Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 21, 2018 FBO #6146
DOCUMENT

65 -- Ortho/Spine Navigation and C-Arm 3D Imaging System - Attachment

Notice Date

9/19/2018
 

Notice Type

Attachment
 

NAICS

334517 — Irradiation Apparatus Manufacturing
 

Contracting Office

Department of Veterans Affairs;Network Contracting Office;NCO 19;6162 South Willow Drive, Suite 300;Greenwood Village CO 80111
 

ZIP Code

80111
 

Solicitation Number

36C25918Q9947
 

Response Due

9/25/2018
 

Archive Date

11/24/2018
 

Point of Contact

Kurt Tanny
 

Small Business Set-Aside

Service-Disabled Veteran-Owned Small Business
 

Description

Request for Quote (RFQ) #: 36C25918Q9947 Ortho/Spine Navigation & C-Arm 3D Imaging System This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. The Government reserves the right to make no award from this solicitation. * The deadline for all questions is 1:00pm EST, Friday, 9/21/2018 All questions must be submitted in writing no later than the question cut-off date marked above. All questions will be answered officially through an amendment to the solicitation. ** Quotes are to be provided to kurt.tanny@va.gov no later than 4:00pm EST, 9/25/2018. Quotes shall not be hand carried. Faxed quotes shall not be accepted. Emailed quotes are the only method of submitted quotes (4MB per email limit). The Government reserves the right to make award solely on initial Quotes received. Offerors bear the burden of ensuring that all portions of the offer (and any authorized amendments) reach the designated office before the deadline specified in the solicitation. This RFQ shall be completed in its entirety, and signed and dated, failure shall not be considered for award. This is a Request for Quote (RFQ) and the solicitation number is 36C25918Q9947. The government anticipates awarding a firm-fixed price contract resulting from this solicitation. This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular (FAC) 2005-100 effective August 22nd, 2018. The North American Industrial Classification System (NAICS) code for this procurement is 334517 with a small business size standard of 1000 employees. This solicitation is a 100% set-aside for service disabled veteran-owned small businesses. List of Line Items; ITEM # DESCRIPTION OF SUPPLIES/SERVICES QTY UNIT UNIT PRICE AMOUNT 0001 Description; Platform - Navigation Station Make/Model Equivalent; BRAINLAB CURVE NAVIGATION STATION (19901) 1 EA _____________ _____________ 0002 Description; Platform Software Navigation Station Make/Model Equivalent; BRAINLAB ORIGIN DATA MANAGEMENT (30038) 1 EA _____________ _____________ 0003 Description; Image viewing, Manipulation and Data Enrichment Software Twelve (12) month period of services to commence after acceptance of system install/go-live Make/Model Equivalent; BRAINLAB ELEMENTS VIEWER 3D SUBSCRIPTION (26388); ELEMENTS IMAGE FUSION SUBSCRIPTION (26217) 12 MO _____________ _____________ 0004 Description; Spine Navigation Subscriptions Twelve (12) month period of services to commence after acceptance of system install/go-live Make/Model Equivalent; BRAINLAB NAVIGATION SOFTWARE SPINE & TRAUMA 3D SUBSCRIPTION (26509); REGISTRATION SOFTWARE FLUORO 3D SUBSCRIPTION (26517); REGISTRATION SOFTWARE CT-SURFACE MATCHING SUBSCRIPTION (26513); FLUORO 3D INSTALLATION WITH ZIEHM C-ARM (ZIEHM VISION FD VARIO 3D) (22265-54) 12 MO _____________ _____________ 0005 Description; Spine Navigation Accessories Make/Model Equivalent; BRAINLAB ACCESSORY PACKAGE SPINE BASIC (B23506); REGISTRATION KIT FLUORO 3D FOR ZIEHM VISION RFD 3D (19154); ACCESSORY PACKAGE SPINE FOR OPEN SURGERY (AWLS & PROBES) (B23509); ACCESSORY PACKAGE SPINE FOR DRILLING (B23510); ACCESSORY PACKAGE SPINE FOR MINIMALLY INVASIVE SURGERY (B23518); ACCESSORY PACKAGE SPINE FOR UNIVERSAL INSTRUMENT INTEGRATION (B23507); ACCESSORY PACKAGE SPINE FOR ANTERIOR / LATERAL / OBLIQUE REFERENCING (55070); PEDICLE ACCESS NEEDLE SET FOR MANUAL CALIBRATION (B23526); DRILL GUIDE HANDLE WITH 4 MARKER SPHERES (55839); INSTRUMENT ADAPTER FOR SURGICAL MOTOR SYSTEM (41840); INSTRUMENT REFERENCE UNIT WITH 4 MARKER SPHERES (55830-27) 1 LT _____________ _____________ 0006 Description; Integrated OR Maintenance Services Make/Model Equivalent; BRAINLAB INTEGRATION AND VERIFICATION OF THIRD PARTY DEVICES (81001-06) 1 JB _____________ _____________ 0007 Description; Installation of Navigation System Make/Model Equivalent; BRAINLAB INSTALLATION CURVE NAVIGATION SYSTEM (81001-11) 1 JB _____________ _____________ 0008 Description; On-site Clinical Support for a Spine Case with the Navigation System Make/Model Equivalent; BRAINLAB CLINICAL CASE COVERAGE SPINE (1 CASE) (81043-01) 3 EA _____________ _____________ 0009 Description; Ortho Navigation Knee Navigation Packages Make/Model Equivalent; BRAINLAB NAVIGATION PACKAGE KNEE3 AND HIP 6.0 SUBSCRIPTION (B62054); ACCESSORY PACKAGE KNEE3 CLEARLENS (B21513); ACCESSORY PACKAGE HIP 6.0 THR (B22500-05); CUP IMPACTOR UNIVERSAL OFFSET (52856) 1 LT _____________ _____________ 0010 Description; On-site Clinical Support for Hip and Knee Cases with the Navigation System (3 cases per month) Twelve (12) month period of services to commence after acceptance of system install/go-live Make/Model Equivalent; BRAINLAB ORTHOPEDIC FIRST LEVEL SUPPORT (99054) 12 MO _____________ _____________ 0011 Description; C-Arm 3D Imaging System Make/Model Equivalent; ZIEHM ZIEHM VISION RFD 3D (19461) 1 EA _____________ _____________ 0012 Description; C-Arm Clinical Operator Training Make/Model Equivalent; ZIEHM ZIEHM CLINICAL OPERATOR TRAINING (19488) 2 JB _____________ _____________ GRAND TOTAL _____________ Description of Requirements for the items to be acquired (salient characteristics); SCOPE OF WORK AND GENERAL SPECIFICATIONS FOR IMAGE GUIDED SURGERY EQUIPMENT Background The Oklahoma City VA Health Care System (OKC VA HCS) provides comprehensive surgery service for veterans. The OKC VA HCS is need of a new Surgical navigation system and 3D C-Arm. This equipment is needed for spine and orthopedic surgery. Specifications The surgical navigation and 3D C-Arm specifications/salient characteristics are provided below: Offeror must meet or exceed these specifications: Line item 0001 0005: Navigation station salient characteristics: High performance image-guided-surgery station, integrated in a mobile display cart with separate mobile camera cart for flexible positioning of the infrared cameras - featuring advanced optical, wireless passive marker tracking technology. Including the following additional features/Specifications: Open platform for spine implants Indicated to navigate FDA cleared hardware for spine procedures Robotic integration with existing navigation system No need for separate navigation system to add robotics Spine, Cranial, Orthopedics multiple subspecialties can utilize the technology Ultrasound Integration Can register and navigate from ultrasound image Compatible with BK Medical and Aloka Dual 27 monitors on navigation system Can be used for orthopedic and spine surgery Camera height range 26.38 100 Robotically controlled camera from touchscreen on navigation station Subscription based software flexibility Ability to add/delete software as program needs change Navigation system can house software for the following specialties Cranial Spine ENT Orthopedic Compatible with the following surgical microscopes for integration Ziess, Including Kinevo 900 Robotics Leica Haag-Streit Ability to navigate with EM Electromagnetic technology vs optical Spine curvature correction software Ability to correct all levels on CT scan and merge with iOP image for correct anatomical fusion Cranial distortion correction software Ability to correct for inherent distortion on MRI images Contrast clearance software elements Adaptive hybrid sSurgery software Data transfer between Radiation Oncology and Neurosurgery Line item 0011: 3D C-arm salient characteristics: 3D flat panel digital mobile C-arm motorized on four axes for general purpose 25 kW generator unsurpassed digital image quality with optimum dose efficiency. Four motorized axes movements with distance control for collision protection. Designed to perform a wide range of surgical imaging applications with leading edge technology and state-of-the-art functionality. System includes 1.5k x 1.5k high resolution, 30cm x 30cm flat panel detector digital imaging, rotating anode x-ray tube, high-power 25kW generator and liquid cooling of x-ray tube/generator for unlimited fluoroscopy time. Software with ability to optimize image quality and minimize dose levels through automatic motion detection, automatic metal object correction, automatic dose reduction and automatic object detection for image optimization even when subject anatomy is at the periphery of the field of view. Training/case support Navigation system High-quality instruction for all members of a clinical team. Onsite training offers participants the opportunity to gain a basic proficiency and comfort level in using technology through hands-on instruction with the equipment and software. Training includes the following: Customized training solutions developed by a certified Application Trainer 6) hours of available instruction Participant educational materials Travel and accommodations for Application Trainer (shall not be separately priced) Eligible for IACET CEUs