/8 inch width cuts and then cross cut. This media will be destroyed such that information may not be retrieved. Media with small print, such as microfilm will be completely destroyed such as to render the information unrecoverable. The Contractor will take due diligence to make sure that VA sensitive information and data that is viewed, faxed or similarly transmitted, or discussed verbally is protected from unapproved disclosure. VA sensitive information and data may not be transmitted across the Internet unencrypted (including email and instant messaging) and must be protected by (VA-VPN) VA Virtual Private Network and/or VA approved encryption process (Example: PKI - Public Key Infrastructure). VA sensitive information may not reside on non-VA systems or devices unless specifically designated and approved as appropriate for the terms of the contract. All systems that store or process VA data will be protected with VA approved encryption (typically FISPS 140-2 compliant). Any security violations or suspected violations shall be immediately reported to the VA Contracting Officer and the assigned VA Information Security Officer (ISO). Security Training: Due to the increased emphasis on privacy and information security, the following special contract requirements are established and hereby made part of the contract entered into with the Department of Veterans Affairs. Privacy Training: Contractor and their sub-contractors assigned work under the task order are required to receive annual training on patient privacy as established by HIPAA statues. Training must meet VHA s and the Department of Health and Human Services Standards for Privacy of Individually-identifiable health information. Contractor shall provide documented proof to the VA upon request that all employees assigned work and/or having access to Protected Health Information have received annual training. Information on fulfilling the training requirement as stated in this paragraph can be found at https://www.tms.va.gov/learning/user/login.jsp. For Contractors and sub-contractors who do not have access to VHA computer systems, this requirement is met by receiving VHA National Privacy Training, other VHA approved privacy training or Contractor furnished training that meets the requirements of the HHS standards. Rules of Behavior for Automated Information Systems: Contractor personnel having access to VA Information Systems are required to read and sign a Rules of Behavior statement, which outline rules of behavior related to VA Automated Information Systems. The COR will provide, through the facility ISO, the Rules of Behavior to the Contractor for the respective facility. VA Information Security Awareness Training: Each Contractor assigned work under the task order is required to receive and document completion of VA training on Information Security. The requirements for fulfilling this provision can be found at https://www.ees-learning.net. Contractor shall provide documented proof to the assigned VA Information Security Officer prior to access being granted, and yearly after that, for all Contractor employees servicing a VA contract. The Contractor shall provide to the Contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. As VA routinely reviews and updates policies and procedures covering Contractor computer access, security requirements may change during the term of this contact and new policies and procedures may be implemented unilaterally during the term of this contract. Access to VA Information and VA Information Systems: A Contractor/subcontrator shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All Contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for Contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. The Contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the Contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the Contractor or subcontractor prior to an unfriendly termination. VA Information Custodial Language: Information made available to the Contractor or subcontractor by VA for the performance or administration of this contract or information developed by the Contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). VA information should not be co-mingled, if possible, with any other data on the Contractor/ subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on-site inspections of Contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, Contractor/subcontractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a Contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The Contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The Contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the Contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. VA Information Custodial Language: Information made available to the Contractor or subcontractor by VA for the performance or administration of this contract or information developed by the Contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). VA information should not be co-mingled, if possible, with any other data on the Contractor/ subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on site inspections of Contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, Contractor/subcontractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a Contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The Contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The Contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the Contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. Liquidated Damages for Data Breach: Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the Contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the Contractor/subcontractor processes or maintains under this contract. The Contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: Nature of the event (loss, theft, unauthorized access); Description of the event, including: date of occurrence; data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; Number of individuals affected or potentially affected; Names of individuals or groups affected or potentially affected; Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; Amount of time the data has been out of VA control; The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); Known misuses of data containing sensitive personal information, if any; Assessment of the potential harm to the affected individuals; Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the Contractor shall be responsible for paying to the VA liquidated damages in the amount of $ 35.00 per affected individual to cover the cost of providing credit protection services to affected individuals. Records Management: The Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government IT equipment and/or Government records. The Government Agency owns the rights to all data/records produced as part of this contract. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of format [paper, electronic, etc.] or mode of transmission [e-mail, fax, etc.] or state of completion [draft, final, etc.]. No disposition of documents will be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records may not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules. Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. Background Investigations: All Contractor employees are subject to the same level of investigation as VA employees who have access to VA Sensitive Information.   The level of background investigation that is commensurate with the level of access needed to complete the requirements of this Statement of Work is NACI.   This requirement is applicable to all subcontractor personnel requiring the same access. The 2016 prices for NACI Investigations are currently $392.00 per investigation. The cost of NACI Investigation(s) for Contractor Employees is the sole responsibility of the Contractor. Upon award, the Contracting Officer shall provide the Contractor with the Contractor Security Procedure Flowchart and Guide 6500.6 Appendix.   The Contractor shall visit the VHA Service Center website to obtain the VHA Service Center (VSC) Security Request Packet, which contains all the forms that the Contractor must fill out. The Contractor shall provide these forms to the Contracting Officer when they are completed, and they will be forwarded on for processing after fingerprinting has been completed. After award, the Contractor can contact the COR for assistance in scheduling an appointment for fingerprinting. If your organization has the potential capacity to perform these contract services, please provide the following information: Organization name, address, email address, Web site address if applicable, telephone number, and type of ownership for the organization Organization size under NAICS code 561612 Tailored capability statements addressing the particular software capabilities listed in detail above and documentation supporting claims of organizational and staff capability. If significant subcontracting or teaming is anticipated in order to deliver technical capability, organizations should address the administrative and management structure of such arrangements. The government will evaluate market information to ascertain potential market capacity to provide services consistent in scope and scale with those described in this notice and otherwise anticipated. BASED ON THE RESPONSES TO THIS SOURCES SOUGHT NOTICE/MARKET RESEARCH, THIS REQUIREMENT MAY BE SET-ASIDE FOR SMALL BUSINESSES, SOLE SOURCED OR PROCURED THROUGH FULL AND OPEN COMPETITION. Telephone inquiries will not be accepted or acknowledged, and no feedback or evaluations will be provided to companies regarding their submissions. Submission Instructions: Interested parties who consider themselves qualified to perform the above-listed services are invited to submit a response to this Sources Sought Notice by 9:00 AM EST on August 1, 2018. All responses under this Sources Sought Notice must be emailed to Frederick.Weddington@va.gov.
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VAGLHS/VAGLHCS/36C25218Q9733/listing.html)
 

Document(s)

Attachment
 

File Name: 36C25218Q9733 36C25218Q9733_1.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4510382&FileName=36C25218Q9733-000.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4510382&FileName=36C25218Q9733-000.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Record

SN05010942-W 20180729/180727231116-f28903cc83796bd98695a2746d10b441 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |