Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF APRIL 04, 2009 FBO #2686
SOLICITATION NOTICE

R -- VAMC Memphis HR Personnel Pool

Notice Date
4/2/2009
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
561110 — Office Administrative Services
 
Contracting Office
Department of Veterans Affairs, VA Tennessee Valley Health Care System (Murfreesboro), Department of Veterans Affairs Tennessee Valley Health Care System Alvin C. York Campus, Department of Veterans Affairs;ASC - VISN 9;1639 Medical Center Parkway Suite 400;Murfreesboro TN 37129
 
ZIP Code
37129
 
Solicitation Number
VA-249-09-RQ-0166
 
Response Due
4/14/2009
 
Archive Date
5/14/2009
 
Point of Contact
Roy Rossignol1639 Medical Center Parkway Suite 400<br />
 
Small Business Set-Aside
N/A
 
Description
This is a combined synopsis/solicitation sources sought for commercial services prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. The solicitation number is VA-249-09-RQ-0166 and is issued as a Request for Quotation (RFQ). This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. This is an unrestricted solicitation and The North American Industrial Classification System (NAICS) for this position is code of 561110 with a size standard of $7.0 million. Solicitation documents and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-30. Closing date for this notice is 15:00 CST 03/20/2009. RESPONSES SHALL BE SUBMITTED VIA E-MAIL TO THE CONTRACTING OFFICER AT ROY.ROSSIGNOL@VA.GOV AND LINDA.DICKEY@VA.GOV. Quotations will contain the following information: CONTRACTOR: ____________________________________ Address: ____________________________________ City, State, Zip ____________________________________ Telephone/Fax ___________________________________ Contact Person: ____________________________________ Email Address: ____________________________________ TIN: _____________________________________ DUNS: _____________________________________ Period of Performance: The services will be required for a minimum of 12 months with the option to extend it until suitable government personnel replacements can be obtained at a time over the course of the base period of work to start May 1,2009, through September 31, 2009 with an option to extend the contract for an additional 12 months (October 01 2009 through 30 September 2010). Pricing: Please submit pricing for the first period base period May 1 2009 - September 30, 2009 and for option period one October 2009- September 2010 (12 months). Pricing should be submitted separately from proposal to allow technical evaluation by the VAMC-Memphis HR Staff. NOTE (s): 1)Pricing Sheet to be to be submitted SEPARATELY from other performance evaluation factors, documentation of past performance and resumes and references listed below and should include any travel expenses. 2)VA Contracting Staff will only respond to questions or request for information in writing via normal mail, FAX or email. Telephone requests will not be granted. Type of Order/Contract: Firm Fixed Price. Government Furnished Materials and Services: Furnished by the Government (1) The Government will provide all normal office supplies, office furniture, telephones, calculators, copy machines, computers, computer software, and other supplies and materials needed to do the work assigned. (2) Although the Contactor's employees must have the basic skills needed to perform the duties listed in Section 3, the Government will provide the Contractor's employees with the VAMC-Memphis specific requirements of each job/task requested to be performed. Place of Performance: Work performed under the resulting contractual action will be at the VA facility listed below during normal tour of duty from 8:00 A.M. to 5:00 P.M., Monday through Friday. VA Medical Center (VAMC)-Memphis 1030 Jefferson Avenue Memphis, TN 38104 STATEMENT OF OBJECTIVES (SOO) Short term requirement for Human Resources (HR) Specialists services at the VA Medical Center, Memphis, Tennessee. A. OBJECTIVE The objective of this contract is to obtain a Human Resources (HR) Specialist personnel pool for the VAMC Memphis. To provide varied VA HR specialized support on a just in time and just as needed basis. B. SCOPE The Contractor shall provide Under the direction of the Associate Medical Center Director and the Human Resources Officer, assistance in the planning, and coordinating an effective human resource management program for the VA medical center in accordance with all Veterans Affairs rules, regulations, instructions, directives as well as Title 38 legal requirements and with general policies, standards, procedures and regulations of the Office of Personnel Management (OPM). C. SPECIFIED TASKS The requirement is for a HR multiple contractor personnel (pool) skilled in VA HR functions. The Government reserves the right to increase or decrease the number of required personnel at any time during the period of performance based on the medical centers needs for up to four weeks or greater at the time; and as directed by the VAMC Memphis Human Resources Officer. Contractor will be given reasonable amount of time to fill these just in time requirements. Skill sets required is knowledge of VA HR processes and procedures, the pool of support personnel from the contractor shall include personnel being supplied with the following VA HR (a minimum five (5) years VA HR experience) expertise to assist in the following core VA HR specialties: a) VA Recruitment and Placement b) VA Position Classification/Position management c) VA Pay Administration d) VA Employee Relations e) VA Labor Relations f) VA Employee