Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 13, 2011 FBO #3549
SOLICITATION NOTICE

R -- National Oceanographic Data Center’s Library and Information Services Division (LISD) Services

Notice Date
8/11/2011
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
541513 — Computer Facilities Management Services
 
Contracting Office
Department of Commerce, National Oceanic and Atmospheric Administration (NOAA), Acquisition and Grants Office, SSMC4 - Room 7601/OFA61, 1305 East West Highway, 7th Floor, Silver Spring, Maryland, 20910
 
ZIP Code
20910
 
Solicitation Number
EE133E-11-RQ-0956
 
Archive Date
9/10/2011
 
Point of Contact
Joel L. Perlroth, Phone: (301) 713-9204 x143
 
E-Mail Address
joel.l.perlroth@noaa.gov
(joel.l.perlroth@noaa.gov)
 
Small Business Set-Aside
N/A
 
Description
THIS IS A COMBINED SYNOPSIS/SOLICITATION FOR COMMERCIAL ITEMS PREPARED IN ACCORDANCE WITH THE FORMAT IN FAR SUBPART 12.6, AS SUPPLEMENTED WITH ADDITIONAL INFORMATION INCLUDED IN THIS NOTICE. THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION; QUOTES ARE BEING REQUESTED AND A WRITTEN SOLICITATION WILL NOT BE ISSUED. The Request for Quotation (RFQ) number is EE133E-11-RQ-0956. The solicitation document and incorporated provisions and clauses are those in effect through the Federal Acquisition Circular 2005-53. The FSC for this is R605 and the North American Industry Classification System (NAICS) code is 541513, small business standard is $25M or below. The requirement is for a firm fixed price with a 12-month base period and one additional 12-month option period to support the National Oceanographic Data Center's Library and Information Services Division (LISD) seeks to establish a firm fixed price contract to migrate its existing integrated library system from LISD-maintained servers to a Contractor- hosted server environment. Background The Library and Information Services Division (LISD) acquired two integrated library systems from Sirsi Corp. (since renamed SirsiDynix Corp.) in 1996. One system is maintained in Silver Spring, MD, and the other in Seattle, WA. The system maintained in Silver Spring provides an online catalog for items held by 28 NOAA libraries for NOAA staff and the public, and includes specialized tools to inventory and manage the metadata and associated print and digital items. The system maintained in Seattle provides a catalog for NOAA Seattle libraries but serves primarily as a system for testing applications within the integrated library system environment before implementing on the full NOAA system maintained in Silver Spring. LISD has acquired maintenance of these systems from the Contractor, SirsiDynix Corp., on an annual basis since this initial purchase. The information contained in this catalog has been evaluated according the Federal Information Processing Standards "Standards for Security Categorization of Federal Information and Information Systems" (FIPS Publication 199). The potential impact to the organization is "Low" with respect to Confidentiality, Integrity, and Availability. Since acquiring these systems in 1996, the LISD has also contracted separately for system administration services to maintain the servers and to perform upgrades to the Symphony system as well as backups and associated tasks. Description of Services Required The Contractor shall migrate the current Silver Spring catalog to a logical environment maintained by the Contractor at a location in accordance with Federal standards. Additionally, the Contractor shall migrate the Seattle catalog from its current server to a logical test environment maintained by the Contractor at a location in accordance with Federal standards. User Interface For both the operational and test environments the Contractor shall provide to end-users a web-accessible graphical user interface (GUI) that allows searches based upon one or more of the following criteria: - Keyword or Phrase - Author - Title - Subject - Series Title - Journal Title - Library Location - Item Type - Year of Publication The GUI shall report all of the entries matching the search criteria, and provide detailed information for each entry which includes, but is not limited to: - Author or Creator - Title - Publisher - Location information - Subject Area - Summary (if available) - Year of Publication For both the operational and test environments, the Contractor shall also provide a separate GUI for NOAA Library staff which allows them to modify, update, and add catalog entries and perform ancillary functions such as check-out and check-in of materials, receipt of items, quality control checking of bibliographic records, and reports of activities. This application shall enforce access restrictions consistent with the applicable federal laws, rules, regulations, and policies. For both the operational and test environment,, the Contractor will provide a means for the Bibliographic Database Manager or other library staff position designated by the Chief of the LISD to manage and control individual librarian accounts. The GUI will also allow the Bibliographic Database Manager or designee to make configuration changes to the system to adjust the display of the web interface and the display and indexing of output from the catalog. These GUI applications will be developed in accordance with a documented software development life cycle process. Software will be