with completion of training. On-site clinical support for a spine case with equipment. Facilitated by qualified and trained Support Personnel. Requires 48 hours advance notice. Navigation Warranty on the Navigation system; 12 months from the time of system acceptance which means when the system is installed at the hospital and someone at the facility signs off that everything is good. Repairs and Maintenance Vendor Field engineers perform maintenance and repairs on the Navigation system C-Arm Information; Warranty on the C-Arm 12 months Training Onsite training completed by certified application specialists 5 consecutive days onsite Additional 3 consecutive training days for VA Training for 2 Biomed engineers at vendor headquarters Repairs Vendor Field service engineers complete repairs on the equipment Additional Brand Name or Equal to Make/Model Equivalent - Brainlab - Functional and Technical Reference Material; Curve Navigation: https://www.brainlab.com/surgery-products/overview-platform-products/curve-image-guided-surgery/ Spine Navigation: https://www.brainlab.com/surgery-products/overview-spinal-trauma-products/spinal-navigation/ Knee Navigation: https://www.brainlab.com/surgery-products/orthopedic-surgery-products/knee-navigation-application/ Hip Navigation: https://www.brainlab.com/surgery-products/orthopedic-surgery-products/hip-navigation-application/ Trauma: https://www.brainlab.com/surgery-products/overview-spinal-trauma-products/trauma-navigation/ Additional Brand Name or Equal to Make/Model Equivalent - Ziehm - Functional and Technical Reference Material; Vision-RFD-3D:https://www.ziehm.com/fileadmin/user_upload/us/02-products/ziehm-vision-rfd-3d/ZiehmVisionRFD3D_ProductBrochure_USA_201804.pdf Application:https://www.ziehm.com/fileadmin/user_upload/row/02-products/EN_Brochure_Application_OrthoTraumaSpine_20170718.pdf Delivery and acceptance is to be F.O.B Destination (FAR 52.247-34) at the Oklahoma City Veterans Affairs Medical Center, located at 921 NE 13th Street, Oklahoma City, OK 73104 52.212-1, Instructions to Offerors--Commercial ADDENDUM to FAR 52.212-1 INSTRUCTIONS TO OFFERORS COMMERCIAL Gray market items are Original Equipment Manufacturer s (OEM) goods sold through unauthorized channels in direct competition with authorized distributors. This procurement is for new OEM medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts) for VA Medical Centers.   No remanufactures or gray market items will be acceptable. Contractor shall be an OEM, authorized dealer, authorized distributor or authorized reseller for the proposed medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts), verified by an authorization letter or other documents from the OEM, such that the OEM s warranty and service are provided and maintained by the OEM.   All software licensing, warranty and service associated with the medical supplies, medical equipment and/or services contracts for maintenance of medical equipment shall be in accordance with the OEM terms and conditions. The delivery of gray market items to the VA in the fulfillment of an order/award constitutes a breach of contract.   Accordingly, the VA reserves the right enforce any of its contractual remedies. This includes termination of the contract or, solely at the VA s election, allowing the Vendor to replace, at no cost to the Government, any remanufactured or gray market item(s) delivered to a VA medical facility upon discovery of such items. Offerors providing an or equal product(s) must adhere to the terms in FAR 52.211-6. If an item in this solicitation is identified as brand name or equal, the purchase description reflects the characteristics and level of quality that will satisfy the Government s needs. The salient physical, functional, or performance characteristics that equal products must meet are specified in the solicitation. To be considered for award, offers of equal products, including equal products of the brand name manufacturer, must Meet the salient physical, functional, or performance characteristic specified in this solicitation; Clearly identify the item by- Brand name, if any and Make or model number, Include descriptive literature such as illustrations, drawings, or a clear reference to previously furnished descriptive data or information available to the Contracting Officer; and Clearly describe any modification the offeror plans to make in a product to make it conform to the solicitation requirements. Mark any descriptive material to clearly show the modification. The contracting officer will evaluate equal products on the basis of information furnished by the offeror or identified in the offer and reasonably available to the contracting officer. The Contracting Officer is not responsible for locating or obtaining any information not identified in the offer. Unless the offeror clearly indicates in its offer that the product being offered is an equal product, the offeror shall provide the brand name product referenced in the solicitation Any award made as a result of this solicitation will be made on an All or Nothing Basis. State if quoted items are available and priced through contractors existing Government-wide Acquisition Contract (GWAC), GSA Multiple Award Schedule (MAS) contract, or VA-wide Acquisition Contract. Contractors socioeconomic status must be verified in the VA Vendor Information Pages (VIP): https://www.vip.vetbiz.gov/. Unverified contractors will be considered non-responsive. Contractors are warned against contacting any VA personnel other than the Contracting Officer and Contract Specialist prior to placement of any award made resulting from this RFQ. If such contact occurs and found to be prejudicial to competing contactors, the contractor making such contact may be excluded from award considerations. All proprietary information shall be clearly and properly marked. All information shall be confined to the appropriate file. The contractor shall confine submissions to essential matters, sufficient to define the quote and provide an adequate basis for evaluation. Contractors are responsible for including sufficient details, in a concise manner, to permit a complete and accurate evaluation of each quote. Any award made resulting from this solicitation will be made based on the best overall quote that is determined to be the best overall value to the Government, considering (I) Technical Capability and (II) price. Respondents to this announcement shall submit their quote on Contractors Letterhead in accordance with FAR 52.212-1. Submission of quote shall include the following volumes: (I) Technical Capability (II) Price. Volume I - Technical Capability Technical Capability - The offeror shall provide a signed statement certifying that the quote submitted meets the technical capability specified in Section (vi) Description of Requirements and Section (v) List of Line Items. Volume I Price Price - The offeror shall complete the pricing schedule provided in Section (v) above: Price/Cost Schedule. The Government requires offerors to quote unit prices and total prices that are two (2) decimal places. The unit price multiplied by unit quantity must equal the total price for that line item (End of Addendum to 52.212-1) 52.212-2, Evaluation--Commercial Items ADDENDUM to FAR 52.212-2 EVALUATION COMMERCIAL ITEMS: This is a FAR Part 13 acquisition. The government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the government, price and other factors considered. Award will be made on a Lowest Price Technically Acceptable (LPTA) basis considering the following factors: Technical Capability The Government will evaluate quotes on the basis of whether or not the provided quote meets or exceeds the technical requirements specified in Section (vi) Description of Requirements and Section (v) List of Line Items. The evaluation process will consider whether the quote demonstrates a clear understanding of the technical features involved in meeting the requirements of the solicitation. Price The Government will evaluate offers by adding all line item prices - the Total of All CLINS will be that sum. The Government may use various price analysis techniques and procedures to make a price reasonableness determination. Offers that do not meet or exceed the technical capability requirements shall not be selected regardless of price. All offers shall be evaluated using the evaluation factors described above and must address, at a minimum, all elements listed in the solicitation s instructions to Offerors FAR 52.212-1 and addendum FAR 52.212-1 All Offerors are advised that, in the interest of efficiency, the Government reserves the right to conduct the review in the most effective manner. Specifically, the Government may first sort the quotes of all Offerors by price from lowest price to the highest. Thereafter, the Government will review the Technical Capability of the lowest priced quote only. If the lowest priced Offeror s Technical Capability is determined to be acceptable and meets the requirements, the Government may make award to that Offeror without further reviews of the remaining Offerors Technical Capability. If the lowest priced Offeror s Technical Capability is determined to not meet the requirement, then the Government may review the Technical Capability next lowest priced quote, and so forth and so on, until the Government reaches a quote that is determined to meet the Technical Capability requirements. (End of Addendum to 52.212-2) Offerors are advised to include a completed copy of the provision at 52.212-3, Offeror Representations and Certifications Commercial Items, with the offer. 