Training g) VA Performance Management h) VA Employee Recognition Program i) VA Employee Suggestion/Improvement Program k) WebHr use l) Olde use Additional duties will include : Under the direction of the Associate Medical Center Director and the Human Resources Officer, the incumbent personnel prepares documents, project papers and studies as it relates to human capital planning The day-to-day supervision and direct control over the work performed by contractor personnel shall be the sole responsibility of the Contractor. B. SCOPE The Contractor shall provide Under the direction of the Associate Medical Center Director and the Human Resources Officer, assistance in providing skilled VA experienced Human Resource personnel (pool) to provide services stated below and in accordance with all Veterans Affairs rules, regulations, instructions, directives as well as Title 38 legal requirements and with general policies, standards, procedures and regulations of the Office of Personnel Management (OPM). C. SPECIFIED TASKS The contractors employee(s) shall advise the Service Chiefs, Supervisors and Executive Leadership on sound personnel administration and personnel management in the areas of: Recruitment and Placement; Position Classification and Position Management; Pay Administration; Employee Relations; Labor Relations, Employee Development; and related clerical and administrative functions. The Contractor may also be required to perform functions that include Performance Management, Employee Recognition Programs, and the Employee Suggestion Program. The contractor (pool) shall be available to top management and be able to advise them in analyzing the broader implications of Office of Personnel Management (OPM) and Veterans Affairs Central Office (VACO) Personnel authority, laws, regulations, policies, which govern and day to day operation of a Human Resources Management Service when performing in the Assistant Chief or Supervisory roles. The Contractor shall recommend personnel policies, techniques and methods to assure sound, meaningful, and practical personnel administration. Provide staff service, advice, and guidance to appropriate officials on personnel management principles, techniques, and on acceptable personnel practices, as well as technical advice on propriety of statutory, regulatory and procedural requirements. Incumbent advises on most appropriate actions to take within a wide range of alternatives that will most effectively assist management in accomplishing its objectives. Provide technical and advisory service representation regarding rights, benefits, and services and other general personnel management activities. The Contractors employee will evaluate current procedures to ensure that accurate control systems are in place to assess quality and timeliness of service provided and provide data to the Human Resources Officer to ensure workload is appropriately distributed if assigned to the Assistant Chief or Supervisory roles. Additional duties will include : Under the direction of the Associate Medical Center Director and the Human Resources Officer, the incumbent personnel prepares documents, project papers and studies as it relates to human capital planning The day-to-day supervision and direct control over the work performed by contractor personnel shall be the sole responsibility of the Contractor. D. PERFORMANCE: The contractors performance shall be monitored by the Human Resources Officer or designee. E.QUALIFICATIONS: The Contractor performing Human Resource Services under this contract shall possess the following qualifications: a.Experience and Training in all areas of the Federal Civilian Human Resources rules and regulations for the Assistant Chief and Supervisory positions and in the area of the discipline identified for the HR Professional positions. b.Past performance, experience and knowledge of Title 38 and Office of Personnel Management Policies and regulations. c.Minimum of three (3) years of specialized experience in hospital Human Resources Management as a former Human Resources Officer or appropriate HR Specialist equivalent to the GS-11/12/13/14 level or above (preferably within a Department of Veterans Affairs Medical Center) d.Experience and Training in all areas of the Federal Civilian Human Resources rules and regulations. e.Past performance, experience and knowledge of Title 38 and Office of Personnel Management Policies and regulations. f.Minimum of five (5) years of specialized experience in hospital Human Resources Management as a former Human Resources Officer or appropriate HR Specialist equivalent to the GS-11/12/13/14 level or above (preferably within a Department of Veterans Affairs Medical Center) g.Current or ability to obtain VA security clearance. h.Contract employees must meet the qualifications of the specified levels indicated in Section C. i.Contract employees must be clean and neat in appearance. j.Contract employees must be able to read, write, and speak English k.In addition to the qualifications listed in Section C, the contract employees shall at a minimum be proficient in the use of the following software: -Microsoft Windows -Microsoft Word for Windows -Microsoft Excel for Windows -Microsoft Access COMPUTER SECURITY REQUIREMENTS: The Contractor's employee(s) performing services under the requirements of this contract do not have a right nor should they have an expectation of privacy while utilizing any government office equipment any time, including accessing the World Wide Web, internet, or e-mail. By utilizing government office equipment, the Contractor's employee(s) imply their consent to the disclosing of any files or information maintained or passed through government office equipment, and to management monitoring and recording with or without cause by authorized government officials (e.g. VA managers, supervisors, or system administrators. Any use of government communications resources is made with the knowledge and understanding that such use is generally not secure, not private, nor anonymous. To the extent that the Contractor's employee(s) request that their private activities remain private, these individuals should avoid using any government office equipment including their computer, World Wide Web, and e-mail. The Department of Veterans Affairs System managers employ monitoring tools to detect improper use. Electronic communications may be disclosed within the Department to employees who evaluate the performance of their duties. The Department of Veterans Affairs Medical Center management officials have the right to and may access any electronic communication at any time. F. REJECTION OF EMPLOYEE VAMC-Memphis reserves the right to reject employee(s) at any time during the duration of the contract if they are deemed not to have the level of competence or abilities or for any reason found to be unsuitable for work required under the contract F. EVALUATION FACTORS: Following evaluation factors are considered mission essential to this contract in order of importance: Professional HR experience in a Federal setting for a healthcare organization. Traditionally this would be equivalent to GS-0201-11/12/13 work in Federal service. Experience should include a working knowledge of the Microsoft Office suite of applications and experience in Microsoft Visio is preferred. Applying and utilizing web-based applications is also required. To ensure the appropriate skill sets are identified, the following additional information is provided: HR Specialist Recruitment & Placement experience utilizing and applying Merit Principles, explaining and understanding Prohibited Personnel Practices and administering a Merit Promotion Plan that is complaint with the appropriate VA/VHA and negotiated bargaining agreement requirements. Individuals have experience applying OPM, VA, VHA, JCAHO, etc. guidelines in their every day work. Individuals must have experience rating and ranking candidates and have a clear practice of applying Best Qualified criteria. Experience in Title 38 is preferred, but not required. HR Specialist Employee Relations experience utilizing and applying sound employee relations advice and practice to support an organizations mission and goals. Individuals will have experience advising management of the appropriate disciplinary actions that may be taken based on the evidence documented. These actions include but are not limited to disciplinary and major adverse actions. This experience must include working in conjunction with a negotiated bargaining agreement. Individuals will have experience applying OPM, VA, VHA, Comptroller General decisions, Regional Counsel opinions, etc. Individuals in this specialty are familiar with the resources to allow for actions that will be supported by any type of third party review to include MSPB, Grievance Hearing, Disciplinary Appeals Board, etc. HR Specialist Classification experience in applying OPM guidelines for classification of federal white collar and blue collar occupations. Utilizes prescribed OPM guidelines along with those in VA/VHA. Is familiar with precedent setting review decisions and has the ability to advise management appropriately prior to implementation. Participates in and conducts Classification Consistency reviews as identified locally, Network or Nationally. Experience in organizational management/position management is required. Experience in developing and evaluating functional statements and/or scopes of practice for Title 38 and Hybrid Title 38 preferred. Ability to quickly analyze the needs of the organization and provide sound position management and classification advice is required. The Assistant Chief and Supervisory Positions experience must include supervision of HR staff. Although the specialties supervised or applied may vary, experience in recruitment under Title 5, Title 38 and Hybrid Title 38 are required. Mentoring skills are preferred. The ability to identify competency deficeits and policy change requirements is a must. Prefer experience with some form of systems redesign, i.e. TQI, TQM, ACA, etc. to ensure HR program is continuously monitored and reviewed for improvement in providing service to the organization. 52.212-2 EVALUATION--COMMERCIAL ITEMS (JAN 1999) a.The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers: PRICE ; TECHNICAL QUALIFICATIONS AND PAST PERFORMANCE Technical and past performance, when combined, are equal to price. Curriculum Vitae (includes evidence of training and experience relating to Human Resource Management) Copies of licenses, training certificates and/or diplomas References and Professional Experience b.A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award. (End of Provision) G. DAYS AND HOURS OF OPERATION a.The services covered by this contract shall be furnished by the contractor as defined herein. The contractor will not be required, except in cases of emergency to furnish such services on a national holiday or during off duty hours as described below: b.The duty hours for the contractor will be agreed upon between the Human Resources Officer and the incumbent. The following terms have the following meanings: (1)Work Hours: 8: 00 AM - 4: 30 PM (Monday through Friday). FEDERAL HOLIDAYS: The ten (10) holidays observed by the federal government are: New Years Day Martin Luther Kings Birthday President's Birthday Memorial Day Independence Day Labor Day Columbus Day Veterans Day Thanksgiving Day Christmas Day Or any other day specifically declared by the President of the United States to be a national holiday. H. LUNCH PERIODS AND BREAKS The Contractor is required to provide at a minimum one (1) unpaid thirty - minute lunch break. The cost of these breaks should be factored in the contractor's hourly rate. I. OVERTIME Overtime is not anticipated as a result of this award. J. TRAVEL Contractor personnel working under this contract will not be reimbursed for local travel by the Government. K. CLAUSES CONTRACT CLAUSES and/or PROVISIONS: Full Text FAR clauses can be found at: http://www.arnet.gov/far/ FAR Part 52.212-1 Instructions to OfferorsCommercial Items (Jun 2008) FAR Part 52.212-2 Evaluation-Commercial Items (Jan 1999) FAR Part 52-212-3 Offeror Representations and CertificationsCommercial Items. (Jun 2008) FAR Part 52-212-4 Contract terms and conditions - Commercial Items (Oct 2008) FAR Part 52-212-5 Contract terms and conditions required to implement statutes or Executive Orders-Commercial Items (Jan 2009) FAR Part 52.217-9 Option to extend the term of the contract (Mar 2000) FAR Part 52.228-5 Insurance requirements-Work on a Government Installation (Jan 1997) Full Text VAAR clauses can be found at: http://farsite.hill.af.mil/vfvara.htm VAAR 852.237-70 Contractor Responsibilities VAAR Clause 852.273-75 Mandatory VA Security Requirements: Supplemental Agreement: VAAR- 852.273-75 SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES (Interim - October 2008) (a) The contractor and their personnel shall be subject to the same Federal laws, regulations, standards and VA policies as VA personnel, regarding information and information system security. These include, but are not limited to Federal Information Security Management Act (FISMA), Appendix III of 0MB Circular A-130, and guidance and standards, available from the Department of Commerces National Institute of Standards and Technology (NIST). This also includes the use of common security configurations available from NISTs Web site at: http://checklists.nist.gov. (b) To ensure that appropriate security controls are in place, contractors must follow the procedures set forth in VA Information and Information System Security/Privacy Requirements for IT Contracts located at the following Web site: http://wnw.iprmoit.va.gov. (c) These provisions shall apply to all contracts in which VA sensitive information is stored, generated, transmitted, or exchanged by VA, a contractor, subcontractor or a third-party, or on behalf of any of these entities regardless of format or whether it resides on a VA system or contractor/subcontractors electronic information system(s) operating for or on the VAs behalf. (d) Clauses (a) and (b) shall apply to current and future contracts and acquisition vehicles including, but not limited to, job orders, task orders, letter contracts, purchase orders, and modifications. Contracts do not include grants and cooperative agreements covered by 31 U.S.C. 6301 et seq. 2. Certification of Compliance. I certify that all requirements applicable to this contract are in compliance with the stated clause VAAR Clause 852.273-75. Authorized Company Representative Signature 3. Contractors Statement of Release - In consideration of the modification agreed to herein as complete equitable adjustment, the Contractor hereby releases the Government from any and all liability under this contract for further equitable adjustments attributable to this modification. (End of Clause) VA Information and Information System Security/Privacy Requirements for IT Contracts General All contractors and contractor personnel shall be subject to the same Federal laws, regulations, standards and VA policies as VA, and VA personnel, regarding information and information system security. Contractors must follow policies and procedures outlined in VA Directive 6500, Information Security Program and its handbooks to ensure appropriate security controls are in place. Access to VA Information and VA Information Systems A contractor shall request logical (technical) and/or physical access to VA information and VA information systems for employees, subcontractors, and affiliates only to the extent necessary: (1) to perform the services specified in the contract, (2) to perform necessary maintenance functions for electronic storage or transmission media necessary for performance of the contract, and (3) for individuals who first satisfy the same conditions, requirements and restrictions that comparable VA employees must meet in order to have access to the same type of VA information. All contractors and subcontractors working with VA Sensitive Information are subject to the same investigative requirements as those of regular VA appointees or employees who have access to the same types of information. The level of background security investigation will be in accordance with VA Directive 0710, Handbook 0710, which are available at: http://www1.va.gov/vapubs/ and VHA Directive 0710 and implementing Handbook 0710.01 which are available at: http://www1.va.gov/vhapublications/index.cfm. Contractors are responsible for screening their employees. The following are VAs approved policy exceptions for meeting VAs background screenings/investigative requirements for certain types of contractors: Contract personnel not accessing VA information resources such as personnel hired to maintain the medical facility grounds, construction contracts, utility system contractors, etc., Contract personnel with limited and intermittent access to equipment connected to facility networks on which no VA sensitive information is available, including contractors who install, maintain, and repair networked building equipment such as fire alarm; heating, ventilation, and air conditioning equipment; elevator control systems, etc. If equipment to be repaired is located within sensitive areas (e.g. computer room/communications closets) VA IT staff must escort contractors while on site. Contract personnel with limited and intermittent access to equipment connected to facility networks on which limited VA sensitive information may reside, including medical equipment contractors who install, maintain, and repair networked medical equipment such as CT scanners, EKG systems, ICU monitoring, etc. In this case, Veterans Health Administration facilities must have a duly executed VA business associate agreement (BAA) in place with the vendor in accordance with VHA Handbook 1600.01, Business Associates, to assure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to the contract. Contract personnel, if on site, should be escorted by VA IT staff. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. Defense Security Service (DSS) administers the NISP on behalf of the Department of Defense and 23 other federal agencies within the Executive Branch. VA will verify clearance through DSS. VA Information Custodial Requirements Information made available to the contractor by VA for the performance or administration of this contract or information developed by the contractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the contracting officer. This clause expressly limits the contractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d)(1). Information generated by a Contractor as a part of the contractors normal business operations, such as medical records created in the course of providing treatment, is subject to a review by the Office of General Counsel (OGC) to determine if the information is the property of VA and subject to VA policy. If the information is determined by OGC to not be the property of VA, the restrictions required for VA information will not apply. VA information will not be co-mingled with any other data on the contractors/subcontractors information systems/media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. VA also reserves the right to conduct IT resource inspections to ensure data separation and on-site inspection of information destruction/media sanitization procedures to ensure they are in compliance with VA policy requirements. Prior to termination or completion of this contract, contractor will not destroy information received from VA or gathered or created by the contractor in the course of performing this contract without prior written approval by the VA contracting officer. Any data destruction done on behalf of VA by a contractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, and applicable VA Records Control Schedules. The contractor will receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. Applicable Federal information security regulations include all Federal Information Processing Standards (FIPS) and Special Publications (SP) issued by the National Institute of Standards and Technology (NIST). If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies, including FIPS or SP, in this contract. Contractors collecting, storing, or disseminating personal identifiable information (PII) or protected health information (PHI) data must conform to all pertinent regulations, laws, and VA directives related to privacy. Contractors must provide access for VA privacy reviews and assessments and provide appropriate documentation as directed. The contractor shall not make copies of VA information except as necessary to perform the terms of the agreement or to preserve electronic information stored on contractor electronic storage media for restoration in case any electronic equipment or data used by the contractor needs to be restored to an operating state. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. If a VHA contract is terminated for cause, the associated business associate agreement (BAA) will also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01 Business Associates. Contractor will store, transport or transmit VA sensitive information in an encrypted form, using a VA-approved encryption application that meets the requirements of NISTs FIPS 140-2 standard. The contractors firewall and Web services security controls, if applicable, shall meet or exceed VAs minimum requirements. VA directives are available on the VA directives Web site at http://www1.va.gov/vapubs/. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VAs prior written approval. The contractor will refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor shall not release medical quality assurance records protected by 38 U.S.C. 5705 or records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus protected under 38 U.S.C. 7332 under any circumstances, including in response to a court order, and shall immediately refer such court orders or other inquiries to the VA contracting officer for response. The contractor will not use technologies banned in VA in meeting the requirements of the contract (e.g., Bluetooth enabled devices). Information System Design and Development Information systems that are designed or developed for or on behalf of VA at non-VA facilities shall comply with all VA policies developed in accordance with Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), NIST, and related VA security and privacy control requirements for Federal information systems. This includes standards for the protection of electronic PHI, outlined in 45 C.F.R. Part 164, Subpart C, information and system security categorization level designations in accordance with FIPS 199 and FIPS 200 with implementation of all baseline security controls commensurate with the FIPS 199 system security categorization (reference Appendix D of VA Handbook 6500, VA Information Security Program). During the development cycle a privacy impact assessment will be completed, provided to the COTR, and approved by the VA Privacy Service in accordance with VA Privacy Impact Assessment Handbook 6500.3. The security controls must be designed, developed, approved by VA, and implemented in accordance with the provisions of VA security system development life cycle as outlined in NIST Special Publication 800-37 and VA Handbook 6500. The contractor will be required to design, develop, or operate a System of Records on individuals to accomplish an agency function subject to the Privacy Act of 1974, (as amended), Public Law 93-579, December 31, 1974 (5 U.S.C.552a) and applicable agency regulations. Violation of the Privacy Act may involve the imposition of criminal and civil penalties. The contractor agrees to - (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies -- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and, (3) Include this Privacy Act clause, including this subparagraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the contractor is considered to be an employee of the agency. (1) Operation of a system of records means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and contains the persons name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint, or a photograph. (3) System of records on individuals means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Information System Hosting, Operation, Maintenance or Use For information systems that are hosted, operated, maintained, or used on behalf of VA at non-VA facilities, contractors are fully responsible and accountable for ensuring compliance with all HIPAA, Privacy Act, FISMA, NIST, FIPS, and VA security and privacy directives and handbooks. The contractor security control procedures must be identical, not equivalent, to those procedures used to secure VA systems. A privacy impact assessment (PIA) must also be provided to the COTR and approved by VA Privacy Service prior to operational approval. All external Internet connections involving VA information must be reviewed and approved by VA prior to implementation. Adequate security controls for collecting, processing, transmitting, and storing of personally identifiable information, as determined by the VA Privacy Service, must be in place, tested, and approved by VA prior to hosting, operation, maintenance, or use of the information system, or systems by or on behalf of VA. These security controls need to be stated within the PIA and supported by a risk assessment. If these controls are determined not to be in place, or inadequate, a Plan of Action and Milestones (POA&M) must be submitted and approved prior to the collection of PII. Outsourcing (contractor facility/contractor equipment/contractor staff) of systems or network operations, telecommunications services, or other managed services requires certification and accreditation (C&A) of the contractors systems in accordance with NIST Special Publication 800-37 and VA Handbook 6500 and a privacy impact assessment of the contractors systems prior to operation of the systems. Government-owned (government facility/government equipment) contractor-operated systems, third party or business partner networks require a system interconnection agreement and a memorandum of understanding (MOU) which detail what data types will be shared, who will have access, and the appropriate level of security controls for all systems connected to VA networks. The contractor must adhere to all FISMA, FIPS, and NIST standards related to the annual FISMA security controls assessment and review and update the PIA. Any deficiencies noted during this assessment must be provided to the VA contracting officer and the information security officer (ISO) for entry into VAs Plan of Action and Milestone (POA&M) management process. The contractor will use VAs POA&M process to document planned remedial actions to address any deficiencies in information security policies, procedures, and practices, and the completion of those activities. Security deficiencies must be corrected within the timeframes approved by the Government. Contractor procedures will be subject to periodic, unannounced assessments by VA officials. The physical security aspects associated with contractor activities will also be subject to such assessments. As updates to the system occur, an updated PIA must be submitted to the VA Privacy Service through the COTR for approval. All electronic storage media used on non-VA leased or owned IT equipment that is used to store, process, or access VA sensitive information must have all VA sensitive information removed, cleared, sanitized, or destroyed in accordance with VA policies and procedures upon: (1) completion or termination of the contract or (2) disposal or return of the IT equipment by the contractor or any person acting on behalf of the contractor, whichever is earlier. Security Incident Investigation The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor shall immediately notify the Contracting Officer Technical Representative (COTR) and simultaneously, the designated ISO/Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor has access. To the extent known by the contractor, the contractors notice to VA will identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information/assets were placed at risk or compromised), and any other information that the contractor considers relevant. The contractor will simultaneously report the incident to the appropriate law enforcement entity(ies) of jurisdiction, including the VA Offices of the Inspector General and Security and Law Enforcement, in instances of theft or break-in or other criminal activity. The contractor, its employees, and its subcontractors and their employees will cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor will cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. To the extent practicable, the contractor shall mitigate any harmful effects on individuals whose VA information was accessed or disclosed in a security incident. In the event of a data breach with respect to any VA Sensitive Information processed or maintained by the contractor or subcontractor under the contract, the contractor is responsible for liquidated damages to be paid to VA. Security Controls Compliance Testing On a periodic basis, VA, including the Office of Inspector General, reserves the right to evaluate any or all of the security controls and privacy practices implemented by the contractor under the clauses contained within the contract. With 10 working-days notice, at the request of the Government, the contractor will fully cooperate and assist in a Government-sponsored security controls assessment at each location wherein VA information is processed or stored, or information systems are developed, operated, maintained, or used on behalf of VA, including those initiated by the Office of Inspector General. The Government may conduct a security control assessment on shorter notice (to include unannounced assessments) determined by VA in the event of a security incident or at any other time. Training All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA networks: (1)Sign and acknowledge understanding of and responsibilities for compliance with the attached National Rules of Behavior relating to access to VA information and information systems; (2)Successfully complete VA Cyber Security Awareness training and annual refresher training as required; (3)Successfully complete VA General Privacy training and annual refresher training as required; and (4)Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer a copy of the training certificates for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. These online courses are located at the following web site: https://www.ees-learning.net/. Failure to complete this mandatory training within the timeframe required will be grounds for suspension or termination of all physical and/or electronic access privileges and removal from work on the contract until such time as the training is completed. Electronic Payment(s) The Contractor shall include EFT banking information on the invoice only if required elsewhere in this contract. If EFT banking information is not required to be on the invoice, in order for the invoice to be a proper invoice, the Contractor shall have submitted correct EFT banking information in accordance with the applicable solicitation provision, contract clause (e.g., 52.232-33, Payment by Electronic Funds Transfer-- Central Contractor Registration, or 52.232-34, Payment by Electronic Funds Transfer--Other Than Central Contractor Registration), or applicable agency procedures. EFT banking information is not required if the Government waived the requirement to pay by EFT. Invoices will be handled in accordance with the Prompt Payment Act (31 U.S.C. 3903) and Office of Management and Budget (OMB) prompt payment regulations at 5 CFR part 1315. ELECTRONIC INVOICE SUBMISSION To improve the timeliness of payments and lower overall administrative costs, VA strongly encourages contractors to submit invoices using its electronic invoicing system. At present, electronic submission is voluntary and any nominal registration fees will be the responsibility of the contractor. VA intends to mandate electronic invoice submission, subject to completion of the federal rulemaking process. At present, VA is using a 3rd party agent to contact contractors regarding this service. In the meantime, contractors interested in registering for the electronic system should contact the VA's Financial Services Center at http://www.fsc.va.gov/einvoice.asp GOVERNMENT INVOICE ADDRESS: All invoices from the contractor shall be mailed to the following address: Department of Veterans Affairs Fiscal Services (04) 3400 Lebanon Pike Murfreesboro TN 37129 Contracting Office Address: Department of Veterans Affairs; Tennessee Valley Health Care System 90C 1639 Medical Center Parkway, Suite 400, Murfreesboro, TN 37129 Point of Contact(s): Roy Rossignol, Contracting Specialist Phone: (615) 225-6877 Fax: (615) 849-3450 Email: roy.rossignol@va.gov Contracting Officer Linda Dickey Phone: (615) 225- 3417 Fax: (615) 225-4651 Email: linda.dickey@va.gov
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=1682fb0f3a3ffb6848319b2c73785ee3&tab=core&_cview=1)
 
Place of Performance
Address: 1030 Jefferson Ave;Memphis, Tennessee<br />
Zip Code: 38104<br />
 
Record
SN01784282-W 20090404/090402220939-1682fb0f3a3ffb6848319b2c73785ee3 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.