Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 24, 2013 FBO #4260
MODIFICATION

R -- Clinical Trial Scientific Expert (Cardiovascular)

Notice Date
7/22/2013
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of Health and Human Services, National Institutes of Health, National Institute on Drug Abuse, 6001 Executive Boulevard, Room 4211 - MSC 9559, Bethesda, Maryland, 20892, United States
 
ZIP Code
20892
 
Solicitation Number
HHS-NIH-NIDA-NIA-AM2975113
 
Archive Date
8/16/2013
 
Point of Contact
Andrea McGee, Phone: 3014358781
 
E-Mail Address
andrea.mcgee@nih.gov
(andrea.mcgee@nih.gov)
 
Small Business Set-Aside
N/A
 
Description
This notice is cancelled and reposted as a combined synopsis solicitation and not a presolicitation. The new number is HHS-NIH-NIDA-NIA-AM2975113-1. This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6 as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. The reference combined synopsis/solicitation number is: HHS-NIH-NIDA-NIA-AM2975113 and the solicitation is issued as a request for proposal (RFP). This acquisition is for a commercial item or service and is conducted under the authority of the Federal Acquisition Regulation (FAR) Part 13-Simplified Acquisition Procedures; FAR Subpart 13.5-Test Program for Certain Commercial Items; and FAR Part 12-Acquisition of Commercial Items, and is not expected to exceed the simplified acquisition threshold. This combined synopsis / solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 05-68, June 26, 2013. There are set-aside restrictions and the associated NAICS code and small business size standard is 541712, 500 employees. This acquisition is being conducted in accordance with the procedures of FAR Part 13---Simplified Acquisition Procedures, Subpart Part 13.5-Test Program for Certain Commercial Items, and FAR Part 12---Acquisition of Commercial Items. The purpose of this requirement is to acquire the services of a clinician trained in cardiovascular medicine to assist in the management of and cardiovascular data reporting for several interventional trials at the Clinical Research center. Statement of Work - See Attachment 1 Delivery of Services will be made after receipt of the purchase order. The work will be performed at Harbor Hospital, 3001 S. Hanover Street, Baltimore, MD 21225 and the Biomedical Research Center, 251 Bayview Blvd. Baltimore, MD 21224. FAR provisions and clauses that apply to this acquisition are: FAR clause 52.212-1, Instructions to Offerors - Commercial Items. The Offer shall include all documents as cited in the clause. An addendum is not applicable to this provision. FAR clause 52.212-2, Evaluation - Commercial Items. FAR clause 52.212-3 Offeror Representations and Ceritifications - Commercial Items, with its offer. FAR clause at 52.212-4, Contract Terms and Conditions - Commercial Items, applies to this acquisition. FAR clause at 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders - Commercial Items, applies to this acquisition. This acquisition requires the Contractor to develop, have the ability to access, or host and/or maintain Federal information and/or Federal information system(s). access, or use, Personally Identifiable Information (PII), including instances of remote access to or physical removal of such information beyond agency premises or control. have regular or prolonged physical access to a "Federally-controlled facility," as defined in FAR Subpart 2.1. The Contractor and all subcontractors performing under this acquisition shall comply with the following requirements: Information Type a. Mission Based Information: D19.1 Scientific and Technical Research and Innovation D20.1 Research and Development b. Security Categories and Levels Confidentiality Level: [ ] Low [X] Moderate [ ] High Integrity Level: [ ] Low [X] Moderate [ ] High Availability Level: [X] Low [ ] Moderate [ ] High Overall Level: [ ] Low [X] Moderate [ ] High c. Position Sensitivity Designations The following sensitivity level(s), clearance type(s), and investigation requirements apply to this contract: [ ] Level 6: Public Trust - High Risk. Contractor/subcontractor employees assigned to Level 6 positions shall undergo a Suitability Determination and Background Investigation (BI). [ X ] Level 5: Public Trust - Moderate Risk. Contractor/subcontractor employees assigned to Level 5 positions with no previous investigation and approval shall undergo a Suitability Determination and a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non-Sensitive Contractor/subcontractor employees assigned to Level 1 positions shall undergo a Suitability Determination and National Agency Check and Inquiry Investigation (NACI). The Contractor shall submit a roster by name, position, e-mail address, phone number and responsibility, of all staff (including subcontractor staff) working under this acquisition where the Contractor will develop, have the ability to access, or host and/or maintain a federal information system(s). The roster shall be submitted to the Project Officer, with a copy to the Contracting Officer, within 14 calendar days of the effective date of this contract. Any revisions to the roster as a result of staffing changes shall be submitted within 15 calendar days of the change. The Contracting Officer will notify the Contractor of the appropriate level of investigation required for each staff member. An electronic template, "Roster of Employees Requiring Suitability Investigations," is available for contractor use at https://ocio.nih.gov/InfoSecurity/public/acquisition/Documents/SuitabilityRoster_10-15-12.xlsx Suitability Investigations are required for contractors who will need access to NIH information systems and/or to NIH physical space. However, contractors who do not need access to NIH physical space will not need an NIH ID Badge. Each contract employee needing a suitability investigation will be contacted via email by the NIH Office of Personnel Security and Access Control (DPSAC) within 30 days. The DPSAC email message will contain instructions regarding fingerprinting as well as links to the electronic forms contract employees must complete. Additional information can be found at the following website: http://idbadge.nih.gov/background/index.asp All contractor and subcontractor employees shall comply with the conditions established for their designated position sensitivity level prior to performing any work under this contract. Contractors may begin work after the fingerprint check has been completed. d. Information Security Training d.1 Mandatory Training All employees having access to (1) Federal information or a Federal information system or (2) personally identifiable information, shall complete the NIH Information Security Awareness Training course at http://irtsectraining.nih.gov/ before performing any work under this contract. Thereafter, employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement. e. Rules of Behavior The Contractor shall ensure that all employees, including subcontractor employees, comply with the NIH Information Technology General Rules of Behavior, which are available at http://prod.ocio.nih.gov/InfoSecurity/training/Pages/nihitrob.aspx. f. Personnel Security Responsibilities 1. The Contractor shall notify the Contracting Officer, Project Officer, and I/C ISSO within five working days before a new employee assumes a position that requires a suitability determination or when an employee with a suitability determination or security clearance stops working under this contract. The Government will initiate a background investigation on new employees requiring suitability determination and will stop pending background investigations for employees that no longer work under this acquisition. 2. The Contractor shall provide the Project Officer with the name, position title, e-mail address, and phone number of all new contract employees working under the contract and provide the name, position title and suitability determination level held by the former incumbent. If the employee is filling a new position, the Contractor shall provide a position description and the Government will determine the appropriate suitability level. 3. The Contractor shall provide the Project Officer with the name, position title, and suitability determination level held by or pending for departing employees. Perform and document the actions identified in the Contractor Employee Separation Checklist (attached) when a Contractor/subcontractor employee terminates work under this contract. All documentation shall be made available to the Project Officer and/or Contracting Officer upon request. g. Commitment to Protect Non-Public Departmental Information and Data 1. Contractor Agreement The Contractor, and any subcontractors performing under this contract, shall not release, publish, or disclose non-public Departmental information to unauthorized personnel, and shall protect such information in accordance with provisions of the following laws and any other pertinent laws and regulations governing the confidentiality of such information: - 18 U.S.C. 641 (Criminal Code: Public Money, Property or Records) - 18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information) - Public Law 96-511 (Paperwork Reduction Act) 2. Contractor Employee Non-Disclosure Agreement Each employee, including subcontractors, having access to non-public Department information under this acquisition shall complete the Commitment to Protect Non-Public Information - Contractor Employee Agreement A copy of each signed and witnessed Non-Disclosure agreement shall be submitted to the Project Officer prior to performing any work under this acquisition. h. Data Encryption The following encryption requirements apply to all laptop computers containing HHS data at rest and/or HHS data in transit. The date by which the Contractor shall be in compliance will be set by the Project Officer, however, device encryption shall occur before any sensitive data is stored on the laptop computer/mobile device, or within 45 days of the start of the contract, whichever occurs first. 1. The Contractor shall secure all laptop computers used on behalf of the government using a Federal Information Processing Standard (FIPS) 140-2 compliant whole-disk encryption solution. The cryptographic module used by an encryption or other cryptographic product must be tested and validated under the Cryptographic Module Validation Program to confirm compliance with the requirements of FIPS PUB 140-2 (as amended). For additional information, refer to http://csrc.nist.gov/cryptval. 2. The Contractor shall secure all mobile devices, including non-HHS laptops and portable media that contain sensitive HHS information by using a FIPS 140-2 compliant product. Data at rest includes all HHS data regardless of where it is stored. 3. The Contractor shall use a FIPS 140-2 compliant key recovery mechanism so that encrypted information can be decrypted and accessed by authorized personnel. Use of encryption keys which are not recoverable by authorized personnel is prohibited. Key recovery is required by "OMB Guidance to Federal Agencies on Data Availability and Encryption", November 26, 2001, http://csrc.nist.gov/drivers/documents/ombencryption-guidance.pdf. Encryption key management shall comply with all HHS and NIH policies (http://intranet.hhs.gov/infosec/docs/guidance/hhs_standard_2007.pdf) and shall provide adequate protection to prevent unauthorized decryption of the information. All media used to store information shall be encrypted until it is sanitized or destroyed in accordance with NIH procedures. Contact the NIH Center for Information Technology for assistance (http://cit.nih.gov/ProductsAndServices/ServiceCatalog/Services.htm?Service=Media+Sanitization+Service). i. Physical Access Security In accordance with OMB Memorandum M-05-24, the Contractor shall ensure that background investigations are conducted for all contractor/subcontractor personnel who have (1) access to sensitive information, (2) access to Federal information systems, (3) regular or prolonged physical access to Federally-controlled facilities, or (4) any combination thereof. OMB Memorandum M-05-24 is available at http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf. Agency personal identification verification policy and procedures are identified below: HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook (02-01-05): http://www.hhs.gov/oamp/policies/personnel_security_suitability_handbook.html j. Using Secure Computers to Access Federal Information 1. The Contractor shall use an USGCB compliant computer when processing information on behalf of the Federal government. 2. The Contractor shall install computer virus detection software on all computers used to access information on behalf of the Federal government. Virus detection software and virus detection signatures shall be kept current. Personally Identifiable Information (PII) Security Plan The Offeror shall submit a PII Security Plan with its technical proposal that addresses each of the following items: 1. Verify the information categorization to ensure the identification of the PII requiring protection. 2. Verify the existing risk assessment. 3. Identify the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. 4. Verify the adequacy of the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. 5. Identify any revisions, or development, of an internal corporate policy to adequately address the information protection requirements of the SOW. 6. For PII to be physically transported to or stored at a remote site, verify that the security controls of NIST Special Publication 800-53 involving the encryption of transported information will be implemented. http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf 7. When applicable, verify how the NIST Special Publication 800-53 security controls requiring authentication, virtual private network (VPN) connections will be implemented. 8. When applicable, verify how the NIST Special Publication 800-53 security controls enforcing allowed downloading of PII will be implemented. 9. Identify measures to ensure subcontractor compliance with safeguarding PII. The details contained in the Offeror's PII Security Plan must be commensurate with the size and complexity of the contract requirements based on the System Categorization specified above in the subparagraph entitled Security Categories and Levels. The Offeror's PII Security Plan will be evaluated by the Government for appropriateness and adequacy. Special Information Security Requirements for Foreign Contractors/Subcontractors When foreign contractors/subcontractors perform work under this acquisition at non-US Federal Government facilities, provisions of HSPD-12 do NOT apply. Information System Security Plan The Offeror shall submit an Information System Security Plan (ISSP) with its technical proposal using the current template in Appendix A of NIST SP 800-18, Guide to Developing Security Plans for Federal Information Systems (http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf). The details contained in the ISSP must be commensurate with the size and complexity of the contract requirements based on the System Categorization determined above in the subparagraph entitled Security Categories and Levels. The Offeror shall also identify measures to ensure subcontractor compliance with the ISSP. The ISSP will be evaluated by the Government for appropriateness and adequacy. The Contractor will be required to update and resubmit its ISSP every three years following the effective date of the contract or when a major modification has been made to its internal system. FEDERAL INFORMATION AND INFORMATION SYSTEMS SECURITY: HHS Information Security Program Policy at: http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.pdf and HHS Contractor Oversight Guide http://intranet.hhs.gov/infosec/docs/policies_guides/COG/Contractor_Oversight_Guide.pdf PERSONALLY IDENTIFIABLE INFORMATION (PII) OMB Memorandum M-06-15, Safeguarding Personally Identifiable Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf OMB Memorandum M-06-19, Safeguarding Against and Responding to the Breach of Personally Identifiable Information: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf Guide for Identifying Sensitive Information, including Information in Identifiable Form, at the NIH: http://ocio.nih.gov/security/NIH_Sensitive_Info_Guide.pdf PHYSICAL ACCESS TO A FEDERALLY-CONTROLLED FACILITY: Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be the most advantageous to the Government, price and other factors considered. The offeror must provide fully loaded fixed hourly rates for the services to be performed. In addition, the offeror must submit a proposal which clearly demonstrates its experience in accordance with the evaluation criteria outlined in the statement of work and any other information the offeror considers relevant to the Government's evaluation of the proposed services. In order to receive an award from NIDA, contractors must have a valid registration in the System for Award Management (SAM) located at https://www.sam.gov/portal/public/SAM/. Offerors must complete annual representations and certifications on-line at https://www.sam.gov/portal/public/SAM/. All responses must be received by August 1, 2013 3:00pm Eastern Standard Time (EST) and must reference number HHS-NIH-NIDA-NIA-AM2975113. Responses may be submitted electronically to Andrea McGee andrea.mcgee@nih.gov or by U.S. mail to the National Institute of Drug Abuse (NIDA), Station Support/Simplified Acquisition Branch (SS/SA) 9000 Rockville Pike, Bldg. 31 Rm. 1B59, Attention: Andrea McGee. Fax responses will not be accepted. "All responsible sources may submit a bid, proposal, or quotation which shall be considered by the agency." For information regarding the solicitation you may contact Andrea McGee, 301-435-8781.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/NIDA-01/HHS-NIH-NIDA-NIA-AM2975113/listing.html)
 
Place of Performance
Address: 251 Bayview Blvd, Baltimore, Maryland, 21224, United States
Zip Code: 21224
 
Record
SN03123046-W 20130724/130722234536-c92a160efb6ecac1388b9379d56da1bf (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.