52.212-4, Contract Terms and Conditions--Commercial Items applies to this acquisition 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders--Commercial Items FAR 52.212-5 applies to this acquisition with the following FAR clauses incorporated by reference; FAR 52.203-6 Restrictions on Subcontractor Sales to the Government (SEPT 2006), with Alternate I (OCT 1995) (41 U.S.C. 4704 and 10 U.S.C. 2402) FAR 52.204-10 Reporting Executive Compensation & First-Tier Subcontract Awards (OCT 2016) (Pub. L. 109-282) (31 U.S.C. 6101 note) FAR 52.209-6 Protecting the Government s Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (OCT 2015) (31 U.S.C. 6101 note) FAR 52.219-8 Utilization of Small Business Concerns (NOV 2016) (15 U.S.C. 637(d)(2) and (3)); FAR 52.219-28 Post Award Small Business Program Representation (Jul 2013) (15 U.S.C 632(a)(2)) FAR 52.222-3 Convict Labor (June 2003) (E.O. 11755) FAR 52.222-19 Child Labor Cooperation with Authorities and Remedies (OCT 2016) (E.O. 13126) FAR 52.222-21 Prohibition of Segregated Facilities (APR 2015) FAR 52.222-26 Equal Opportunity (SEP 2016) (E.O. 11246) FAR 52.222-35 Equal Opportunity for Veterans (OCT 2015) (38 U.S.C. 4212) FAR 52.222-36 Equal Opportunity for Workers with Disabilities (JUL 2014) (29 U.S.C. 793) FAR 52.222-37 Employment Reports on Veterans (FEB 2016) (38 U.S.C. 4212) FAR 52.222-40 Notification of Employee Rights Under the National Labor Relations Act (DEC 2010) (E.O. 13496) FAR 52.222-50 Combating Trafficking in Persons (MAR 2015) (22 U.S.C. chapter 78 and E.O. 13627) FAR 52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (AUG 2011) FAR 52.225 5 Trade Agreements (OCT 2016) (19 U.S.C. 2501, et seq., 19 U.S.C. 3301 note) FAR 52.225-13 Restrictions on Certain Foreign Purchases (JUN 2008) (E.O.'s, proclamations, and statutes administered by the Office of Foreign Assets Control of the Department of the Treasury) FAR 52.232-33 Payment by Electronic Funds Transfer System for Award Management (Jul 2013) (31 U.S.C. 3332) FAR 52.239-1 Privacy or Security Safeguards (AUG 1996) (5 U.S.C.552a) Additional contract requirements or terms and conditions: 52.252-2, Clauses Incorporated by Reference (Feb 1998) This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es): http://www.acquisition.gov/far/index.html http://www.va.gov/oal/library/vaar/ The following FAR clauses are incorporated by reference: FAR 52.203-17 Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights (APR 2014) FAR 52.204-4 Printed or Copied Double-Sided on Postconsumer Fiber Content Paper (MAY 2011) FAR 52.204-9 Personal Identity Verification of Contractor Personnel (JAN 2011) FAR 52.224-1 Privacy Act Notification (APR 1984) FAR 52.224-2 Privacy Act (APR 1984) FAR 52.227-19 Commercial Computer Software-Restricted Rights (DEC 2007) FAR 52.232-40 Providing Accelerated Payments to Small Business Subcontractors (DEC 2013) The following VAAR clauses are to be incorporated by reference: VAAR 852.203-70 Commercial Advertising (NOV 2008) VAAR 852.211-70 Service Data Manuals, (NOV 1984) VAAR 852.211-73 Brand Name or Equal (JAN 2008) VAAR 852.219-10 VA Notice of Total Service Disabled Veteran-Owned Small Business Set-Aside VAAR 852.219-74 Limitations on Subcontracting Monitoring and Compliance (JUL 2018) VAAR 852.232-72 Electronic Submission of Payment Requests (NOV 2012); 852.246-71, Inspection (JAN 2008) VAAR 852.246-71 Inspection (JAN 2008) 52.252-1, Solicitation Provisions Incorporated by Reference (Feb 1998) This solicitation incorporates one or more solicitation provisions by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. The offeror is cautioned that the listed provisions may include blocks that must be completed by the offeror and submitted with its quotation or offer. In lieu of submitting the full text of those provisions, the offeror may identify the provision by paragraph identifier and provide the appropriate information with its quotation or offer. Also, the full text of a solicitation provision may be accessed electronically at this/these address(es): http://www.acquisition.gov/far/index.html (FAR) http://www.va.gov/oal/library/vaar/index.asp (VAAR) The following FAR provisions are to be incorporated by reference: FAR 52.204-7 System for Award Management (Oct 2016) FAR 52.209-7 Information Regarding Responsibility Matters (JUL 2013) FAR 52.211-6 Brand Name or Equal FAR 52.214-21 Descriptive Literature (APR 2002) FAR 52.227-15 Representation of Limited Rights Data and Restricted Computer Software (DEC 2007) The following VAAR provisions are to be incorporated by reference: None (end of provisions incorporated by reference) VAAR 852.246-70, Guarantee (JAN 2008) The contractor guarantees the equipment against defective material, workmanship and performance for a period of Manufacturer s Commercial Warranty, said guarantee to run from date of acceptance of the equipment by the Government. The contractor agrees to furnish, without cost to the Government, replacement of all parts and material that are found to be defective during the guarantee period. Replacement of material and parts will be furnished to the Government at the point of installation, if installation is within the continental United States, or f.o.b. the continental U.S. port to be designated by the contracting officer if installation is outside of the continental United States. Cost of installation of replacement material and parts shall be borne by the contractor. (End of Clause) VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY 1. GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor's employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor's information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA's information is returned to the VA or destroyed in accordance with VA's sanitization requirements. VA reserves the right to conduct on site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. c. Prior to termination or completion of this contract, contractor/ subcontractor must not destroy information received from VA, or gathered/ created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. g. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. h. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. i. The contractor/subcontractor's firewall and Web services security controls, if applicable, shall meet or exceed VA's minimum requirements. VA Configuration Guidelines are available upon request. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA's prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. l. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR. 4. INFORMATION SYSTEM DESIGN AND DEVELOPMENT: (N/A) 5. INFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USE: (N/A) 6. SECURITY INCIDENT INVESTIGATION a. The term "security incident" means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/ subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/ subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/ subcontractor's notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. 7. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. 5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. b. The contractor/subcontractor shall provide notice to VA of a "security incident" as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. 8. SECURITY CONTROLS COMPLIANCE TESTING On a periodic basis, VA, including the Office of Inspector General, reserves the right to evaluate any or all of the security controls and privacy practices implemented by the contractor under the clauses contained within the contract. With 10 working-day's notice, at the request of the government, the contractor must fully cooperate and assist in a government-sponsored security controls assessment at each location wherein VA information is processed or stored, or information systems are developed, operated, maintained, or used on behalf of VA, including those initiated by the Office of Inspector General. The government may conduct a security control assessment on shorter notice (to include unannounced assessments) as determined by VA in the event of a security incident or at any other time. 9. TRAINING a. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document - e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] b. The contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. The Defense Priorities and Allocations System (DPAS) does not apply. Date and Time offers are due to kurt.tanny@va.gov by 4:00pm EST, 9/25/2018. Name and email of the individual to contact for information regarding the solicitation: Kurt Tanny Kurt.tanny@va.gov
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VARMCCC/VARMCCC/36C25918Q9947/listing.html)
 

Document(s)

Attachment
 

File Name: 36C25918Q9947 36C25918Q9947.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4598406&FileName=36C25918Q9947-000.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4598406&FileName=36C25918Q9947-000.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Record

SN05097389-W 20180921/180919231512-c57cd3b19a21c3c08fbbb829210f4b2a (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |