Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MAY 05, 2016 FBO #5277
SOLICITATION NOTICE

J -- Equipment Annual Maintenance

Notice Date
5/3/2016
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
811219 — Other Electronic and Precision Equipment Repair and Maintenance
 
Contracting Office
Department of the Navy, Bureau of Medicine and Surgery, Naval Medical Center Portsmouth, 54 Lewis Minor St, Portsmouth, Virginia, 23708-2297, United States
 
ZIP Code
23708-2297
 
Solicitation Number
N00183-16-T-0099
 
Archive Date
5/28/2016
 
Point of Contact
Harold D Woodley, Phone: 757-953-7276, Curtis Price, Jr., Phone: 757-953-7570
 
E-Mail Address
harold.d.woodley.civ@mail.mil, curtis.c.price2.civ@mail.mil
(harold.d.woodley.civ@mail.mil, curtis.c.price2.civ@mail.mil)
 
Small Business Set-Aside
Total Small Business
 
Description
Section B - Supplies or Services and Prices ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0001 1 Years Annual Maintenance FFP For Impella AIC System Manufacturer: ABIOMED Equipment: Heart Pump Model: Impella AIC System Reference Numbers: IC3193, IC3194 Location: Biomed Engineering, Building 250 See Section C for Statement of Work. FOB: Destination MILSTRIP: N0018316RQCC012 PURCHASE REQUEST NUMBER: N0018316RQCC012 NET AMT ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0002 1 Years OPTION Annual Maintenance FFP For Impella AIC System Manufacturer: ABIOMED Equipment: Heart Pump Model: Impella AIC System Reference Numbers: IC3193, IC3194 Location: Biomed Engineering, Building 250 See Section C for Statement of Work. FOB: Destination MILSTRIP: N0018316RQCC012 NET AMT ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0003 1 Years OPTION Annual Maintenance FFP For Impella AIC System Manufacturer: ABIOMED Equipment: Heart Pump Model: Impella AIC System Reference Numbers: IC3193, IC3194 Location: Biomed Engineering, Building 250 See Section C for Statement of Work. FOB: Destination MILSTRIP: N0018316RQCC012 NET AMT ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0004 1 Years OPTION Annual Maintenance FFP For Impella AIC System Manufacturer: ABIOMED Equipment: Heart Pump Model: Impella AIC System Reference Numbers: IC3193, IC3194 Location: Biomed Engineering, Building 250 See Section C for Statement of Work. FOB: Destination MILSTRIP: N0018316RQCC012 NET AMT ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0005 1 Years OPTION Annual Maintenance FFP For Impella AIC System Manufacturer: ABIOMED Equipment: Heart Pump Model: Impella AIC System Reference Numbers: IC3193, IC3194 Location: Biomed Engineering, Building 250 See Section C for Statement of Work. FOB: Destination MILSTRIP: N0018316RQCC012 NET AMT Section C - Descriptions and Specifications CLAUSES INCORPORATED BY FULL TEXT SUP 5252.204-9400 Contractor Unclassified Access to Federally Controlled Facilities, Sensitive Information, Information Technology (IT) Systems or Protected Health Information (July 2013) Homeland Security Presidential Directive (HSPD)-12, requires government agencies to develop and implement Federal security standards for Federal employees and contractors. The Deputy Secretary of Defense Directive-Type Memorandum (DTM) 08-006 - "DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)" dated November 26, 2008 (or its subsequent DoD instruction) directs implementation of HSPD-12. This clause is in accordance with HSPD-12 and its implementing directives. APPLICABILITY This clause applies to contractor employees requiring physical access to any area of a federally controlled base, facility or activity and/or requiring access to a DoN or DoD computer/network/system to perform certain unclassified sensitive duties. This clause also applies to contractor employees who access Privacy Act and Protected Health Information, provide support associated with fiduciary duties, or perform duties that have been identified by DON as National Security Position, as advised by the command security manager. It is the responsibility of the responsible security officer of the command/facility where the work is performed to ensure compliance. Each contractor employee providing services at a Navy Command under this contract is required to obtain a Department of Defense Common Access Card (DoD CAC). Additionally, depending on the level of computer/network access, the contract employee will require a successful investigation as detailed below. ACCESS TO FEDERAL FACILITIES Per HSPD-12 and implementing guidance, all contractor employees working at a federally controlled base, facility or activity under this clause will require a DoD CAC. When access to a base, facility or activity is required contractor employees shall in-process with the Navy Command's Security Manager upon arrival to the Navy Command and shall out-process prior to their departure at the completion of the individual's performance under the contract. ACCESS TO DOD IT SYSTEMS In accordance with SECNAV M-5510.30, contractor employees who require access to DoN or DoD networks are categorized as IT-I, IT-II, or IT-III. The IT-II level, defined in detail in SECNAV M-5510.30, includes positions which require access to information protected under the Privacy Act, to include Protected Health Information (PHI). All contractor employees under this contract who require access to Privacy Act protected information are therefore categorized no lower than IT-II. IT Levels are determined by the requiring activity's Command Information Assurance Manager. Contractor employees requiring privileged or IT-I level access, (when specified by the terms of the contract) require a Single Scope Background Investigation (SSBI) which is a higher level investigation than the National Agency Check with Law and Credit (NACLC) described below. Due to the privileged system access, a SSBI suitable for High Risk public trusts positions is required. Individuals who have access to system control, monitoring, or administration functions (e.g. system administrator, database administrator) require training and certification to Information Assurance Technical Level 1, and must be trained and certified on the Operating System or Computing Environment they are required to maintain. Access to sensitive IT systems is contingent upon a favorably adjudicated background investigation. When access to IT systems is required for performance of the contractor employee's duties, such employees shall in-process with the Navy Command's Security Manager and Information Assurance Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual's performance under the contract. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The decision to authorize access to a government IT system/network is inherently governmental. The contractor supervisor is not authorized to sign the SAAR-Ni therefore, the government employee with knowledge of the system/network access required or the COR shall sign the SAAR-N as the "supervisor". The SAAR-N shall be forwarded to the Navy Command's Security Manager at least 30 days prior to the individual's start date. Failure to provide the required documentation at least 30 days prior to the individual's start date may result in delaying the individual's start date. When required to maintain access to required IT systems or networks, the contractor shall ensure that all employees requiring access complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. The Contractor's Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. INTERIM ACCESS The Navy Command' s Security Manager may authorize issuance of a DoD CAC and interim access to a DoN or DoD unclassified computer/network upon a favorable review of the investigative questionnaire and advance favorable fingerprint results. When the results of the investigation are received and a favorable determination is not made, the contractor employee working on the contract under interim access will be denied access to the computer network and this denial will not relieve the contractor of his/her responsibility to perform. DENIAL OR TERMINATION OF ACCESS The potential consequences of any requirement under this clause including denial or termination of physical or system access in no way relieves the contractor from the requirement to execute performance under the contract within the timeframes specified in the contract. Contractors shall plan ahead in processing their employees and subcontractor employees. The contractor shall insert this clause in all subcontracts when the subcontractor is permitted to have unclassified access to a federally controlled facility, federally-controlled information system/network and/or to government information, meaning information not authorized for public release. CONTRACTOR'S SECURITY REPRESENTATIVE The contractor shall designate an employee to serve as the Contractor's Security Representative. Within three work days after contract award, the contractor shall provide to the requiring activity's Security Manager and the Contracting Officer, in writing, the name, title, address and phone number for the Contractor's Security Representative. The Contractor's Security Representative shall be the primary point of contact on any security matter. The Contractor's Security Representative shall not be replaced or removed without prior notice to the Contracting Officer and Command Security Manager. BACKGROUND INVESTIGATION REQUIREMENTS AND SECURITY APPROVAL PROCESS FOR CONTRACTORS ASSIGNED TO NATIONAL SECURITY POSITIONS OR PERFORMING SENSITIVE DUTIES Navy security policy requires that all positions be given a sensitivity value based on level of risk factors to ensure appropriate protective measures are applied. Navy recognizes contractor employees under this contract as Non-Critical Sensitive [ADP/IT-II] when the contract scope of work require physical access to a federally controlled base, facility or activity and/or requiring access to a DoD computer/network, to perform unclassified sensitive duties. This designation is also applied to contractor employees who access Privacy Act and Protected Health Information (PHI), provide support associated with fiduciary duties, or perform duties that have been identified by DON as National Security Positions. At a minimum, each contractor employee must be a US citizen and have a favorably completed NACLC to obtain a favorable determination for assignment to a non-critical sensitive or IT-II position. The NACLC consists of a standard NAC and a FBI fingerprint check plus law enforcement checks and credit check. Each contractor employee filling a non-critical sensitive or IT-II position is required to complete: * SF-86 Questionnaire for National Security Positions (or equivalent OPM investigative product) * Two FD-258 Applicant Fingerprint Cards (or an electronic fingerprint submission) * Original Signed Release Statements Failure to provide the required documentation at least 30 days prior to the individual's start date shall result in delaying the individual's start date. Background investigations shall be reinitiated as required to ensure investigations remain current (not older than 10 years) throughout the contract performance period. The Contractor's Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. Regardless of their duties or IT access requirements ALL contractor employees shall in-process with the Navy Command's Security Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual's performance under the contract. Employees requiring IT access shall also check-in and check-out with the Navy Command's Information Assurance Manager. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The SAAR-N shall be forwarded to the Navy Command's Security Manager at least 30 days prior to the individual's start date. Failure to provide the required documentation at least 30 days prior to the individual's start date shall result in delaying the individual's start date. The contractor shall ensure that each contract employee requiring access to IT systems or networks complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. Contractor employees shall accurately complete the required investigative forms prior to submission to the Navy Command Security Manager. The Navy Command's Security Manager will review the submitted documentation for completeness prior to submitting it to the Office of Personnel Management (OPM). Suitability/security issues identified by the Navy may render the contractor employee ineligible for the assignment. An unfavorable determination made by the Navy is final (subject to SF-86 appeal procedures) and such a determination does not relieve the contractor from meeting any contractual obligation under the contract. The Navy Command's Security Manager will forward the required forms to OPM for processing. Once the investigation is complete, the results will be forwarded by OPM to the DON Central Adjudication Facility (CAF) for a determination. If the contractor employee already possesses a current favorably adjudicated investigation, the contractor shall submit a Visit Authorization Request (VAR) via the Joint Personnel Adjudication System (JPAS) or a hard copy VAR directly from the contractor's Security Representative. Although the contractor will take JPAS "Owning" role over the contractor employee, the Navy Command will take JPAS "Servicing" role over the contractor employee during the hiring process and for the duration of assignment under that contract. The contractor shall include the IT Position Category per SECNAV M-5510.30 for each employee designated on a VAR. The VAR requires annual renewal for the duration of the employee's performance under the contract. BACKGROUND INVESTIGATION REQUIREMENTS AND SECURITY APPROVAL PROCESS FOR CONTRACTORS ASSIGNED TO OR PERFORMING NON-SENSITIVE DUTIES Contractor employee whose work is unclassified and non-sensitive (e.g., performing certain duties such as lawn maintenance, vendor services, etc...) and who require physical access to publicly accessible areas to perform those duties shall meet the following minimum requirements: * Must be either a US citizen or a US permanent resident with a minimum of 3 years legal residency in the United States (as required by The Deputy Secretary of Defense DTM 08-006 or its subsequent DoD instruction) and * Must have a favorably completed National Agency Check with Written Inquiries (NACI) including a FBI fingerprint check prior to installation access. To be considered for a favorable trustworthiness determination, the Contractor's Security Representative must submit for all employees each of the following: * SF-85 Questionnaire for Non-Sensitive Positions * Two FD-258 Applicant Fingerprint Cards (or an electronic fingerprint submission) * Original Signed Release Statements The contractor shall ensure each individual employee has a current favorably completed National Agency Check with Written Inquiries (NACI) or ensure successful FBI fingerprint results have been gained and investigation has been processed with OPM. Failure to provide the required documentation at least 30 days prior to the individual's start date may result in delaying the individual's start date. * Consult with your Command Security Manager and Information Assurance Manager for local policy when IT-III (non-sensitive) access is required for non-US citizens outside the United States. Statement of Work Contractor shall provide maintenance services in accordance with the items listed in Section B, starting 01 October 2007. Maintenance services shall include all replacement parts, components, on-site corrective repairs during normal working hours (8:00 A.M. to 4:30 P.M. Monday through Friday excluding Federal holidays), 24-hour emergency service and routine preventive maintenance services to government-owned equipment, as listed on the: DD Form 1155 "Order for Supplies or Services". Maintenance services shall be provided on all systems, subsystem components, assemblies (i.e.: contractor responsible for total maintenance of entire system) and shall apply to hardware, firmware, and software, as appropriate, unless otherwise stated. 1. General a. The Contractor shall comply with Federal, State, and Local Laws, plus any Federal Regulations as applicable to the performance of this contract. b. The Contractor shall not accept any instructions issued by any person employed by the U. S. Government, other than: the Contracting Officer (KO) or designated representative all acting within the limits of their authority. c. The Contractor shall be qualified / authorized by the Original Equipment Manufacturer (OEM) in the repair of all equipment listed within this contract. Contractor shall maintain qualifications throughout entire contract period. Qualification includes, but is not limited to, the certification of all repair persons and repair facilities by the OEM as being trained / qualified to perform required repairs. Qualifications must be current (within 2 years). The Government shall maintain the right to seek proof of qualification prior to award and anytime during contract period of performance. 2. Scope of Work a. The Contractor shall provide trained, experienced, English speaking personnel, labor, tools, diagnostic equipment, software, test phantoms, material, supplies, transportation, parts and equipment necessary to perform Preventive Maintenance (PM), Calibration (CAL), Safety testing (ST) and corrective maintenance. b. The Contractor shall provide telephonic communications with the Government to discuss technical matters relating to the performance of this contract. A systems operator will be made available to answer technical questions regarding system operations and applications. c. Equipment listed in this contract will be maintained to meet the original equipment manufacturer's (OEM's) specifications. d. Equipment and associated components shall be serviced as listed on: DD Form 1155, "Order for Supplies or Services". e. The Contractor Point of Contact (POC). The Contractor shall provide in writing the name and telephone number of a primary and alternate English-speaking individual to act as their representative for the scheduling and coordination of service calls, and to be responsible for the coordination of the contract with the Government. 3. Government furnished property, Materials and Services a. The Contractor representative(s) at each site is encouraged to request a pre-maintenance inspection prior to the onset of the contract. As all apparent discrepancies must be identified upon submittal of quote, any and all claims must be received within 30 days of contract award or prior to contract start which ever occurs first. All non-apparent / hidden discrepancies must be identified no later that the first scheduled preventative maintenance. Any claims resulting from hidden defects must be received within 30 days of first scheduled preventative maintenance. Any equipment found to be inoperable during this pre-maintenance inspection would be repaired using a separate purchase order. The cost of repairs shall not exceed contractor's normal retail rate for required repairs. The government certifies that the equipment to be maintained under this contract will be in good operating condition on the effective date of this contract. For the purpose of this contract, the clause, "good operating condition" means the conditions necessary for the equipment to function as intended without corrective maintenance. The Contractor agrees to leave the equipment in good operating condition at the expiration of this contract. During the final week of this contract, the Government will make final inspection of the equipment. Any correction of deficiencies noted during this inspection shall be resolved prior to contract end. The Government reserves the right to request the repair (at no additional cost to the Government) of items identified with latten defects after contract termination, when it has been determined that defects either are a result of contractor's performance or should have been discovered during normal performance of work under this contract. b. The government will be responsible for maintaining the proper environment, including utilities and site requirements necessary for the system to function properly as specified by the OEM. c. The Government will operate the system in accordance with the instruction manual provided by the OEM. d. The Government will not be responsible for the damage or loss due to fire, theft, accident, or other disaster of Contractor supplies, materials, or for the personal belongings brought onto Government property by Contractor's personnel. 4. Contractor Furnished Property and Material a. The Contractor shall provide all service literature, reference publications, laptop computers and diagnostic software to be used by the contractor service technicians and as required for the completion of the services in accordance with this contract. 5. Replacement Parts a. The Contractor shall have ready access to unique and/or high mortality replacement parts. All parts supplied shall be compatible with the existing system. In the event that replacements parts are required to be shipped. Shipping shall be performed in the fastest reasonable means possible (i.e., next day air) at no additional cost to the Government. b. The Contractor shall at their expense, replace all worn or defective parts necessary to restore the equipment to 100% operational condition as specified by the OEM. c. Contractor installed replacement parts shall become the property of the Government and the replaced malfunctioning part shall become the property of the Contractor. Replaced items shall be properly disposed of at no additional cost to the Government (contractor to pay all "environmental fees" where required). d. Freight, postage, and storage charges associated with shipment and receipt of replacement parts, and the return of parts shall be the responsibility of the Contractor. e. All replacement parts shall be new and certified as OEM replacement parts. In the event that new parts are not available, rebuilt parts and sub-assemblies are allowed provided that they are warranted to be free of defects for a period of time that meets or exceeds warranties of similar replacement parts. The contractor shall specifically annotate on the final Field Service report the use and identification of rebuilt parts and the period of warranty. When discrepancies occur, the Government will make the final determination on whether a replacement part is of equal or better quality. f. The Contractor must include software revisions and updates (field service changes), which are required due to FDA, or manufacturer announced safety-hazard recall, to include FDA Year 2000 Compliance Directive, as part of the contract at no additional cost to the Government. Updates shall be performed as soon as possible after release, but no later than the first scheduled Preventative Maintenance Inspection after release. For any updates that have been identified as critical, or required for the proper operation of equipment by the OEM, contractor shall provide installation within 30 days of release regardless of Preventative Maintenance Schedules. 6. Contractor Report Requirements a. During normal duty hours, Contracted Field Service Engineer (FSE) personnel shall check-in with the Biomedical Engineering Division upon arrival at the Government site and again prior to departure. (Biomedical Engineering located in Build-NH-100 1st floor; 910-450-4944). The Contractor FSEs shall personally notify Biomedical Engineering (BME) of problems that result in the equipment being left disabled upon their departure. After normal duty hours, Contractor FSE's shall notify the Officer of the Day Desk (Bldg NH-100, Quarterdeck, 1st Floor) and the systems operator designated by BME. b. The Contractor shall provide to BME a full service report within two (2) days after completion of all service performed. The service report shall include, but not be limited to: contract number, equipment description (model, serial number, equipment control number) contractor's log number, detailed description of the service(s) performed, replacement part(s) information (part number, part value, nomenclature, unit price, manufacturer, if not OEM, and whether the part is new/used/reconditioned), the completion date and time, man-hours expended and the hourly rate normally charged for the type of service performed, model and serial numbers, and the name of the FSE performing the service. In the event that agents / sub-contractor's are used in the performance of repairs, said agent shall be identified on the service report by company name and contact information (i.e., telephone number). Additionally contractor will be required to affix a tag on equipment upon the completion of a preventative maintenance inspection. Tag may either be a "sticker" or "hanging tag". As a minimum the tag shall contain: the name of the contractor, technician performing inspection and date of inspection legibly printed. 7. Contractor Responsibility a. The Contractor shall be responsible for the repair/replacement of damaged Government owned equipment and property due to the negligence of the Contractor or his representatives. All such replacement or repair shall be at the Contractor's expense and shall be inspected to the satisfaction of the KO or appointed representative. 8. Preventive Maintenance Services a. In accordance with Naval Medical Logistics Command (NAVMEDLOGCOM) Risk Assessment Criteria, preventive maintenance shall be performed four (4) times during the length of this contract. b. The Government shall select the months in which preventive maintenance services are to be performed. The prentive maintenance visits shall be performed during the following month: November c. All test equipment used in the performance of this contract must be calibrated (if required / as required by manufacture of test equipment) and shall be in compliance with Joint Commission on Accreditation of Healthcare Organizations (JCAHO), Original Equipment Manufacturer (OEM) and Federal Drug Administration (FDA) standards as required. 9. Corrective Maintenance a. Normal Working Hour Maintenance Coverage will be Monday through Friday, between 8:00 A.M. to 4:30 P.M. The contractor shall respond via telephone within 2 hours after receipt of trouble call, and provide on-site service no later than the close of business (4:30 pm) on the next business day. Equipment shall be operational within 48 hours. The Government reserves the right to deduct from the Contractor's payment an amount per hour equal to the mumber of hours the Contractor fails to respond, as specified in the contract. Emergency service outside the normal working hours by the Government, additional work shall be billable to the Government at published commercial rates, and negotiated and approved by a Contracting Officer prior to services rendered. b. Government request for corrective maintenance will be placed by BME, to the Contractor's POC. Corrective Maintenance shall be completed during the hours specified in the contract. c. The Contractor shall assign a unique Log/Reference Number to each Government request for corrective Maintenance. d. Contractor's response to requests for service may include telephone consultation with the equipment user/operator and a Contractor FSE. Telephone consultation shall: 1) provide instruction in determining operator error; 2) to determine the most likely cause of the problem; 3) to determine if resolution of the problem requires the dispatch of a FSE; and 4) to identify replacement parts likely to be required in order to return the equipment to 100% operational condition as specified by the OEM. e. Contractor's pricing shall be inclusive of all cost including parts, labor, travel and shipping, unless otherwise indicated. Any/all exclusions are listed as follows: f. The Contractor shall have his/her own service manuals, specifications, schematic diagrams, and parts lists to assist in the evaluation/repair of all equipment included in this contract. 10. Removal of Government Property a. Whenever the repair of equipment cannot be performed at the Government site as determined by the Contractor, the Contractor shall notify BME who will make arrangements for the Contractor to remove the item from Naval Hospital Camp Lejeune (i.e. obtain property pass for material) to the Contractor's designated site. The Contractor may be required to sign a Government form accepting responsibility for the Government equipment. The Contractor shall provide a detailed description of removed items. For associated items / accessories, contractor to provide a detailed description and quantities of items to be removed. Description to include as a minimum manufacturers serial numbers and equipment control number (ECN) of all equipment / items removed. In the event that items / sub-assemblies / accessories are repaired via "Repair by Replacement" a detailed description of replaced items is to be included upon return of repaired components. b. All charges resulting from a Contractor determined requirement to transport Government owned property, covered by this contract, to and from an alternate repair location shall be the responsibility of the Contractor. 11. Equipment Modification Upgrades a. The Contractor shall only incorporate OEM specified modifications, alterations and upgrades. Approval shall be obtained from BME prior to the Contractor installation of any modification, alteration, or upgrades. b. The Contractor shall maintain contact with the OEM to determine the requirement for field modifications and to ensure accomplishment of these modifications in accordance with the time schedule set forth by the OEM. c. The Government shall not alter the system without prior notification to the Contractor. d. The contractor at no additional cost shall provide software updates to the Government. Installation of updates will be left to the discretion of the Government. All supplied software is to be warranted current and free of defects such as viruses. 12. Service Beyond the Scope of the Contract a. The Contractor shall immediately, but not later than 24 consecutive hours after discovery, notify BME, in writing, of the existence or the development of any defects in, or repair required to the scheduled equipment, which the Contractor considers they are not responsible for under the terms of this contract. b. At the same time of the notification, the Contractor shall furnish BME with written estimate of the cost to make the necessary repairs. Repairs considered by the Contracting Officer to be outside the scope of this contract shall not be covered under this contract, but shall be ordered under a separate purchase order. Section E - Inspection and Acceptance INSPECTION AND ACCEPTANCE TERMS Supplies/services will be inspected/accepted at: CLIN INSPECT AT INSPECT BY ACCEPT AT ACCEPT BY 0001 Destination Government Destination Government 0002 Destination Government Destination Government 0003 Destination Government Destination Government 0004 Destination Government Destination Government 0005 Destination Government Destination Government Section F - Deliveries or Performance DELIVERY INFORMATION CLIN DELIVERY DATE QUANTITY SHIP TO ADDRESS DODAAC 0001 POP 26-SEP-2016 TO 25-SEP-2017 N/A NAVAL MEDICAL CENTER MMD 54 LEWIS MINORS STREET PORTSMOUTH VA 23708-2297 FOB: Destination N00183 0002 POP 26-SEP-2017 TO 25-SEP-2018 N/A (SAME AS PREVIOUS LOCATION) FOB: Destination N00183 0003 POP 26-SEP-2018 TO 25-SEP-2019 N/A (SAME AS PREVIOUS LOCATION) FOB: Destination N00183 0004 POP 26-SEP-2019 TO 25-SEP-2020 N/A (SAME AS PREVIOUS LOCATION) FOB: Destination N00183 0005 POP 26-SEP-2020 TO 25-SEP-2021 N/A (SAME AS PREVIOUS LOCATION) FOB: Destination N00183 CLAUSES INCORPORATED BY REFERENCE 52.242-15 Stop-Work Order AUG 1989 Section G - Contract Administration Data CLAUSES INCORPORATED BY FULL TEXT 252.232-7006 WIDE AREA WORKFLOW PAYMENT INSTRUCTIONS (JUN 2012) (a) Definitions. As used in this clause-- "Department of Defense Activity Address Code (DoDAAC)" is a six position code that uniquely identifies a unit, activity, or organization. "Document type" means the type of payment request or receiving report available for creation in Wide Area WorkFlow (WAWF). "Local processing office (LPO)" is the office responsible for payment certification when payment certification is done external to the entitlement system. (b) Electronic invoicing. The WAWF system is the method to electronically process vendor payment requests and receiving reports, as authorized by DFARS 252.232-7003, Electronic Submission of Payment Requests and Receiving Reports. (c) WAWF access. To access WAWF, the Contractor shall-- (1) Have a designated electronic business point of contact in the Central Contractor Registration at https://www.acquisition.gov; and (2) Be registered to use WAWF at https://wawf.eb.mil/ following the step-by-step procedures for self-registration available at this Web site. (d) WAWF training. The Contractor should follow the training instructions of the WAWF Web-Based Training Course and use the Practice Training Site before submitting payment requests through WAWF. Both can be accessed by selecting the "Web Based Training" link on the WAWF home page at https://wawf.eb.mil/. (e) WAWF methods of document submission. Document submissions may be via Web entry, Electronic Data Interchange, or File Transfer Protocol. (f) WAWF payment instructions. The Contractor must use the following information when submitting payment requests and receiving reports in WAWF for this contract/order: (1) Document type. The Contractor shall use the following document type(s). 2 IN 1 SERVICES ONLY ----------------------------------------------------------------------- (2) Inspection/acceptance location. The Contractor shall select the following inspection/acceptance location(s) in WAWF, as specified by the contracting officer. DESTINATION / DESTINATION ----------------------------------------------------------------------- (3) Document routing. The Contractor shall use the information in the Routing Data Table below only to fill in applicable fields in WAWF when creating payment requests and receiving reports in the system. Routing Data Table* Field Name in WAWF Data to be entered in WAWF Pay Official DoDAAC HQ0248 Issue By DoDAAC N00183 Admin DoDAAC N00183 Inspect By DoDAAC N/A Ship To Code N/A Ship From Code N/A Mark For Code N/A Service Approver (DoDAAC) N/A Service Acceptor (DoDAAC) N00183 Accept at Other DoDAAC N/A LPO DoDAAC N00183 DCAA Auditor DoDAAC N/A Other DoDAAC(s) N/A (4) Payment request and supporting documentation. The Contractor shall ensure a payment request includes appropriate contract line item and subline item descriptions of the work performed or supplies delivered, unit price/cost per unit, fee (if applicable), and all relevant back-up documentation, as defined in DFARS Appendix F, (e.g. timesheets) in support of each payment request. (5) WAWF email notifications. The Contractor shall enter the email address identified below in the "Send Additional Email Notifications" field of WAWF once a document is submitted in the system. WAWF Acceptor/COR Email Address: charles.k.lovell2.civ@mail.mil ----------------------------------------------------------------------- (g) WAWF point of contact. (1) The Contractor may obtain clarification regarding invoicing in WAWF from the following contracting activity's WAWF point of contact. usn.detrick.navmedlogcomftdmd.list.nmlc-wafwf@mail.mil ----------------------------------------------------------------------- (2) For technical WAWF help, contact the WAWF helpdesk at 866-618-5988. (End of clause) Section H - Special Contract Requirements CLAUSES INCORPORATED BY FULL TEXT PRIVACY AND SECURITY OF PROTECTED HEALTH INFORMATION 1. Introduction In accordance with DoD 6025.18-R "Department of Defense Health Information Privacy Regulation," January 24, 2003, the Business Associate meets the definition of Business Associate. Therefore, a Business Associate Agreement is required to comply with both the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security regulations. This clause serves as that agreement whereby the Business Associate agrees to abide by all applicable HIPAA Privacy and Security requirements regarding health information as defined in this clause, and in DoD 6025.18-R and DoD 8580.02-R, as amended. Additional requirements will be addressed when implemented. a. Definitions. As used in this clause generally refer to the Code of Federal Regulations (CFR) definition unless a more specific provision exists in DoD 6025.18-R or DoD 8580.02-R. (1) HITECH Act shall mean the Health Information Technology for Economic and Clinical Health Act included in the American Recovery and Reinvestment Act of 2009. (2) Individual has the same meaning as the term "individual" in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g). (3) Privacy Rule means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E. (4) Protected Health Information has the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by the Business Associate from or on behalf of the Government pursuant to the Contract. (5) Electronic Protected Health Information has the same meaning as the term "electronic protected health information" in 45 CFR 160.103. (6) Required by Law has the same meaning as the term "required by law" in 45 CFR 164.103. (7) Secretary means the Secretary of the Department of Health and Human Services or his/her designee. (8) Security Incident will have the same meaning as the term "security incident" in 45 CFR 164.304, limited to the information created or received by Business Associate from or on behalf of Covered Entity. (9) Security Rule means the Health Insurance Reform: Security Standards at 45 CFR part 160, 162 and part 164, subpart C. (10) Terms used, but not otherwise defined, in this Clause shall have the same meaning as those terms in 45 CFR 160.103, 160.502, 164.103, 164.304, and 164.501. b. The Business Associate shall not use or further disclose Protected Health Information other than as permitted or required by the Contract or as Required by Law. c. The Business Associate shall use appropriate safeguards to maintain the privacy of the Protected Health Information and to prevent use or disclosure of the Protected Health Information other than as provided for by this Contract. d. The HIPAA Security administrative, physical, and technical safeguards in 45 CFR 164.308, 164.310, and 164.312, and the requirements for policies and procedures and documentation in 45 CFR 164.316 shall apply to Business Associate. The additional requirements of Title XIII of the HITECH Act that relate to the security and that are made applicable with respect to covered entities shall also be applicable to Business Associate. The Business Associate agrees to use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits in the execution of this Contract. e. The Business Associate shall, at their own expense, take action to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of Protected Health Information by the Business Associate in violation of the requirements of this Clause. These mitigation actions will include as a minimum those listed in the TMA Breach Notification Standard Operating Procedure (SOP), which is available at: http://www.tricare.mil/tmaprivacy/breach.cfm f. The Business Associate shall report to the Government any security incident involving protected health information of which it becomes aware. g. The Business Associate shall report to the Government any use or disclosure of the Protected Health Information not provided for by this Contract of which the Business Associate becomes aware. h. The Business Associate shall ensure that any agent, including a sub Business Associate, to whom it provides Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, agrees to the same restrictions and conditions that apply through this Contract to the Business Associate with respect to such information. i. The Business Associate shall ensure that any agent, including a subBusiness Associate, to whom it provides electronic Protected Health Information, agrees to implement reasonable and appropriate safeguards to protect it. j. The Business Associate shall provide access, at the request of the Government, and in the time and manner reasonably designated by the Government to Protected Health Information in a Designated Record Set, to the Government or, as directed by the Government, to an Individual in order to meet the requirements under 45 CFR 164.524. k. The Business Associate shall make any amendment(s) to Protected Health Information in a Designated Record Set that the Government directs or agrees to pursuant to 45 CFR 164.526 at the request of the Government, and in the time and manner reasonably designated by the Government. l. The Business Associate shall make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, available to the Government, or at the request of the Government to the Secretary, in a time and manner reasonably designated by the Government or the Secretary, for purposes of the Secretary determining the Government's compliance with the Privacy Rule. m. The Business Associate shall document such disclosures of Protected Health Information and information related to such disclosures as would be required for the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. n. The Business Associate shall provide to the Government or an Individual, in time and manner reasonably designated by the Government, information collected in accordance with this Clause of the Contract, to permit the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. 2. General Use and Disclosure Provisions Except as otherwise limited in this Clause, the Business Associate may use or disclose Protected Health Information on behalf of, or to provide services to, the Government for treatment, payment, or healthcare operations purposes, in accordance with the specific use and disclosure provisions below, if such use or disclosure of Protected Health Information would not violate the HIPAA Privacy Rule, the HIPAA Security Rule, DoD 6025.18-R or DoD 8580.02-R if done by the Government. The additional requirements of Title XIII of the HITECH Act that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to Business Associate. 3. Specific Use and Disclosure Provisions a. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. b. Except as otherwise limited in this Clause, the Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. c. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information to provide Data Aggregation services to the Government as permitted by 45 CFR 164.504(e)(2)(i)(B). d. Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(j)(1). 4. Obligations of the Government Provisions for the Government to Inform the Business Associate of Privacy Practices and Restrictions a. The Government shall provide the Business Associate with the notice of privacy practices that the Government produces in accordance with 45 CFR 164.520. b. The Government shall provide the Business Associate with any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, if such changes affect the Business Associate's permitted or required uses and disclosures. c. The Government shall notify the Business Associate of any restriction to the use or disclosure of Protected Health Information that the Government has agreed to in accordance with 45 CFR 164.522. 5. Permissible Requests by the Government The Government shall not request the Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the HIPAA Privacy Rule, the HIPAA Security Rule, or any applicable Government regulations (including without limitation, DoD 6025.18-R and DoD 8580.02-R) if done by the Government, except for providing Data Aggregation services to the Government and for management and administrative activities of the Business Associate as otherwise permitted by this clause. 6. Termination a. Termination. A breach by the Business Associate of this clause, may subject the Business Associate to termination under any applicable default or termination provision of this Contract. b. Effect of Termination. (1) If this contract has records management requirements, the records subject to the Clause should be handled in accordance with the records management requirements. If this contract does not have records management requirements, the records should be handled in accordance with paragraphs (2) and (3) below (2) If this contract does not have records management requirements, except as provided in paragraph (3) of this section, upon termination of this Contract, for any reason, the Business Associate shall return or destroy all Protected Health Information received from the Government, or created or received by the Business Associate on behalf of the Government. This provision shall apply to Protected Health Information that agents of the Business Associate may come in contact. The Business Associate shall retain no copies of the Protected Health Information. (3) If this contract does not have records management provisions and the Business Associate determines that returning or destroying the Protected Health Information is infeasible, the Business Associate shall provide to the Government notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Government and the Business Associate that return or destruction of Protected Health Information is infeasible, the Business Associate shall extend the protections of this Contract to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such Protected Health Information. 7. Miscellaneous a. Regulatory References. A reference in this Clause to a section in DoD 6025.18-R, DoD 8580.02-R, Privacy Rule or Security Rule means the section currently in effect or as amended, and for which compliance is required. b. Survival. The respective rights and obligations of Business Associate under the "Effect of Termination" provision of this Clause shall survive the termination of this Contract. c. Interpretation. Any ambiguity in this Clause shall be resolved in favor of a meaning that permits the Government to comply with DoD 6025.18-R, DoD 8580.02-R, the HIPAA Privacy Rule or the HIPAA Security Rule. Service Contracts General (Ref NMCARS 5237.102) The contractor shall report ALL contractor labor hours (including subcontractor labor hours) required for performance of services provided under this contract for the [NAMED COMPONENT] via a secure data collection site. The contractor is required to completely fill in all required data fields using the following web address https://doncmra.nmci.navy.mil. Reporting inputs will be for the labor executed during the period of performance during each Government fiscal year (FY), which runs October 1 through September 30. While inputs may be reported any time during the FY, all data shall be reported no later than October 31 of each calendar year. Contractors may direct questions to the help desk, linked at https://doncmra.nmci.navy.mil." Section I - Contract Clauses CLAUSES INCORPORATED BY REFERENCE 52.203-3 Gratuities APR 1984 52.204-7 System for Award Management JUL 2013 52.204-13 System for Award Management Maintenance JUL 2013 52.219-6 Notice Of Total Small Business Set-Aside NOV 2011 52.222-50 Combating Trafficking in Persons MAR 2015 52.223-18 Encouraging Contractor Policies To Ban Text Messaging While Driving AUG 2011 52.232-1 Payments APR 1984 52.232-8 Discounts For Prompt Payment FEB 2002 52.232-23 Alt I Assignment of Claims (May 2014) - Alternate I APR 1984 52.233-3 Protest After Award AUG 1996 52.237-2 Protection Of Government Buildings, Equipment, And Vegetation APR 1984 52.237-3 Continuity Of Services JAN 1991 52.243-1 Changes--Fixed Price AUG 1987 52.249-1 Termination For Convenience Of The Government (Fixed Price) (Short Form) APR 1984 52.249-8 Default (Fixed-Price Supply & Service) APR 1984 252.203-7000 Requirements Relating to Compensation of Former DoD Officials SEP 2011 252.203-7002 Requirement to Inform Employees of Whistleblower Rights SEP 2013 252.204-7003 Control Of Government Personnel Work Product APR 1992 252.211-7003 Item Unique Identification and Valuation DEC 2013 252.225-7000 Buy American--Balance Of Payments Program Certificate--Basic (Nov 2014) NOV 2014 252.225-7001 Buy American And Balance Of Payments Program-- Basic (Nov 2014) NOV 2014 252.225-7048 Export-Controlled Items JUN 2013 252.232-7003 Electronic Submission of Payment Requests and Receiving Reports JUN 2012 252.239-7001 Information Assurance Contractor Training and Certification JAN 2008 252.243-7001 Pricing Of Contract Modifications DEC 1991 CLAUSES INCORPORATED BY FULL TEXT 52.217-8 OPTION TO EXTEND SERVICES (NOV 1999) The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 7 days of contract expiration. (End of clause) 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT (MAR 2000) (a) The Government may extend the term of this contract by written notice to the Contractor within 7 days of contract expiration; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 7 days before the contract expires. The preliminary notice does not commit the Government to an extension. (b) If the Government exercises this option, the extended contract shall be considered to include this option clause. (c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 5 years. (End of clause) 52.232-39 UNENFORCEABILITY OF UNAUTHORIZED OBLIGATIONS (JUN 2013) (a) Except as stated in paragraph (b) of this clause, when any supply or service acquired under this contract is subject to any End User License Agreement (EULA), Terms of Service (TOS), or similar legal instrument or agreement, that includes any clause requiring the Government to indemnify the Contractor or any person or entity for damages, costs, fees, or any other loss or liability that would create an Anti-Deficiency Act violation (31 U.S.C. 1341), the following shall govern: (1) Any such clause is unenforceable against the Government. (2) Neither the Government nor any Government authorized end user shall be deemed to have agreed to such clause by virtue of it appearing in the EULA, TOS, or similar legal instrument or agreement. If the EULA, TOS, or similar legal instrument or agreement is invoked through an ``I agree'' click box or other comparable mechanism (e.g., ``click-wrap'' or ``browse-wrap'' agreements), execution does not bind the Government or any Government authorized end user to such clause. (3) Any such clause is deemed to be stricken from the EULA, TOS, or similar legal instrument or agreement. (b) Paragraph (a) of this clause does not apply to indemnification by the Government that is expressly authorized by statute and specifically authorized under applicable agency regulations and procedures. (End of clause) 52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998) This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es): FAR Clauses http://acquisition.gov/comp/far/index.htm DFAR Clauses http://www.acq.osd.mil/dpap/dars/dfars/index.htm (End of clause) 252.204-7006 BILLING INSTRUCTIONS (OCT 2005) When submitting a request for payment, the Contractor shall-- (a) Identify the contract line item(s) on the payment request that reasonably reflect contract work performance; and (b) Separately identify a payment amount for each contract line item included in the payment request. (End of clause) 252.204-7012 SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBER INCIDENT REPORTING (DEVIATION 2016-O0001)(OCT 2015) (a) Definitions. As used in this clause- "Adequate security" means protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information. "Compromise" means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred. "Contractor attributional/proprietary information" means information that identifies the contractor(s), whether directly or indirectly, by the grouping of information that can be traced back to the contractor(s) (e.g., program description, facility locations), personally identifiable information, as well as trade secrets, commercial or financial information, or other commercially sensitive information that is not customarily shared outside of the company. "Contractor information system" means an information system belonging to, or operated by or for, the Contractor. "Controlled technical information" means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. "Covered contractor information system" means an information system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information. "Covered defense information" means unclassified information that- (i) Is- (A) Provided to the contractor by or on behalf of DoD in connection with the performance of the contract; or (B) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract; and (ii) Falls in any of the following categories: (A) Controlled technical information. (B) Critical information (operations security). Specific facts identified through the Operations Security process about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment (part of Operations Security process). (C) Export control. Unclassified information concerning certain items, commodities, technology, software, or other information whose export could reasonably be expected to adversely affect the United States national security and nonproliferation objectives. To include dual use items; items identified in export administration regulations, international traffic in arms regulations and munitions list; license applications; and sensitive nuclear technology information. (D) Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies (e.g., privacy, proprietary business information). "Cyber incident" means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. "Forensic analysis" means the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. "Malicious software" means computer software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. This definition includes a virus, worm, Trojan horse, or other code-based entity that infects a host, as well as spyware and some forms of adware. "Media" means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which information is recorded, stored, or printed within an information system. ‘‘Operationally critical support'' means supplies or services designated by the Government as critical for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation. "Rapid(ly) report(ing)" means within 72 hours of discovery of any cyber incident. "Technical information" means technical data or computer software, as those terms are defined in the clause at DFARS 252.227-7013, Rights in Technical Data-Non Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code. (b) Adequate security. The Contractor shall provide adequate security for all covered defense information on all covered contractor information systems that support the performance of work under this contract. To provide adequate security, the Contractor shall- (1) Implement information systems security protections on all covered contractor information systems including, at a minimum- (i) For covered contractor information systems that are part of an Information Technology (IT) service or system operated on behalf of the Government- (A) Cloud computing services shall be subject to the security requirements specified in the clause 252.239-7010, Cloud Computing Services, of this contract; and (B) Any other such IT service or system (i.e., other than cloud computing) shall be subject to the security requirements specified elsewhere in this contract; or (ii) For covered contractor information systems that are not part of an IT service or system operated on behalf of the Government and therefore are not subject to the security requirement specified at paragraph (b)(1)(i) of this clause- (A) The security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations," (see http://dx.doi.org/10.6028/NIST.SP.800-171) that is in effect at the time the solicitation is issued or as authorized by the Contracting Officer with the exception of the derived security requirement 3.5.3 "Use of multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts", which will be required not later than 9 months after award of the contract, if the Contractor notified the contracting officer in accordance with paragraph (c) of the provision 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls (DEVIATION 2016-O0001)(OCT 2015); or (B) Alternative but equally effective security measures used to compensate for the inability to satisfy a particular requirement and achieve equivalent protection approved in writing by an authorized representative of the DoD Chief Information Officer (CIO) prior to contract award; and (2) Apply other information systems security measures when the Contractor reasonably determines that information systems security measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security in a dynamic environment based on an assessed risk or vulnerability. (c) Cyber incident reporting requirement. (1) When the Contractor discovers a cyber incident that affects a covered contractor information system or the covered defense information residing therein, or that affects the contractor's ability to perform the requirements of the contract that are designated as operationally critical support, the Contractor shall- (i) Conduct a review for evidence of compromise of covered defense information, including, but not limited to, identifying compromised computers, servers, specific data, and user accounts. This review shall also include analyzing covered contractor information system(s) that were part of the cyber incident, as well as other information systems on the Contractor's network(s), that may have been accessed as a result of the incident in order to identify compromised covered defense information, or that affect the Contractor's ability to provide operationally critical support; and (ii) Rapidly report cyber incidents to DoD at http://dibnet.dod.mil. (2) Cyber incident report. The cyber incident report shall be treated as information created by or for DoD and shall include, at a minimum, the required elements at http://dibnet.dod.mil. (3) Medium assurance certificate requirement. In order to report cyber incidents in accordance with this clause, the Contractor or subcontractor shall have or acquire a DoD-approved medium assurance certificate to report cyber incidents. For information on obtaining a DoD-approved medium assurance certificate, see http://iase.disa.mil/pki/eca/Pages/index.aspx. (d) Malicious software. The Contractor or subcontractors that discover and isolate malicious software in connection with a reported cyber incident shall submit the malicious software in accordance with instructions provided by the Contracting Officer. (e) Media preservation and protection. When a Contractor discovers a cyber incident has occurred, the Contractor shall preserve and protect images of all known affected information systems identified in paragraph (c)(1)(i) of this clause and all relevant monitoring/packet capture data for at least 90 days from the submission of the cyber incident report to allow DoD to request the media or decline interest. (f) Access to additional information or equipment necessary for forensic analysis. Upon request by DoD, the Contractor shall provide DoD with access to additional information or equipment that is necessary to conduct a forensic analysis. (g) Cyber incident damage assessment activities. If DoD elects to conduct a damage assessment, the Contracting Officer will request that the Contractor provide all of the damage assessment information gathered in accordance with paragraph (e) of this clause. (h) DoD safeguarding and use of contractor attributional/proprietary information. The Government shall protect against the unauthorized use or release of information obtained from the contractor (or derived from information obtained from the contractor) under this clause that includes contractor attributional/proprietary information, including such information submitted in accordance with paragraph (c). To the maximum extent practicable, the Contractor shall identify and mark attributional/proprietary information. In making an authorized release of such information, the Government will implement appropriate procedures to minimize the contractor attributional/proprietary information that is included in such authorized release, seeking to include only that information that is necessary for the authorized purpose(s) for which the information is being released. (i) Use and release of contractor attributional/proprietary information not created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is not created by or for DoD is authorized to be released outside of DoD- (1) To entities with missions that may be affected by such information; (2) To entities that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents; (3) To Government entities that conduct counterintelligence or law enforcement investigations; (4) For national security purposes, including cyber situational awareness and defense purposes (including with Defense Industrial Base (DIB) participants in the program at 32 CFR part 236); or (5) To a support services contractor ("recipient") that is directly supporting Government activities under a contract that includes the clause at 252.204-7009, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information. (j) Use and release of contractor attributional/proprietary information created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is created by or for DoD (including the information submitted pursuant to paragraph (c) of this clause) is authorized to be used and released outside of DoD for purposes and activities authorized by paragraph (i) of this clause, and for any other lawful Government purpose or activity, subject to all applicable statutory, regulatory, and policy based restrictions on the Government's use and release of such information. (k) The Contractor shall conduct activities under this clause in accordance with applicable laws and regulations on the interception, monitoring, access, use, and disclosure of electronic communications and data. (l) Other safeguarding or reporting requirements. The safeguarding and cyber incident reporting required by this clause in no way abrogates the Contractor's responsibility for other safeguarding or cyber incident reporting pertaining to its unclassified information systems as required by other applicable clauses of this contract, or as a result of other applicable U.S. Government statutory or regulatory requirements. (m) Subcontracts. The Contractor shall- (1) Include the substance of this clause, including this paragraph (m), in all subcontracts, including subcontracts for commercial items; and (2) Require subcontractors to rapidly report cyber incidents directly to DoD at http://dibnet.dod.mil and the prime Contractor. This includes providing the incident report number, automatically assigned by DoD, to the prime Contractor (or next higher-tier subcontractor) as soon as practicable. (End of clause) 252.232-7001 DISPOSITION OF PAYMENTS (DEC 1991) Payment will be by a dual payee Treasury check made payable to the contractor or the and will be forwarded to that disbursing office for appropriate disposition. (End of clause) Section K - Representations, Certifications and Other Statements of Offerors CLAUSES INCORPORATED BY REFERENCE 52.225-18 Place of Manufacture MAR 2015 CLAUSES INCORPORATED BY FULL TEXT 52.204-3 TAXPAYER IDENTIFICATION (OCT 1998) (a) Definitions. Common parent, as used in this provision, means that corporate entity that owns or controls an affiliated group of corporations that files its Federal income tax returns on a consolidated basis, and of which the offeror is a member. Taxpayer Identification Number (TIN), as used in this provision, means the number required by the Internal Revenue Service (IRS) to be used by the offeror in reporting income tax and other returns. The TIN may be either a Social Security Number or an Employer Identification Number. (b) All offerors must submit the information required in paragraphs (d) through (f) of this provision to comply with debt collection requirements of 31 U.S.C. 7701(c) and 3325(d), reporting requirements of 26 U.S.C. 6041, 6041A, and 6050M, and implementing regulations issued by the IRS. If the resulting contract is subject to the payment reporting requirements described in Federal Acquisition Regulation (FAR) 4.904, the failure or refusal by the offeror to furnish the information may result in a 31 percent reduction of payments otherwise due under the contract. (c) The TIN may be used by the Government to collect and report on any delinquent amounts arising out of the offeror's relationship with the Government (31 U.S.C. 7701(c)(3)). If the resulting contract is subject to the payment reporting requirements described in FAR 4.904, the TIN provided hereunder may be matched with IRS records to verify the accuracy of the offeror's TIN. (d) Taxpayer Identification Number (TIN). ___ TIN:.-------------------------------------------------------- ___ TIN has been applied for. ___ TIN is not required because: ___ Offeror is a nonresident alien, foreign corporation, or foreign partnership that does not have income effectively connected with the conduct of a trade or business in the United States and does not have an office or place of business or a fiscal paying agent in the United States; ___ Offeror is an agency or instrumentality of a foreign government; ___ Offeror is an agency or instrumentality of the Federal Government. (e) Type of organization. ___ Sole proprietorship; ___ Partnership; ___ Corporate entity (not tax-exempt); ___ Corporate entity (tax-exempt); ___ Government entity (Federal, State, or local); ___ Foreign government; ___ International organization per 26 CFR 1.6049-4; ___ Other-------------------------------------------------------- (f) Common parent. ___ Offeror is not owned or controlled by a common parent as defined in paragraph (a) of this provision. ___ Name and TIN of common parent: Name------------------------------------------------------------------- TIN-------------------------------------------------------------------- (End of provision) 52.222-22 PREVIOUS CONTRACTS AND COMPLIANCE REPORTS (FEB 1999) The offeror represents that -- (a) ( ) It has, ( ) has not participated in a previous contract or subcontract subject to the Equal Opportunity clause of this solicitation; (b) ( ) It has, ( ) has not, filed all required compliance reports; and (c) Representations indicating submission of required compliance reports, signed by proposed subcontractors, will be obtained before subcontract awards. (End of provision) 52.222-25 AFFIRMATIVE ACTION COMPLIANCE (APR 1984) The offeror represents that (a) [ ] it has developed and has on file, [ ] has not developed and does not have on file, at each establishment, affirmative action programs required by the rules and regulations of the Secretary of Labor (41 CFR 60-1 and 60-2), or (b) [ ] has not previously had contracts subject to the written affirmative action programs requirement of the rules and regulations of the Secretary of Labor. (End of provision) 252.213-7000 NOTICE TO PROSPECTIVE SUPPLIERS ON USE OF PAST PERFORMANCE INFORMATION RETRIEVAL SYSTEM--STATISTICAL REPORTING IN PAST PERFORMANCE EVALUATIONS (JUNE 2015) (a) The Past Performance Information Retrieval System--Statistical Reporting (PPIRS-SR) application (http://www.ppirs.gov/) will be used in the evaluation of suppliers' past performance in accordance with DFARS 213.106-2(b)(i). (b) PPIRS-SR collects quality and delivery data on previously awarded contracts and orders from existing Department of Defense reporting systems to classify each supplier's performance history by Federal supply class (FSC) and product or service code (PSC). The PPIRS-SR application provides the contracting officer quantifiable past performance information regarding a supplier's quality and delivery performance for the FSC and PSC of the supplies being purchased. (c) The quality and delivery classifications identified for a supplier in PPIRS-SR will be used by the contracting officer to evaluate a supplier's past performance in conjunction with the supplier's references (if requested) and other provisions of this solicitation under the past performance evaluation factor. The Government reserves the right to award to the supplier whose quotation or offer represents the best value to the Government. (d) PPIRS-SR classifications are generated monthly for each contractor and can be reviewed by following the access instructions in the PPIRS-SR User's Manual found at https://www.ppirs.gov/pdf/PPIRS-SR_UserMan.pdf. Contractors are granted access to PPIRS-SR for their own classifications only. Suppliers are encouraged to review their own classifications, the PPIRS-SR reporting procedures and classification methodology detailed in the PPIRS-SR User's Manual, and PPIRS-SR Evaluation Criteria available from the references at https://www.ppirs.gov/pdf/PPIRS-SR_DataEvaluationCriteria.pdf. The method to challenge a rating generated by PPIRS- SR is provided in the User's Manual. (End of provision) Section L - Instructions, Conditions and Notices to Bidders CLAUSES INCORPORATED BY REFERENCE 52.204-16 Commercial and Government Entity Code Reporting JUL 2015 52.214-34 Submission Of Offers In The English Language APR 1991 52.214-35 Submission Of Offers In U.S. Currency APR 1991 CLAUSES INCORPORATED BY FULL TEXT 52.252-1 SOLICITATION PROVISIONS INCORPORATED BY REFERENCE (FEB 1998) This solicitation incorporates one or more solicitation provisions by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. The offeror is cautioned that the listed provisions may include blocks that must be completed by the offeror and submitted with its quotation or offer. In lieu of submitting the full text of those provisions, the offeror may identify the provision by paragraph identifier and provide the appropriate information with its quotation or offer. Also, the full text of a solicitation provision may be accessed electronically at this/these address(es): http://www.arnet.gov/far (End of provision) Section M - Evaluation Factors for Award CLAUSES INCORPORATED BY REFERENCE 52.217-5 Evaluation Of Options JUL 1990
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DON/BUMED/N00183/N00183-16-T-0099/listing.html)
 
Place of Performance
Address: Naval Medical Center Portsmouth, 54 Lewis Minor Street, Building 250, Portsmouth, Virginia, 23708, United States
Zip Code: 23708
 
Record
SN04104148-W 20160505/160503235226-e2bd2a8e458a33d5f10403b2ba56a020 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.