SOLICITATION NOTICE
R -- 509-19-1-4105-0013 Security System Service, B+OY (VA-19-00020121)
- Notice Date
- 1/29/2019
- Notice Type
- Synopsis
- NAICS
- 334290
— Other Communications Equipment Manufacturing
- Contracting Office
- Department of Veterans Affairs;Carl Vinson VA Medical Center;1826 Veterans Blvd.;Dublin GA 31021
- ZIP Code
- 31021
- Solicitation Number
- 36C24719Q0268
- Response Due
- 2/4/2019
- Archive Date
- 4/5/2019
- Point of Contact
- DUBLIN GA 31021
- Small Business Set-Aside
- N/A
- Description
- THIS IS A SMALL BUSINESS SOURCES SOUGHT NOTICE REPRESENTING A MARKET SURVEY AND IS NOT A REQUEST FOR PROPOSALS, PROPOSAL ABSTRACTS, QUOTATIONS OR INVITATION FOR BIDS The Department of Veterans Affairs is conducting a sources sought to obtain information regarding: (1) the availability and capability of qualified small business sources; (2) whether they are Service-Disabled Veteran-Owned, Veteran-Owned, Small Business, HUB Zone 8(a), Women-Owned, or small disadvantaged business concerns; and (3) their size classification relative to the North American Industry Classification System (NAICS) code for the proposed acquisition. Your responses to the information requested will assist the Government in determining the appropriate acquisition method, including whether a set-aside is possible. An organization that is not considered a small business under the applicable NAICS code should not submit a response to this notice. Small businesses concerns shall be capable of providing the necessary equipment and personnel to furnish service in the volume required for all the items under this contract. Contractor shall meet all requirements of Federal, State or City codes regarding operations of this type of service. The NAICS code is 334290 (Size Standard: 750 employees) The intent of this notice is to determine the availability of qualified commercial sources technically capable of providing the items below: Please reference the attached Statement of Work Potential offerors having the skills, experience, professional qualifications, and capabilities necessary to perform the described requirement are invited to provide a capabilities statement via e-mail. The Capability statements shall not exceed three (3) pages and must include the following: 1) Company name and Point of Contact information (address, telephone, e-mail, web-site, etc.); 2) DUNS number and CAGE code; 3) Small Business Size/Certification (to include 8(a), HUB Zone, SDVOSB, etc.); and (4) Familiarity and product knowledge. Responses are due no later than 1000 EST, Monday, Feb 4, 2019, and shall be electronically submitted to: Sheryl.harris5 @va.gov. All responses will be used to determine the appropriate acquisition strategy for a potential future acquisition. Response is strictly voluntary; no reimbursement will be made for any costs associated with providing information in response to this synopsis or any follow-up information requests. Electronic Security System Service Contract Statement of Work Purpose To provide service and maintenance on the existing Lenel & Avigilon Electronic Security Systems for the Charlie Norwood VA Medical Centers located at 950 15th Street, Augusta, GA 30901 and 1 Freedom Way, Augusta, GA 30904. Term of Contract The contract will be for an initial base year with the possibility of four one-year extension options (exercised at the government's discretion) if successful results are achieved per Charlie Norwood VA Medical Center evaluation. Base Year 1 October 2018 to 30 September 2019 1st Option Year 1 October 2019 to 30 September 2020 2nd Option Year 1 October 2020 to 30 September 2021 3rd Option Year 1 October 2021 to 30 September 2022 4th Option Year 1 October 2022 to 30 September 2023 Conformance Standards Contract service shall ensure the equipment functions and conforms with the latest published edition of NFPA-99, OSHA, manufacturer specifications, and complies with VA Master Specifications Division 28, Electronic Safety and Security: 28 05 00 Common Work Results for Electronic Safety and Security 28 05 13 Conductors and Cables for Electronic Safety and Security 28 05 26 Grounding and Bonding for Electronic Safety and Security 28 05 28.33 Conduits and Backboxes for Electronic Safety and Security 28 13 00 Physical Access Control System 28 13 16 Physical Access Control System and Database Management 28 16 00 Intrusion Detection System 28 23 13 Video Surveillance and Security Platform, IP Video Surveillance and Security Platform Qualifications Contractor Field Service Engineers shall be GSA HSPD-12 certified and authorized providers, schedule 70, category 132 62 Homeland Security Professional Directive 12 Product and Service Components. Products and services for agencies to implement and maintain the requirements of HSPD-12, FIPS-201 and associated NIST special publications. Contractor shall have both GSA schedule 84 and GSA schedule 70, due to the relationship between security/safety/law enforcement and information technology. Contractor providing customer service and support shall be Lenel Value Added Reseller (VAR) of record, minimally fully certified at the Lenel Certified Professional Level (formerly Gold standard level), authorized by Lenel to support Federal Government in the State of Georgia; evidence of this certification shall be presented if requested. Contractor shall have extensive knowledge of the Lenel On-Guard system and shall effectively trouble shoot technical issues. Contractor shall effectively work will Lenel customer support to mitigate all technical issues which may arise. Contractor shall maintain and control the system under one combined SUSP license that includes System User Direct Support (SUDS) from Lenel Systems International, provided Owner has attended require Lenel training classes for network administration. Hours of Coverage Normal hours of coverage shall be Monday through Friday from 8:00 a.m. to 4:30 p.m., excluding weekends and federal holidays (New Year s Day, Labor Day, Martin Luther King Day, Columbus Day, President's Day, Veterans Day, Memorial Day, Thanksgiving Day, Independence Day, Christmas Day). All service/repairs will be performed during normal hours of coverage unless requested or approved by Contracting Officer Representative (COR). Preventive maintenance inspections are to be scheduled at least five days in advance with COR. Coordination may be done by telephone. Preventive Maintenance Visits The contractor shall perform database preventative maintenance on a quarterly basis. Monthly on-site testing of the NEC Cluster Ring System services shall be provided to include, failover functionality and automatic redundancy operation, redundancy restoral, system backup, general file analysis, Cluster Ring software analysis, server and workstation hardware inspection, cleaning and if applicable install service packs, windows updates and security utilities. Preventive services for all components included in the equipment list shall be conducted as required by manufacture or contractor specifications, this shall include a visual inspection and functional test of security components. Contractor shall provide preventive maintenance service during the term of the contract consisting of manufacturer recommended cleaning, lubricating, adjusting, tightening, verify field of view for cameras, camera focus and testing, and replacing worn parts or parts which are likely to become faulty, fail or worn listed on the equipment list. Beginning in the second year of the contract the Integrator will perform an equipment Test and Inspection and by the end of the contract year the contractor will have serviced all devices on the systems. On-Site Response Contractor shall provide an on-site service technician on a 24/7 365 day a year basis to provide emergency on-site response within six (6) hours of call acknowledgement for any sudden, urgent, usually unexpected failure of the access control, video management system, or network connection(s) that compromises life safety, interrupt business operations, or significant risk of damage or loss to port assets. (IE. A complete loss of video or access control throughout the entire building.) Contractor shall respond on-site within eight (8) business hours of call acknowledgment or dispatch a technician to arrive the next business day (Monday through Friday 8:00 AM to 4:30 PM) for a common security system failure where non-critical functions, procedures, or resources are negatively affected with moderate impact on overall security operations. (IE. The loss of PTZ control of a camera monitoring a general access area, a single door failure to a restricted area with multiple points of entry.) For all other security system failures that are not time sensitive and marginally increases in impact or inconvenience over time, contractor shall schedule resolution times on an item by item basis. (IE. Remove dirt from a camera lens, a sticking key on a card reader keypad.) Resolution times for the purchase of parts only (no labor) or installation of new security components that is handled through service will depend on availability of the parts and customer requirement. Contractor shall provide engineered services support to the onsite technicians, Monday through Friday, during business hours of 8am to 5pm as needed. Customer Training Contractor shall provide one Lenel factory training scholarship for a system administrator yearly. VA shall be responsible for all travel, lodging and employee pay during the training. Contractor shall annually provide a (4) four-hour training course designed to improve the knowledge and efficiencies of police staff. Training will be customized specific to the facility and system and will typically include the following topics: system architecture, overall system operation, alarm response procedures, troubleshooting techniques, management report generation, etc. Enhanced Customer Training Contractor shall provide (40) hours of on-site operator training during year one; (32) hours during year two; and (24) hours in subsequent years. Additional operator training blocks, in increments of eight (8) hours each, can be added to increase the level of training that will be required. The following indicates how many incremental eight (8) hour training blocks will be required on an annual basis: None - eight (8) hour training blocks requested. Work Order Management Contractor shall provide an online service portal to provide access to real-time work order information, 24 hours a day. The VA shall be able to create online work orders to request service, view service work orders (both in-process and completed), view preventive maintenance progress and run a variety of reports to manage the security system. Discretionary Fund Contractor shall establish a Program Discretionary Fund of $60,000.00 USD. This fund is intended to be used for repairs to the system, or technology upgrades to the system. Throughout the year, as parts are replaced or upgrades are implemented, the amount required to pay for these services will be deducted from this fund. This will be tracked throughout the year so that both the customer and contractor know exactly what the latest balance is for this fund. This Program Discretionary Fund will be required to be spent during each annual agreement period. Comprehensive Service Labor Contractor shall provide at no additional cost comprehensive labor coverage for emergency service labor, system troubleshooting and diagnostics, and component repair labor. Comprehensive Component Coverage Contractor shall provide at no additional cost comprehensive component coverage for the equipment identified in the equipment list. CRL locks provided by Tebarco shall be included in the Comprehensive Parts and Labor Coverage. Note: Components shall be OEM parts to meet up-time requirements (consumables are not covered). The contractor should have ready access to unique and/or high mortality OEM replacement parts. All parts supplied shall be compatible with existing equipment. The contractor shall use new parts. Re-built parts or used parts, those removed from other equipment, shall not be installed without written approval by the COR. Technology upgrades or system enhancements are not included, but Program Discretionary Fund may be used. Contractor shall maintain a sufficient stock of all parts meeting or exceeding the original manufactures design and specification needed for repair and maintenance of the equipment or be able to secure needed parts within one calendar day. VA reserves the right to inspect the contractor s facility to confirm the parts are locally available. Contractor shall repair or replace pre-existing security equipment as it fails or becomes unserviceable, based on Program Discretionary Fund availability. Preapproval must be received prior to completing the repairs. Excluded Items All Pre-Existing Security Equipment and Automatic Door Operators are NOT included and/or afforded Comprehensive Parts and Labor Coverage. The Program Discretionary Fund has been established and can be used. Any reported service issues with the Electronic Security System (Lenel or Avigilon) determined to be a result of the existing security equipment, door hardware or automatic openers will be charged as a separate service repair order at the prevailing time and material rates. Preapproval must be received prior to completing the repairs. Any repairs or remedies required to the Electronic Security System (Lenel or Avigilon hardware or software) recently installed, equipment installed by others or existing security equipment, due to: Acts of GOD, riot, insurrection, vandalism, criminal acts (regardless of charges sought or brought), civil disobedience, abuse, neglect, misuse, and/or animal, rodent, or insect infestation ARE NOT COVERED. Repairs will be charged at the prevailing time and materials rates. Preapproval must be received prior to completing the repairs. The Contractor shall immediately, but not later than 24 consecutive hours after discovery notify the CO and COR, in writing, of the existence or the development of any defects in, or repairs required to the scheduled equipment which the Contractor considers he/she is not responsible for under the terms of the contract. The contractor shall furnish the COR with a written estimate of the cost to make necessary repairs. Database Management Services Contractor shall provide front-end database management services. These services include, on-site system database backup; general database file analysis, security system software analysis, server and workstation hardware inspection, cleaning, update anti-virus software if applicable, install service packs, windows updates and security utilities. On-Site System Health Assessment Contractor shall on an annual basis schedule a Service Specialist to perform a health check of the system. Also included in this service are server and workstation hardware inspection and cleaning; update of anti-virus software service packs, windows updates, and security utilities if applicable. Current state of the system and recommendations will be documented and provided to the customer so an action plan to be created. Software Upgrade & Support Contractor shall provide a comprehensive security software support plan that keeps pace with all software revisions and advancements as they are made available by manufacturers. Such revisions shall keep the installed system operating with the latest technology and at peak performance. Software upgrades typically occur annually, however many times they have been released several times throughout a given calendar year. An annual renewal of the Lenel Software Support subscription, and up to sixteen (16) hours of Contractor labor per year to perform a software upgrade. On an annual renewal basis, the contract shall be amended to include actual licensing added during the previous year. Current Licensing Details: Lenel Software Support (SUSP PRO TR 1) Tier 1 128 256 Readers; Current thru July 16, 2018. Lenel NEC Express Cluster X R3 WAN 64BIT (Professional Engineering Support) expired. On-Site Security Systems Specialist Contractor shall provide an on-site service technician once a week, during business hours of 8:00 am to 4:30 pm. The on-site service technician shall provide guidance to system administrators to establish system standards and security operations procedures and assist security personnel in day-to-day security system operations. This provides customers with a dedicated resource ensuring system integrity, standardization, and continuity. Preferred 24/7 Hourly Service Rate Contractor shall provide a preferred flat hourly labor rate for all time & material related service calls. Regardless of what time of day, what day of week, weekend, or holiday, for time and material work performed a single flat rate will be charged. Contractor shall provide the preferred flat rate charge prior to contract initiation. Remote On-Line Diagnostics Contractor shall provide and utilize an industry standard authentication technology to remotely access the security system and resolve technical issues in real time. A Support Specialist, with the support of a screen sharing session initiated by police staff, will work directly with personnel for initial call support and troubleshooting. If the issue cannot be resolved on-line, a more refined service response will result in the dispatching of a security service representative. Web-Based Reporting Contractor shall provide a web-based reporting system to include the application of unique, registered barcodes to security devices such as cameras, video recorders, card readers, control panels, head-end equipment, and other system devices. As each individual device is tested, the device is scanned and critical maintenance information is documented. In addition, the data at the time of inspection is automatically recorded with the scan of the barcode. Monthly reports will be provided corresponding to PMI performed. Within 48 hours following the inspection visit, an on-line database and associated report of the system test shall be available for viewing, downloading, printing, or emailing. This maintenance information must be retrievable using a standard internet browser. Color-coded status flags will provide an immediate summary of the building test status: normal, discrepancies found, or devices failed. Proposed solutions to resolve discrepancies or failed devices will always be included. The web-based reporting system shall provide immediate documentation to show the security systems are being tested and inspected according to manufacturer s requirements and in a timely manner. Contractor shall provide an online inventory asset management portal where all inspected devices will be recorded, and status established. Work Order Management Contractor shall provide an online service tool that provides: Realtime Status, Metric and Custom reports, access to a Document Library (i.e. document sharing platform), Intranet and Internet Links, Administrative Privileges and Email Notifications. Warranty The contractor shall provide a warranty on the integrity of workmanship, labor, parts, service, testing, repair, inspection, and certification. The warranty period shall be for 90 days after the repair, inspection, and/or certification. Service Manuals The VA shall not provide services manuals or service diagnostic software to the contractor. The contractor shall obtain, have on file, and make available to its service technician all operational and technical documentation, (such as; operational and service manuals, schematics, and parts list), which are necessary to meet the performance requirements of this contract. The location and listing of the service data manuals, by name, and/or the manuals themselves shall be provided to the Contracting Officer or Contracting Officer Representative upon request. Reporting The contractor shall be required to report to the division Police Control Center where work is being performed. This check in is mandatory. When the service is completed, the service technician shall document services rendered on a legible service report. The service technician shall be required to log out with the COR (if unavailable the Police Control Center) and submit the service report. After work is completed, the contractor s technician(s) shall submit in writing, a complete report of services performed on each item of equipment. Contractor service technician(s) and all employees working on VA property must apply for and receive a VA Personal Identification Verification (PIV) badge in compliance with CNVAMC Policy Memorandum 90-12-1, Vendor Visitors, paragraph 4, within the first month of the service contract. Contractor service technician(s) shall coordinate with the COR to obtain a PIV. The process requires the technician(s) to bring two (2) valid forms of identification, completion of VA Form 0711, finger prints, photograph, and possible background check. The process of receiving the identification badge takes approximately three business days to clear. Contractor service technician(s) shall always display their PIV badge while on VA premises. It is the responsibility of the contractor to park in the appropriate designated parking areas. The VA will not invalidate or make reimbursement for parking violations of the contractor under any conditions. Smoking is prohibited inside of all buildings at the VA. Possession of weapons is prohibited. Enclosed containers, including tool kits, shall be subject to search. Violations of VA regulations may result in citation answerable in the United States (Federal) District Court, not a local district, state, or municipal court. Contractor shall follow safety precautions, including the use of personal protective equipment. All tools shall be fully supervised by contractor technicians and fully secured when not in use. Once work is completed, contractor shall clean up and haul off all debris from property and leave the area of work ready for hospital business. Service Reports Service reports will be delivered after completion to the COR. Standard delivery time is 10 business days after the completion of the service call or scheduled maintenance. Delivery time may vary with pre- approval of the COR. Deficiencies discovered during inspection are to be reported to the COR or designee after each service call or scheduled maintenance. Deficiencies which require ordering replacement parts are to be immediately ordered and scheduled for replacement. This process shall be documented; to include retesting the device/component to prove successful repairs have been made. After all repairs, the report shall reflect all corrected action. Performance Standard The contractor shall ensure 100% completion of database preventative maintenance on a quarterly basis and monthly on-site testing of the NEC Cluster Ring System. Contractor shall ensure they meet the onsite response time 100% of the time (emergency on-site response within six (6) hours, routine on-site within eight (8) business hours). Contractor shall ensure that 100% of all training is completed (40 hours of on-site operator training during year one; 32 hours during year two; and 24 hours in subsequent years. Contractor shall ensure that 100% accountability of the Program Discretionary Funds throughout the year Contractor shall ensure that once a week an on-site service technician is present 100% of the time. Contractor shall ensure 95% of the time service reports are delivered within 10 business days after the completion of the service call or scheduled maintenance. Failing to Respond Failure to perform any of the services set forth in this contract will be considered for invoking provisions of Default. BACKGROUND SCREENING: In accordance with VHA Directive 0710 all Contractor personnel providing services under this contract shall be the subject to a background screening and must receive favorable adjudication from the VA prior to contract performance. The level of screening for this contract is: Special Agency Check (SAC). Any employee whose background investigation yields unfavorable results shall be removed immediately from performance under this contract. In the event the screening is not completed prior to contract performance, the Contractor shall be responsible for the actions of those individuals performing under the contract. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS: The Office of Security and Law Enforcement provides Department-wide policy on the assignment of appropriate position sensitivity designations associated with Department of Veterans Affairs positions involving national security and public trust responsibilities, and on the level of background investigations required for applicants for, and incumbents of, those positions. In addition to VA employees, the policy and investigative requirements shall be applicable to Contractor personnel who require access to VA computer systems designated as sensitive, in accordance with HSPD-12, FIPS 201, VA & VHA 0710 series documents. Contractor and subcontractor personnel who require access to VA computer systems shall be subject to all necessary background investigations and receive a favorable adjudication from the VA Office of Security and Law Enforcement to ensure compliance with such policy. If such investigation has not been completed prior to contract commencement, the Contractor shall be responsible for the actions of those individuals performing under the contract. The contract requires Contractor personnel to maintain U.S. citizenship and the Contractor shall be responsible for compliance. Regardless of U.S. citizenship requirements, Contractor personnel shall be required to read, write, speak, and understand the English language, unless otherwise specified in this contract or agreed to by the Government. The cost for such investigations shall be borne by the Contractor, either in advance or as reimbursement to the Government. The level of sensitivity shall be determined by the Government on the basis of the type of access required. The level of sensitivity shall determine the depth of the investigation and the cost thereof. At this time, the current estimated cost for such investigations is as follows: LEVEL OF SENSITIVITY BACKGROUND INVESTIGATION LEVEL APPROXIMATE COST SAC Special Agreement Check $24.00 Low Risk National Agency Check with Written Inquiries $210.00 Moderate Risk Minimum Background Investigation $750.00 High Risk Background Investigation $3,150.00 The Contractor shall be required to furnish all applicable employee information required to conduct the investigation, such as, but not limited to, the name, address, date of birth, place of birth, occupation, and social security number of Contractor personnel. The VA shall provide all the necessary instructions and guidance for submission of the documents required to conduct the background investigation. High risk background investigations may not be required for Contractor personnel who will not be required to access VA computer systems nor gain access to sensitive materials. DRUG/ALCOHOL POLICY: Contractor shall ensure that all valet parking staff performing under this contract complied with the participating Charlie Norwood VA Medical Center alcohol and drug free workplace policy. The Contractor shall be expected to conduct random alcohol and drug tests on all valet parking staff. Random alcohol and drug tests shall be conducted at least once a year on each employee performing under the resulting contract. Valet parking staff shall also be subject to drug and alcohol testing when reasons exist to suspect the use of illegal drugs and/or alcohol while on duty that impaired judgment, performance, operation of vehicles and the safety of Veteran patients, VA employees, visitors, voluntaries and/or other valet parking staff. Upon request, the Contractor shall be expected to provide evidence or copy of the results of employee drug and alcohol testing. BADGES: All Contractor personnel shall be required to wear VA provided identification (I.D.) badges at all times while on the VA grounds. The Contractors shall be required to coordinate with COR in order to obtain the VA provided I.D. badges for all valet parking staff. All VA provided I.D. badges shall be returned at the end of the contract or upon completion of service. INVOICE REQUIREMENT: The invoice shall be itemized to include the information listed below. Incomplete and incorrect invoices shall be returned for correction. Invoice Number and Date Contract Number Purchase Order/Obligation Number Line item from Schedule of Service associated with each charge Net Payment Due Contractor shall submit original invoice with pre-printed company name. For the Government invoice/billing address information, reference Contract Administration Data section. POST-AWARD PERFORMANCE CONFERENCE: Contractor shall attend a pre-work orientation meeting after award and prior to commencement of work on site. This will be scheduled by the VA, the pre-work meeting and discussion will include but not be limited to the following topics: (It is the contractor s responsibility to ensure that contractor employees coming to the work site receive all information required below and are fully trained and completely competent to perform the required work) a. Fire and Safety b. Disaster Procedures c. Medical protocols to be used by valet parking attendants (i.e., procedures for medical emergencies) d. Handling of accidents, thefts, and other parking related incidents e. Uniforms f. Miscellaneous g. After hour's storage box location and access procedures. PER REVIEW OF VA HANDBOOK 6500.6, CONTRACT SECURITY, APPENDIX A- INFORMATION SECURITY AND PRIVACY CHECKLIST: The C&A requirements do not apply and a Security Accreditation Package is not required. Acquisition of this service does not involve the storage, generating, transmitting, or exchanging of VA sensitive information to the vendor There may exist exposure to VA sensitive information, in particular to sensitive personal information (SPI) while implementing contractual services Minimum Statutory Requirements Prohibition on unauthorized disclosure: Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). See VA Handbook 6500.6, Appendix C, paragraph 3.a. Requirement for data breach notification: Upon discovery of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access, the contractor/subcontractor shall immediately and simultaneously notify the COR, the designated ISO, and Privacy Officer for the contract. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. See VA Handbook 6500.6, Appendix C, paragraph 6.a Requirement to pay liquidated damages in the event of a data breach: Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs (see VA handbook 6500.6, appendix c, paragraph 7.a, 7.d) NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (29-JAN-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
- Web Link
-
Link To Document
(https://www.fbo.gov/spg/VA/DuVAMC557/DuVAMC557/36C24719Q0268/listing.html)
- Record
- SN05205326-F 20190131/190129230012 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |