Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF AUGUST 22, 2019 FBO #6481
SOLICITATION NOTICE

L -- Department of Veterans Affairs Pittsburgh Healthcare System Multiple Sites BRAND NAME - LYNX SYSTEM

Notice Date
8/20/2019
 
Notice Type
Combine Synopsis/Solicitation
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Veterans Affairs;Network Contracting Office 4;Lebanon VA Medical Center;1700 South Lincoln Avenue;Lebanon, PA 17042
 
ZIP Code
17042
 
Solicitation Number
36C24419Q1111
 
Response Due
8/23/2019
 
Archive Date
10/22/2019
 
Point of Contact
daniel.johnson44@va.gov
 
Small Business Set-Aside
Veteran-Owned Small Business
 
Description
Page 24 of 24 COMBINED SYNOPSIS/SOLICITATION General Information Document Type: Combined Solicitation/Synopsis Solicitation Number: 36C24419Q1111 Current Response Date: Friday, August 23, 2019 Product or Service Code: L063 Set Aside (SDVOSB/VOSB): VOSB NAICS Code: 541519 Contracting Office Address Department of Veterans Affairs Lebanon VA Medical Center 1700 South Lincoln Avenue Lebanon, PA 17046 Description This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) subpart 12.6, Streamlined Procedures for Evaluation and Solicitation for Commercial Items, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested, and a written solicitation document will not be issued. This solicitation is a request for quotations (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95. The associated North American Industrial Classification System (NAICS) code for this procurement is 541519, with a small business size standard of $27.5 million. The Pittsburgh VA Medical Center is seeking to purchase, BRAND NAME, LYNX Staff Duress Notification System. All interested companies shall provide quotation(s) for the following: Supplies/Services Line Item Description Quantity Unit Price Total Price 0001 LYNX Duress & Dispatch Communication application. To include: Software Agreement User Training Base Year POP Begin: 09/01/2019 POP End: 08/31/2020 12 MO 1001 LYNX Duress & Dispatch Communication application. To include: Software Agreement User Training Option 1 POP Begin: 09/01/2020 POP End: 08/31/2021 12 MO 2001 LYNX Duress & Dispatch Communication application. To include: Software Agreement User Training Option 2 POP Begin: 09/01/2021 POP End: 08/31/2022 12 MO 3001 LYNX Duress & Dispatch Communication application. To include: Software Agreement User Training Option 2 POP Begin: 09/01/2021 POP End: 08/31/2022 12 MO 4001 LYNX Duress & Dispatch Communication application. To include: Software Agreement User Training Option 2 POP Begin: 09/01/2021 POP End: 08/31/2022 12 MO Delivery/Service shall be provided no later than 30 calendar days after receipt of order/award of contract. Delivery terms FOB destination and must be coordinated with facility Point-of-Contact (POC), prior to delivery. The contractor shall deliver line item(s) 0001 through 4001 to the multiple sites listed below: Delivery/Service Location Multiple Locations Site #1 Address: Department of Veterans Affairs VA Pittsburgh Healthcare System University Drive C Pittsburgh, PA Postal Code: 15240 Country: UNITED STATES Site #2 Address: Department of Veterans Affairs VA Pittsburgh Healthcare System Heinz Campus Community Living Center 1010 Delafield Road Pittsburgh, PA Postal Code: 15216 Country: UNITED STATES Award shall be made to the quoter whose quotation offers the best value to the government, considering technical capability, past performance, and price. The government will evaluate information based on the following evaluation criteria: "(1) price, (2) past performance, and (3) technical capability factor "meeting or exceeding the requirement. Submission of Questions Questions regarding this solicitation shall be received no later than Thursday, August 22, 2019 at 12:00 PM Eastern Standard Time (EST). Questions received after this time may not be considered for review. Questions shall be submitted to Daniel Johnson Contract Specialist at daniel.johnson44@va.gov. Prospective Offerors are asked to submit their questions grouped by solicitation section and referring to the paragraph in that section. The Subject Line for questions shall state VA Pittsburg Healthcare System, LYNX Duress and Dispatch Communication Application Questions. Responses to all inquiries/questions will be returned via amendment to posted solicitation, for those vendors solicited giving due regard to the proper protection of proprietary information. Offerors shall be responsible for monitoring their email for the agency s responses. No information concerning this solicitation shall be provided in response to telephone calls. Prospective Offerors are warned against contacting any Department of Veterans Affairs (DOVA) personnel other than the Contract Specialist prior to award of a contract resulting from this solicitation. If such contact occurs and is found to be prejudicial to competing Offerors, the Offeror making such contact may be excluded from award consideration. Submission of Quotes This solicitation is being issued as a Veteran-Owned Small Business (VOSB) set-aside in the Open Market. Quotations shall be received no later than Friday, August 23, 2019 at 12:00 P.M. EST. Quotations received after this time may not be considered for award. All quotes shall be emailed to Daniel Johnson Contract Specialist at Daniel.johnson44@va. The Subject Line for email submissions shall state VA Pittsburgh Healthcare System, LYNX Duress and Dispatch Communication Application - Offer. Quote Content and Submission Instructions Vendors should review Request for Quote (RFQ) and are ultimately responsible for ensuring that their quotes fully comply with submission requirements for this RFQ.   Each quote shall clearly demonstrate that the Vendor understands both the general and specific technical requirements of the Scope of Work (SOW). Failure to explain Vendor s ability to meet all requirements may result in the Vendor's quote not being considered. Along with their quote and documentation of understanding the vendor must submit the documentation of certification to work on the subject services. Clarity and completeness of quotes are of the utmost importance. Therefore, quotes must be organized in a practical, clear and concise manner. For a response to this solicitation to be considered complete Offers must comply with the following requirements: The Offeror shall provide authorized letter from the Original Equipment Manufacturer (OEM), and materials necessary to perform installation and support on the LYNX Duress & Dispatch Communication Application at the VA Pittsburgh Healthcare System (VAPHS) and VAPHS Heinz Campus Community Living Center. The Offeror is required to have the technical skills to maintain and support the LYNX Duress System listed in the Statement of Work. The Offeror is requested to provide a Base Year plus four (4) Option Year price. Evaluation Criteria Award for this requirement will be made to the offeror who proposes the lowest price technically acceptable to the Government. To be Technically Acceptable must be capable of working on the equipment listed in the SOW as demonstrated by their training documents. A review will be conducted. The DOVA will award to the offeror proposing the best value to the Government, price and other factors considered. The evaluation matrix is as follows but not limited to: 1. Letter from Original Equipment Manufacturer (OEM), authorizing the Offeror to provide the supply/service The DOVA will evaluate quotes for award purposes by adding the total price of all Base and Option amounts for each CLIN. Evaluation of options will not obligate the DOVA to exercise the option(s). All optional services must be priced for the proposal to be evaluated. The DOVA may reject a quote as non-responsive if it is materially unbalanced as to price for the base year requirement in relationship to the option years. A quote is unbalanced when it is based on prices significantly less for some work and significantly overstated for other work, or the prices do not reflect market value. Quoters must provide a copy of the authorized distributor letter to verify that they are an authorized distributor. The full text of FAR provisions or clauses may be accessed electronically at http://acquisition.gov/comp/far/index.html. The following solicitation provisions apply to this acquisition: FAR 52.212-1, Instructions to Offerors Commercial Items (Jan 2017) Addendum: (a) Gray market items are Original Equipment Manufacturer s (OEM) goods sold through unauthorized channels in direct competition with authorized distributors. This procurement is for new OEM medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts) for VA Medical Centers. No remanufactures or gray market items will be acceptable. (b) Vendor shall be an OEM, authorized dealer, authorized distributor or authorized reseller for the proposed medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts), verified by an authorization letter or other documents from the OEM, such that the OEM s warranty and service are provided and maintained by the OEM. All software licensing, warranty and service associated with the medical supplies, medical equipment and/or services contracts for maintenance of medical equipment shall be in accordance with the OEM terms and conditions. (c) The delivery of gray market items to the VA in the fulfillment of an order/award constitutes a breach of contract. Accordingly, the VA reserves the right to enforce any of its contractual remedies. This includes termination of the contract or, solely at the VA s election, allowing the Vendor to replace, at no cost to the Government, any remanufactured or gray market item(s) delivered to a VA medical facility upon discovery of such items. FAR 52.212-3, Offerors Representations and Certifications Commercial Items (Nov 2017) Offerors must complete annual representations and certifications on-line at http://orca.bpn.gov in accordance with FAR 52.212-3, Offerors Representations and Certifications Commercial Items. and its quote if it has not been completed on SAM.gov. The following contract clauses apply to this acquisition: FAR 52.212-4, Contract Terms and Conditions Commercial Items (Jan 2017) FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders (Nov 2017) The following subparagraphs of FAR 52.212-5 are applicable: 52.219-6 Notice of Total Small Business Set-Aside (Nov 2011) (15 U.S.C. 644) 52.219-28 Post Award Small Business Program Representation (Jul 2013) 52.222-3 Convict Labor (Jun 2003) (E.O. 11755) 52.222-19 Child Labor--Cooperation with Authorities and Remedies (Oct 2016) (E.O. 13126) 52.222-21 Prohibition of Segregated Facilities (APR 2015) 52.222-26 Equal Opportunity (Sep 2016) (E.O. 11246) 52.222-36 Equal Opportunity for Workers with Disabilities (Jul 2014) (29 U.S.C. 793) 52.222-50 Combating Trafficking in Persons (Mar 2015) (22 U.S.C. chapter 78 and E.O. 13627) 52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (Aug 2011) (E.O. 13513) 52.225-3 Buy American--Free Trade Agreements--Israeli Trade Act (May 2014) (41 U.S.C. chapter 83, 19 U.S.C. 3301 note, 19 U.S.C. 2112 note, 19 U.S.C. 3805 note, 19 U.S.C. 4001 note, Pub. L.) 52.225-13 Restrictions on Certain Foreign Purchases (Jun 2008) 52.232-34 Payment by Electronic Funds Transfer--Other than System for Award Management (Jul 2013) (31 U.S.C. 3332) Additional Clauses: 52.202-1 Definitions (Nov 2013) 52.203-7 Anti-kickback Procedures (May 2014) 52.203-17 Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights (Apr 2014) 52.204-19 Incorporation by Reference of Representations and Certifications (Dec 2014) 52.216-24 Limitation of Government Liability (Apr 1984) 52.217-8 Option to Extend Services (Nov 1999) 52.217-9 Option to Extend the Term of the Contract (Mar 2000) 52.225-13 Restrictions on Certain Foreign Purchase (Jun 2008) 52.232-18 Availability of Funds (Apr 1984) 52.232-19 Availability of Funds for the Next Fiscal Year (Apr 1984) 52.232-25 Prompt Payment (Jan 2017) 52.233-3 Protest After Award (Aug 1996) 52.233-4 Applicable Law For Breach of Contract Claim (Oct 2004) 852.203-70 Commercial Advertising (Jan 2008) 852.219-11 VA Notice of Total Veteran-Owned Small Business Set-Aside (Jul 2016) 852.246-71 Rejected Goods (Oct 2018) 852.203-70 Commercial Advertising (Jan 2008) Additional Provisions: 52.214-21 Descriptive Literature (Apr 2002) 52.219-1 Small Business Program Representations (Oct 2014) 52.225-25 Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran Representation and Certifications (Aug 2018) All Offerors shall submit the following: One (1) copy and must provide a certificate or a letter from the manufacturer, stating that they are a certified reseller. All quotations shall be sent to the Contract Specialist via e-mail, at Daniel.johnson44@va.gov. This is an open-market combined synopsis/solicitation for, BRAND NAME, LYNX Duress System furniture as defined herein.    The government intends to award a purchase order because of this combined synopsis/solicitation that will include the terms and conditions set forth herein. To facilitate the award process, all quotes must include a statement regarding the terms and conditions herein as follows: "The terms and conditions in the solicitation are acceptable to be included in the award document without modification, deletion, or addition." OR "The terms and conditions in the solicitation are acceptable to be included in the award document with the exception, deletion, or addition of the following:" Quoter shall list exception(s) and rationale for the exception(s). Submission shall be received no later than 12:00 P.M. EST, Friday, August 23, 2019. Late submissions shall be treated in accordance with the solicitation provision at FAR 52.212-1(f). Only e-mailed quotes will be accepted. Any questions or concerns regarding this solicitation should be forwarded in writing via e-mail to the Contract Specialist, Daniel Johnson, at Daniel.johnson44@va.gov. Point of Contact Daniel Johnson Contract Specialist 717-304-9166 Daniel.johnson44@va.gov Statement of Work VA Pittsburgh Healthcare System Staff Duress and Emergency Notification System General: The Contractor shall furnish all software and software licensing to provide a Staff Duress and Emergency Notification application in accordance with the Terms, Conditions and Specifications of the contract. The Firm-Fixed contract shall be for one (1) year and contain four (4), one-year options periods. Required Work Location: VA Pittsburgh Healthcare System (VAPHS), University Drive and Heinz Campuses: Period of Performance: 1. BASE YEAR: 09/01/2019 08/31/2020 2. OPTION YEAR ONE (1): 09/01/2020 08/31/2021 3. OPTION YEAR TWO (2): 09/01/2021 08/31/2022 4. OPTION YEAR THREE (3): 09/01/2022 08/31/2023 5. OPTION YEAR FOUR (4): 09/01/2023 08/31/2024 Purpose: The VA Pittsburgh Healthcare System (VAPHS) has a requirement for all software, software licensing and software support to provide a Staff Duress and Emergency Notification application. The application must be deployable on up to 5,000 computer workstations located at two campus locations in the Pittsburgh area. The project shall include all system software, licensing, software support and application training. The application shall reside on a VA virtual server. Training services shall be scheduled with the COR no less than one (1) month in advance. Network Work Locations: VAPHS Main Hospital, University Drive Campus University Drive C Pittsburgh, PA 15240 VAPHS, Heinz Campus Community Living Heinz Center, Ambulatory Care Center 1010 Delafield Road Pittsburgh, PA 15216 Working Hours: If Contractor is required to be onsite, it must be between the hours of 8:00 A.M. EST 4:00 P.M. EST on Monday Friday (EXCLUDING FEDERAL HOLIDAYS). If one of the planned days were to overlap onto a holiday, it is on the Contractor to reschedule another day/time with the COR, at no additional cost to the Government. General Requirements: The Contractor s application shall be installed on a VA provided virtual server. The Contractor shall provide software support services for the application for the life of the contract. The Contractor shall provide VA Police Service and other designated VA personnel with application training. Technical Requirements: The application shall provide users with a PC workstation keyboard combination duress signal initiation feature and the ability to send emergency notifications to all users by designated VAPHS personnel. Additionally, the application shall: Utilize TLS encryption. Provide duress capability when workstation is logged on/off, or locked. Provide a built-in test and reporting feature. Load automatically and run in the background when a workstation is booted. Display alert messages on user s screens regardless of what other applications are open at the time. Possess the ability to send alerts to some or all users based on user groups or profiles. Allow alert messages to be displayed across the entire workstation screen, top or bottom of screen, or a corner of the screen (for non-emergency alerts). The duress panic feature shall allow users to initiate a discrete (silent) key combination alert advising of the existence of a current threat. The Contractor gaining award of this Contract shall provide the name, address, telephone number, facsimile number, and email address of authorized Contractor representative(s) who have the binding authority to act on behalf of the Contractor on administrative and/or performance matters pertaining to this Contract. The Contractor shall maintain this list and submit any changes thereof to the COR and CO when changes occur. Contractor Personnel Security Requirements: All contractor employees and subcontractor employees requiring unescorted access to VA facilities and/or access to VA Technology resources (network and/or protected data) must complete a Special Agreement Check (SAC) investigation conducted by the FBI National Criminal History Check (NCHC). The following forms are required for a SAC: Fingerprints and OF306 Declaration For Federal Employment. The employee must be fingerprinted as part of the investigation. Electronic fingerprinting can be performed at the VA Pittsburgh Medical Center and will be coordinated through the COR and Human Resources Office. The Contractor shall bear the expense of the background investigation(s), regardless of the final adjudication determination. A Bill of Collections shall be generated by the VA after final adjudication determination has been received. Access to VA Information and VA Information Systems: A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA Information Custodial Language: Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/ subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (I) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/ subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. Security Incident Investigation: The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/ subcontractor considers relevant. Liquidated Damages For Data Breach: Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Training: All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements]. The contractor shall provide to the Contracting Officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within one (1) week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. The Contractor may use theVA Talent Management System (TMS) Managed Self Enrollment (https://www.tms.va.gov/SecureAuth35/) method to complete the training in TMS. The Contracting Officer Representative shall ensure that all contractors are validated in the PIH domain. Contractor Rules Of Behavior: This User Agreement contains rights and authorizations regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the Department of Veterans Affairs (VA). This User Agreement covers my access to all VA data whether electronic or hard copy ("Data"), VA information systems and resources ("Systems"), and VA sites ("Sites"). This User Agreement incorporates Rules of Behavior for using VA, and other information systems and resources under the contract. General Terms and Conditions For All Actions And Activities Under The Contract: a. I understand and agree that I have no reasonable expectation of privacy in accessing or using any VA, or other Federal Government information systems. b. I consent to reviews and actions by the Office of Information & Technology (OI&T) staff designated and authorized by the VA Chief Information Officer (CIO) and to the VA OIG regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. These actions may include monitoring, recording, copying, inspecting, restricting access, blocking, tracking, and disclosing to all authorized OI&T, VA, and law enforcement personnel as directed by the VA CIO without my prior consent or notification. c. I consent to reviews and actions by authorized VA systems administrators and Information Security Officers solely for protection of the VA infrastructure, including, but not limited to monitoring, recording, auditing, inspecting, investigating, restricting access, blocking, tracking, disclosing to authorized personnel, or any other authorized actions by all authorized OI&T, VA, and law enforcement personnel. d. I understand and accept that unauthorized attempts or acts to access, upload, change, or delete information on Federal Government systems; modify Federal government systems; deny access to Federal government systems; accrue resources for unauthorized use on Federal government systems; or otherwise misuse Federal government systems or resources are prohibited. e. I understand that such unauthorized attempts or acts are subject to action that may result in criminal, civil, or administrative penalties. This includes penalties for violations of Federal laws including, but not limited to, 18 U.S.C. §1030 (fraud and related activity in connection with computers) and 18 U.S.C. §2701 (unlawful access to stored communications). f. I agree that OI&T staff, in the course of obtaining access to information or systems on my behalf for performance under the contract, may provide information about me including, but not limited to, appropriate unique personal identifiers such as date of birth and social security number to other system administrators, Information Security Officers (ISOs), or other authorized staff without further notifying me or obtaining additional written or verbal permission from me. g. I understand I must comply with VA s security and data privacy directives and handbooks. I understand that copies of those directives and handbooks can be obtained from the Contracting Officer's Technical Representative (COTR). If the contractor believes the policies and guidance provided by the COTR is a material unilateral change to the contract, the contractor must elevate such concerns to the Contracting Officer for resolution. h. I will report suspected or identified information security/privacy incidents to the COTR and to the local ISO or Privacy Officer as appropriate. GENERAL RULES OF BEHAVIOR: a. Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job. b. The following rules apply to all VA contractors. I agree to: (1) Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract. (2) Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions. (3) I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment. I must ensure that the system meets all applicable 6500 Handbook requirements for OE. (4) Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract. (5) Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee. (6) Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply. (7) Grant access to systems and information only to those who have an official need to know. (8) Protect passwords from access by other individuals. (9) Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the particular system in question. (10) Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. (11) Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR s orders. (12) Ensure that the COR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information through the use of any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs. (13) Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COR. (14) Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COR. (15) Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA. (16) Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COR. (17) Understand that restoration of service of any VA system is a concern of all users of the system. (18) Complete required information security and privacy training, and complete required training for the particular systems to which I require access. ADDITIONAL CONDITIONS FOR USE OF NON- VA INFORMATION TECHNOLOGY RESOURCES a. When required to complete work under the contract, I will directly connect to the VA network whenever possible. If a direct connection to the VA network is not possible, then I will use VA approved remote access software and services. b. Remote access to non-public VA information technology resources is prohibited from publicly-available IT computers, such as remotely connecting to the internal VA network from computers in a public library. c. I will not have both a VA network line and any kind of non-VA network line including a wireless network card, modem with phone line, or other network device physically connected to my computer at the same time, unless the dual connection is explicitly authorized by the COR. d. I understand that I may not obviate or evade my responsibility to adhere to VA security requirements by subcontracting any work under any given contract or agreement with VA, and that any subcontractor(s) I engage shall likewise be bound by the same security requirements and penalties for violating the same. COMPLETE AT TIME OF AWARD STATEMENT ON LITIGATION: This User Agreement does not and should not be relied upon to create any other right or benefit, substantive or procedural, enforceable by law, by a party to litigation with the United States Government. ACKNOWLEDGEMENT AND ACCEPTANCE: I acknowledge receipt of this User Agreement. I understand and accept all terms and conditions of this User Agreement, and I will comply with the terms and conditions of this agreement and any additional VA warning banners, directives, handbooks, notices, or directions regarding access to or use of information systems or information. The terms and conditions of this document do not supersede the terms and conditions of the signatory s employer and VA. __________________________________ ________________________ Print or type your full name Signature __________________________________ ________________________ Last 4 digits of SSN Date __________________________________ _________________________ Office Phone Position Title __________________________________ Contractor s Company Name Please complete and return the original signed document to the COR within the timeframe stated in the terms of the contract. Additional Security Requirement: HIPAA focused training prior to the performance of the contract and annually thereafter. Training must be completed in VA s TMS system (https://www.tms.va.gov/) or via hard copy training documents. Point-of-Contact: Name: TBD Title: TBD Phone Number: TBD Email: TBD DEPARTMENT OF VETERANS AFFAIRS Justification for Single Source Awards IAW FAR 13.106-1 For Over Micro-Purchase Threshold but Not Exceeding the SAT ($250K) Acquisition Plan Action ID: **REDACTED** Contracting Activity: Department of Veterans Affairs, VISN 4, Lebanon VA Medical Center. Requestor: VA Pittsburgh Healthcare System. 2237: **REDACTED** Brief Description of Supplies/ Services required and the intended use/Estimated Amount: The VA Pittsburgh Healthcare System (VAPHS) has a BRAND NAME, Lynx system requirement for all software, software licensing and software support to provide a Staff Duress and Emergency Notification system. The application must be deployable on up to 5,000 computer workstations located at two (2) campus locations in the Pittsburgh area. The project shall include all system software, licensing, software support and application training. The application shall reside on a VA, standalone virtual server. Base Year: **REDACTED**; Per Option Years: **REDACTED**; Total Contract Value: **REDACTED**. Unique characteristics that limit availability to only one source, with the reason no other supplies or services can be used: Any software solution sought must meet VA Technical Reference Model (TRM) standards for use on VA data networks. Lynx is TRM approved and meets the objective of providing the program office with a viable employee duress and mass notification tool. The LynxGuide Server allows the user to integrate with LynxGuide Client to provide mass emergency notification functionality. This mature technology is compatible with virtual machines and is, therefore, consistent with the Department`s Server Virtualize First Policy. Additionally, there are no vulnerabilities associated with this technology. Description of market research conducted and results or statement why it was not conducted: Compatible solutions are available on the market, but the Lynx application was the only one identified that is TRM approved for use on VA networks, and meets the needs of the program office. TRM also does not list any comparable technologies. In addition to the software-based duress and mass notification features, Lynx offers system hardware expandability options, including hard-wired and wireless duress buttons, and integration with existing monitoring networks. A search on AbilityOne did not result in any findings that relate to the product and/or service. Due to the nature of this requirement, Unicor was not reviewed. Vendor Information Pages (VIP) provided SDVOSB/VOSB results for the NAICS, 541519, and various keywords. Another search was conducted on GSAAdvantage using the keywords: notification system, emergency system, and duress. As result of the duress keyword, the Lynx product is showcased with 15 vendors under various socioeconomic categories except SDVOSB and VOSB. The other products on GSA but cannot be evaluated as compatible, now. The Sources Sought Notification only had one (1) Small Business, **REDACTED**, expressing an interest but did not provide information about their product. One (1) VOSB, **REDACTED**, relayed interest in the requirement and provided an authorization letter from Lynx. At the time of writing this report, **REDACTED** VP of Sales, **REDACTED**, was contacted to verify if they had additional SDVOSBs and VOSBs authorized resellers. There has been no reply. On May 29, 2019, a decision was made on **REDACTED** Lynx system by TRM Management Group (Decision: One-VA TRM v19.5). The TRM Management Group rated the vendor/product as approved with constraints if the following constraints, fitting to the procurement, has been met. A previous award, **REDACTED**, has been made to **REDACTED** for the Lynx system at the Pittsburgh VA Medical Center. The total contract value was **REDACTED**, with an Ultimate Completion Date of **REDACTED**. In accordance with FAR 19.201, 15 U.S.C. § 657f, 38 U.S.C. § 8127, and 38 U.S.C. § 8128, competing among authorized, VOSB resellers would be advantageous. Contracting Officer's Certification: Purchase is approved in accordance with FAR13.106-1(b). I certify that the foregoing justification is accurate and complete to the best of my knowledge and belief. ____________________________ ________________________ **REDACTED** Date NCO4 NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (20-AUG-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link To Document
(https://www.fbo.gov/spg/VA/PiVAMC646/PiVAMC646/36C24419Q1111/listing.html)
 
Record
SN05411792-F 20190822/190820230046 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.