SOURCES SOUGHT
99 -- web-based scheduling software system for their nursing staff
- Notice Date
- 11/16/2016
- Notice Type
- Sources Sought
- NAICS
- 511210
— Software Publishers
- Contracting Office
- Department of the Army, U.S. Army Medical Command, MEDCOM, North Atlantic Regional Contracting Office, 8901 Rockville Pike, Bldg 54, Bethesda, Maryland, 20889, United States
- ZIP Code
- 20889
- Solicitation Number
- W91YTZ-17-T-0049
- Point of Contact
- Mary A. Mitchell-Martin, , Cheryl A Ricker,
- E-Mail Address
-
mary.a.mitchellmartin.civ@mail.mil, cheryl.a.ricker2.civ@mail.mil
(mary.a.mitchellmartin.civ@mail.mil, cheryl.a.ricker2.civ@mail.mil)
- Small Business Set-Aside
- N/A
- Description
- The Regional Health Contracting Office - Atlantic, (RHCO-A) Womack Army Medical Center intends to solicit, negotiate and award a Firm, Fixed Priced contract for: Web-based scheduling software system for their nursing staff. This notice is a Sources Sought for a web-based scheduling software system for their nursing staff at Womack Army Medical Center (WAMC), Fort Bragg, NC 28310. Period of Performance will be approximately 12/28/2016 through 12/27/2017. This notice is not a request for competitive proposals; however, if you have information regarding your company's ability to perform this requirement in full as outlined below you may send it to Ms. Mary Mitchell- Martin @ mary.a.mitchellmartin.civ@mail.mil and Ms. Cheryl Ricker @ Cheryl.a.ricker2.civ@mail.mil No telephonic requests will be returned. All responses will be received no later than 13 December 2016, 0800 am EST. The Standard Industrial Classification Code is 7372, size standard $38,500,000 and the NAICS code of 511210. DEPARTMENT OF NURSING STATEMENT OF WORK WOMACK ARMY MEDICAL CENTER, FORT BRAGG, NC 1 OVERVIEW 1.1 Womack Army Medical Center (WAMC) Department of Nursing has a requirement to purchase a web-based scheduling software system for their nursing staff. This system will be web-based, capable of posting shifts to a web-based schedule for individual, teams, and units by week, month and by quarter for multiple departments and multiple staff schedule types. 2 SOFTWARE REQUIREMENTS 2.1. The software shall have the ability to develop criteria for scheduling shifts such as staff experience level, minimum number of required weekend/holiday shifts and number of staff per shift. 2.2. The software shall have the ability for employees to view and manage their schedule from work and home and for management visibility at multiple levels. 2.3. The software shall have the ability to communicate shift staffing needs using the scheduling software. 2.4. The software shall have the ability for managers to control access to the software at all times. 3 GENERAL SECURITY REQUIREMENTS 3.1 The Contractor shall establish appropriate administrative, technical, and physical safeguards to protect any and all Government data, to ensure the confidentiality, integrity, and availability of government data. As a minimum, this shall include provisions for personnel security, electronic security and physical security as listed in the sections to follow. 3.2 The Contractor shall ensure if personally identifiable information (PII) is required to be collected then the contractor must collect only the minimum necessary personally identifiable information (PII) and enact safeguards related to PII: • Encrypted when transmitted over public networks • Encrypted when stored in databases and flat files • Accessible only by authorized personnel • Storage of PII prohibited on private workstations • Published privacy policies 3.3 The Contractor shall take steps to ensure the availability as well as the physical protection of its servers by carefully screening personnel and by controlling personnel access to all server environments. All contractors must secure all data center facilities as well as business office locations and workstations and to support and enforce multiple levels of access security in order to prevent unauthorized access or entry. 3.4 The Contractor shall perform verification of employment, references, and criminal background checks on all employees. All employees should be required to consent to written confidentiality agreements, and sign a blanket NOA (non-disclosure agreement) covering both company and client information confidentiality. New employees should be provided training related to company policies and procedures including standards for business ethics and professional conduct. 3.5 The Contractor shall ensure its network architecture works to ensure client data is protected through best business practice policies and procedures. These procedures are influenced from aggregate industry standard guidelines. The Contractor shall employ an internal infrastructure to backup and monitor all services through secure connections. The service network could be comprised of multiple virtual network segments behind firewalls where IP addresses of individual services are protected from direct, third party access. The Contractor's network shall be a multi-segmented architecture to prevent direct public contact or connection to private network segments to prevent direct access from the Internet. The contractor should monitor all TCP/IP incoming and outgoing traffic between network segments. The Contractor's routers shall be hardened and configurations used to correctly route packets to their proper destinations, and to restrict unauthorized traffic. Access Control Lists (ACLs) on the front-end routers should be used to stop common attacks that could affect the environment, including limited denial-of-service attacks and IP spoofing. Proactive monitoring of operations is a must and security threats should be thoroughly investigated and escalated and remediated if encountered. Periodic vulnerability assessments which are automated security scans should be run on a periodic basis using third-party PCI compliance scanning. Also scans should be performed on application software for known vulnerabilities and when vulnerabilities are found, they are escalated and managed through the software release process. Application firewalls should protect applications and data by validating information traveling in and out of most Services by way of packet filtering and Access Control Lists (ACLs). Firewalls should be set to deny all connections except those specifically allowed. Security violations or attempts should be logged, monitored and escalated to the operations team. VPN/SSH (Virtual Private Network/Secure Shell) access is used for personnel using either VPN or SSH tunneling when connecting and transmitting information from outside the internal, trusted network. Secure tunnels offer highly secure remote connectivity necessary to perform systems maintenance and related access. Digital certificates should be utilized on web servers for SSL (Secure Socket Layer) in order to verify authenticity of the client/contractor services provided. Back-up media should be targeted for long-term offsite storage and transported encrypted, or via encrypted tunnel to high capacity, secured storage locations. The standard software patching process for production and all system updates should be tested using a standard process to ensure proper functioning before being applied to production servers. • Apply patch to a staging (mirror) site of affected environment • Migrate patch to select nodes, monitor real-world performance • Apply patch across all target production nodes. Disaster Recovery Testing The Contractor shall have a formal disaster recovery plan, tested on a periodic basis and with various components tested perpetually as part of each standard build process. ___________ NOTHING FOLLOWS_______________________________________
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/USA/MEDCOM/DADA15/W91YTZ-17-T-0049/listing.html)
- Record
- SN04329429-W 20161118/161116234510-8b29df826c4929248b03dbd90ea8eab6 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |