Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 26, 2018 FBO #6089
SOLICITATION NOTICE

H -- Poison Prevention Packaging Act Testing - SOW

Notice Date
7/24/2018
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
541380 — Testing Laboratories
 
Contracting Office
Consumer Product Safety Commission, Division of Procurement Services, Division of Procurement Services, 4330 East West Highway, Room 517, Bethesda, Maryland, 20814-4408
 
ZIP Code
20814-4408
 
Solicitation Number
61320618Q0193
 
Archive Date
8/31/2018
 
Point of Contact
Cassandra C. Sterba, Phone: 3015047837
 
E-Mail Address
csterba@cpsc.gov
(csterba@cpsc.gov)
 
Small Business Set-Aside
N/A
 
Description
Statement of Work This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. This solicitation is issued as a Request for Quotation (RFQ). The solicitation and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-99. THIS RFQ IS SUBJECT TO AGENCY DETERMINATION TO FUND THIS REQUIREMENT. ALL QUOTES MUST BE VALID THROUGH SEPTEMBER 30, 2018. The required services are described in the attached Statement of Work (SOW). Services shall be provided on a Firm-Fixed-Price basis. CPSC requires expert services in package testing in accordance with the Poison Prevention Packaging Act at 16 C.F.R. § 1700.15. Delivery and acceptance shall be to the CPSC point of contact included in the SOW and in accordance with Local Clause 1 B for the delivery of any items to CPSC. The provision at 52.212-1, Instructions to Offerors-Commercial Items, applies to this acquisition. In addition to the requirements of FAR 52.212-1, the quote must prominently display the offeror's Taxpayer Identification number, CAGE code and DUNS number, as well as contact information for the offeror's point of contact for the quote. SAM.gov registration is required to be considered for award. The quote shall be submitted via email to the Contract Specialist at csterba@cpsc.gov with two separate attachments, one for the technical response and one for price. No pricing information shall be included in the technical submission. There is a MAXIMUM PAGE LIMIT of 20 PAGES for the technical volume. Any information over 20 pages will not be reviewed after the 20th page. The technical volume shall describe technical information that the Offeror provides. This shall include the details of how the Offeror plans to accomplish all tasks of the SOW, what personnel are proposed and the qualifications of the contractor personnel, the resources the contractor plans to utilize, and all information necessary to demonstrate the contractor's capabilities. (Please do not submit resumes.) The Offeror shall demonstrate their ability to staff and retain appropriate personnel to conduct testing and associated reporting on the results of the testing. The quote shall demonstrate the feasibility of the contractor's approach and ability to oversee and carry out the objectives, scope and requirements of the solicitation to include adequate staffing to complete the tasks in the SOW. The provision at 52.212-2, Evaluation-Commercial Items, applies to this acquisition, and the evaluation criteria to be included in paragraph (a) of that provision are as follows: Factor 1. Technical Capability Quotes will be evaluated for the demonstrated capabilities of the organization, completeness in addressing all required tasks and deliverables, for the appropriateness of resources identified to complete the tasks, and for the feasibility of the technical approach. The contractor shall address all qualification requirements of Section 6 of the SOW. Factor 2. Personnel Qualifications Quotes will be evaluated for the experience, qualifications, and demonstrated capabilities of the personnel assigned to this project. Factor 3. Past Performance Quotes will be evaluated based on the performance demonstrated in previous, similar projects. Offerors with no relevant past performance shall be evaluated neither favorably nor unfavorably. The Government reserves the right to obtain information for use in the evaluation of past performance from any and all sources including sources outside of the Government. Past performance information will be utilized to determine the quality of the contractor's past performance as it relates to the probability of success for the required effort. Factor 4. Price Price will be evaluated based on the proposed level of effort and resources associated with deliverables in order to perform the requirement, and for reasonableness in relationship to the Offeror's quoted technical solution. Technical factors and past performance, when combined, are more important than price. Offerors shall include a completed copy of the provision at 52.212-3, Offeror Representations and Certifications-Commercial Items, if the annual SAM registration has not been completed. If the SAM registration has been completed, Offerors shall only submit paragraph (b) if there are applicable exceptions to the current registration. The clause at 52.212-4, Contract Terms and Conditions-Commercial Items, applies to this acquisition. The clause at 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items, applies to this acquisition. The following additional FAR clauses cited in FAR 52.212-5 are applicable to this acquisition: (4) 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards (Oct 2016); (8) 52.209-6, Protecting the Government's Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment. (Oct 2015); (22) 52.219-28, Post Award Small Business Program Rerepresentation (Jul 2013); (25) 52.222-3, Convict Labor (June 2003); (27) 52.222-21, Prohibition of Segregated Facilities (Apr 2015); (28) 52.222-26, Equal Opportunity (Apr 2015); (30) 52.222-36, Equal Opportunity for Workers with Disabilities (Jul 2014); (33)(i) 52.222-50, Combating Trafficking in Persons (Mar 2015); (42) 52.223-18, Encouraging Contractor Policies to Ban Text Messaging While Driving (Aug 2011); (49) 52.225-13, Restrictions on Certain Foreign Purchases (June 2008); (55) 52.232-33, Payment by Electronic Funds Transfer-System for Award Management (Jul 2013); (58) 52.239-1, Privacy or Security Safeguards (Aug 1996). The following FAR clauses also apply to this requirement: 52.217-8 Option to Extend Services. (Nov 1999) The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 3 days of expiration. (End of clause) 52.224-1 Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. (End of clause) 52.224-2 Privacy Act (Apr 1984) (a) The Contractor agrees to- (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) "Operation of a system of records," as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) "Record," as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) "System of records on individuals," as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. (End of clause) 52.224-3 Privacy Training (Jan 2017) (a) Definition. As used in this clause, "personally identifiable information" means information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. (See Office of Management and Budget (OMB) Circular A-130, Managing Federal Information as a Strategic Resource). (b) The Contractor shall ensure that initial privacy training, and annual privacy training thereafter, is completed by contractor employees who- (1) Have access to a system of records; (2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information on behalf of an agency; or (3) Design, develop, maintain, or operate a system of records (see also FAR subpart 24.1 and 39.105). (c)(1) Privacy training shall address the key elements necessary for ensuring the safeguarding of personally identifiable information or a system of records. The training shall be role-based, provide foundational as well as more advanced levels of training, and have measures in place to test the knowledge level of users. At a minimum, the privacy training shall cover- (i) The provisions of the Privacy Act of 1974 (5 U.S.C. 552a), including penalties for violations of the Act; (ii) The appropriate handling and safeguarding of personally identifiable information; (iii) The authorized and official use of a system of records or any other personally identifiable information; (iv) The restriction on the use of unauthorized equipment to create, collect, use, process, store, maintain, disseminate, disclose, dispose or otherwise access personally identifiable information; (v) The prohibition against the unauthorized use of a system of records or unauthorized disclosure, access, handling, or use of personally identifiable information; and (vi) The procedures to be followed in the event of a suspected or confirmed breach of a system of records or the unauthorized disclosure, access, handling, or use of personally identifiable information (see OMB guidance for Preparing for and Responding to a Breach of Personally Identifiable Information). (2) Completion of an agency-developed or agency-conducted training course shall be deemed to satisfy these elements. (d) The Contractor shall maintain and, upon request, provide documentation of completion of privacy training to the Contracting Officer. (e) The Contractor shall not allow any employee access to a system of records, or permit any employee to create, collect, use, process, store, maintain, disseminate, disclose, dispose or otherwise handle personally identifiable information, or to design, develop, maintain, or operate a system of records unless the employee has completed privacy training, as required by this clause. (f) The substance of this clause, including this paragraph (f), shall be included in all subcontracts under this contract, when subcontractor employees will- (1) Have access to a system of records; (2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information; or (3) Design, develop, maintain, or operate a system of records. (End of clause) The following local clauses are also applicable to this requirement: LC 1B CONTRACTOR'S NOTE - DELIVERIES TO THE CPSC NATIONAL PRODUCT TESTING LABORATORY SITE, ROCKVILLE, MARYLAND Delivery Address: U.S. Consumer Product Safety Commission National Product Testing Laboratory 5 Research Place Rockville, MD 20850 The Consumer Product Safety Commission (CPSC) Laboratory facility is located in Rockville, MD. Deliveries are to be made to the loading dock area which is accessible from the parking area entrance on Research Place on the east side of the building. Do not enter the parking area from Research Court on the North side of the facility as there may not be sufficient room to maneuver and back up to the loading dock area on the east side of the building. Deliveries may not be left outside the building or loading dock, unless specifically directed by appropriate CPSC staff. All deliveries shall be considered "inside deliveries" in accordance with the instructions below. When scheduling deliveries, the purchase order number shall always be referenced and all packages shall clearly display the Purchase Order Number on the outside of the cartons and/or packages and include the packing slip. ATTENTION GOVERNMENT VENDOR: A. DELIVERY INSTRUCTIONS 1. DELIVERY INSTRUCTION FOR SMALL ITEMS Deliveries should be made between 9:00 a.m. and 4:00 p.m. on Monday through Friday (except holidays). Deliveries outside these hours require prior arrangements. Contacts: Andrew Stadnik, Lab Director, 301-987-2037 x1 OR 301-706-6902 Allyson Tenney- 301-987-2769 Aaron Orland - 301-987-2248 Michael Nelson - 301-987-2752 For the Furniture, Chair, Exercise Equipment, and IT Equipment Contacts: Ron Welch - (301) 504-7091 (Cell: 240-882-6775) Cary Windsor - (301) 504-7203 (Cell: (202) 302-9327) Andy Stadnik - (301) 706-6902 2. DELIVERY INSTRUCTIONS FOR LARGE OR HEAVY ITEMS: Large or heavy items must be delivered directly to the loading dock. If delivery cannot be made to the loading dock directly or via the leveling device and requires off-loading the item from the delivery vehicle to the ground, then deliveries of such large or heavy items should be scheduled 24 hours in advance and should be made between 9:00 a.m. and 3:00 p.m. on Monday through Friday (except holidays). Contact information is the same as above to arrange for CPSC lift truck operators or other lifting and handling support needs for the delivery. B. BILLING INSTRUCTIONS Pursuant to the Prompt Payment Act (P.L. 97-177) and the Prompt Payment Act Amendments of 1988 (P.L. 100-496) all Federal agencies are required to pay their bills on time, pay interest penalties when payments are made late, and to take discounts only when payments are made within the discount period. To assure compliance with the Act, vouchers and/or invoices shall be submitted on any acceptable invoice form which meets the criteria listed below. Examples of government vouchers that may be used are the Public Vouchers for Purchase and Services Other Than Personal, SF 1034, and Continuation Sheet, SF 1035. At a minimum, each invoice shall include: 1. The name and address of the business concern (and separate remittance address, if applicable). 2. Do NOT include Taxpayer Identification Number (TIN) on invoices sent via e-mail. 3. Invoice date. 4. Invoice number. 5. For Contracts on Form OF347 - The contract or purchase order number on the Form OF347 shall include the purchase order number indicated in blocks #2 and #3. For Example: Contract No. 61320618B0018 / Order No. 61320618F2015 6. For Contract on Form SF1449 - The contract or purchase order number on the Form SF1449 shall include the purchase order number and /or Task number indicated in blocks #2 and #4. For Example: Contract No. 61320618D0018 / Order No. 61320618F1015 Or for form SF30 please include the Amendment/Modification No. in Box 2 and the contract number in box 10A. For Example: Contract no. 61320618D0018 MOD P00002 7. Description, price and quantity of goods or services actually delivered or rendered. 8. Shipping cost terms (if applicable). 9. Payment terms. 10. Other substantiating documentation or information as specified in the contract or purchase order. 11. Name, title, phone number and mailing address of responsible official to be notified in the event of a deficient invoice. ORIGINAL VOUCHERS/INVOICES SHALL BE SENT TO: PREFERED: Via email to: 9-AMC-AMZ-CPSC-Accounts-Payable@faa.gov OR U.S. Mail Enterprise Service Center, c/o CPSC, Accounts Payable Branch, AMZ-160 PO Box 25710 Oklahoma City, Ok. 73125 FEDEX Enterprise Service Center, c/o CPSC, Accounts Payable Branch, AMZ-160 6500 S. MacArthur Blvd. Oklahoma City, Ok. 73169 Invoices not submitted in accordance with the above stated minimum requirements will not be processed for payment. Deficient invoices will be returned to the vendor within seven days or sooner. Standard forms 1034 and 1035 will be furnished by CPSC upon request of the contractor. Inquiries regarding payment should be directed to the Enterprise Service Center (ESC), Office of Financial Operations, Federal Aviation Administration (FAA) in Oklahoma City,9-AMC-AMZ-CPSC-Accounts-Payable@faa.gov. C. PAYMENT Payment will be made as close as possible to, but not later than, the 30th day after receipt of a proper invoice as defined in "Billing Instructions," except as follows: When a time discount is taken, payment will be made as close as possible to, but not later than, the discount date. Discounts will be taken whenever economically justified. Otherwise, late payments will include interest penalty payments. Inquiries regarding payment should be directed to 9-AMC-AMZ-CPSC-Accounts-Payable@faa.gov or at the U.S. Mail and Fedex addresses listed above: Complaints related to the late payment of an invoice should be directed to Ricky Woods at the same the same address (above) or 405-954-5351. Customer Service inquiries may be directed to Adriane Clark at AClark@cpsc.gov. D. INSPECTION & ACCEPTANCE PERIOD Unless otherwise stated in the Statement of Work or Description, the Commission will ordinarily inspect all materials/services within seven (7) working days after the date of receipt. The CPSC representative responsible for inspecting the materials/services will transmit disapproval, if appropriate, to the contractor and the contract specialist listed below. If other inspection information is provided in the Statement of Work or Description, it is controlling. E. ALL OTHER INFORMATION RELATING TO THE PURCHASE ORDER Contact: Contract Specialist - Cassandra Sterba at (301)504-7837 F. PROCESSING INSTRUCTIONS FOR REQUESTING OFFICES The Purchase Order/Receiving Report (Optional Form 347 or Standard Form 1449) must be completed at the time the ordered goods or services are received. Upon receipt of the goods or services ordered, each item should be inspected, accepted (partial or final) or rejected. The Purchase Order/Receiving Report must be appropriately completed, signed and dated by the authorized receiving official. In addition, the acceptance block shall be completed (Blocks 32 a, b & c on the SF 1449 and column G and page 2 of the OF 347). The receiving report shall be retained by the requesting office for confirmation when certifying invoices. G. PROPERTY/EQUIPMENT PURCHASES In the case of Purchase Orders/Receiving Reports involving the purchase and receipt of property/equipment, a copy of the Purchase Order/Receiving Report must also be immediately forwarded directly to the Property Management Officer (Dina Demas) in the Facilities Management Support Services Branch (Room 425). The transmittal of Purchase Orders/Receiving Reports to the property management officer is critical to the integrity and operation of CPSC's Property Management System. Receiving officials should also forward copies to their local property officer/property custodian consistent with local office procedures. (End of clause) LC 24 NONDISCLOSURE OF ANY DATA DEVELOPED UNDER THIS CONTRACT a. The Contractor agrees that it and its employees will not disclose any data obtained or developed under this contract to third parties without the consent of the U. S. Consumer Product Safety Commission Contracting Officer. b. The Contractor shall obtain an agreement of non-disclosure from each employee who will work on this contract or have access to data obtained or developed under this contract. (End of clause) LC 25 PROTECTION OF HUMAN SUBJECTS a. Safeguarding the rights and welfare of human subjects involved in activities supported by contracts from the Consumer Product Safety Commission (CPSC) is the responsibility of the organization which receives or is accountable to the CPSC for the funds awarded for the support of the activity. Thus, it is the policy of the Commission that no contract for an activity involving human subjects shall be made unless the Contractor's Institutional Assurance has been reviewed and approved by the appropriate CPSC committee. (Reference the "The Institutional Guide to CPSC Policy on Protection of Human Subjects" -copy furnished upon request.) b. The Contractor shall bear full responsibility for the performance of all work and services involving the use of human subjects under this contract in a proper manner and as safely as is feasible. The parties hereto agree that the Contractor retains the right to control and direct the performance of all work under this contract. No provision of this contract shall be deemed to constitute the Contractor or any subcontractor, agent or employee of the Contractor, or any other person, organization, institution, or group of any kind whatsoever, as the agent or employee of the Government. The Contractor agrees that it has entered into this contract and will discharge its obligations, duties and undertakings as an independent Contractor without incurring liability on the part of the Government for the acts of the Contractor or its employees. c. The Offeror is required to furnish three copies of its current Institutional Assurance to the U.S. Consumer Product Safety Commission, Division of Procurement Services with their proposal. If the Offeror does not have an Institutional Assurance, it shall furnish two of its policy on the protection of human subjects in accordance with 16 CFR, Part 1028 instead. The Commission may approve the Offeror's policy as a Special Assurance for the purpose of this contract. (End of clause) LC 31 RESTRICTIONS ON USE OF INFORMATION a. If the Contractor, in the performance of this contract, obtains access to information such as CPSC plans, reports, studies, data projected by the Privacy Act of 1974 (5 U.S.C. 552a), or personal identifying information which has not been released or otherwise made public, the Contractor agrees that without prior written approval of the Contracting Officer it shall not: (a) release or disclose such information, (b) discuss or use such information for any private purpose, (c) share this information with any other party, or (d) submit an unsolicited proposal based on such information. These restrictions will remain in place unless such information is made available to the public by the Government. b. In addition, the Contractor agrees that to the extent it collects data on behalf of CPSC, or is given access to, proprietary data, data protected by the Privacy Act of 1974, or other confidential or privileged technical, business, financial, or personal identifying information during performance of this contract, that it shall not disclose such data. The Contractor shall keep the information secure, protect such data to prevent loss or dissemination, and treat such information in accordance with any restrictions imposed on such information. (End of clause) LC 37 SECURITY AND PRIVACY (a) Agency rules of conduct that the Contractor and the Contractor's employees shall be required to follow: In performing its duties related to management, operation, and/or access of systems containing sensitive PII under this contract, the Contractor, its employees and subcontractors shall comply with all applicable security requirements and rules of conduct as specified by the following: 1. Contractor employees must comply with agency personal identity verification (PIV) requirements in order to logically access Government systems. 2. System access granted under this contract is only for work required to perform official duties specified in the contract. The performance of any unrelated and/or unauthorized activity is prohibited. 3. Access to Government information systems (where applicable) will only be for the period stated in the contract. Thereafter, all accounts, passwords, and access associated with the contract will be terminated. 4. Disclosure of any system account information or system passwords to any unauthorized third-party is prohibited. 5. Exhibiting or divulging the content of any record or report to any person except in the performance of official duties specified in the contract is prohibited. 6. Using any data accessed with a Government system account for unauthorized purposes is prohibited. 7. No official record, report, database, or copy thereof, may be removed from Government premises or Government systems without prior written permission. 8. Contractor employees are prohibited from modifying, altering, or otherwise changing any Government system component or configuration except in the performance of official duties specified in the contract. Contractor employees are prohibited from issuing any system command or running any software, scripts, or programs on Government systems without prior authorization. 9. Contractor employees must not disclose sensitive or personal privacy-related information to any unauthorized third-party. 10. Contractor must notify the Government Contracting Officer immediately upon the termination of any Contractor or subcontractor employee so that system accounts, remote access, or other forms of system access can be terminated. 11. The use of Contractor-owned laptops or other portable media storage devices to process, transmit, or store sensitive PII is prohibited under this contract [unless the Contractor is authorized to access Government systems through the agency's virtual desktop infrastructure environment]. 12. The Contractor must notify the Government Contracting Officer and the agency's Information Systems Security Officer (ISSO) immediately upon the discovery-or suspected discovery-of any type of security incident, malicious activity, or data breach affecting or that might potentially affect the Government's network or specific systems. 13. Contractor employees with access to Government systems must agree to agency Rules of Behavior and shall complete annual security awareness training. (b) A list of the anticipated threats and hazards that the Contractor must guard against. The Contractor must use reasonable measures to guard against the following threats and hazards: 1. Unauthorized disclosure or use of sensitive system information-including system architecture, system configuration, system accounts, and system passwords. 2. Unauthorized disclosure or use of the contents of any information obtained from Government systems-including system records, system reports, or databases. 3. Unauthorized modification or alteration of any Government system component or configuration 4. Unauthorized circumvention, avoidance, or deception of any Government security system, measure, or control. 5. Unauthorized installation and/or use of hardware, software, firmware, portable media storage, or mobile devices on Government systems. 6. Unauthorized use of Government systems-including hardware, software, system accounts, Internet access, and email accounts-for activity which is not required to perform official duties under this contract. (c) A description of the safeguards that the Contractor must specifically provide. 1. The Contractor shall limit access to any information related to this contract to those employees and subcontractors who require the information in order to perform their official duties under this contract. 2. The Contractor, Contractor employees, and subcontractors must physically secure PII when not in use and/or under the control of an authorized individual, and when in transit to prevent unauthorized access or loss. 3. When PII is no longer needed or required to be retained under applicable Government records retention policies, it must be destroyed through means that will make the PII irretrievable. 4. The Contractor shall only use PII obtained under the contract for purposes of the contract, and shall not collect or use such information for any other purpose without the prior written approval of the Contracting Officer. 5. At expiration or termination of this contract, the Contractor shall turn over to the Government, all PII obtained under the contract that is in its possession. 6. In the event of any actual or suspected breach of PII, the Contractor shall immediately report the breach to the Contracting Officer, the Contracting Officer's Representative (COR), and the agency's Information Systems Security Officer (ISSO). 7. In the event that a PII breach occurs as a result of the violation of a term of this contract by the Contractor or its employees, the Contractor shall, as directed by the Contracting Officer and at no cost to the Government, take timely action to correct or mitigate the violation, which may include providing notification and/or other identity protection services to affected persons for a period of at least 18 months from discovery of the breach. If the Government elects to provide and/or procure notification or identity protection services in response to a breach, the Contractor shall be responsible for reimbursing the Government for those expenses. The Contractor shall incorporate the substance of this clause, its terms and requirements in all subcontracts under this contract, and require written subcontractor acknowledgement of same. Violation by a subcontractor of any provision set forth in this clause will be attributed to the Contractor. (d) Requirements for a program of Government inspection during performance of the contract that will ensure the continued efficacy and efficiency of safeguards and the discovery and countering of new threats and hazards. Work to be performed under this contract requires the design, development, operation, or disposal of a Federally-controlled information system containing sensitive personally identifiable information or handling sensitive personally identifiable information. To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of personally identifiable information, the Contractor shall permit the Government access to, and information regarding, the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases, when requested by the Government, as part of its responsibility to ensure compliance with privacy and security requirements. The Contractor shall otherwise cooperate with the Government in assuring compliance with such requirements. Government access shall include independent validation testing of controls, system penetration testing by the Government, Federal Information Security Management Act data reviews, and access by agency Inspectors General for its reviews. Definitions. "Personally Identifiable Information" (PII) means information that can be used to distinguish or trace a person's identity, such as his or her name, social security number, or biometric records, that alone, or when combined with other personal or identifying information which is linked or linkable to a specific person, such as date and place of birth, or mother's maiden name. "Breach" means the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar situation where persons other than authorized users, and for other than authorized purpose, have access or potential access to Personally Identifiable Information, whether physical or electronic. (End of clause) Questions about this requirement are due via email to csterba@cpsc.gov no later than July 30, 2018 at 2pm eastern time. Please contact the Contract Specialist, Cassandra Sterba, with any inquiries at csterba@cpsc.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/CPSC/DA/DPS/61320618Q0193/listing.html)
 
Record
SN05004454-W 20180726/180724230941-b31e101154f580567703fdfd42ec4b6d (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.