Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JUNE 29, 2012 FBO #3870
MODIFICATION

R -- NLM Ethics Program Support - Amendment #2 Revised Version of Responses to Vendor Inquiries

Notice Date
6/27/2012
 
Notice Type
Modification/Amendment
 
NAICS
541611 — Administrative Management and General Management Consulting Services
 
Contracting Office
Department of Health and Human Services, National Institutes of Health, National Library of Medicine, 6707 Democracy Blvd., Suite 105, Bethesda, Maryland, 20894, United States
 
ZIP Code
20894
 
Solicitation Number
RFQ-NLM-2012-365-SRE
 
Archive Date
7/14/2012
 
Point of Contact
Sheila R. Edmonds, Phone: 301-496-6546, Anthony M. Best, Phone: 301-496-6546
 
E-Mail Address
sheila.edmonds@nih.gov, besta@mail.nih.gov
(sheila.edmonds@nih.gov, besta@mail.nih.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
Amendment #2: Revised Version of Responses to Vendor Inquiries AMENDMENT #2: This amendment is to attach a revised version of Responses to Vendor Inquiries in response to Q2 to reflect that this is a follow-on requirement. AMENDMENT #1: 1) Changed small business size standard from $7.0 million to $14.0 million 2) Attached Response to Vendor Inquiries This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. This solicitation is being issued as Request for Quotations (RFQ) NLM-2012-365/SRE. The resultant order will be a firm-fixed price purchase order. In accordance with FAR Parts 12 and 13, the National Institutes of Health (NIH) National Library of Medicine (NLM) intends to procure professional services to provide technical and operational support to the NLM Ethics Office staff in its implementation of the NIH Ethics program requirements and the provision of timely and efficient ethics services to management and employees. This acquisition is a 100% total small business set aside. The North American Industry Classification System (NAICS) Code is 541611-Administrative Management and General Management Consulting Services with a small business size standard of $14.0 million. 1.0 Background The National Library of Medicine (NLM) Ethics Office within the Executive Office is responsible for management of the NLM Ethics Program. The NLM Ethics Office is charged with providing technical advice, support, guidance, and resources to the Library=s programs to implement the ethics policies, procedures and guidance promulgated by the National Institutes of Health (NIH) Ethics Program. This requires appropriate resources and staff with extensive knowledge of and expertise in the interpretation and application of Federal ethics statutes, Standards of Ethical Conduct for Employees of the Executive Branch regulations, HHS Supplemental Standards of Conduct regulations, and NIH ethics regulations and policies and the ability to translate that knowledge into useable resources for the NLM community. 2.0 Objective The objective of this requirement is to provide technical and operational support to the NLM Ethics Office staff in its implementation of the NIH Ethics program requirements and the provision of timely and efficient ethics services to management and employees. 3.0 Scope The work requirement covers all areas of the NLM Ethics program including data management via the use of the current NIH Ethics Enterprise System (NEES) and the Ethics Management Information System (EMIS), and the evaluation of program implementation. Due to additional responsibilities, time constraints, and other workload requirements, the following services and products are required to support, maintain, and enhance the ability of the NLM ethics staff to provide ethics services to the NLM community. 4.0 Contractor Tasks Independently, and not as an agent of the Government, the Contractor shall furnish all necessary services, qualified personnel, materials, equipment, and facilities, not other¬wise provided by the Government, to perform task assignments at the direction of the Contracting Officer's Representative (COR) in the following Task Areas. All work shall be monitored and technically co¬ordinated by the Contracting Officer's Representative (COR). 4.1 Task Area 1: Program Evaluation In preparation for an external program review, the Contractor shall conduct a thorough internal review of the ethics program procedures, actions, and files for the purpose of evaluating compliance with applicable laws and regulations, and established NIH Ethics Office and HHS ethics policies and procedures as well as evaluating the use of the NEES system in the action review process. The review includes a technical evaluation of processes as well as an evaluation of analyses, reviews, recommendations, and decisions made by the NLM ethics staff on a variety of ethics actions. This evaluation will involve the review of physical files and electronic documents. The Contractor shall conduct the review and provide a written report of findings. The review will require approximately 40 hours. 4.2 Task Area 2: Program Activities The NLM Ethics Office needs additional assistance during periods of high work load levels or difficult situations. For example, the NLM Ethics Coordinator may need assistance with a Contractor to review financial disclosure reports and outside activities, the development of written procedures, assistance with technical review of other ethics documents, review and preparation of responses to the Department and/or Congress, or conduct research for responses to ethics questions posed by management or employees. The Contractor shall provide assistance in the preparation of general ethics guidance when needed and in the technical review of ethics documents. In addition, the Contractor shall develop training aids and participate in employee training sessions as needed. This requires a vendor with substantive knowledge of and demonstrated expertise in interpreting and applying Federal government ethics statutes, the Standards of Ethical Conduct regulations, HHS Supplemental Standards of Conduct regulations and ethics policies; ability to provide succinct, thorough, and correct advice; and time to work on special projects as they arise. This portion will be on an as needed basis but will require approximately 40 hours. 4.3 Task Area 3: Data Management Support (EMIS & NEES) The NIH Ethics Office requires that all data regarding ethics documents be entered in the EMIS system on an on-going regular basis. It is a high priority to maintain NLM's data in the EMIS database and enter new data as appropriate and consistent with current system requirements. The project requires a Contractor knowledgeable in both ethics requirements and IT terminology and expertise in utilizing the system in order to quickly populate the database in an efficient and accurate manner. The Contractor shall be responsible for performing technical review of data, identifying and entering needed data into the system, reviewing data to ensure that correct information is entered, and working with NLM users to enhance their ability to use EMIS. As NIH continues to roll out new applications on the NEES system, the Contractor may assist with new requirements of this particular system. This portion may take approximately 20 hours. 5.0 Period of Performance The period of performance shall be twelve (12) months from the Date of Award with four (4) additional 12-month option year periods. 6.0 Deliverables/Delivery Schedule Deliverable SOW Provision Due Date Task Area 1: Program Evaluation - 4.1 As assigned by the COTR Task Area 2: Program Activities - 4.2 As assigned by the COTR Task Area 3: Data Management Support (EMIS & NEES) - 4.3 As assigned by the COTR 7.0 Security/Confidentiality The Contractor will be required to maintain security and confidentiality of all Government information. 8.0 Government Furnished Equipment/Government Furnished Information: The Government will provide: *access to the web server containing the site(s) to be maintained (user name, VPN account); *ongoing project review to assure compliance; *appropriate information needed for new projects; and *timely follow up and feedback for submitted projects. 9.0 Other Pertinent Information or Special Considerations: It is expected that most of the work can and will be done remotely, e.g., not at the NLM, with the exception of the physical review of files which will be done on site. Travel to the NLM office will be required on occasion. NLM will pay reasonable travel expenses (for non-local vendor, includes air fare, per diem, local transportation). 10.0 Evaluation Factors and Criteria Technical factors are of paramount consideration in the award of the purchase order; however, price is also important to the overall award decision. All evaluation factors other than price, when combined, are significantly more important than price. The Government can make tradeoffs among price and technical factors in determining which Quoter offers the best value by awarding to other than the lowest price Quoter or other than the highest technically rated Quoter. Quoters are advised that award will be made to that Quoter whose quote provides the best overall value to the Government. Technical Evaluation Criteria: In determining which quote represents the best value and results in the lowest overall price alternative (considering price, special features, administrative costs, etc.) to meet the Government's needs, the Government shall evaluate quotes using the following technical evaluation criteria, which are listed in the order of relative importance with weights assigned for evaluation purposes: A. Technical Merit (40 Points) - quality and clarity of approach to accomplish the objectives of this statement of work. Evidence of ability to accomplish the specific tasks described. • Quality and clarity of the methodological approach involved in coordinating overall project • General approach associated with planning and executing the program review • Expert knowledge of and substantive experience interpreting and applying Federal ethics statutes, the Standards of Ethical Conduct for Employees of the Executive Branch regulations, and the Supplemental Standards of Ethical Conduct for Employees of DHHS and a demonstrated knowledge of NIH ethics regulations. • Substantial experience in writing policies and procedures; developing training materials and conducting training; and researching and preparing draft version of written ethics advice • Expertise in the review of financial disclosure documents • Knowledge and substantial experience maintaining manual and electronic ethics program records, and in database management B. Personnel Merit (30 points) • Qualifications and relevant experience in the work to be performed, and evidence of relevant past work • A track record in conducting program reviews/evaluations dealing with Federal ethics programs • Demonstrated experience developing and conducting training courses of a technical nature, particularly in ethics topics • Demonstrated expertise and experience in developing written guidance, policies, or advice in a variety of ethics topics • Resumes should be included that documents previous pertinent experience and references C. Past Performance (30 points) • The Government will evaluate the offeror's past performance based on information obtained from references provided by the offeror, other relevant past performance information obtained from other sources known to the Government, and any information supplied by the offeror concerning problems encountered on the identified contracts and corrective action taken. The Government will look to evaluate how the offeror has completed similar tasks. The Government will examine the offeror's track record on developing ethics guidance and training materials. The Government will examine the offeror's demonstrated experience interpreting and applying Federal ethics statutes, the Standards of Ethical Conduct for Employees of the Executive Branch regulations, and the Supplemental Standards of Ethical Conduct for Employees of DHHS and the offeror's demonstrated knowledge of NIH ethics regulations. • The Government will assess the relative risks associated with each offeror. Performance risks are those associated with an offeror's likelihood of success in performing the acquisition requirement as indicated by that offeror's record of past performance. • The Government will consider the currency and relevance of the information, source of the information, context of the data, and general trends in the offeror's performance. 11.0 ARTICLE H-NIH INFORMATION AND PHYSICAL ACCESS SECURITY This acquisition requires the Contractor to: [X] develop, have the ability to access, or host and/or maintain Federal information and/or Federal information system(s). [X] access, or use, Personally Identifiable Information (PII), including instances of remote access to or physical removal of such information beyond agency premises or control. [ ] have regular or prolonged physical access to a "Federally-controlled facility," as defined in FAR Subpart 2.1. The Contractor and all subcontractors performing under this acquisition shall comply with the following requirements: 1. Information Type [X] Administrative, Management and Support Information: The Contractor will provide technical and operational support to the NLM Ethics Office staff in its implementation of the NIH Ethics program requirements and the provision of timely and efficient ethics services to management and employees. [ ] Mission Based Information: ______________________________ ______________________________ ______________________________ 2. Security Categories and Levels Confidentiality Level: [ ] Low [ X ] Moderate [ ] High Integrity Level: [ ] Low [ X ] Moderate [ ] High Availability Level: [ ] Low [ X ] Moderate [ ] High Overall Level: [ ] Low [ X ] Moderate [ ] High 3. Position Sensitivity Designations The following sensitivity level(s), clearance type(s), and investigation requirements apply to this contract: [ ] Level 6: Public Trust - High Risk. Contractor/subcontractor employees assigned to Level 6 positions shall undergo a Suitability Determination and Background Investigation (BI). [ X] Level 5: Public Trust - Moderate Risk. Contractor/subcontractor employees assigned to Level 5 positions with no previous investigation and approval shall undergo a Suitability Determination and a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non-Sensitive Contractor/subcontractor employees assigned to Level 1 positions shall undergo a Suitability Determination and National Agency Check and Inquiry Investigation (NACI). The Contractor shall submit a roster by name, position, e-mail address, phone number and responsibility, of all staff (including subcontractor staff) working under this acquisition where the Contractor will develop, have the ability to access, or host and/or maintain a federal information system(s). The roster shall be submitted to the Project Officer, with a copy to the Contracting Officer, within 14 calendar days of the effective date of this contract. Any revisions to the roster as a result of staffing changes shall be submitted within 15 calendar days of the change. The Contracting Officer will notify the Contractor of the appropriate level of investigation required for each staff member. An electronic template, "Roster of Employees Requiring Suitability Investigations," is available for contractor use at http://ocio.nih.gov/docs/public/Suitability-roster.xls. Suitability Investigations are required for contractors who will need access to NIH information systems and/or to NIH physical space. However, contractors who do not need access to NIH physical space will not need an NIH ID Badge. Each contract employee needing a suitability investigation will be contacted via email by the NIH Office of Personnel Security and Access Control (DPSAC) within 30 days. The DPSAC email message will contain instructions regarding fingerprinting as well as links to the electronic forms contract employees must complete. Additional information can be found at the following website: http://idbadge.nih.gov/background/index.asp. All contractor and subcontractor employees shall comply with the conditions established for their designated position sensitivity level prior to performing any work under this contract. Contractors may begin work after the fingerprint check has been completed. 4. Information Security Training a. Mandatory Training All employees having access to (1) Federal information or a Federal information system or (2) personally identifiable information, shall complete the NIH Information Security Awareness Training course at http://irtsectraining.nih.gov/ before performing any work under this contract. Thereafter, employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement. b. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance at: Secure One HHS Memorandum on Role-Based Training Requirement" For additional information see the following: http://ocio.nih.gov/security/security-communicating.htm#RoleBased The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the Project Officer and/or Contracting Officer upon request. 5. Rules of Behavior The Contractor shall ensure that all employees, including subcontractor employees, comply with the NIH Information Technology General Rules of Behavior, which are available at http://ocio.nih.gov/security/nihitrob.html. 6. Personnel Security Responsibilities a. The Contractor shall notify the Contracting Officer, Project Officer, and I/C ISSO within five working days before a new employee assumes a position that requires a suitability determination or when an employee with a suitability determination or security clearance stops working under this contract. The Government will initiate a background investigation on new employees requiring suitability determination and will stop pending background investigations for employees that no longer work under this acquisition. b. The Contractor shall provide the Project Officer with the name, position title, e-mail address, and phone number of all new contract employees working under the contract and provide the name, position title and suitability determination level held by the former incumbent. If the employee is filling a new position, the Contractor shall provide a position description and the Government will determine the appropriate suitability level. c. The Contractor shall provide the Project Officer with the name, position title, and suitability determination level held by or pending for departing employees. Perform and document the actions identified in the Contractor Employee Separation Checklist (attached) when a Contractor/subcontractor employee terminates work under this contract. All documentation shall be made available to the Project Officer and/or Contracting Officer upon request. 7. Commitment to Protect Non-Public Departmental Information and Data a. Contractor Agreement The Contractor, and any subcontractors performing under this contract, shall not release, publish, or disclose non-public Departmental information to unauthorized personnel, and shall protect such information in accordance with provisions of the following laws and any other pertinent laws and regulations governing the confidentiality of such information: - 18 U.S.C. 641 (Criminal Code: Public Money, Property or Records) - 18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information) - Public Law 96-511 (Paperwork Reduction Act) b. Contractor Employee Non-Disclosure Agreement Each employee, including subcontractors, having access to non-public Department information under this acquisition shall complete the Commitment to Protect Non-Public Information - Contractor Employee Agreement A copy of each signed and witnessed Non-Disclosure agreement shall be submitted to the Project Officer prior to performing any work under this acquisition. 8. Loss and/or Disclosure of Personally Identifiable Information (PII) - Notification of Data Breach The Contractor shall report all suspected or confirmed incidents involving the loss and/or disclosure of PII in electronic or physical form. Notification shall be made to the NIH Incident Response Team via email (IRT@mail.nih.gov) within one hour of discovering the incident. The Contractor shall follow-up with IRT by completing and submitting one of the following two forms within three (3) work days: NIH PII Spillage Report [ http://ocio.nih.gov/docs/public/PII_Spillage_Report.doc ] NIH Lost or Stolen Assets Report [ http://ocio.nih.gov/docs/public/Lost_or_Stolen.doc 9. Data Encryption The following encryption requirements apply to all laptop computers containing HHS data at rest and/or HHS data in transit. The date by which the Contractor shall be in compliance will be set by the Project Officer, however, device encryption shall occur before any sensitive data is stored on the laptop computer/mobile device, or within 45 days of the start of the contract, whichever occurs first. a. The Contractor shall secure all laptop computers used on behalf of the government using a Federal Information Processing Standard (FIPS) 140-2 compliant whole-disk encryption solution. The cryptographic module used by an encryption or other cryptographic product must be tested and validated under the Cryptographic Module Validation Program to confirm compliance with the requirements of FIPS PUB 140-2 (as amended). For additional information, refer to http://csrc.nist.gov/cryptval. b. The Contractor shall secure all mobile devices, including non-HHS laptops and portable media that contain sensitive HHS information by using a FIPS 140-2 compliant product. Data at rest includes all HHS data regardless of where it is stored. c. The Contractor shall use a FIPS 140-2 compliant key recovery mechanism so that encrypted information can be decrypted and accessed by authorized personnel. Use of encryption keys which are not recoverable by authorized personnel is prohibited. Key recovery is required by "OMB Guidance to Federal Agencies on Data Availability and Encryption", November 26, 2001, http://csrc.nist.gov/drivers/documents/ombencryption-guidance.pdf. Encryption key management shall comply with all HHS and NIH policies (http://intranet.hhs.gov/infosec/docs/guidance/hhs_standard_2007.pdf) and shall provide adequate protection to prevent unauthorized decryption of the information. All media used to store information shall be encrypted until it is sanitized or destroyed in accordance with NIH procedures. Contact the NIH Center for Information Technology for assistance (http://cit.nih.gov/ProductsAndServices/ServiceCatalog/Services.htm?Service=Media+Sanitization+Service). 10. Using Secure Computers to Access Federal Information a. The Contractor shall use an FDCC compliant computer when processing information on behalf of the Federal government. b. The Contractor shall install computer virus detection software on all computers used to access information on behalf of the Federal government. Virus detection software and virus detection signatures shall be kept current. 11. Special Information Security Requirements for Foreign Contractors/Subcontractors When foreign contractors/subcontractors perform work under this acquisition at non-U.S. Federal Government facilities, provisions for HSPD do NOT apply. 12. REFERENCES: INFORMATION SECURITY INCLUDING PERSONALLY IDENTIFIABLE INFORMATION http://ocio.nih.gov/docs/public/references_information_security.html 13. Personally Identifiable Information (PII) Security Plan The Offeror shall submit a PII Security Plan with its technical proposal that addresses each of the following items: a. Verify the information categorization to ensure the identification of the PII requiring protection. b. Verify the existing risk assessment. c. Identify the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. d. Verify the adequacy of the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. e. Identify any revisions, or development, of an internal corporate policy to adequately address the information protection requirements of the SOW. f. For PII to be physically transported to or stored at a remote site, verify that the security controls of NIST Special Publication 800-53 involving the encryption of transported information will be implemented. http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf g. When applicable, verify how the NIST Special Publication 800-53 security controls requiring authentication, virtual private network (VPN) connections will be implemented. h. When applicable, verify how the NIST Special Publication 800-53 security controls enforcing allowed downloading of PII will be implemented. i. Identify measures to ensure subcontractor compliance with safeguarding PII. The details contained in the Offeror's PII Security Plan must be commensurate with the size and complexity of the contract requirements based on the System Categorization specified above in the subparagraph entitled Security Categories and Levels. The Offeror's PII Security Plan will be evaluated by the Government for appropriateness and adequacy. FEDERAL ACQUISITION REQULATION (FAR) CLAUSES The following provisions and clauses apply to this acquisition and are incorporated by reference. Full text may be found at https://www.acquisition.gov/Far FAR 52.212-1 Instructions to Offerors-Commercial Items FAR 52.212-2 Evaluation-Commercial Items FAR 52.212-3 Offeror Representations and Certifications-Commercial Items FAR 52.212-4 Contract Terms and Conditions-Commercial Items FAR 52.212-5 Contract Terms and Conditions Required to Implement Statutes and Executive orders FAR 52.224-1 Privacy Act Notification FAR 52.224-2 Privacy Act All interested parties shall submit electronic responses to Sheila Edmonds at sheila.edmonds@nih.gov and Anthony Best at besta@mail.nih.gov. Responses must be received no later than 3:00 p.m. EST on Friday, June 29, 2012, and shall not exceed 10 single-sided pages in length, exclusive of the cover page and letter, table of contents, appendices, and resumes. Please reference solicitation number RFQ-NLM-2012-365/SRE on all correspondence to this notice. Inquiries regarding this notice shall be submitted electronically to sheila.edmonds@nih.gov and besta@mail.nih.gov and shall be received by 2:00 PM EST on Thursday, June 21, 2012.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/OAM/RFQ-NLM-2012-365-SRE/listing.html)
 
Record
SN02787427-W 20120629/120627235100-7280a41cf984b9fab8157285438499f7 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.