Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF FEBRUARY 20, 2016 FBO #5202
SOLICITATION NOTICE

B -- PRN Nurse Practitioner for the National Institute on Aging’s Healthy Aging in Neighborhoods of Diversity across the Life Span (HANDLS) study - Attachments

Notice Date
2/18/2016
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
621399 — Offices of All Other Miscellaneous Health Practitioners
 
Contracting Office
Department of Health and Human Services, National Institutes of Health, National Institute on Drug Abuse, 6001 Executive Boulevard, Room 3155, MSC 9593, Bethesda, Maryland, 20892, United States
 
ZIP Code
20892
 
Solicitation Number
HHS-NIH-NIDA-SSSA-2016-166
 
Archive Date
3/11/2016
 
Point of Contact
Samantha A. Kelly, Phone: 3014028855
 
E-Mail Address
samantha.kelly2@nih.gov
(samantha.kelly2@nih.gov)
 
Small Business Set-Aside
N/A
 
Description
Copy of Solicitation Terms and Conditions Invoice Instructions Evaluation Criteria SOW COMPETITIVE SOLICITATION Title: PRN Nurse Practitioner for the National Institute on Aging's Healthy Aging in Neighborhoods of Diversity across the Life Span (HANDLS) study INTRODUCTION: (1)This is a solicitation for commercial items prepared in accordance with the format in FAR Part 12 as supplemented with additional information included in this notice. This announcement constitutes the only written solicitation; proposals are being requested and a separate solicitation will not be issued. (2)The solicitation number is HHS-NIH-NIDA-SSSA-2016-166 and the solicitation is issued as a request for proposal (RFP). The Government intends to issue a firm fixed price purchase order for this requirement. ACQUISITION AUTHORITY: This acquisition is for a commercial service and is conducted under the authority of the Federal Acquisition Regulation (FAR) Part 13-Simplified Acquisition Procedures; FAR Subpart 13.5-Test Program for Certain Commercial Items; and FAR Part 12-Acquisition of Commercial Items, and is not expected to exceed the simplified acquisition threshold. (3)The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-86-2 dated February 1, 2016. NORTH AMERICAN INDUSTRY CLASSIFICATION SYSTEM (NAICS) CODE: (4)The associated NAICS code is 621399 and the small business size standard is $7.5 Million. BACKGROUND: (5)The National Institute on Aging (NIA), one of the 27 Institutes and Centers of NIH, leads a broad scientific effort to understand the nature of aging and to extend the healthy, active years of life. The Intramural Research Program (IRP) of the National Institute on Aging (NIA) provides a stimulating setting for a comprehensive effort to understand aging through multidisciplinary investigator-initiated research, in this regard. The Laboratory of Epidemiology and Population Sciences (LEPS), one of NIA IRP's ten laboratories, plans, conducts, and directs epidemiology, demography, and biometry programs relevant to the mission of the NIA. Within LEPS, the Health Disparities Research Section (HDRS) conducts interdisciplinary clinical and basic science research focused on examining the underlying cause of the disproportionate incidence, morbidity and mortality of age-related disease among minority and low socioeconomic status (SES) Americans. Dissecting the interaction of race, socioeconomic status, culture, behavior, environmental exposure, biologic vulnerabilities, genetics, social environment, health care access, and quality of health care provides insight into how these interactions result in disproportionate rates of age-related disease and disability. The ultimate goal of this approach is to transform scientific discoveries arising from laboratory, clinical, or population studies into clinical applications to reduce incidence, morbidity, and mortality of age-associated diseases and health disparities. This is accomplished by the development and implementation of a clinical component (The Healthy Aging in Neighborhoods of Diversity across the Life Span (HANDLS) study) and a basic science laboratory component that are interdependent and pursuing related hypotheses. HANDLS investigators conduct their research study on NIA's mobile Medical Research Vehicles (MRVs) located throughout Baltimore City, MD. The HANDLS participants are transported to the MRV location where examinations are performed daily. The MRVs are staffed with a physician, nurse practitioner, registered nurse, cardiac technician, community coordinator, cognitive tester, and an ultra-sonographer, who administer a combination of clinical and research procedures that provide the study with necessary data and the participants with valuable health information. It is critical that the program (MRV) is fully staffed on testing days. MRVs are open 5 days per week (Monday - Sunday), with a rotating schedule for weekend work. The HANDLS Clinical Nurse Practitioner is responsible for screening, conducting history and physicals, follow up assessments and interventions for HANDLS research participants on the HANDLS Medical Research Vehicles (MRVs). This position will function independently and in collaboration with NIA LEPS HANDLS Physicians, PIs, and Clinical Study Manager. DESCRIPTION OF REQUIREMENT: (6)The purpose of this requirement is to obtain the services of a licensed nurse practitioner to provide back-up services, as needed for the primary NIA nurse practitioner where the list of services may be modified. Project Requirements: Independently and not as an agent of the Government, the Contractor shall be required to furnish all the necessary services, qualified personnel, material, equipment, and facilities, not otherwise provided by the Government, as needed to perform the tasks as specified herein. Specifically, the contractor shall be responsible for providing a qualified Nurse Practitioner to perform services, not limited to, the following tasks listed below: 1.Functions as a certified nurse practitioner for a specified patient population, within the state of Maryland, while appropriately consulting medical staff colleagues. a.Independently assesses acute and non-acute clinical problems and toxicities. b.Performs and documents physical assessments and patient histories through electronic data capture system. c.Predicts and analyzes trends in patient conditions and develops a patient management plan in response to the data obtained. d.Communicates and collaborates with the multidisciplinary research team to ensure that patient management strategies are successful in meeting patient care and/or research needs. 2.Independently provides patient and family counseling and health education, to a diverse and complex patient population, with consideration of the patient's learning needs, learning readiness and impediments to the process. a.Serves as a patient advocate along with other health care professionals. b.Collaborates with the patient, family and significant others in developing plans that consider and respect the patient's cultural background, level of understanding, and available resources and support systems. 3.Comprehensive patient management services may include the following if appropriate: a.Ordering and interpreting appropriate laboratory and diagnostic studies b.Referring patients for consultation when indicated c.Documenting through in-depth progress notes d.Providing skillful monitoring of patients for possible adverse reactions to drugs or procedures that may require emergency treatment or revision of the prescribed regimen e.Performing emergency management procedures on unstable patients exercising sound judgment in initiating emergency measures and interpreting observations to physicians. 4.Performs study eligibility screening assessments, blood draws and processing, anthropometric measures, medical history & physical examinations and EKGs in accordance with policy and study protocol. 5.Performs all study measurements and procedures as indicated by protocol. 6.Monitors participants' compliance and adverse effects, assumes PRN on-call duties, as necessary to answer participants' questions and assure participants health and safety. Reviews and approves participant report packets prior to distribution. 7.Demonstrates expertise in data management and computer skills. a.Reviews patients' charts to collect relevant clinical data. b.Analyzes trends in patient responses. c.Recognizes patient issues that demand physician's immediate attention. d.Directs and performs quality assurance and quality control activities as they relate to protocol adherence, protocol monitoring, data collection, data abstraction and data analysis. 8.The contracted tour may be any day Monday-Sunday and the tour hours are expected to coincide with the HANDLS team's tour of duty, which is usually 8:00am to 4:30pm. 9.The contractor shall perform the work as directed by the NIA Physician or NIA Principal Investigators. 10.The contractor must complete the NIH required on-boarding training courses (approximately 16 hours), and protocol-specific training on HANDLS and MRV procedures for data collection and testing procedures (up to 64 hours). 11.HANDLS is a field-based study that is conducted on mobile Medical Research Vehicles (MRVs), without the support of a hospital or emergency department within close proximity to the testing location and therefore requires documented evidence of an experienced clinician with a high degree of competence and independence in being able to identify and respond to medical and or psychiatric emergencies quickly and appropriately. 12.Documented evidence of experience working in a clinical research setting with a vulnerable population is highly desirable. 13.Documented evidence with experience in identifying, responding to and documenting untoward medical events in a clinical research setting. Deliverables: The incumbent is to provide the NIA Principal Investigators with written updates, concerns or issues for the period in which services are performed. Updates and adverse events must be in written format. Contractor Experience Requirements: The Contractor must provide documented evidence of the following Contractor Experience Requirements: 1.Required to be a fully licensed Certified Nurse Practitioner and shall provide a copy of all relevant licenses and certifications; 2.Must be licensed to practice nursing in the state of Maryland; 3.Must complete and provide a copy of all relevant course completion certifications with proposals for the following courses/certifications: •State of MD HIV Counseling Skills Course- Level 1 http://register.asapconnected.com/Courses.aspx?CourseGroupID=1105 •Advanced Cardiovascular Life Support (ACLS) Certification 4.Must possess a mastery of nursing to apply experimental theories and new developments to the solution of complex health care problems not susceptible to treatment by accepted methods; or to make decisions or recommendations significantly changing, or developing, important public policies or programs; or equivalent knowledge and skill; 5.Must have expert knowledge of the Scientific Process including assessment, planning, implementation and evaluation of complex and subtle patient needs and interventions. 6.Must possess a fluency and knowledge of: a.Currently accepted and state of the art nursing, medical and research practice related to a specific patient population. Knowledge of scientific principles and foundations of theory based nursing practice and advanced nursing practice. b.Current pathophysiology and/or psychopathology, diagnostic evaluation procedures, therapeutic modalities including pharmacokinetics, nursing management and rehabilitative processes in the areas of specialization and within the scope of practice. Recognized clinical competency with sensitivity to the psychological, social and medical needs of participants. c.Patient teaching/learning principles in relation to self-care, illness, intervention and research and the ability to mentor other clinicians. d.Relevant ethical and legal aspects of the nurse practitioner's role in providing healthcare to patients in a research environment. e.The clinical research process, the importance of adherence to protocols, and the accuracy needed in collection and documentation of research data f.Applicable laws and regulations concerning patients' rights and privacy, e.g. - Health Insurance Portability and Accountability Act and the Privacy Act. 7.Must have the ability to manage and operate current medical technology used in direct patient care. 8.Must have the ability to communicate orally with patients to provide nursing care and information on procedures; counsel patients on physical and emotional health problems; and exchange, provide and obtain information using great tact and sensitivity. 9.Must have the ability to communicate effectively with colleagues orally and in written communications. 10.Must have the ability to creatively problem solve in challenging and unusual situations and the ability to independently negotiate and resolve conflicted situations. 11.Skill is required to use information technology associated with patient care, research information management and professional publishing. 12.Skill to cope with the stresses associated with the provision of care to complex patients participating in research protocols. ANTICIPATED PERIOD OF PERFORMANCE: (7)The anticipated period of performance is: Base Year: 03/01/2016 through 02/28/2017 Optional Renewal Years: Option Year #1: 03/01/2017 through 02/28/2018 The anticipated place of performance is at the MRV's in Baltimore City, MD where studies are conducted (field sites vary throughout Baltimore City): NIH Biomedical Research Center (BRC) 251 Bayview Blvd Baltimore, MD, 21224 Estimated Level of Effort: Anticipated hours for base year: -Total 80 hours of training (16 hours for NIH trainings and 64 hours for HANDLS protocol trainings) -Total 252 hours for 12 Weeks of 21 hours per week -Total 280 hours for possible coverage for when Nurse Practitioner on leave for an estimated 40 weeks of 7 hours Total level of effort: 612 hours for the base year Anticipated hours for optional renewal year one (1): -Total 80 hours of training (16 hours for NIH trainings and 64 hours for HANDLS protocol trainings) -Total 280 hours for possible coverage for when Nurse Practitioner on leave for an estimated 40 weeks of 7 hours Total hours for optional renewal year one (1)= 360 hours TECHNICAL APPROACH/PLAN: (8) Instructions The Contractor must submit a technical plan and price quote for this requirement to the Contract Specialist / Contracting Officer cited herein. The total number of pages, (combination of technical plan and price quote) is not expected to exceed 25 pages in length, excluding resumes. The Contractor shall submit its quote electronically in a "read only" format. A detailed work plan must be submitted indicating how each aspect of the statement of work is to be accomplished. Your technical approach should be in as much detail as you consider necessary to fully explain your proposed technical approach or method. The technical plan should reflect a clear understanding of the nature of the work being undertaken. The technical plan must include information on how the project is to be organized, staffed, and managed. Information should be provided which will demonstrate your understanding and management of important events or tasks. Plans which merely state that the tasks will be conducted in accordance with the requirements of the Government's scope of work will not be eligible for further consideration. The schedule contractor must submit an explanation of the proposed technical approach in conjunction with the tasks to be performed in achieving the project objectives. The technical plan shall include: Resumes of all professional individuals proposed for the contract. Resumes should be no longer than 2 pages in length Project Management Summary Technical Approach of how the work will be performed An outline of quality control procedures A milestones and time lines for the project, indicating the estimated period of performance for each task Facilities and /or resources used The suggested outline for the technical plan is as follows: a.Work Scope b.Objectives. State the overall objectives and the specific accomplishments you hope to achieve. Indicate the rationale for your plan, and relationship to comparable work in progress elsewhere. Review pertinent work already published which is relevant to this project and your proposed approach. This should support the scope of the project as you perceive it. c.Approach. Discuss the possible or probable outcome of approaches proposed. d.Methods. Describe in detail the methodologies you will use for the project, indicating your level of experience with each, areas of anticipated difficulties, and any unusual expenses you anticipate. e.Schedule. Provide a schedule for completion of the work and delivery of items specified in the statement of work. Performance or delivery schedules shall be indicated for phases or segments, as applicable, as well as for the overall program. Schedules shall be shown in terms of calendar months from the date of authorization to proceed or, where applicable, from the date of a stated event, as for example, receipt of a required approval by the Contracting Officer. Unless the request for quotes indicates that the stipulated schedules are mandatory, they shall be treated as desired or recommended schedules. In this event, Plans based upon the schedule contractor's best alternative schedule, involving no overtime, extra shift or other premium, will be accepted for consideration. f.Personnel. Describe the experience and qualifications of personnel who will be assigned for direct work on this project. Information is required which will show the composition of the task or work group, its general qualifications, and recent experience with similar equipment or programs. APPLICABLE CLAUSES AND PROVISIONS: (9)The provision at FAR clause 52.212-1 (Oct 2015), Instructions to Offerors - Commercial Items, applies to this acquisition. (10)The provision at FAR clause 52.212-2 (Oct 2014), Evaluation - Commercial Items, applies to this acquisition. (a)The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. Technical and past performance when combined is more important when compared to price. The Government intends to issue a firm fixed price Contract for this requirement. Section 1: Mandatory Criteria The mandatory criteria requirements will be evaluated on a pass/fail basis. Only those proposals passing each of the mandatory criteria will then be evaluated under Section 2. The Contractor must provide evidence of meeting the following mandatory criteria: 1.Licensed Certified Nurse Practitioner in the State of Maryland 2.Advanced Cardiovascular Life Support (ACLS) Certified 3.Completion of State of MD HIV Counseling Skills Training - Level 1 Section 2:Technical Evaluation Criteria: 1.Technical Capability(40 POINTS) The proposal should address each of the requirements and experience qualifications of the statement of work and as described in the solicitation, in sufficient detail to demonstrate a clear understanding of the statement of work and compliance with requirements. The Offeror should provide evidence of sufficient planning to show that work will be accomplished and how it will be accomplished as required and on schedule, utilizing all available resources as well as controlling the execution of assigned activities, tasks, sub-tasks, monitoring progress, status reporting, resolving critical issues and mitigating risks. The proposal should demonstrate a firm understanding of the requirements and goals set forth in the statement of work. 2.Personnel Qualifications(40 POINTS) The proposal shall be evaluated to ensure that all Contractor Experience qualifications identified in this statement of work are met, to include all of the qualifications listed in "Contractor Experience Requirements" of the statement of work as well as, but not limited to the following: •Documented successful performance at a minimum two (2) years of providing nursing services in a clinical research setting •Documented evidence of experience collaborating with a multidisciplinary team of clinical researchers •Documented evidence of basic knowledge of computing skills with the ability to successfully use electronic data capture system to accurately enter clinical information into an electronic medical record. •Documented evidence of experience in Health Disparities research environments 3.Past Performance (20 POINTS) Documented evidence of the Offerors successful performance for a minimum of three (3) recent contracts, similar to requirements specified in the statement of work. Total possible points 100 Points Refer to Attachment No. 2 for the Evaluation Criteria document. (b) Award Criteria Selection of an Offeror for award will be on the basis of best value, technical factors and price considered. Technical acceptability includes an evaluation on technical factors (which encompasses experience/capability and past performance factors), and cost/price factors. Evaluation of technical acceptability will be made in accordance with the prospective Contractor's demonstrated capabilities of meeting each of the requirements as set forth in this solicitation and all applicable attachments. The merits of each proposal will be evaluated carefully. The offeror must include all specifications and services, detailed in this solicitation, in its proposal and must also include delivery lead times and well as shipping costs. Offeror(s) cost/price proposal will be evaluated for reasonableness. For a price to be reasonable, it must represent a price to the Government that a prudent person would pay when consideration is given to prices in the market. Normally, price reasonableness is established through adequate price competition, but may also be determined through cost and price analysis techniques as described in FAR 15.404. A recent (12 month period) redacted invoice showing the date of the invoice and the similar or identical product description and the price that was billed, and/or a published price listing should be supplied with the quotation for price reasonableness determinations. The price quoted will be evaluated taking into consideration any price reductions. A best value analysis will be performed taking into consideration the results of the technical evaluation and price evaluation. (11)Offerors should include a completed copy of the provision at FAR clause 52.212-3 (Nov 2015), Offeror Representations and Certifications - Commercial Items, with its offer. (12)The provision at FAR clause at 52.212-4 (May 2015), Contract Terms and Conditions - Commercial Items, applies to this acquisition. Refer to Attachment No. 4 for applicable Terms and Conditions. (13)The provision at FAR clause at 52.212-5 (JAN 2016), Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items, applies to this acquisition. (14)The provision at FAR clause at FAR 52.227-14 (Dec 2007) Rights in Data-General applies to this acquisition. (15)Standards for Privacy of Individually Identifiable Health Information The Department of Health and Human Services (DHHS) issued final modifications to the "Standards for Privacy of Individually Identifiable Health Information," the "Privacy Rule," on August 14, 2002. The Privacy Rule is a federal regulation under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 that governs the protection of individually identifiable health information and is administered and enforced by the DHHS Office for Civil Rights (OCR). Those who must comply with the Privacy Rule (classified under the Rule as "covered entities" must do so by April 14, 2003 (with the exception of small health plans which have an extra year to comply. Decisions about the applicability and implementation of the Privacy Rule reside with the Contractor and his/her institution. The OCR Web site ( http://www.hhs.gov/ocr/ ) provides information of the Privacy Rule, including a complete Regulation Text and a set of decision tools on "Am I a covered entity?" Information on the impact of the HIPAA Privacy Rule on NIH processes involving the review, award, and administration of grants, cooperative agreements and contracts can be found at: http://grants1.nih.gov/grants/guide/notice-files/NOT-OD-03-025.html. (16)The Defense Priorities and Allocations System (DPAS) are not applicable to this requirement. (15) 1.Security Requirements: Contractor personnel performing work under this contract shall satisfy all requirements for appropriate security eligibility as specified in the solicitation, in dealing with access to sensitive information and information systems belonging to or being used on behalf of the NIA. To satisfy those requirements, a level 5 Risk Background Investigation shall be conducted prior to performing work under this contract. Appropriate background investigation forms will be provided upon contract award and are to be completed and returned to NIA within 30 days for processing. Contractors will be notified when the investigation has been completed and adjudicated. All costs associated with obtaining clearances for contractor-provided personnel will be the responsibility of the contractor. Further, the contractor will be responsible for the actions of all individuals provided to work under this contract. If damages arise from work performed by contractor-provided personnel under the auspices of this contract, the contractor will be responsible for all resources necessary to remedy the incident. This acquisition requires the Contractor to; •develop, have the ability to access, or host and/or maintain Federal information and/or Federal information system(s). •access, or use, Personally Identifiable Information (PII), including instances of remote access to or physical removal of such information beyond agency premises or control. The Contractor and all subcontractors performing under this acquisition shall comply with the following requirements: HHS-Controlled Facilities and Information Systems Security Standard for Security Configurations, HHSAR 352.239-70 Standard for Encryption language, HHSAR 352.239-71 Security Requirements for Federal Information Technology Resources, HHSAR 352.239-72 Security Categorization of Federal Information and Information Systems (FIPS 199 Assessment) Information Security Training Personnel Security Responsibilities A.INFORMATION TYPE [ ]Administrative, Management and Support Information [ x ]Mission Based Information: Research and Development Information Scientific and Technological Research and Innovation B.SECURITY CATEGORIES AND LEVELS (SCL): Confidentiality:[x] Low[ ] Moderate[ ] High Integrity:[ ] Low[x] Moderate[ ] High Availability:[x] Low[ ] Moderate[ ] High Overall:[ ] Low[x] Moderate[ ] High The Contractor shall submit a roster by name, position, e-mail address, phone number and responsibility, of all staff (including subcontractor staff) working under this acquisition where the Contractor will develop, have the ability to access, or host and/or maintain a federal information system(s). The roster shall be submitted to the Project Officer, with a copy to the Contracting Officer, within 14 calendar days of the effective date of this contract. Any revisions to the roster as a result of staffing changes shall be submitted within 15 calendar days of the change. The Contracting Officer will notify the Contractor of the appropriate level of investigation required for each staff member. An electronic template, "Roster of Employees Requiring Suitability Investigations," is available for contractor use at https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/SuitabilityRoster_10-15-12.xlsx All contractor and subcontractor employees shall comply with the conditions established for their designated position sensitivity level prior to performing any work under this contract. Contractors may begin work after the fingerprint check has been completed. C.POSITION SENSITIVITY DESIGNATIONS (PSD): The following position sensitivity designations and associated clearance and investigation requirements apply under this contract: [ ]Level 6: Public Trust - High Risk (Requires Suitability Determination with a BI). Contractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ x ]Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with MBI or LBI). Contractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ]Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI). D.PROSPECTIVE OFFEROR NON-DISCLOSURE AGREEMENT [x]Offerors WILL NOT require access to sensitive information in order to prepare an offer. [ ]Offerors WILL require access to sensitive information in order to prepare an offer. INFORMATION SECURITY AND PHYSICAL ACCESS REPORTING REQUIREMENTS: The Contractor shall submit the following reports as required by the INFORMATION AND PHYSICAL ACCESS SECURITY Article in SECTION H of this contract. Note: Each report listed below includes a reference to the appropriate subparagraph of this article. Reporting of New and Departing Employees The Contractor shall notify the Contracting Officer's Representative (COR) and Contracting Officer within five working days of staffing changes for positions that require suitability determinations as follows: 1. New Employees who have or will have access to HHS Information systems or data: Provide the name, position title, e-mail address, and phone number of the new employee. Provide the name, position title and suitability level held by the former incumbent. If the employee is filling a new position, provide a description of the position and the Government will determine the appropriate security level. 2. Departing Employees: 1) Provide the name, position title, and security clearance level held by or pending for the individual; and 2) Perform and document the actions identified in the "Employee Separation Checklist", attached in Section J, ATTACHMENTS of this contract, when a Contractor/Subcontractor employee terminates work under this contract. All documentation shall be made available to the COR and/or Contracting Officer upon request. 2.Contractor - Employee Non-Disclosure Agreement(s) The contractor shall complete and submit a signed and witnessed "Commitment to Protect Non-Public Information - Contractor Agreement" form for each contractor and subcontractor employee who may have access to non-public Department information under this contract. This form is located at: https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Nondisclosure.pdf. 3.HHS-Controlled Facilities and Information Systems Security a. To perform the work specified herein, Contractor personnel are expected to have routine (1) physical access to an HHS-controlled facility; (2) physical access to an HHS-controlled information system; (3) access to sensitive HHS data or information, whether in an HHS-controlled information system or in hard copy; or (4) any combination of circumstances (1) through (3). b. To gain routine physical access to an HHS-controlled information system, and/or access to sensitive data or information, the Contractor and its employees shall comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; Office of Management and Budget Memorandum (M-05-24); and Federal Information Processing Standards Publication (FIPS PUB) Number 201; and with the personal identity verification and investigations procedures contained in the following documents: 1. HHS-OCIO Information Systems Security and Privacy Policy ( http://www.hhs.gov/ocio/policy/ #Security) 2. HHS HSPD-12 Policy Document, v. 2.0 ( http://www.whitehouse.gov/sites/default/files/omb/assets/ omb/memoranda/fy2005/m05-24.pdf) Information regarding background checks/badges(http://idbadge.nih.gov/background/index.asp) Clauses and Provisions: [ x ]Standard for Security Configurations, HHSAR 352.239-70, (January 2010) a.The Contractor shall configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm ) and ensure that its computers have and maintain the latest operating system patch level and anti-virus software level. Note: FDCC is applicable to all computing systems using Windows XPTM and Windows VistaTM, including desktops and laptops - regardless of function - but not including servers. b.The Contractor shall apply approved security configurations to information technology (IT) that is used to process information on behalf of HHS. The following security configuration requirements apply: c.The Contractor shall ensure IT applications operated on behalf of HHS are fully functional and operate correctly on systems configured in accordance with the above configuration requirements. The Contractor shall use Security Content Automation Protocol (SCAP)-validated tools with FDCC Scanner capability to ensure its products operate correctly with FDCC configurations and do not alter FDCC settings - see http://scap.nist.gov/validation. The Contractor shall test applicable product versions with all relevant and current updates and patches installed. The Contractor shall ensure currently supported versions of information technology products met the latest FDCC major version and subsequent major versions. d.The Contractor shall ensure IT applications designed for end users run in the standard user context without requiring elevated administrative privileges. e.The Contractor shall ensure hardware and software installation, operation, maintenance, update, and patching will not alter the configuration settings or requirements specified above. f.The Contractor shall (1) include Federal Information Processing Standard (FIPS) 201-compliant ( http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf ), Homeland Security Presidential Directive 12 (HSPD-12) card readers with the purchase of servers, desktops, and laptops; and (2) comply with FAR Subpart 4.13, Personal Identity Verification. g.The Contractor shall ensure that its subcontractors (at all tiers) which perform work under this contract comply with the requirements contained in this clause. [ x ]Standard for Encryption language, HHSAR 352.239-71, (January 2010) a.The Contractor shall use Federal Information processing Standard (FIPS) 140-2-compliant encryption (Security) Requirements for Cryptographic Module, as amended) to protect all instances of HHS sensitive information during storage and transmission. (Note: The Government has determined that HHS information under this contract is considered "sensitive" in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, dated February 2004). b.The Contractor shall verify that the selected encryption product has been validated under the Cryptographic Module Validation Program (see http://csrc.nist.gov/cryptval/ ) to confirm compliance with FIPS 140-2 (as amended). The Contractor shall provide a written copy of the validation documentation to the Contracting Officer and the Contracting Officer's Technical Representative. c.The Contractor shall use the Key Management Key (see FIPS 201, Chapter 4, as amended) on the HHS personal identification verification (PIV) card; or alternatively, the Contractor shall establish and use a key recovery mechanism to ensure the ability for authorized personnel to decrypt and recover all encrypted information (see http://csrc.nist.gov/drivers/documents/ombencryption-guidance.pdf ). The Contractor shall notify the Contracting Officer and the Contracting Officer's Technical Representative of personnel authorized to decrypt and recover all encrypted information. d.The Contractor shall securely generate and manage encryption keys to prevent unauthorized decryption of information in accordance with FIPS 140-2 (as amended). e.The Contractor shall ensure that this standard is incorporated into the Contractor's property management/control system or establish a separate procedure to account for all laptop computers, desktop computers, and other mobile devices and portable media that store or process sensitive HHS information. f.The Contractor shall ensure that its subcontractors (all tiers) which perform work under this contract comply with the requirements contained in this clause. [ x ]Security Requirements For Federal Information Technology Resources, HHSAR 352.239-72, (January 2010) a. Applicability. This clause applies whether the entire contract or order (hereafter "contract"), or portion thereof, includes information technology resources or services in which the Contractor has physical or logical (electronic) access to, or operates a Department of Health and Human Services (HHS) system containing, information that directly supports HHS' mission. The term "information technology (IT)", as used in this clause, includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services) and related resources. This clause does not apply to national security systems as defined in FISMA. b. Contractor responsibilities. The Contractor is responsible for the following: 1.Protecting Federal information and Federal information systems in order to ensure their - a.Integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; b.Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and c.Availability, which means ensuring timely and reliable access to and use of information. 2.Providing security of any Contractor systems, and information contained therein, connected to an HHS network or operated by the Contractor, regardless of location, on behalf of HHS. 3.Adopting, and implementing, at a minimum, the policies, procedures, controls and standards of the HHS Information Security Program to ensure the integrity, confidentiality, and availability of Federal information and Federal information systems for which the Contractor is responsible under this contract or to which it may otherwise have access under this contract. The HHS Information Security Program is outlined in the HHS Information Security Program Policy, which is available on the HHS Office of the Chief Information Officer's (OCIO) Web site. c. Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance: 1. IT Security Plan (IT-SP) - due within 30 days after contract award. The IT-SP shall be consistent with, and further detail the approach to, IT security contained in the Contractor's bid or proposal that resulted in the award of this contract. The IT-SP shall describe the processes and procedures that the Contractor will follow to ensure appropriate security of IT resources that are developed, processed, or used under this contract. If the IT-SP only applies to a portion of the contract, the Contractor shall specify those parts of the contract to which the IT-SP applies. a.The Contractor's IT-SP shall comply with applicable Federal laws that include, but are not limited to, the Federal Information Security Management Act (FISMA) of 2002 (Title III of the E-Government Act of 2002, Public Law 107-347), and the following Federal and HHS policies and procedures: i.Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automation Information Resources. ii.National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Systems, in form and content, and with any pertinent contract Statement of Work/Performance Work Statement (SOW/PWS) requirements. The IT-SP shall identify and document appropriate IT security controls consistent with the sensitivity of the information and the requirements of Federal Information Processing Standard (FIPS) 200, Recommend Security Controls for Federal Information Systems. The Contractor shall review and update the IT-SP in accordance with NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. iii.HHS-OCIO Information Systems Security and Privacy Policy. 2. IT Risk Assessment (IT-RA) - due within 30 days after contract award. The IT-RA shall be consistent, in form and content, with NIST SP 800-30, Risk Management Guide for Information Technology Systems, and any additions or augmentations described in the HHS-OCIO Information Systems Security and Privacy Policy. After resolution of any comments provided by the Government on the draft IT-RA, the Contracting Officer shall accept the IT-RA and incorporate the Contractor's final version into the contract for Contractor implementation and maintenance. The Contractor shall update the IT-RA on an annual basis. 3. FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Assessment (FIPS 199 Assessment) - due within 30 days after contract award. The FIPS 199 Assessment shall be consistent with the cited NIST standard. After resolution of any comments by the Government on the draft FIPS 199 Assessment, the Contracting Officer shall accept the FIPS 199 Assessment and incorporate the Contractor's final version into the contract. 4. IT Security Certification and Accreditation (IT-SC&A) - due within 3 months after contract award. The Contractor shall submit written proof to the Contracting Officer that an IT-SC&A was performed for applicable information systems - see paragraph (a) of this clause. The Contractor shall perform the IT-SC&A in accordance with the HHS Chief Information Security Officer's Certification and Accreditation Checklist; NIST SP 800-37, Guide for the Security, Certification and Accreditation of Federal Information Systems; and NIST 800-53, Recommended Security Controls for Federal Information Systems. An authorized senior management official shall sign the draft IT-SC&A and provided it to the Contracting Officer for review, comment, and acceptance. a.After resolution of any comments provided by the Government on the draft IT SC&A, the Contracting Officer shall accept the IT-SC&A and incorporate the Contractor's final version into the contract as a compliance requirement. b.The Contractor shall also perform an annual security control assessment and provide to the Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation includes written results of: i.Annual testing of the system contingency plan; and ii.The performance of security control testing and evaluation. d. Personal identity verification. The Contractor shall identify its employees with access to systems operated by the Contractor for HHS or connected to HHS systems and networks. The Contracting Officer's Representative (COR) shall identify, for those identified employees, position sensitivity levels that are commensurate with the responsibilities and risks associated with their assigned positions. The Contractor shall comply with the HSPD-12 requirements contained in "HHS-Controlled Facilities and Information Systems Security" requirements specified in the SOW/PWS of this contract. e. Contractor and subcontractor employee training. The Contractor shall ensure that its employees, and those of its subcontractors, performing under this contract complete HHS-furnished initial and refresher security and privacy education and awareness training before being granted access to systems operated by the Contractor on behalf of HHS or access to HHS systems and networks. The Contractor shall provide documentation to the COR evidencing that Contractor employees have completed the required training. f. Government access for IT inspection. The Contractor shall afford the Government access to the Contractor's and subcontractors' facilities, installations, operations, documentation, databases, and personnel used in performance of this contract to the extent required to carry out a program of IT inspection (to include vulnerability testing), investigation, and audit to safeguard against threats and hazards to the integrity, confidentiality, and availability, of HHS data or to the protection of information systems operated on behalf of HHS. g. Subcontracts. The Contractor shall incorporate the substance of this clause in all subcontracts that require protection of Federal information and Federal information systems as described in paragraph (a) of this clause, including those subcontracts that - a.Have physical or electronic access to HHS' computer systems, networks, or IT infrastructure; or b.Use information systems to generate, store, process, or exchange data with HHS or on behalf of HHS, regardless of whether the data resides on a HHS or the Contractor's information system. h. Contractor employment notice. The Contractor shall immediately notify the Contracting Officer when an employee either begins or terminates employment (or is no longer assigned to the HHS project under this contract), if that employee has, or had, access to HHS information systems or data. i. Document information. The Contractor shall contact the Contracting Officer for any documents, information, or forms necessary to comply with the requirements of this clause. j. Contractor responsibilities upon physical completion of the contract. The Contractor shall return all HHS information and IT resources provided to the Contractor during contract performance and certify that all HHS information has been purged from Contractor-owned systems used in contract performance. k. Failure to comply. Failure on the part of the Contractor or its subcontractors to comply with the terms of this clause shall be grounds for the Contracting Officer to terminate this contract. (End of Clause) [ x ]PERSONNEL SECURITY RESPONSIBILITIES In addition to any personnel security responsibilities covered under HHSAR 352.239-72, the contractor shall comply with the below personnel security responsibilities: a.In accordance with Paragraph (h) of HHSAR 352.239-72, the Contractor shall notify the Contracting officer and the COR within five working days before a new employee assumes a position that requires access to HHS information systems or data, or when an employee with such access stops working on this contract. The Government will initiate a background investigation on new employees assuming a position that requires access to HHS information systems or data, and will stop pending background investigations for employees that no longer work under the contract or no longer have such access. b.New contractor employees who have or will have access to HHS information systems or data: The Contractor shall provide the COR with the name, position title, e-mail address, and phone number of all new contract employees working under the contract and provide the name, position title and position sensitivity level held by the former incumbent. If an employee is filling a new position, the Contractor shall provide a position description and the Government will determine the appropriate position sensitivity level. c. Departing contractor employees: The Contractor shall provide the COR with the name, position title, and position sensitivity level held by or pending for departing employees. The Contractor shall perform and document the actions identified in the Contractor Employee Separation Checklist (https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Emp-sep-checklist.pdf ) when a Contractor/subcontractor employee terminates work under this contract. All documentation shall be made available to the COR upon request. d. Commitment to Protect Non-Public Departmental Information and Data: The Contractor, and any subcontractors performing under this contract, shall not release, publish, or disclose non-public Departmental information to unauthorized personnel, and shall protect such information in accordance with provisions of the following laws and any other pertinent laws and regulations governing the confidentiality of such information: - 18 U.S.C. 641 (Criminal Code: Public Money, Property or Records) - 18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information) - Public Law 96-511 (Paperwork Reduction Act) Each employee, including subcontractors, having access to non-public Department information under this acquisition shall complete the "Commitment to Protect Non-Public Information - Contractor Employee Agreement" located at: https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Nondisclosure.pdf. A copy of each signed and witnessed Non-Disclosure agreement shall be submitted to the Project Officer/COR prior to performing any work under this acquisition. [ x ]Loss and/or Disclosure of Personally Identifiable Information (PII) - Notification of Data Breach The Contractor shall report all suspected or confirmed incidents involving the loss and/or disclosure of PII in electronic or physical form. Notification shall be made to the NIH Incident Response Team (IRT) via email ( IRT@mail.nih.gov ) within one hour of discovering the incident. The Contractor shall follow up with IRT by completing and submitting one of the applicable two forms below within three (3) work days of incident discovery: NIH PII Spillage Report at: https://ocio.nih.gov/InfoSecurity/Policy/Documents/NIH_PII_Spillage_Proced.doc NIH Lost or Stolen Assets Report at: https://ocio.nih.gov/InfoSecurity/Policy/Documents/ISSO_Stolen_Device-Media_Handling_Procedures.doc [ x ]INFORMATION SECURITY TRAINING In addition to any training covered under paragraph (e) of HHSAR 352.239-72, the contractor shall comply with the below training: a.Mandatory Training i.All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information as defined at HHSAR 304.1300(a)(4), shall complete the NIH Computer Security Awareness Training course at http://irtsectraining.nih.gov/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement. ii.The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request. b.Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about "NIH Information Security Awareness and Training Policy," at: https://ocio.nih.gov/InfoSecurity/Policy/Documents/Final-InfoSecAwarenessTrainPol.doc. The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request. c.Rules of Behavior The Contractor shall ensure that all employees, including subcontractor employees, comply with the NIH Information Technology General Rules of Behavior ( https://ocio.nih.gov/InfoSecurity/training/Pages/nihitrob.aspx ), which are contained in the NIH Information Security Awareness Training Course http://irtsectraining.nih.gov. [ x ]PERSONNEL SECURITY RESPONSIBILITIES 1.In addition to any personnel security responsibilities covered under HHSAR 352.239-72, the contractor shall comply with the below personnel security responsibilities: d.In accordance with Paragraph (h) of HHSAR 352.239-72, the Contractor shall notify the Contracting officer and the COR within five working days before a new employee assumes a position that requires access to HHS information systems or data, or when an employee with such access stops working on this contract. The Government will initiate a background investigation on new employees assuming a position that requires access to HHS information systems or data, and will stop pending background investigations for employees that no longer work under the contract or no longer have such access. e.New contractor employees who have or will have access to HHS information systems or data: The Contractor shall provide the COR with the name, position title, e-mail address, and phone number of all new contract employees working under the contract and provide the name, position title and position sensitivity level held by the former incumbent. If an employee is filling a new position, the Contractor shall provide a position description and the Government will determine the appropriate position sensitivity level. f. Departing contractor employees: The Contractor shall provide the COR with the name, position title, and position sensitivity level held by or pending for departing employees. The Contractor shall perform and document the actions identified in the Contractor Employee Separation Checklist ( https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Emp-sep-checklist.pdf ) when a Contractor/subcontractor employee terminates work under this contract. All documentation shall be made available to the COR upon request. g.Commitment to Protect Non-Public Departmental Information and Data. The Contractor, and any subcontractors performing under this contract, shall not release, publish, or disclose non-public Departmental information to unauthorized personnel, and shall protect such information in accordance with provisions of the following laws and any other pertinent laws and regulations governing the confidentiality of such information: - 18 U.S.C. 641 (Criminal Code: Public Money, Property or Records) - 18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information) - Public Law 96-511 (Paperwork Reduction Act) Each employee, including subcontractors, having access to non-public Department information under this acquisition shall complete the "Commitment to Protect Non-Public Information - Contractor Employee Agreement" located at: https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Nondisclosure.pdf. A copy of each signed and witnessed Non-Disclosure agreement shall be submitted to the Project Officer/COR prior to performing any work under this acquisition. Section 508-Electronic and Information Technology Standards: The contractor shall comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998. Electronic and Information Technology Accessibility, HHSAR 352.239-73(b) Access to National Institutes of Health (NIH) Electronic Mail All Contractor staff that have access to and use of NIH electronic mail (e-mail) must identify themselves as contractors on all outgoing e-mail messages, including those that are sent in reply or are forwarded to another user. To best comply with this requirement, the Contractor staff shall set up an e-mail signature ("AutoSignature") or an electronic business card ("V-card") on each Contractor employee's computer system and/or Personal Digital Assistant (PDA) that will automatically display "Contractor" in the signature area of all e-mails sent. Other Clauses and Provisions: 1.Confidentiality of Information a.Confidential information, as used in this article, means information or data of a personal nature about individual, or proprietary information or data submitted by or pertaining to an institution or organization. b.The Contracting Officer and the Contractor may, by mutual consent, identify elsewhere in this contract specific information and/or categories of information which the Government will furnish to the Contractor or that the Contractor is expected to generate which is confidential. Similarly, the Contracting Officer and the Contractor may, by mutual consent, identify such confidential information from time to time during the performance of the contract. Failure to agree will be settled pursuant to the "Disputes" clause. c.If it is established elsewhere in this contract that information to be utilized under this contract, or a portion thereof, is subject to the Privacy Act, the Contractor will follow the rules and procedures of disclosure set forth in the Privacy Act of 1974, 5 U.S.C. 552a, and implementing regulations and policies, with respect to systems of records determined to be subject to the Privacy Act. d.Confidential information, as defined in paragraph (a) of this article, shall not be disclosed without the prior written consent of the individual, institution, or organization. e.Whenever the Contractor is uncertain with regard to the proper handling of material under the contract, or if the material in question is subject to the Privacy Act or is confidential information subject to the provisions of this article, the Contractor should obtain a written determination from the Contracting Officer prior to any release, disclosure, dissemination, or publication. f.Contracting Officer's determination will reflect the result of internal coordination with appropriate program and legal officials. The provisions of paragraph (d) of this article shall not apply to conflicting or overlapping provisions in other Federal, State or local laws. 1. The provision at FAR clause at FAR 52.213-4 (Feb 2016), Terms and Conditions-Simplified Acquisitions (Other Than Commercial Items), applies to this acquisition. 2. The provision at FAR clause at FAR 52.227-14 (Dec 2007) Rights in Data-General applies to this acquisition. The National Institute on Aging shall have unlimited rights to and ownership of all deliverables provided under this contract, including collected data, reports, recommendations, briefings, work plans and all other deliverables. This includes the deliverables provided under the basic contract and any optional task deliverables exercised by the contracting officer. In addition, it includes any additional deliverables required by contract change. The definition of "unlimited rights" is contained in Federal Acquisition Regulation (FAR) 27.401, "Definitions." FAR clause 52.227-14, "Rights in Data-General," is hereby incorporated by reference and made a part of this contract/order. RESPONSE FORMAT: (17) Please refer to the following attachments in preparing your proposal responding to this solicitation. Attachment No. 1: Statement of Work Attachment No. 2: Evaluation Criteria Attachment No. 3: Invoice Instructions Attachment No. 4: Terms and Conditions Responses to this solicitation must include sufficient information to establish the interested parties' bona-fide capabilities of providing the product or service. The price quote shall include: unit price, list price, shipping and handling costs, delivery days after contract award, delivery terms, prompt payment discount terms, F.O.B. Point (Destination or Origin), product or catalog number(s); product description; and any other information or factors that may be considered in the award decision. Such factors may include: past performance; special features required for effective program performance; trade-in considerations; probable life of the item selected as compared with that of a comparable item; warranty considerations; maintenance availability; and environmental and energy efficiency considerations. Responses to this solicitation must include clear and convincing evidence of the offeror's capability of fulfilling EACH of the requirements described in this solicitation. The price proposal must include the labor categories, an estimate of the number of hours required for each labor category, fully loaded fixed hourly rate or each labor category, breakdown and rationale for other direct costs or materials, and the total amount. A redacted invoice which is an edited version of an invoice issued within 12 months of this solicitation, with details of similar or identical items should be supplied and or a published price listing should be supplied for price reasonableness determinations. In addition the Dun & Bradstreet Number (DUNS), the Taxpayer Identification Number (TIN), and the certification of business size must be included in the response. All offerors must have an active registration in the System for Award Management (SAM) www.sam.gov." Questions regarding this solicitation must be received in this office, to the email address supplied below, by 8:00AM (EST) on February 22, 2016. All offers must be received by 8:00AM (EST) on February 25, 2016 and must reference number HHS-NIH-NIDA-SSSA-2016-166. Responses must be submitted electronically to Samantha Kelly, Contract Specialist at Samantha.Kelly2@nih.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/NIDA-01/HHS-NIH-NIDA-SSSA-2016-166/listing.html)
 
Record
SN04024020-W 20160220/160218235010-0676dc53ec1a1dd86f312e3411f41df2 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.