patched to mitigate any known vulnerabilities and updates will be provided as they become available. Hosted Environment Upon initiation of the contract, the NOAA Library will provide the current database of the Library's Information System in MARC format. The Contractor will collect this data and perform any work necessary to migrate the database to the hosted environment. The Contractor shall maintain the logical Library Information systems in accordance with availability requirements consistent with the FIPS-199 categorization of Low. • Maintenance, handling, storage, and distribution of Library Information system data must conform to applicable Federal laws, rules, regulations and policies. • The Contractor must have the capacity to handle the expected high volume of requests for Library catalog information as well as provide quality customer service to inquiries from Library staff members, including telephone, fax, and e-mail inquiries. The Contractor shall respond to all Inquiries within a reasonable time frame. The Contractor shall develop processes and systems to protect the Library-supplied data from unauthorized disclosures, thefts, manipulation, or dissemination, in accordance with federal security requirements. The Contractor will record any breech of data and supply a record of the events. The Contractor may develop any type of system and process to meet this standard, but the process and system must accomplish the requirements of the NOAA/NESDIS Library systems, as well as adhere to all applicable rules, laws, policies and requirements outlined in this SOW. The Contractor will ensure that PII exposures are reported to the Library's Contract Officer Representative (COR) immediately upon discovery, regardless of the completeness of the exposure event information. In the event of an exposure, the Contractor will assist the NOAA Library in providing notification to any applicable government agencies and individuals regarding the exposure in accordance with applicable Federal and State law. The Contractor will be responsible for obtaining and maintaining adequate Internet services. The Contractor shall provide all needed upgrades, system maintenance, backups, and physical and logical security controls according to the minimum requirements specified below. The Contractor shall furnish all facilities, materials, equipment, and services necessary to fulfill the requirements of this task not expressly stated as government-furnished. The information technology infrastructure should be equipped with hardware and software that can handle the operational, technical, security and privacy requirements documented with this statement of work. This includes, but is not limited to adherence of the following: a. encryption of sensitive data(*) in transit and data at rest, in the context of this contract, sensitive data includes, but is not limited to: librarian account information & passwords, administrator account information & passwords, access records, and any other information associated with this system or it's environment that is not a part of the Library's catalog. b. audit and monitor identification, authentication and access to sensitive data, c. boundary protection and sensitive data isolation from public access or access channels through shared resources i.e. peer to peer networks, instant messaging, internet, intranet and extranet, d. regular checks of the integrity of the data contained in the Library Information system. The contractor shall comply with the IT Security requirements of the Department of Commerce as outlined in Commerce Acquisition Regulation (CAR) 1352.239-72, Security Requirements For Information Technology Resources (April 2010), including development of a Security Accreditation Package as required by CAR 1352.239-72, section (i). In addition, personnel shall be screened in accordance with the requirements for High Risk contracts as specified by CAM 1337.70 section 2.2; specifically, in accordance with CAR 1352.237-70, Security Processing Requirements-High or Moderate Risk Contracts (April 2010). Any access by contract personnel who are Foreign Nationals shall be in accordance with the requirements of CAR 1352.237-73, Foreign National Visitor and Guest Access to Departmental Resources (APR 2010). The Contractor will permit Library IT Security Staff to conduct periodic reviews of the managerial, technical, and operational controls to validate the security posture and determine whether or not Contractor meets Federal standards. Contractor shall cooperate with the review and provide any pertinent information requested by Library. The Library and Information Services Division may recommend corrective action to be taken for any items found in non-compliance. Contractor will implement any recommendations made by the Library resulting from each review. For both the operational environment and the test environment, the Contractor shall specifically provide the following: a. A complete hosting environment in the U.S. on a system that has acquired, or will acquire before migration of the library system, the Authority to Operate under a Federal Certification and Accreditation framework, including all server resources required to operate the system effectively. b. The Contractor will also provide all future server capacity without future additional cost. If more performance is required