SPECIAL NOTICE
J -- Intent to Sole Source Bactec Lab Analyzers Service Agreement
- Notice Date
- 8/22/2019
- Notice Type
- Synopsis
- NAICS
- 811219
— Other Electronic and Precision Equipment Repair and Maintenance
- Contracting Office
- Department of Veterans Affairs;Network Contracting Office (NCO) 10;3140 Governor’s Place Blvd. Suite 210;Kettering OH 45409-1337
- ZIP Code
- 45409-1337
- Solicitation Number
- 36C25019Q1384
- Archive Date
- 9/5/2019
- Point of Contact
- starla.vanwinkle@va.gov
- Small Business Set-Aside
- N/A
- Description
- Intent to Sole-Source Notice The Department of Veterans Affairs, Veterans Health Administration, Network Contracting Office (NCO 10), Kettering, Ohio 45409 intends to solicit an RFQ for a sole-source procurement to provide Bactec Lab Analyzer Service and Support (See Below), using a Firm-Fixed Price Sole-Source contract as the procurement method. The VA anticipates issuing a Firm-Fixed Price Contract (Sole Source) to Becton Dickinson on or about 08/23/2019 for the ongoing maintenance and repairs needed. Place of Performance: Chillicothe VA Medical Center 17273 OH 104 Chillicothe, Ohio 45601 740-773-1141 Station Code: 36C538 In accordance with FAR 52.204-7, System for Award Management, prospective contractors must be registered in System for Award Management (SAM) and in VetBiz database, if applicable (VetBiz registration is required for Service Disabled Veteran Owned Small Businesses or Veteran Owned Small Businesses), under the applicable NAICS. Contractors may obtain SAM information at https://www.sam.gov and Vet Biz information at http://www.vip.vetbiz.gov. To be eligible for award, contractors must be registered in the System for Award Management database. Registration is free and potential offerors are encouraged to visit the SAM website as no contract can be awarded to any offeror not registered in SAM. NAICS Code is 811219. The solicitation will be issued to a single business with a sole-source justification. One award is expected to be made. Questions concerning this announcement should be directed to the Contract Specialist using the email link provided. Telephone requests for information or questions will NOT be accepted. Please email requests or questions to Starla VanWinkle at the following e-mail address: starla.vanwinkle@va.gov and ensure that the subject line includes: solicitation no. 36C25019Q1384 and the company name and DUNS #. Department of Veterans Affairs Network Contracting Office (NCO) 10 3140 Governor s Place Blvd., Suite 210 Kettering, OH 45409 Station Code: 36C250 Department of Veterans Affairs VISN 10 Contracting Chillicothe VAMC 17273 State Rte 104 Chillicothe, OH 45601 STATEMENT OF WORK GENERAL INFORMATION 1. Title of Project: Becton Dickinson and Company Bactec FX Performance Plan 2. Scope of Work: The contractor shall provide all resources necessary to accomplish the deliverables described in this Statement of Work (SOW), except as may otherwise be specified. This agreement provides routine instrument maintenance and repair which assures ongoing performance to manufacturer's specifications for the Becton Dickinson and Company Bactec FX system, serial number FT4136, FB2441, 35FML02. This agreement will include all parts and labor required to return the Becton Dickinson and Company Bactec FX to correct and safe operation for the use of patient care and to maintain all compliancy standards and regulations according to the medical equipment management plan. 3. Background: This service agreement is required to keep the Bactec FX operating correctly and safely in compliance with the medical equipment management plan. 4. Performance Period: 09/01/2019 08/31/2020 Unlimited service visits (labor and travel 8:00 am - 5:00 pm Monday through Friday). Work at the Government site shall not take place on Federal holidays or weekends unless directed by the Contracting Officer (CO). Service contract will have Base plus 4 Option Years at same cost. 5. Type of Contract: Firm-Fixed-Price C. GENERAL REQUIREMENTS Install parts and perform calibrations as necessary to complete the preventive maintenance for the Becton Dickinson and Company Bactec FX. D. SPECIFIC MANDATORY TASKS AND ASSOCIATED DELIVERABLES Unlimited service visits (labor and travel 8:00 am - 5:00 pm Monday through Friday), excluding holidays or as noted in the Terms and Conditions) and all necessary replacement parts, excluding disposables, customer operator maintenance, and operating supplies. Preventive maintenance and mandatory update visits at the manufacturer's recommended intervals (if applicable) scheduled during normal business hours (8:00 am - 5:00 pm Monday through Friday), excluding holidays. Technical Phone Support 24/7. Certified Service Engineer (SEC) on-site response time objective * - within next business day, once dispatch notification has been created by Customer Care Center. For urgent situations in which an instrument is not operational (i.e. unable to produce results) every effort will be made to dispatch a Becton, Dickson and Company SEC to the account site within that day's principal coverage period (8:00am - 5:00pm, Monday - Friday). If a same day on-site arrival is not possible, CSE response will be by the next business day. Work performed outside of the coverage period specified above is billed at Becton Dickinson then-current prevailing rate. Multi-year service contract coverage to include 4 Option Years G. CHANGES TO STATEMENT OF WORK Any changes to this SOW shall be authorized and approved only through written correspondence from the CO. A copy of each change will be kept in a project folder along with all other products of the project. Costs incurred by the contractor through the actions of parties other than the CO shall be borne by the contractor. H. REPORTING REQUIREMENTS Biomedical Equipment Repair vendors/contractors are required to sign in