Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JUNE 03, 2018 FBO #6036
DOCUMENT

R -- On-Site Shredding/ Document Destruction Service - Attachment

Notice Date
6/1/2018
 
Notice Type
Attachment
 
NAICS
561990 — All Other Support Services
 
Contracting Office
Department of Veterans Affairs;VISN 7 Network Contracting Activity;501 Greene Street;Hatcher Building - Suite 2;Augusta GA 30901
 
ZIP Code
30901
 
Solicitation Number
36C24718R0673
 
Archive Date
7/1/2018
 
Point of Contact
Jacquetta O White
 
E-Mail Address
3-0188
 
Small Business Set-Aside
N/A
 
Description
This is a SOURCES SOUGHT request for informational and planning purposes only and shall not be construed as a solicitation or as an obligation or commitment by the Government at this time. This notice is intended strictly for market research. The purpose of this Sources Sought notice is to determine the following: The interest and capability of Veteran Owned Small Business; Whether the business source can perform 50% of total work required for this requirement if utilizing a sub-contractor; Whether the business source can demonstrate the ability to destroy articles as cited in paragraphs 10.1 and 10.2 of the Statement of Work; and Possesses the size classification relative to the North American Industry Classification System (NAICS) code 561990 for the proposed acquisition. The Department of Veterans Affairs, Network Contracting Office 07 is seeking potential sources for On-site Shredding/ Document Destruction Services: STATEMENT OF WORK (SOW) Charlie Norwood VA Medical Center (CNVAMC) Augusta, Georgia ON-SITE SHREDDING/DOCUMENT DESTRUCTION SERVICES GENERAL: The contractor shall provide all labor, supervision; secure collection containers, equipment, and transportation necessary to perform on-site document destruction and disposal of confidential documents at the Department of Veteran s Affairs (VA) locations listed in paragraph 2 below and in accordance with performance requirements in paragraph 10 below, NIST Special Publication 800-88 (Revision 1) Guidelines for Media Sanitization and VA Directive 6371, Destruction of Temporary Paper Records. PLACES OF PERFORMANCE: Services shall be performed at Augusta VA Medical Center and locations submitted below. A Charlie Norwood VA Medical Center (CNVAMC), (Uptown Division) 1 Freedom Way, Augusta, Georgia 30904 B Charlie Norwood VA Medical Center (Downtown Division) 800 Bailie Dr., Augusta, GA 30901 C Athens Community-Based Outpatient Clinic (CBOC) 9249 Hwy 29S Suite A Athens, Georgia 30601 D Aiken Community-Based Outpatient Clinic (CBOC) 951 Millbrook Ave., Aiken, South Carolina 29803 E VA Southeast Network Central Accounting Office VISN7-CAO 3154 Perimeter Parkway Suite 200 Augusta, Georgia 30904 F VISN7 Hatcher Building, 500 Greene Street, Augusta, GA 30901 G. Statesboro Community Base Outpatient Clinic (CBOC) 412 Northside Drive East, Suite 400 Statesboro, GA 30458-4804 H Vet Center 2050 Walton Way #100 Augusta, GA 30904 The government reserves the right to modify the contract as needed to add or delete VA Locations. ACRONYMS & Definitions: BAA Business Associate Agreement CBOC Community Based Outpatient Clinic CFR Code of Federal Regulations CNVAMC - Charlie Norwood Veterans Affairs Medical Center COR Contracting Officer s Representative FAX Facsimile FIPS PUB Federal Information Processing Standards Publication FISMA Federal Information Security Management Act FSC Financial Services Center HIPAA Health Insurance Portability and Accountability Act ID Identification ISO Information Security Officer LMS Learning Management System MO Magneto-Optical NACI National Agency Check and Inquiries NAID National Association for Information Destruction NIST National Institute of Standards and Technology OI&T Office of Information & Technology OMB Office of Management and Budget OPM Office of Personnel Management PC Personal Computer PII Personally Identifiable Information SOW Statement of Work SPI Sensitive Personal Information U.S.C. United States Code VA Veteran Affairs VHA Veterans Health Administration VISN7 Veterans Integrated Service Network 7 VISN7-CAO Veterans Integrated Service Network 7 Centralized Accounting Office Publications and Forms: Publications Federal Information Processing standards Publication (FIPS PUB) Number 201 Federal Investigations Notices (FIN 01-01) Health Insurance Portability and Accountability Act of 1996 Homeland Security Presidential Directive-12 (HSPD-12) NIST 800-16 Information Technology Security Training Requirements NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Office of Management and Budget (OMB) guidance M-05-24 VA Directive 6300, Records and Information Management VA Directive 6371, Destruction of Temporary Paper Records VA Directive and Handbook 0710 Personnel Suitability and Security Program VA Handbook 6300, Records and Information Management. (An electronic version will be provided to the Contractor by the Contracting Officer at time of award.) VA Handbook 6500.2, Management of Security and Privacy Incidents Forms FD 258, U.S. Department of Justice Fingerprint Application Chart Optional Form 306, Declaration for Federal Employment Optional Form 612, Optional Application for Federal Employment. Standard Form 85P, Questionnaire for Public Trust Positions Standard Form 85P-S, Supplemental Questionnaire for Selected Positions. VA Form 0710, Authority for Release of Information Form VA Form 0752 Confidentiality of Sensitive Information Non-Disclosure Agreement BACKGROUND: The Charlie Norwood VA Medical Center is a two division multi-bed facility, encompassing acute medical, surgical, psychiatric, and long-term care. The hospital is located in Augusta, Georgia and provides primary, secondary, and some tertiary care. Annually, the medical center serves thousands of patients. Satellite Community Based Outpatient Clinics (CBOC s) are located in Athens, GA and Aiken, SC. Additionally the VISN7 Procurement and Accounting functional areas and the Seamless Transition Center are serviced by CNVAMC. PERSONNEL: Qualification: Contractor shall have a current National Association Information Destruction (NAID) Certificate. Contractor s personnel, whose tasks involve operation of any vehicles, shall possess a valid U.S. state driver s license, certificates and permits, applicable for the type and class of vehicle being operated. Contractor shall be a legally registered business in the state of South Carolina and Georgia. Contractor Vehicles: All vehicles used in the performance of this contract for the destruction of documents shall have the applicable government licensing and inspections for road worthiness on file. 6.3. Key Personnel: Name Position Wage Determination Skill No. Percentage of Work Under Contract DAYS AND HOURS OF OPERATION: Monday Friday, 8:00 a.m. to 4:30 p.m. excluding Federal Holidays. Federal Holidays New Year s Day January 1st Martin Luther King s Birthday 3rd Monday in January President s Day 3rd Monday in February Memorial Day Last Monday in May Independence Day July 4th Labor Day 1st Monday in September Columbus Day 2nd Monday in October Veteran s Day November 11th Thanksgiving Day Last Thursday in November Christmas Day December 25th The contractor shall provide a written schedule of the days and times service shall be performed at each facility. The contractor shall perform services on day agreed upon by both VA facility point of contact (POC) and the Contractor. Strict adherence to the schedule is expected. Any changes to the schedule shall be approved in advance by the Contracting Officer s Representative (COR). The contractor shall provide a contingency plan for instances where (1) equipment malfunction occurs during the shredding process and (2) when a Mobile Shredding Vehicle breaks down en-route to a VA Location for scheduled services or en-route to a pulping and recycling site. Upon arrival at each facility, the contractor shall report to the meeting location designated by the COR prior to the performance of scheduled pick-up/shredding service. PERIOD OF PERFORMANCE: Base Year 01 October 2018 30 September 2019 Option Year 1 01 October 2019 30 September 2020 Option Year 2 01 October 2020 30 September 2021 Option Year 3 01 October 2021 30 September 2022 Option Year 4 01 October 2022 30 September 2023 Contractor Responsibility The contractor shall bear the expense of obtaining background investigations. The web site which provides information on the cost of the security investigation is: https://www.opm.gov/investigations/background-investigations/federal-investigations-notices/ Select Federal Investigations Notices (FIN 01-01) The Office of Security and Law Enforcement adds an administrative fee. Sherri Jennings, 202-273-5555 can be contacted to obtain information on the current amount of the fee. The contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship and are able to read, write, speak, and understand the English language. The contractor shall provide the screening results to the VA Contracting Officer prior to award and anytime new employees are hired. The contractor shall provide to the Contracting Officer prior to award the following: (1) List of names of contract personnel. (2) Social security numbers of contractor personnel. (3) Home address of contractor personnel or the contractor address. The contractor shall submit or have their employees submit the following required forms to the VA Office of Security and Law Enforcement within 30 days of receipt: (i) Standard From 85P, Questionnaire for Public Trust Positions (ii) Standard Form 85P-S, Supplemental Questionnaire for Selected Positions (iii) FD 258, U.S. Department of Justice Fingerprint Applicant Chart (iv) VA Form 0710, Authority for Release of Information Form The contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract. Failure to comply with the contractor personnel security requirements may result in termination of the contract for default. Specific Task: Paper Destruction: The contractor shall provide secured lockable collection containers in a variety of sizes and quantities specific to each designated location throughout the hospital, clinic, or facility for collection and storage of confidential documents until such time the shredding takes place. 10.1.2 Container sizes shall be 32 gallons or less for Healthcare Unit Areas and average 64-96 gallon for all other areas as shown on Attachment 1 where estimated quantities and sizes are specified per location. 10.1.3 Containers shall have locking mechanisms that are keyed alike with a master key that shall open all containers. A set of keys shall be provided to the Contracting Officer s Representative (COR) and the Privacy Officer. 10.1.4 The contractor shall provide sufficient labor and equipment necessary to transport collection containers from the indoor designated location to an outdoor designated location where shredding shall take place. A replacement container shall be placed at each designated location before the containers are removed for shredding. 10.1.5 The contractor shall ensure each locked container remains locked until it arrives at the on-site shredding location. The containers shall not be unlocked to transfer confidential documents into another container for transport purposes. The contractor shall ensure confidential documents are protected from loss by gusts of wind or other atmospheric conditions. 10.1.6 The contractor shall provide sufficient labor and sufficient state-of-the art mobile shredding vehicles capable of performing on-site shredding and destruction of approximately 565,620 pounds of confidential documents per year utilizing mobile shredding vehicles at government facilities where the confidential documents are collected. 10.1.7 The contractor shall ensure the task of document destruction for all containers is conducted from start to finish on-site at each facility on the scheduled service day. A sample pick-up log is shown at Attachment 2. 10.1.8 The contractor shall provide equipment that has the capability of shredding large volumes of documents per hour to reduce the time the contractor s equipment utilizes government facilities limited parking spaces. 10.1.9 The contractor shall provide equipment that is capable of shredding large volumes of documents per hour that shall produce cross cut shred articles within a 1 mm x 5 mm (0.04 in. x 0.2 in.), pulped for recycling and prepare a certificate of destruction per the National Association for Information Destruction (NAID) standards for mobile units. A sample of the Certificate of Destruction is shown at Attachment 3. 10.1.10 The contractor shall provide sufficient labor, equipment, and transportation necessary to transport the shredded materials in locked vehicles to paper mills for pulping and recycling. 10.1.11 All shredding shall be witnessed by a VA government employee authorized to witness destruction of confidential documents. The contractor shall complete a Certificate of Destruction in the presence of the employee authorized at each facility authorized to witness destruction upon completion of each shredding service. 10.1.12 All shredding shall be performed in accordance with, NIST Special Publication 800-88 (Revision 1) Guidelines for Media Sanitization and VA Directive 6371, Destruction of Temporary Paper Records. 10.1.13 Upon arrival at each facility, the contractor shall report to the meeting location designated by the COR prior to the performance of scheduled pick-up/shredding service. NOTE: Types of paper that can be expected are office paper and computer paper of a variety of color or type. Limited quantities of incidentals such as paper clips, staples, rubber bands, patient plastic armbands and other similar items can be expected. The quantities listed are estimated poundage based on past performance. There is no minimum or maximum guarantee of poundage due to fluctuating requirements. Hard Drive and Electronic Media Destruction: Destruction of material: All PII, sensitive data, PC hard drives and electronic-media material collected shall be destroyed by shredding of records to a degree that they cannot be read or reconstructed without extraordinary efforts and shall allow for secure transport of records until such time as their final destruction by pulverization. Since final destruction is to be carried out off station, a VA representative shall be allowed to inspect, upon request the contractor s facilities where the records are processed and where the final destruction takes place. PC hard drives as well as all other electronic media shall be shredded beyond use. Optical mass storage media, including compact disks (CD, CD_R, CD-RW, and CD-ROM), DVDs, and magneto-optic (MO) disks shall be destroyed by pulverizing, crosscut shredding or burning. When material is disintegrated or shredded, all residues shall be reduced to nominal edge dimensions of five millimeters (5 mm) and surface area of twenty-five square millimeters (25 mm2). The shredding of hard drives shall be witnessed by the Information Security Officer as well as OI&T s hardware custodian. Upon completion of destruction of PII and hard drives the contractor shall provide a Certificate of Destruction which identifies the means of destruction. Contractor certificate is also to include shredding location, date, time, quantity/cost and the names of personnel responsible for shredding the contents. Contractor shall have adequate equipment and personnel to collect, shred and dispose of shredded material. Special Contract Requirements: Background Investigations: Upon contract the successful offeror shall be required to accomplish the following background investigation task. All contractor employees who require access to PII and sensitive data shall be the subject of a background investigation and shall receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. The requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the contractor shall be responsible for the actions of those individuals they provide to perform work for VA. Position Sensitivity the position sensitivity has been designed as low risk. Background investigation the level of background investigation commensurate with the required level of access National Agency Check with Written inquiries. The contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel management (OPM), the contractor shall reimburse VA within 30 days. The contractor shall prescreen all personnel requiring access to sensitive data to ensure they maintain a U.S. citizenship and are able to read, write, speak and understand the English language. The contractor shall submit or have their employees submit the following require forms to the VA Office of Security and Law Enforcement. These forms can be obtained by contacting, 2200 Fort Roots Blvd, Bldg. 104, North Little Rock, AR 72114. Contractor shall provide verification of document submission. Background investigation documents shall be submitted within 30 days of receipt of documents from the VA Office of Security and Law Enforcement: Standard Form 85P, Questionnaire for Public Trust Positions Standard Form 85P-S, Supplemental Questionnaire for Selected Positions. FD 258, U.S. Department of Justice Fingerprint Application Chart VA Form 0710, Authority for Release of Information Form Optional Form 306, Declaration for Federal Employment Optional Form 612, Optional Application for Federal Employment A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors shall be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. VA Form 0752 Confidentiality of Sensitive Information Non-Disclosure Agreement (a copy should be sent to the Accountable Officer and the ISO of the facility maintains the original) The contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract. The contractor is responsible to ensure that their employee is to comply with Augusta VA Medical Security ID badge requirement. Their employees are to report to the Security Police to get an ID Badge every time they are on the Augusta VA Medical Center site, with a picture ID Card. Failure to comply with the contractor personnel security requirements may result in termination of the contract for default. Offeror shall provide the name and phone number of the company s point of contact for background investigations. Safety Briefing and Privacy Training: Contractor shall receive a safety briefing and privacy training on the first day of work by the Information Security Officer, Privacy Officer and Security Police. Contact information will be provided upon award of contract. INVOICE: Invoices shall be submitted electronically in arrears to the address indicated VA FSC P.O. Box 149971 Austin Texas 78714. Please reference the Purchase Order Number (i.e. 509-A0000 or 509-C75 ) Payment will be made upon receipt of a properly prepared, itemized invoice, validated by the COR, and submitted electronically. A properly prepared invoice will contain: Invoice Number and Date Contractor s Name and Address Accurate Purchase Order Number Itemization of pounds shredded and disposed Price per pound Dates service performed Location of service performed Total amount due A separate invoice shall be prepared for each facility. Government Responsibility Oversight of service/ Performance Monitoring An initial orientation of the facilities will be conducted by the COR at the start of the contract. The contractor shall be responsible for conducting orientation for new employees thereafter. Safety Briefing and Privacy Training Contractor shall receive a safety briefing and privacy training on the first day of work by the Information Security Officer, Privacy Officer and Security Police. Contact information will be provided upon award of contract. ADMINISTRATION Accident Reporting In the event an accident occurs on the Department of Veterans Affairs property or involving Government personnel or property, the contractor shall contact the VA Police immediately. A report shall be provided to the Contracting Officer and COR in writing that shall include the following: (1) the time and date of occurrence; (2) the place of occurrence; (3) a list of personnel directly involved; and (4) a narrative or description of the accident to include chronological order of the accident and circumstances; (5) corrective action to prevent future occurrences. Training All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; Successfully complete the appropriate VA privacy training and annually complete required privacy training; and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. Quality Assurance Surveillance Plan: Performance Based Matrix PERFORMANCE BASED TASK INDICATOR STANDARD QUALITY ASSURANCE INCENTIVES Contractor shall provide services for paper destruction on-site at the Charlie Norwood VA Medical Center, Augusta, GA. (Para. #10.1) 100% Compliance 100% Surveillance will include observation by authorized individuals. Positive - Exercise of option years(s) Contractor shall maintain National Association Information Destruction Certification (NAID). (Para. #10.1.7) 100% Compliance 100% A copy of the certification must be provided to the COR Positive - Exercise of option year(s). Negative response i.e. non-certification will cause for termination of the contract. Liquidated Damages for Data Breach: The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: Nature of the event (loss, theft, unauthorized access); Description of the event, including: date of occurrence; data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; Number of individuals affected or potentially affected; Names of individuals or groups affected or potentially affected; Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; Amount of time the data has been out of VA control; The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); Known misuses of data containing sensitive personal information, if any; Assessment of the potential harm to the affected individuals Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: Notification; One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; Data breach analysis; Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Contractor Personnel Security Requirements: Contractor employees shall be pre-authorized to witness destruction of confidential documents, i.e., Low Level Background Investigations. Contractor employees found reading any of the VA materials shall be promptly removed from the premises where the document destruction is being performed and the person(s) involved shall not be allowed to return for any future document destruction services. The contractor shall adhere to the VA policies applicable to all record destruction as outlined in VA Handbook 6300. These guidelines are designed to protect sensitive and private information from being disclosed to unauthorized parties and adhere to the Privacy Act and the HIPAA Privacy Rules and regulations. Examples of sensitive information include but are not limited to: Individually identifiable medical, benefits, and personnel information; financial, budgetary, research, quality assurance, confidential commercial, critical infrastructure, investigatory, and law enforcement information. Subject to criminal prosecution, contractor employees shall comply with all manner of confidentiality when engaging in the destruction of any and all Department of Veterans Affairs records. Contractor employees shall wear a uniform with the company name and logo and wear a badge in plain view above the waist bearing the company name, logo and employees name. The contractor shall maintain a current listing of employees performing services under this contract. The list shall include the employee s name, address, phone number, social security number, level of security and position. The list shall be validated and signed by the company Facility Security Officer and provided to the Contracting Office and Contracting Officer s Representative (COR). An updated listing shall be provided when an employee s status or information changes. The Contractor has 24 hours to inform the Contracting Office and COR that an employee s status has changed unless it is a pick-up day. On pick up days the contractor shall immediately inform the Contracting Office by FAX at 706-731-7172 or the COR by email: available at time of award. The contractor and employees shall comply with Homeland Security Presidential Directive-12 (HSPD-12), NIST 800-53, Office of Management and Budget (OMB) guidance M-05-24, as amended, and Federal Information Processing standards Publication (FIPS PUB) Number 201, as amended. Contractor and Staff shall comply with the Privacy Act, VA Security requirements and HIPAA. The contractor shall report to the Contracting Officer and the COR any information or circumstances which they are aware of that may pose a threat to the security of the Department of Veterans Affairs personnel, contractor employees, resources and classified and unclassified information. Contractor employees are prohibited from possessing weapons, firearms, or ammunition, on themselves or their contractor-owned or privately-owned vehicle while on the property of the designated VA Locations listed in paragraph 2. If the Contracting Officer finds it in the best interest of the Government he/she may at any time during the performance of this contract order the Contractor to remove any of his/her personnel from further performance under this contract for reasons of their moral character, unethical conduct, security reasons and violation of on-site building rules. In the event it is necessary to replace any contractor employee for any of the above reasons, all costs, including the costs of removal and replacement of the employee shall be borne by the contractor. The contractor shall not hold any discussions or release any information relating to the contents of this contract to anyone not having a direct interest in performance of this contract, without written consent of the Contracting Officer. All inquiries shall be directed to the Public Affairs Officer. The contractor shall not advertise information about projects performed for this contract without Government review and approval. Advertisement is considered but not limited to promotional brochures, posters, tradeshow handouts, world-wide-web-pages, magazines, newspapers and similar promotions. The contractor shall ensure the electronic access badge provided under this contract for building access is kept securely so as not to compromise building access. The contractor shall immediately report to the Contracting Officer and the COR if the badge is lost. The contractor is required to comply with all security and personnel identification procedures at each facility. Special Requirements: HIPAA Responsibility: Contractor agrees to comply with the requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Notwithstanding anything to the contrary in this contract, all individually identifiable health information shall be treated as confidential by the parties in accordance with all applicable federal, state, or local laws and regulations governing the confidentiality and privacy of individually identifiable health information, including but without limitation, HIPAA and any regulations and official guidance promulgated there under, and the parties agree to take such additional steps and/or to negotiate such amendments to this contract as may be required to ensure that the parties are and remain in compliance with the HIPAA regulations and official guidance. HIPAA Compliance - Health Insurance Portability and Accountability Act of 1996: The successful Contractor shall be required to be in compliance with HIPAA requirements and shall be required to sign a Business Associate Agreement with the VA. A copy will be maintained in the contract file and with the Privacy Officer. Security Requirements. The contractor and their personnel shall be subject to the same Federal laws, regulations, standards and VA policies as VA personnel, regarding information and information system security. These include, but are not limited to Federal Information Security Management Act (FISMA), Appendix III of OMB Circular A-130, and guidance and standards, available from the Department of Commerce s National Institute of Standards and Technology (NIST). This also includes the use of common security configurations available from NIST s Web site at: http://checklists.nist.gov To ensure that appropriate security controls are in place, Contractors must follow the procedures set forth in VA Information and Information System Security/Privacy Requirements for IT Contracts located at the following Web site: http://www.iprm.oit.va.gov Contractor Employee Security and HIPAA Training: Contractor must certify that all employees working on this contract have received VA Information Security Awareness and VHA Privacy Policy Training. This training can be accessed on line through the VA External Education System found at https://www.ees-learning.net/. Proof of training is required via printed certification of completion and must be provided to the CO/COTR. The Contracting Officer or COTR will provide the details required for obtaining the VHA Privacy Policy Training. In accordance to VHA Directive 6500, Appendix G, Department of Veteran s Affairs (VA) National Rules of Behavior, each contractor must read and sign the VA National Rules of Behavior prior to gaining any access to VA information and/or information systems. Contractors must initial and date each page of the copy of the VA National Rules of Behavior; they must also provide the information requested on the last page, sign and date it. These requirements will be maintained in a contractor employee file by the CO/COR for each contractor employee working on the contract. Contractor Personnel Security Requirements: All contractor employees who require access to the Department of Veterans Affairs computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract the contractor will be responsible for the actions of those individuals that provide or perform work for the VA. Position Sensitivity The position sensitivity has been designated as low risk. Background Investigation The level of background investigation commensurate with the required level of access is National Agency Check and Inquiries (NACI) with written inquiries. Records Management Clause: Citations to pertinent laws, codes and regulations such as 44 U.S.C Chapter 21, 29, 31 and 33; Freedom of Information Act (5 U.S.C. 552); Privacy Act (5 U.S.C. 552a); 36 CFR Part 1222 and Part 1228. Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government IT equipment and/or Government records. Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected by the Freedom of Information Act. Contractor shall not create or maintain any records containing any Government Agency records that are not specifically tied to or authorized by the contract. The Government Agency owns the rights to all data/records produced as part of this contract. The Government Agency owns the rights to all electronic information (electronic data, electronic information systems, electronic databases, etc.) and all supporting documentation created as part of this contract. Contractor shall deliver sufficient technical documentation with all data deliverables to permit the agency to use the data. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of formal [paper, electronic, etc.] or mode of transmission [e-mail, fax, etc.] or state of completion [draft, final, etc.] No disposition of documents shall be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records shall not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules. Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under or relating to this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. Attachment 1 Bin Locations (3 pages) DOWNTOWN - AUGUSTA VA HOSPITAL Room Title Bin Room Title Bin 1B102 Spinal Cord 32 7C138 HR Recruit & Plmnt (CARBON) 32 1B105 Spinal Cord Rehab 32 7C138 HR Recruit & Plmnt 32 1B173 Facility Mngt Ex Ofc 32 7C138 HR Recruit & Plmnt 32 1B189 Dietetics Ofc 32 7C133 Executive Office 32 1B209 Prosthetic 32 7C133 Executive Office 32 1C103 Pharmacy (Use double doors) 32 7C107 Ofc across from HR 32 1C103 Pharmacy (when servicing) 32 7C107 Ofc across from HR 32 1C104 Pharmacy (Pharmacy on) 32 7A106 Quality Management 32 1C104 Pharmacy (Fridays. ) 32 7A163 Employee Labor Relations 32 1C114 Pharmacy 32 7A144 Dental Clinic 32 1C114 Pharmacy 32 7A109 Health Info Rev Admin 32 1C116 Medical Records 32 6C110 Endocrin / Infec Dis / Nephro 32 1D110 Chaplain Svc 32 6C158 PULMON/CRITCARE 32 1D114 Chief Amb Care & P 32 6C137 Secretary Hem / Onc / Pulmonary 32 1D142 Audiology Clinic 32 6A155 Nurses Workroom 32 1D152 Ent / Audiology / Speech 32 6A155 Nurses Workroom 32 1D187A Triage / ER Check in 32 6A128 Doctors Workroom 32 1D189 Nourishment Kit (in triage) 32 5D105 Nurses Station Wkrm 32 1D203 Evaluation Area 32 5D118 Nurses Station Wkrm 32 1D209 VA Police 32 5D Nurses Station 32 1D224 Compensation and Pension 32 5D132 Cardiology Res Ofc 32 1D224 Compensation and Pension 32 5D132 Cardiology Res Ofc 32 1D270 Agent Cashier 32 5C149 Hallway Desk 32 1D279 Agent Orange 32 5C147 Copy Room 32 1D284 Fec Basics / NVCV 32 5C140 Copy Room 32 1E115 Dr's Office 32 5B144 Research Serv Admin Off 32 1E134 32 5A148 Nurses Break Rm 32 1E139 SCI Cystology (in F hallway) 32 5A148 Nurses Break Rm 32 1F123 SCI homecare (in bathroom 32 5A106 Neurosciences Ofc 32 1F104 SCI Clinic 32 5A106 Neurosciences Ofc 32 1G108 NCC 32 4D153 Specialty Care Svc Line 32 1G122 Nurses Com Center 32 4D118 4D Clinic 32 1H Nurses Station 32 4C143 Nurses Station 32 2A141 Physicians Assist Ofc 32 4C131 Ofc 32 2A114 Eye Clinic Nurses Station 32 4C125 Surgery Svc Line 32 2B122 Vascular Access 32 4A116 Workroom 32 2B124 Physical Therapy 32 4A116 Workroom 32 2C100 PVA 32 4A112 Plastic Surgery Res Ofc 32 2D101 Lab Central Receiving 32 3D142 Recovery Room 32 2D101 Lab Central Receiving 32 3D142 Recovery Room 32 2D106 Library 32 3D110 I Coordinating Officer 32 2D106 Library 32 3D110 Ambulatory Surgery Ctr. 32 2D140 Lab Administration 32 3D103 Pre-Screening / OP 32 2D179 X-ray File Rm 32 3C156 Computer Room 32 2D179 X-ray File Rm 32 3A108 OR Suite 32 2D201 Transcription 32 3B Crital Car (Nurse Station) 32 2D201 Transcription 32 3B Critical Care (Nurse Station) 32 2D229 X-ray Reading Rm 32 Totals Bldg 803 Coding Rec Trl Bldg 803 95 Gal 32 Gal 95 64 Gal 0 Whse on loading dock (Spare) 64 95 Gal 1 Whse on loading dock (Spare) 64 Total 96 Whse on loading dock (Spare) 95 Attachment 1 Bin Locations (cont) UPTOWN - AUGUSTA VA HOSPITAL Room Title Bin Room Title Bin 2A189 Copy Room - Hallway 95gal 4D131 Conf/Training Room 95gal 2A116 Pharmacy 32 4E126 Mailroom 95GAL 2A161 Audiology & Speech 32 4E135 Pre-Registration 32 2A195 Dental Clinic (2A2210) 32 4E135 Pre-Registration 32 2B119A Nurses Station 32 4D153 First hall on left on E wing 32 2A103 Primary Care Exec - By C entrance 32 3E140 Copy Room 32 2C139 Domicillary 32 3E140 Copy Room 32 3B128 Education 32 3F114B Nurses Communication Center 32 3B156 Chaplain Svc - Located on C wing, first hallway on left 32 3F125 Mental Health Medical 32 3C140 Nursing Home Care - Wrk Rm 32 3G Nurses Station 32 3A133 Library 32 3D Active Duty Rehab 32 GA121 Across from DAV Svc Ofc 32 3D Active Duty Rehab 32 GA116 Health Information Mngt 32 2E106 Payroll 32 GA104 Medical Records File Room 95gal 2E111 HR - Carbon Box 32 GA104 Medical Records File Room 95gal 2E139 In Hallway 32 GB110 Executive Suite (By I.T.) 64gal 2E139 In Hallway 32 GB133 IT Infor 32 2E116 Quality Management 32 GB158 Blood Lab 32 2F Psychiatry Nurses Station 32 GC151 Health Administration 32 2G Nurses Station 32 GC125 Nurses Communication Center 32 2D102 Voc Rehab 32 GC125 Nurses Communication Center 32 2D117 Nurses Workroom 32 1B110 Work Room 64gal 1F114 Pt Ed Room 32 1B118A Blind Rehab Nurse Stn 32 1F114 Pt Ed Room 32 1B118A Blind Rehab Nurse Stn 32 1F177 Hallway 32 1A237 Pharmacy-double door in main hallway 32 1F177 Hallway 32 1A237 Pharmacy-double door in main hallway 32 1F147 Out Pt Psy 32 1A238 Diabetics 32 1E127 Utility Room-key at desk 32 1A212 Radiology (locked) 32 1D115 Work room hallway 32 1A212 Radiology (locked) 32 1G123 RM &RS Office 32 1A256 Police and Security - by main entrance 32 1G126A Prosthetics 32 1A105 Agent Cashier Carbon 32 GF101 Call Center- door in west elevator foyer 32 1A105 Agent Cashier 32 GF101 Call Center- door in west elevator foyer 32 1A111 Health Administrator 32 1C144 Nursing Home Care Unit - Between east and west wings. 32 1A120 Triage Nurse Station -Uptown Triage Center - must knock 32 Totals 1A101A HAS Team A 32 32 Gal 63 1A144A PCTD Hall 32 64 Gal 7 1A209 Check-in Team D 32 95 Gal 8 1A173F Mail Room - 1st hallway by loading dock. 95gal Total 78 Bldg 82 Dietetics Office 1A130 64GAL Bldg 111 Warehouse-Floor 95gal Bldg 111 Warehouse-Floor 64gal Bldg 111 Warehouse-office copy room 64gal Bldg 111 Spares 64 Bldg 111 Spares 64 Bldg 111 Spares 95 Attachment 1 Bin Locations (cont.) All Other Locations Location 32 Gal 64 Gal Aiken CBOC 1 Athens CBOC 3 1 Statesboro CBOC 4 Vet Center 1 Network Contracting - Hatcher Building 4 1 Network Accounting - Phoenix Building 4 1 Total 17 3 ATTACHMENT 2 -Pick-Up Log Room Title Bin Size in Gallons Number of Bins Pick up per week   Pharmacy Back Door 32 Gal 2 2 1B102 Spinal Cord 32 Gal 1 2 1B105 Spinal Cord Rehab 32 Gal 1 2 1B173 Facility Mngt Ex Ofc 32 Gal 1 2 1B189 Dietetics Ofc 32 Gal 1 2 1B209 Prosthetic 32 Gal 1 2 1C103 Pharmacy 32 Gal 2 2 1C114 Pharmacy 32 Gal 2 2 1C116 Medical Records 32 Gal 1 2 1D110 Chaplain Svc 32 Gal 1 2 1D114 Chief Amb Care & P 32 Gal 1 2 1D142 Audiology Clinic 32 Gal 1 2 1D152 Ent / Audiology / Speech 32 Gal 1 2 1D187A Triage 32 Gal 1 2 1D189 Nourishment Kit (in triage) 32 Gal 1 2 1D203 Evaluation Area 32 Gal 1 2 1D209 VA Police 32 Gal 1 2 1D224 Compensation and Pension 32 Gal 3 2 1D270 Agent Cashier 32 Gal 1 2 1D279 Agent Orange 32 Gal 1 2 1D284 Fec Basics / NVCV 32 Gal 1 2 1E115   32 Gal 1 2 1E139 SCI Cystology 32 Gal 1 2 1F123   32 Gal 1 2 1F104 SCI Clinic 32 Gal 1 2 1G108 NCC 32 Gal 1 2 1G122 Nurses Com Center 32 Gal 1 2 1H Nurses Station 32 Gal 1 2 2A141 Physicians Assist Ofc 32 Gal 1 2 2A114 Eye Clinic Nurses Station 32 Gal 1 2 2B122 Vascular Access 32 Gal 1 2 2B124 Physical Therapy 32 Gal 1 2 2C100 PVA 32 Gal 1 2 2D101 Lab Central Receiving 32 Gal 3 2 2D106 Library 32 Gal 3 2 2D140 Lab Administration 32 Gal 1 2 2D179 X-ray File Rm 32 Gal 3 2 2D201 Transcription 32 Gal 2 2 2D229 X-ray Reading Rm 32 Gal 1 2 Bldg 803 Coding Rec Trl Bldg 803 32 Gal 3 2 7C138 HR Recruit & Plmnt (CARBON) 32 Gal 1 2 7C138 HR Recruit & Plmnt 32 Gal 3 2 7C133 Executive Office 32 Gal 2 2 7C107 Ofc across from HR 32 Gal 2 2 7C104 Systems Redesign 32 Gal 2 2 7A106 Quality Management 32 Gal 1 2 7A163 Employee Labor Relations 32 Gal 1 2 7A144 Dental Clinic 32 Gal 1 2 7A109 Health Info Rev Admin 32 Gal 1 2 6D105 Endocrin / Infec Dis / Nephro 32 Gal 1 2 6C158 PULMON/CRITCARE 32 Gal 1 2 6C137 Secretary Hem / Onc / Pulmonary 32 Gal 1 2 6A155 Nurses Workroom 32 Gal 3 2 6A128 Doctors Workroom 32 Gal 1 2 5D 118 Nurses Station Wkrm 32 Gal 3 2 5D Nurses Station 32 Gal 2 2 5D132 Cardiology Res Ofc 32 Gal 1 2 5C149 Mail Room 32 Gal 1 2 5B144 Research Serv Admin Off 32 Gal 1 2 5A148 Nurses Break Rm 32 Gal 2 2 5A106 Neurosciences Ofc 32 Gal 2 2 4D153 Specialty Care Svc Line 32 Gal 1 2 4D118 4D Clinic 32 Gal 1 2 4C143 Nurses Station 32 Gal 1 2 4C131 Ofc 32 Gal 1 2 4C125 Surgery Svc Line 32 Gal 1 2 4A150 Workroom 32 Gal 3 2 4A112 Plastic Surgery Res Ofc 32 Gal 1 2 3D142 Recovery Room 32 Gal 3 2 3D110 I Coordinating Officer 32 Gal 1 2 3D110 Ambulatory Surgery Ctr. 32 Gal 1 2 3D103 Pre-Screening / OP 32 Gal 1 2 3C156 Computer Room 32 Gal 1 2 3A108 OR Suite 32 Gal 1 2 3B Critical Care Unit 32 Gal 1 2 3B Critical Care Unit 32 Gal 1 2 ATTACHMENT 3 CERTIFICATE OF DESTRUCTION Company Name: _____________________________________________ Location: ___________________________________________________ All paper materials are recycled Type of Service: Scheduled ________ Unscheduled ______Boxes__________ No. of Containers: Cabinets _______ Gallon bins ____ Gallon bins _______ Time In: _____ Time Out: _______ Total Recyclable Shred Weight: ___________________________________ Comments: ___________________________________________________________________________________________________________________________________________________________________________________________________ ___________________________________________________________________ This Certificate of Destruction should be retained for future reference as documentation that all materials submitted to _____________________ were destroyed according to local, state and federal laws. Rep: __________________________________ Date: ____________________ Customer Signature: _____________________ Print: _____________
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/AuVAMC/VAMCCO80220/36C24718R0673/listing.html)
 
Document(s)
Attachment
 
File Name: 36C24718R0673 36C24718R0673.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4353193&FileName=36C24718R0673-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4353193&FileName=36C24718R0673-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN04941179-W 20180603/180601230835-011a8fce6f50568f97dc50ff3fe6be83 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.