based on usage or enhancements to the system, servers will be upgraded or replaced. c. Daily backups stored and verified in a manner consistent with appropriate Federal regulations. The Contractor will have established contingency procedures to be initiated in the event of a disaster. Backups are stored offsite and can be used to rebuild the catalog if the hosted system is damaged or destroyed. d. Systems management and monitoring on a proactive basis with notification to LISD of performance, free disk space, free memory, network errors, or degradation, and replacement of components before failure and interruption to service. e. Monitoring of systems for security and regular patches to the latest OS security and stability releases. f. The server will have logical and physical security controls which meet or exceed the Federal requirements for "Low" impact data. i. The service provider will continue to monitor these controls on an ongoing basis and will take appropriate steps to remedy any shortcomings in a timely manner. ii. 24 x 7 support to maintain the system in an operating status Service outages and interruptions will be resolved within 24 hours. iii. The contents of the card catalog may only be modified by LISD staff under the direction of the Bibliographic Database Manager or other library staff position designated by the Chief of the LISD. iv. In the event of any ongoing service problems or any serious security incidents which affect the service or the integrity of the data will be reported to the customer immediately. v. System upgrades performed as new versions become available and scheduled in consultation with LISD staff. In addition, the following practices shall be applicable to the work performed: • Security functional requirements/specifications. Developers shall build specific security controls-as specified by the Government and based on the recommendations of the most recent revision of NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations -into the system/component at the level required by the system's FIPS 199 security categorization as determined by the Government to be low. o System components shall permit updating security controls as new threats/vulnerabilities are identified and as new technologies are implemented. • Developmental and evaluation-related assurance requirements. Developers shall follow security engineering principles (including secure coding practices and code review for software development) consistent with NIST SP 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), to follow a configuration management process in accordance with NIST SP 800-128, DRAFT Guide for Security Configuration Management of Information Systems, and to perform security testing and evaluation before delivery to the government, specifically, developer/contractors shall: o Create and implement a Configuration Management Plan; o Create and implement a security test and evaluation plan; o Implement a verifiable flaw remediation process to correct weaknesses and deficiencies identified during the security testing and evaluation process; and o Document the results of the security testing/evaluation and flaw remediation processes in a Security Test and Evaluation Plan, Requirement, Objectives, and Results Report. • Use of Tested, Evaluated, and Validated Products: Developers shall, to the extent technically possible, incorporate products that have been tested, evaluated, and validated by the government. NIST SP 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products, provides guidance on the acquisition and use of tested/evaluated information technology products. NIST SP 800-36, Guide to Selecting Information Technology Security Products, provides guidance on the selection of information security products. • Security-related documentation requirements. Developers shall provide the government with adequate documentation of the system/component developed, to include a narrative description of the system operating environment, architecture (including diagrams and hardware/software inventories), and user/operator manuals. The documentation shall address user and systems administrator guidance and information regarding the implementation of the security controls in the information system. The documentation shall include, but is not limited to: o Contractor supplied documentation of software; o Supporting narratives as required by the government to prepare a comprehensive system security plan; o Standard operating procedures; o Emergency procedures; o User rules/procedures o User and Administrator manuals; and o Backup procedures. Within 45 days of contract award, the Contractor shall deliver the documentation in an IT System Security Plan (SSP) in the format mandated by NOAA. The Library will provide the Contractor with the applicable sections of the most current NOAA SSP template. The Contractor must conduct a review of security controls in accordance with an appropriate FISMA framework annually. At the time of the end of the contract, all data provided by the Library must be removed and deleted from the Contractor's systems, electronically or otherwise. The data will be returned to NOAA in an approved format. Contractor must provide proof of data sanitization of media. The Government will evaluate offers using the criteria listed below. The Contractor shall provide sufficient detail for these criteria to allow the Government to evaluate offers. Technical: The Graphical User Interface (GUI) for end-users shall feature: The Offeror shall present • A simple search function that has configurable indexes that allow users to search on keyword(s) located within the metadata. Ease of configuration and capability to add any desired field to the index is desired. • Advanced search that has configurable indexes that allow users to search on any combination of author/creator, title, journal title, subject area, publication year, Library location, or item type. Ease of configuration and capability to add or remove fields from indexes is desired. • Display at a minimum the following fields within the metadata record: author/creator, title, publication info including year, summary, library location, and subject area. Capability to add or remove fields from display is desired. Proposal includes information that demonstrates extensive knowledge. Technical: The Graphical User Interface (GUI) for library staff shall feature capability to: The Offeror shall present • Add, modify, and delete bibliographic records, including automated checking of fields subject to authority control • Maintain circulation/inventory records via simple check-in and check-out functions • Obtain simple reports of activities for a given time period Proposal shows an understanding and methodology in completing the requirements. Technical: The operational and test environments shall feature: The Offeror shall address • The means to allow a designated library staff member (Bibliographic Database Manager or designee) serve as a system manager to configure the web interface, alter display results for both the web and staff interfaces, and limit functionality based upon user login. • Information technology infrastructure with hardware and software that can handle the operational, technical, security and privacy requirements documented within the statement of work. Proposal demonstrates an effective staffing approach (e.g., hiring, training, transition and retention) and the ability to provide qualified personnel (i.e., Specific certifications) to support the PWS requirements. Past Performance: Past Performance The Offeror shall provide: • Past performance on other migration projects with the federal government that shows capability to handle Library information, maintain data integrity, and prevent loss, theft, or accidental viewing or release of sensitive data. The Contractor may also provide past performance from other contracts or operations that are similar in nature to display competence. • Adequate knowledge of the specific needs and demands of the Library marketplace that would influence the development and deployment of an operational environment to meet the requirements of this solicitation. Proposal demonstrates vendor's corporate experience and qualifications. The vendor's past performance will be evaluated based on the information received from references, and any past performance questionnaires or information which may be obtained by the Government from sources other than those identified by the respondent, including the Contractor Performance System (CPARS) Vendors that do not have past performance will not be evaluated favorably or unfavorably, but will be rated as "neutral". Price Each of the evaluation criteria of the RFQ are of equal importance. The price is less important than the Technical Evaluation Factors and is not weighted. The degree of importance of cost will increase with the degree of equality of the proposals in relation to the other factors on which selection will be based. The price evaluation will assess cost/price. Under the cost/price factor, the price proposal will be evaluated (price analysis) to determine price reasonableness. THE FOLLOWING PROVISIONS AND CLAUSES APPLY TO THIS ACTION FAR 52.212-1, Instructions to Offerors-Commercial Items applies to this acquisition. FAR 52.212-2 Evaluation - Commercial Items FAR 52.212-3, Offeror Representations and Certifications - Commercial Items FAR 52.212-4, Contract Terms and Conditions - Commercial Items FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders - Commercial Items applies to this acquisition. The following clauses under subparagraph (b) apply; (1, 2. 3, 5, 7, 17, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 37, 46, 52, and 57) FAR 52.217-9 Evaluation of Options FAR 52.252-1 Solicitation Provisions Incorporated by Reference FAR 52.252-2 Clauses Incorporated by Reference CAR 1352.201-70 Contracting Officer's Authority CAR 1352.201-72 Contracting Office's Representative CAR 1352.208-70 Restrictions on Printing and Duplicating CAR 1352.209-73 Compliance with the Laws CAR 1352.209-74 Organizational Conflict of Interest CAR 1352.270-70 Period of Performance CAR 1352.237-70, Security Processing Requirements-High or Moderate Risk Contracts (April 2010). CAR 1352.239-72, Security Requirements For Information Technology Resources (April 2010), CAR 1352.237-73, Foreign National Visitor and Guest Access to Departmental Resources (APR 2010).
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NOAA/AGAMD/EE133E-11-RQ-0956/listing.html)
 
Place of Performance
Address: Silver Spring, MD, Seatle, WA, United States
 
Record
SN02531313-W 20110813/110812000201-8a9ab418f5b264cb128a2aa505f0ee45 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.