with Facilities Management Service (FMS) to obtain proper temporary identification prior to reporting to their respective work site. If removable media (i.e. USB or DVD/CD Device) is required, it is scanned with an anti-virus program by a Biomedical Equipment Support Specialist (BESS) at the Biomedical Equiment Repair Shop prior to any use. Vendors/contractors must comply with the temporary identification process and removable media requirements prior to performing work. The vendor/contractor reports to FMS, located in Building 21, between the hours of 7:30 a.m. 4:00 p.m. to obtain a temporary identification badge. Each vendor/contractor is issued a temporary identification badge that is worn at all times above the waist, in front, with the face of the card visible. The responsible BESS is notified of the vendor/contractor s arrival and the vendor/contractor is directed to report to the Biomedical Equipment Repair Shop located in Building 27, Room 27, to check in with the appropriate BESS. The vendor/contractor identifies if removable media is required to perform their duties. The BESS ensures the removable media is scanned with anti-virus software running current virus definitions prior to connection to any medical device or facilities system. The BESS completes the scanning using approved anti-virus software provided by the Chief Information Office. If a laptop computer is used by the vendor/contractor, the BESS verifies that the laptop computer has up to date anti-virus software installed. Any vendor/contractor with patient sensitive information that is imported into the removable media device for any reason purges patient sensitive information prior to departure from the facility. Upon completion of the scheduled work, the vendor/contractor returns to FMS to sign out, return the temporary identification badge, and leave a field service report with the Supervisory Biomedical Engineer or assigned BESS or designee. Any services performed after normal business hours are coordinated with the Biomedical Equipment Repair Shop (Supervisory Biomedical Engineer, BESS, or designee). Service reports will show all parts, labor, and travel charges that would have been incurred by the customer if a service contract was not in place to cover these charges. This is to insure proper equipment records and value of service provided. I. TRAVEL Labor and Travel coverage from 8:00AM 5:00PM, Monday Friday, excluding federal holidays will be included in the service agreement. J. GOVERNMENT RESPONSIBILITIES Access to the Becton Dickinson and Company Bactec FX will be made available by V.A. personnel. K. CONTRACTOR EXPERIENCE REQUIREMENTS The government will determine on a SR basis what positions are considered key personnel. The contractor shall identify, by name, the key management and technical personnel who will work under this task order at the time the work is being negotiated. If a key person becomes unavailable to complete the SR, the proposed Substitutions of key personnel shall be made only as approved directed by the Contracting Officer and the Contracting Officer s Representative COR. The government will not dictate specific experience and education requirements of the employees initially proposed to perform the work stated herein. The contractor shall submit a resume of qualifications to the CO & COR for all direct employees proposed for the project. All Contractor employees will be approved by the COR prior to bringing on duty. If, at any time from date of award to the end of the contract, non-key personnel contractor personnel are no longer available, HES/HIS reserves the right to review the qualifications of the proposed replacement personnel and to reject individuals who do not meet the qualifications. Team personnel proposed by the contractor should possess some of the following knowledge and/or skills: The contractor must notify VHA in advance and we will approve or reject proposed contractor key personnel for the performance of this contract. The contractor shall submit a resume of qualifications to the COR for key personnel and all other direct employees proposed for the project. All contractor employees will be approved by the COR prior to bringing on duty. If, at any time from date of award to the end of the contract, contractor personnel are no longer available, the VHA will approve the qualifications of proposed replacement personnel and will reject individuals who do not meet qualifications set forth herein. The contractor must inform the VHA CO, COR, and Project Manager/Task Manager when personnel are removed from the contract for any reason. The contractor shall remove any employee from the performance of this contract within five (5) workdays of receiving notice from the Contracting Officer that the employee's performance is unsatisfactory. All contractor employees are subject to immediate removal from performance of this contract when they are involved in a violation of the law, VA security, confidentiality requirements and/or other disciplinary reasons. The contractor must inform the VHA CO, COR, and Project Manager/Task Manager when personnel are removed from the contract for any reason. If a key person becomes unavailable to complete the SR, proposed Substitutions of key personnel shall be made only if approved by the COR and Project Manager. The contractor shall submit a resume of qualifications to the COR for all direct employees proposed for the project. All contractor employees will be approved by the COR prior to bringing on duty. L. CONFIDENTIALITY AND NONDISCLOSURE It is agreed that: 1. The preliminary and final deliverables, and all associated working papers, application source code, and other material deemed relevant by VA which have been generated by the contractor in the performance of this task order, are the exclusive property of the U.S. Government and shall be submitted to the CO at the conclusion of the task order. 2. The CO will be the sole authorized official to release, verbally or in writing, any data, draft deliverables, final deliverables, or any other written or printed materials pertaining to this task order. No information shall be released by the contractor. Any request for information relating to this task order, presented to the contractor, shall be submitted to the CO for response. 3. Press releases, marketing material, or any other printed or electronic documentation related to this project, shall not be publicized without the written approval of the CO. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS This language is still in draft form. The OI Service Center is reviewing alternative sources for background investigations. All contractor employees who require access to the Department of Veterans Affairs computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to subcontractor personnel requiring the same access. Position Sensitivity The position sensitivity has been designated as ____________________ (Insert High Risk, Moderate Risk or Low Risk.) Background Investigation The level of background investigation commensurate with the required level of access is ____________ (Insert Background Investigation, Minimum Background Investigation or National Agency Check with Written Inquiries). Contractor Responsibilities The contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship, and are able to read, write, speak and understand the English language. The contractor shall submit or have their employees submit the required forms (SF 86 or SF 85P, SF 85P-S, FD 258, Contractor Fingerprint Chart, VA Form 0710, Authority for Release of Information Form, and Optional Forms 306 and 612) to the VA Office of Security and Law Enforcement within 30 days of receipt. The contractor, when notified of an unfavorable determination by the Government, shall withdraw the affected employee from working under the contract. Failure to comply with contractor personnel security requirements may result in termination of the contract for default. 4. Government Responsibilities The VA Office of Security and Law Enforcement will provide the necessary forms to the contractor, or to the contractor s employees, after receiving a list of names and addresses. Upon receipt, the VA Office of Security and Law Enforcement will review completed forms for accuracy and forward the forms to the office of Personnel Management (OPM) to conduct background investigations. The VA Office of Security and Law Enforcement will notify the CO, and contractor, of adjudication results received from OMB. Upon being notified about a favorable determination, the CO may issue a notice to proceed to the contractor. N. Security Requirements Service & Maintenance will follow the security requirements as per VA s Medical Device Protection Program (MDPP) which protects VA s medical devices through a comprehensive security initiative that encompasses pre-procurement assessments, medical device isolation architecture (MDIA), communication, validation, scanning, access control list remediation, patching, and secure remote connectivity. 1.1 General Security Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 1.2 Access to VA Information and VA Information Systems a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. A BI is not required per VA Information and Information System Security/Privacy Requirements for IT Contracts dated August 2008 if the following exception applies: Contract Personnel with limited and intermittent access to equipment connected to facility networks on which limited VA sensitive information may reside, including medical equipment contractors who install, maintain, and repair networked medical equipment such as CT scanners, EKG systems, ICU monitoring, etc. In this case, Veterans Health Administration facilities must have a duly executed VA Business Associate Agreement (BAA) in place with the vendor in accordance with VHA Handbook 1600.1, Business Associates, to assure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to the contract. Contract personnel, if on site, should be escorted by VA IT Staff. 1.3 Training a. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] b. The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. 1.4 VA Information Custodial Language a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. 1.5 Information Systems Hosting, Operations, Maintenance, or Use a. Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: (1) Vendor must accept the system without the drive; (2) VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or (3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase. (4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then; (a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and (b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. (c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. 1.6 SECURITY INCIDENT INVESTIGATION a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. 1.7 LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. However, it is the policy of VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in an amount determined to be adequate by the agency. b. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. 1.8 VA Business Partner System Interconnections a. A Memorandum of Understanding (MOU) / Interconnection Security Agreement (ISA) between the VA and VA Business Partner are required prior to a VA Business Partner owned Device or Computer is connected to the VA Network, NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (22-AUG-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
- Web Link
-
Link To Document
(https://www.fbo.gov/spg/VA/DaVAMC552/DaVAMC552/36C25019Q1384/listing.html)
- Record
- SN05414542-F 20190824/190822230021 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |