DOCUMENT
65 -- Lexmark - Attachment
- Notice Date
- 9/7/2017
- Notice Type
- Attachment
- NAICS
- 334118
— Computer Terminal and Other Computer Peripheral Equipment Manufacturing
- Contracting Office
- Department of Veterans Affairs;Network Contracting Office (NCO) 10;2780 Airport Dr., Suite 340;Columbus OH 43219
- ZIP Code
- 43219
- Solicitation Number
- VA25017Q0946
- Response Due
- 9/11/2017
- Archive Date
- 11/10/2017
- Point of Contact
- Percy Johnson
- E-Mail Address
-
johnson2@va.gov<br
- Small Business Set-Aside
- Veteran-Owned Small Business
- Description
- This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. The solicitation number is VA250-17-Q-0946 and is issued as a request for quotation (RFQ) in accordance with FAR Parts 12 and 13. The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95. The associated NAICS code is 334118 Computer Terminal and Other Computer Peripherical Equipment Manufacturing. Manufacturing and small business size standard is 1,000 employees. This is a total veteran owned small business set-aside. The requirement is for: 2 (Lexmark PACSGEAR Media Writer D200 Media Writer software license Pacs SCAN software license GEAR View Basic CD/DVD viewer Windows PC 19" LCD display Epson Disc producer PP-100 CD/DVD burner/printer CD Starter Kit (100 CDs and six color ink cartridges) One year software warranty One year hardware warranty with Express Exchange) 1 PGP INSTALL 1 ON SITE INSTALLATION PER DAY BY DAY 1 PGP INSTALLATION PER DAY BY FACTORY TRAINED PERSONNEL To be delivered to: Chalmers P. Wylie Ambulatory Care Center. 420 N. James Rd Columbus, OH 43219 This announcement constitutes the only solicitation; a formal, written solicitation will not be issued. PAPER COPIES OF THIS SOLICITATION WILL NOT BE AVAILABLE. This solicitation documents and incorporates provisions and clauses in effect through FAC 2005-95. It is the responsibility of the contractor to be familiar with the applicable clauses and provisions. The clauses may be accessed in full text at these addresses: https://www.acquisition.gov/Far/. The selected Offeror shall comply with the following commercial item terms and conditions, which are incorporated herein by reference: FAR 52.212-1, Instructions to Offerors -Commercial Items, FAR 52.212-3, Offeror Representations and Certifications-Commercial Items - the selected offeror shall submit a completed copy of the listed representations and certifications or confirm that the annual representations and certifications was completed electronically via the SAM website accessed through http://www.acquisition.gov; FAR 52.212-4, Contract Terms and Conditions-Commercial Items; 52.203-17, 52.203-99, and 52.204-4. FAR 52.212-5, Contract Terms and Conditions Required To Implement Statutes or Executive Orders-Commercial Items, paragraph (a) and the following clauses in paragraph (b): 52.203-6, 52.204-10, 52.209-6, 52.219-6, 52.219-8, 52.219-14, 52.219-27, 52.222-3, 52.222-19, 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.222-40, 52.222-50, 52.223-18, 52.225-1, 52.225-13, and 52.232-33. The full text of the referenced FAR clauses may be accessed electronically at https://www.acquisition.gov/far/. Evaluation: will be made using the procedures under FAR 13. Offers will be evaluate using the Lowest price technically Acceptable (LPTA). The following FAR clauses apply 52.204-9 PERSONAL IDENTITY VERIFICATION OF CONTRACTOR PERSONNEL 52-204-18 COMMERCIAL AND GOVERNMENT ENTITY CODE MAINTENANCE 52.232-40 PROVIDING ACCELERATED PAYMENTS TO SMALL BUSINESS CONTRACTORS The following VAAR clauses apply 852.203-70 COMMERCIAL ADVERTISING 852.219-11 VA NOTICE OF TOTAL VETERAN-OWMED SMALL BUSINESS SET-ASIDE 852.232-72 ELECTRONIC SUBMISSION OF PAYMENT REQUEST 852.246-70 GAURANTEE 852.246-71 INSPECTION Quotes are to be emailed to Percy Johnson at percy.johnson2@va.gov, no later than 11 September 2017 3:00 p.m. EST. 2. Contract Title. The Lexmark PACSGEAR is used to print radiology and dental images. 3. Background. The existing system is an XP based system and needs to be upgraded to Windows 7 according to the VISN memorandum issued in March 2016 4. Scope. The system will provide imaging disc from the Release of Information Department to patients and staff (navigation dept.) of Chalmers P. Wylie VAACC. 5. Specific Tasks.. 5.1 Task 1 - 5.1.1 Subtask 1 - Integration Management Control Planning. Provide the technical and functional activities at the required level for integration of all tasks specified within this SOW. Include productivity and management methods such as quality assurance, progress/status reporting and program reviews. Provide the centralized administrative, clerical, documentation and related functions. 5.1.2 Subtask 2 - Contract Management. Prepare a Contract Management Plan describing the technical approach, organizational resources and management controls to be employed to meet the cost, performance and schedule requirements throughout Contract execution. Provide a monthly status report monitoring the quality assurance, progress/status reporting and program reviews applied to this contract. Deliverables: 5.2 Task 2. 5.2.1 Subtask 1. 5.2.2 Subtask 2. Deliverables: 6. Performance Monitoring 7. Security Requirements VA Information and Information System Security/Privacy Requirements for IT Contracts GENERAL REQUIREMENTS A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. Special REQUIREMENTS All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Access Include Section 3 A of the security language form here: The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. Media protection/sanitization Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: (1) Vendor must accept the system without the drive; (2) VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or (3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase. (4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then; (a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and (b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. (c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. Security/privacy incident reporting a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Training/Contractor Rules of Behavior a. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, see appendix A, relating to access to VA information and information systems; (2) Successfully complete the VA Privacy and Information Security Awareness and Rules of Behavior training and annually complete required security training (instructions provided at end of document); (3) Successfully complete the appropriate VA Privacy and HIPAA training and annually complete required privacy training (instructions provided at end of document); and b. The contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. CONTRACTOR RULES OF BEHAVIOR This User Agreement contains rights and authorizations regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the Department of Veterans Affairs (VA). This User Agreement covers my access to all VA data whether electronic or hard copy ("Data"), VA information systems and resources ("Systems"), and VA sites ("Sites"). This User Agreement incorporates Rules of Behavior for using VA, and other information systems and resources under the contract. 1. GENERAL TERMS AND CONDITIONS FOR ALL ACTIONS AND ACTIVITIES UNDER THE CONTRACT: a. I understand and agree that I have no reasonable expectation of privacy in accessing or using any VA, or other Federal Government information systems. b. I consent to reviews and actions by the Office of Information & Technology (OI&T) staff designated and authorized by the VA Chief Information Officer (CIO) and to the VA OIG regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. These actions may include monitoring, recording, copying, inspecting, restricting access, blocking, tracking, and disclosing to all authorized OI&T, VA, and law enforcement personnel as directed by the VA CIO without my prior consent or notification. c. I consent to reviews and actions by authorized VA systems administrators and Information Security Officers solely for protection of the VA infrastructure, including, but not limited to monitoring, recording, auditing, inspecting, investigating, restricting access, blocking, tracking, disclosing to authorized personnel, or any other authorized actions by all authorized OI&T, VA, and law enforcement personnel. d. I understand and accept that unauthorized attempts or acts to access, upload, change, or delete information on Federal Government systems; modify Federal government systems; deny access to Federal government systems; accrue resources for unauthorized use on Federal government systems; or otherwise misuse Federal government systems or resources are prohibited. e. I understand that such unauthorized attempts or acts are subject to action that may result in criminal, civil, or administrative penalties. This includes penalties for violations of Federal laws including, but not limited to, 18 U.S.C. §1030 (fraud and related activity in connection with computers) and 18 U.S.C. §2701 (unlawful access to stored communications). f. I agree that OI&T staff, in the course of obtaining access to information or systems on my behalf for performance under the contract, may provide information about me including, but not limited to, appropriate unique personal identifiers such as date of birth and social security number to other system administrators, Information Security Officers (ISOs), or other authorized staff without further notifying me or obtaining additional written or verbal permission from me. g. I understand I must comply with VA s security and data privacy directives and handbooks. I understand that copies of those directives and handbooks can be obtained from the Contracting Officer's Representative (COR). If the contractor believes the policies and guidance provided by the COR is a material unilateral change to the contract, the contractor must elevate such concerns to the Contracting Officer for resolution. h. I will report suspected or identified information security/privacy incidents to the COR and to the local ISO or Privacy Officer as appropriate. 2. GENERAL RULES OF BEHAVIOR a. Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job. b. The following rules apply to all VA contractors. I agree to: (1) Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract. (2) Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions. (3) I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment, I must ensure that the system meets all applicable 6500 Handbook requirements for OE. (4) Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract. (5) Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee. (6) Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply. (7) Grant access to systems and information only to those who have an official need to know. (8) Protect passwords from access by other individuals. (9) Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the particular system in question. (10) Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. (11) Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders. (12) Ensure that the COR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information through the use of any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs. (13) Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COR. (14) Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COR. (15) Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA. (16) Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COR. (17) Understand that restoration of service of any VA system is a concern of all users of the system. (18) Complete required information security and privacy training, and complete required training for the particular systems to which I require access. 3. ADDITIONAL CONDITIONS FOR USE OF NON- VA INFORMATION TECHNOLOGYRESOURCES a. When required to complete work under the contract, I will directly connect to the VA network whenever possible. If a direct connection to the VA network is not possible, then I will use VA approved remote access software and services. b. Remote access to non-public VA information technology resources is prohibited from publicly-available IT computers, such as remotely connecting to the internal VA network from computers in a public library. c. I will not have both a VA network line and any kind of non-VA network line including a wireless network card, modem with phone line, or other network device physically connected to my computer at the same time, unless the dual connection is explicitly authorized by the COR. d. I understand that I may not obviate or evade my responsibility to adhere to VA security requirements by subcontracting any work under any given contract or agreement with VA, and that any subcontractor(s) I engage shall likewise be bound by the same security requirements and penalties for violating the same. 4. STATEMENT ON LITIGATION This User Agreement does not and should not be relied upon to create any other right or benefit, substantive or procedural, enforceable by law, by a party to litigation with the United States Government. 8. Government-Furnished Equipment (GFE)/Government-Furnished Information (GFI). 9. Other Pertinent Information or Special Considerations. a. Identification of Possible Follow-on Work. b. Identification of Potential Conflicts of Interest (COI). c. Identification of Non-Disclosure Requirements. d. Packaging, Packing and Shipping Instructions. e. Inspection and Acceptance Criteria. 10. Risk Control 11. Place of Performance. The work will be performed at Chalmers P. Wylie VAACC in the Release of Information Department. 12. Period of Performance. 13. Delivery Schedule.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/CoVAOPC757/CoVAOPC757/VA25017Q0946/listing.html)
- Document(s)
- Attachment
- File Name: VA250-17-Q-0946 VA250-17-Q-0946_1.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3780316&FileName=VA250-17-Q-0946-001.docx)
- Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3780316&FileName=VA250-17-Q-0946-001.docx
- Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
- File Name: VA250-17-Q-0946 VA250-17-Q-0946_1.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3780316&FileName=VA250-17-Q-0946-001.docx)
- Place of Performance
- Address: Chalmers P. Wylie Ambulatory Care Center;420 N. James Rd;Columbus, OH
- Zip Code: 43219
- Zip Code: 43219
- Record
- SN04667595-W 20170909/170907233539-40e88472d8ad6c804e344fe3b916def0 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |