Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF AUGUST 28, 2019 FBO #6487
SOLICITATION NOTICE

L -- Department of Veterans Affairs Erie VA Medical Center BRAND NAME: LYNX DURESS SYSTEM

Notice Date
8/26/2019
 
Notice Type
Combine Synopsis/Solicitation
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Veterans Affairs;Network Contracting Office 4;Lebanon VA Medical Center;1700 South Lincoln Avenue;Lebanon, PA 17042
 
ZIP Code
17042
 
Solicitation Number
36C24419Q1110
 
Response Due
8/30/2019
 
Archive Date
10/29/2019
 
Point of Contact
daniel.johnson44@va.gov
 
Small Business Set-Aside
Total Small Business
 
Description
Page 24 of 24 COMBINED SYNOPSIS/SOLICITATION General Information Document Type: Combined Solicitation/Synopsis Solicitation Number: 36C24419Q1110 Current Response Date: Friday, August 30, 2019 Product or Service Code: L063 Set Aside (SDVOSB/VOSB): Small Business NAICS Code: 541519 Contracting Office Address Department of Veterans Affairs Lebanon VA Medical Center 1700 South Lincoln Avenue Lebanon, PA 17046 Description This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) subpart 12.6, Streamlined Procedures for Evaluation and Solicitation for Commercial Items, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested, and a written solicitation document will not be issued. This solicitation is a request for quotations (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95. The associated North American Industrial Classification System (NAICS) code for this procurement is 541519, with a small business size standard of $27.5 million. The Pittsburgh VA Medical Center is seeking to purchase, BRAND NAME, LYNX Staff Duress Notification System. All interested companies shall provide quotation(s) for the following: Supplies/Services Line Item Description Quantity Unit Price Total Price 0001 LYNX, STANDARD SOFTWARE, NO OS, 2,000 SEATS, 100 LKP POP Begin: 09/15/2019 POP End: 09/14/2020 1 YR 0002 SOFTWARE, LYNX, KEYPRO, 25 CLIENT SEATS 26 EA 0003 LYNX, NETWORK, PB, MOM, NETWORK SWITCH 20 EA 0004 LYNX, 4 OUTPUT DEVICE, 8A RELAYS 7 EA 0005 LYNX TRAINING, 1 DAY, ONSITE 1 JB 0006 LYNX-REMT-A \F\ LYNX REMOTE SERVICES - A\F\ 1 YR 0007 SOFTWARE/LICENSES: SSA, LYNX, STANDARD SERVER, 1 YEAR 1 YR 0008 PROJECT MANAGER II 4 HR 0009 INSTALLATION TECHNICIAN IV 44 HR Delivery/Service shall be provided no later than 30 calendar days after receipt of order/award of contract. Delivery terms FOB destination and must be coordinated with facility Point-of-Contact (POC), prior to delivery. The contractor shall deliver line item(s) 0001 through 0009 to the multiple sites listed below: Delivery/Service Location Multiple Locations Site #1 Address: Department of Veterans Affairs Erie VA Medical Center 135 East 38th Street Erie, PA Postal Code: 16504 Country: UNITED STATES Award shall be made to the quoter whose quotation offers the best value to the government, considering technical capability, past performance, and price. The government will evaluate information based on the following evaluation criteria: "(1) price, (2) past performance, and (3) technical capability factor "meeting or exceeding the requirement. Submission of Questions Questions regarding this solicitation shall be received no later than Wednesday, August 28, 2019 at 12:00 PM Eastern Standard Time (EST). Questions received after this time may not be considered for review. Questions shall be submitted to Daniel Johnson Contract Specialist at daniel.johnson44@va.gov. Prospective Offerors are asked to submit their questions grouped by solicitation section and referring to the paragraph in that section. The Subject Line for questions shall state VA Pittsburg Healthcare System, LYNX Duress and Dispatch Communication Application Questions. Responses to all inquiries/questions will be returned via amendment to posted solicitation, for those vendors solicited giving due regard to the proper protection of proprietary information. Offerors shall be responsible for monitoring their email for the agency s responses. No information concerning this solicitation shall be provided in response to telephone calls. Prospective Offerors are warned against contacting any Department of Veterans Affairs (DOVA) personnel other than the Contract Specialist prior to award of a contract resulting from this solicitation. If such contact occurs and is found to be prejudicial to competing Offerors, the Offeror making such contact may be excluded from award consideration. Submission of Quotes This solicitation is being issued as a Small Business (SB) set-aside in the Open Market. Quotations shall be received no later than Friday, August 30, 2019 at 12:00 P.M. EST. Quotations received after this time may not be considered for award. All quotes shall be emailed to Daniel Johnson Contract Specialist at Daniel.johnson44@va. The Subject Line for email submissions shall state VA Pittsburgh Healthcare System, LYNX Duress and Dispatch Communication Application - Offer. Quote Content and Submission Instructions Vendors should review Request for Quote (RFQ) and are ultimately responsible for ensuring that their quotes fully comply with submission requirements for this RFQ.   Each quote shall clearly demonstrate that the Vendor understands both the general and specific technical requirements of the Scope of Work (SOW). Failure to explain Vendor s ability to meet all requirements may result in the Vendor's quote not being considered. Along with their quote and documentation of understanding the vendor must submit the documentation of certification to work on the subject services. Clarity and completeness of quotes are of the utmost importance. Therefore, quotes must be organized in a practical, clear and concise manner. For a response to this solicitation to be considered complete Offers must comply with the following requirements: The Offeror shall provide authorized letter from the Original Equipment Manufacturer (OEM), and materials necessary to perform installation and support on the LYNX Duress & Dispatch Communication Application at the VA Pittsburgh Healthcare System (VAPHS) and VAPHS Heinz Campus Community Living Center. The Offeror is required to have the technical skills to maintain and support the LYNX Duress System listed in the Statement of Work. The Offeror is requested to provide a Base Year plus four (4) Option Year price. Evaluation Criteria Award for this requirement will be made to the offeror who proposes the lowest price technically acceptable to the Government. To be Technically Acceptable must be capable of working on the equipment listed in the SOW as demonstrated by their training documents. A review will be conducted. The Department of Veterans Affairs (DOVA) will award to the offeror proposing the best value to the Government, price and other factors considered. The evaluation matrix is as follows but not limited to: 1. Letter from Original Equipment Manufacturer (OEM), authorizing the Offeror to provide the supply/service The DOVA will evaluate quotes for award purposes by adding the total price of all Base and Option amounts for each CLIN. Evaluation of options will not obligate the DOVA to exercise the option(s). All optional services must be priced for the proposal to be evaluated. The DOVA may reject a quote as non-responsive if it is materially unbalanced as to price for the base year requirement in relationship to the option years. A quote is unbalanced when it is based on prices significantly less for some work and significantly overstated for other work, or the prices do not reflect market value. Quoters must provide a copy of the authorized distributor letter to verify that they are an authorized distributor. The full text of FAR provisions or clauses may be accessed electronically at http://acquisition.gov/comp/far/index.html. The following solicitation provisions apply to this acquisition: FAR 52.212-1, Instructions to Offerors Commercial Items (Jan 2017) Addendum: (a) Gray market items are Original Equipment Manufacturer s (OEM) goods sold through unauthorized channels in direct competition with authorized distributors. This procurement is for new OEM medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts) for VA Medical Centers. No remanufactures or gray market items will be acceptable. (b) Vendor shall be an OEM, authorized dealer, authorized distributor or authorized reseller for the proposed medical supplies, medical equipment and/or services contracts for maintenance of medical equipment (i.e. replacement parts), verified by an authorization letter or other documents from the OEM, such that the OEM s warranty and service are provided and maintained by the OEM. All software licensing, warranty and service associated with the medical supplies, medical equipment and/or services contracts for maintenance of medical equipment shall be in accordance with the OEM terms and conditions. (c) The delivery of gray market items to the VA in the fulfillment of an order/award constitutes a breach of contract. Accordingly, the VA reserves the right to enforce any of its contractual remedies. This includes termination of the contract or, solely at the VA s election, allowing the Vendor to replace, at no cost to the Government, any remanufactured or gray market item(s) delivered to a VA medical facility upon discovery of such items. FAR 52.212-3, Offerors Representations and Certifications Commercial Items (Nov 2017) Offerors must complete annual representations and certifications on-line at http://orca.bpn.gov in accordance with FAR 52.212-3, Offerors Representations and Certifications Commercial Items. and its quote if it has not been completed on SAM.gov. The following contract clauses apply to this acquisition: FAR 52.212-4, Contract Terms and Conditions Commercial Items (Jan 2017) FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders (Nov 2017) The following subparagraphs of FAR 52.212-5 are applicable: 52.219-6 Notice of Total Small Business Set-Aside (Nov 2011) (15 U.S.C. 644) 52.222-3 Convict Labor (Jun 2003) (E.O. 11755) 52.222-19 Child Labor--Cooperation with Authorities and Remedies (Oct 2016) (E.O. 13126) 52.222-21 Prohibition of Segregated Facilities (APR 2015) 52.222-26 Equal Opportunity (Sep 2016) (E.O. 11246) 52.222-36 Equal Opportunity for Workers with Disabilities (Jul 2014) (29 U.S.C. 793) 52.222-50 Combating Trafficking in Persons (Mar 2015) (22 U.S.C. chapter 78 and E.O. 13627) 52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (Aug 2011) (E.O. 13513) 52.225-3 Buy American--Free Trade Agreements--Israeli Trade Act (May 2014) (41 U.S.C. chapter 83, 19 U.S.C. 3301 note, 19 U.S.C. 2112 note, 19 U.S.C. 3805 note, 19 U.S.C. 4001 note, Pub. L.) 52.225-13 Restrictions on Certain Foreign Purchases (Jun 2008) 52.232-34 Payment by Electronic Funds Transfer--Other than System for Award Management (Jul 2013) (31 U.S.C. 3332) Additional Clauses: 52.202-1 Definitions (Nov 2013) 52.203-7 Anti-kickback Procedures (May 2014) 52.203-17 Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights (Apr 2014) 52.204-19 Incorporation by Reference of Representations and Certifications (Dec 2014) 52.216-24 Limitation of Government Liability (Apr 1984) 52.217-8 Option to Extend Services (Nov 1999) 52.217-9 Option to Extend the Term of the Contract (Mar 2000) 52.225-13 Restrictions on Certain Foreign Purchase (Jun 2008) 52.232-18 Availability of Funds (Apr 1984) 52.232-19 Availability of Funds for the Next Fiscal Year (Apr 1984) 52.232-25 Prompt Payment (Jan 2017) 52.233-3 Protest After Award (Aug 1996) 52.233-4 Applicable Law For Breach of Contract Claim (Oct 2004) 852.203-70 Commercial Advertising (Jan 2008) 852.246-71 Rejected Goods (Oct 2018) 852.203-70 Commercial Advertising (Jan 2008) Additional Provisions: 52.214-21 Descriptive Literature (Apr 2002) 52.219-1 Small Business Program Representations (Oct 2014) 52.225-25 Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran Representation and Certifications (Aug 2018) All Offerors shall submit the following: One (1) copy and must provide a certificate or a letter from the manufacturer, stating that they are a certified reseller. All quotations shall be sent to the Contract Specialist via e-mail, at Daniel.johnson44@va.gov. This is an open-market combined synopsis/solicitation for, BRAND NAME, LYNX Duress System furniture as defined herein.    The government intends to award a purchase order because of this combined synopsis/solicitation that will include the terms and conditions set forth herein. To facilitate the award process, all quotes must include a statement regarding the terms and conditions herein as follows: "The terms and conditions in the solicitation are acceptable to be included in the award document without modification, deletion, or addition." OR "The terms and conditions in the solicitation are acceptable to be included in the award document with the exception, deletion, or addition of the following:" Quoter shall list exception(s) and rationale for the exception(s). Submission shall be received no later than 12:00 P.M. EST, Tuesday, August 30, 2019. Late submissions shall be treated in accordance with the solicitation provision at FAR 52.212-1(f). Only e-mailed quotes will be accepted. Any questions or concerns regarding this solicitation should be forwarded in writing via e-mail to the Contract Specialist, Daniel Johnson, at Daniel.johnson44@va.gov. Point of Contact Daniel Johnson Contract Specialist 717-304-9166 Daniel.johnson44@va.gov Statement of Work (SOW) Duress/Mass notification, VAMC Erie, PA Contract Title: Duress/Mass Notification System Background: The Erie VA Police Department is currently looking for a Facility-wide, Network based, Duress and Emergency Notification System. Due to the occasional-dangerous work environment of a medical setting, it has been determined that providing all employees with duress alarms would create a safer work environment. Emergency Notification is also a requirement necessary to alert employees of a potentially dangerous situation. Currently, panic alarms are limited to certain departments. These panic alarm panels have reached their limits and cannot support any more alarms. It has become necessary that the Erie VA look at other avenues to support the need for more duress alarms. Currently, the only Mass Notification System in place consists of the Station Operator putting a message over the loudspeaker. It has become necessary that a new Mass notification system be implemented that will allow for a speedier, more reliable form of notification. Scope This contract will be limited to Erie VAMC, Veterans Center, Lanza Building, Ashtabula CBOC, Crawford CBOC, McKean CBOC, Venango CBOC and Warren CBOC s. This contract will cover installations to include turn-key server PC with software, computer, licenses, and onsite training for dispatchers and Police Services. This installation must provide software that will support 2,000 computers for both duress alarms and mass notification and 750 licenses for the existing computers with the capability to expand as needed. The work to be performed is the installation of the Lynx Guide TAA server model number LYNXS-SW-02 with LYNX-KEYPRO 25 clients each (26), total (750 clients), 20 remote pushbuttons LYNX-N-PB-M AND 7 LYNX-40-31. VAMC Erie OIT will install the Virtual LYNX Dell TAA Server in the VA s IT selected communications room with LYNX (manufacturer) personnel assisting remotely. Erie VAMC OIT will push out the Lynx client software working with Lynx Technical Support Remotely. Training will consist of one day on-site by LYNX once the system is online and in a Pilot Stage. LYNX-SUP-1Y-SSA (Software support) shall be included in the first year after initial setup. Specific Tasks: Job Description: This work will involve a Facility-wide, Network based, Duress and Emergency Notification System. These emergency alarms must instantly alert PCs with PopUps. The Mass notification system must be able to send PopUps to computers, text messages to cell phones, pagers and email. The panic alarms must either be network connected or wireless. It is necessary that staff be responsible to test their panic alarm monthly and that testing reminders popup when the user logs in. Workstation Operation: It is required that the software function allows a user to send messaged from the PC keyboard when the PC is logged ON, OFF, or LOCKED. It requires that the panic alarm be a two-key alarm combination, with red Panic labels included for marking the keyboard. Alarm Testing: It is required that the user of the PC be responsible for testing their panic alarm monthly. It is also required that the system send reminder notifications to ensure testing is completed. Training: It is required that training be provided for all users, programmers/managers, and technical staff. Performance Expectations Upon completion of this project, it is expected that: The new software system will support 750 licenses with the ability for expansion as needed. Panic Alarms are instantly received at the Erie VAMC dispatch center and physical security offices of Police Services. Emergency Notification system can instantly alert PC s and send messages via text, pager and email. Contractor Furnished Property and Supplies The contractor shall furnish and maintain all items and equipment necessary to perform work required by this contract. Government furnished supplies Government will provide computers that will be used at the dispatch center to run the panic alarm/emergency notification system. Personnel Security Requirements All contractor employees who require access to perform services for the Department of Veterans Affairs, 135 East 38th Street, Erie PA. 16504, shall be the subject of favorably adjudicated Special Agreement Check (SAC)- 10 fingerprint check and/or National Agency Check with Written Inquiries (NACI) based on the number of aggregate or consecutive days of required access per year. A. Contractor Responsibilities: The contractor shall prescreen all personnel requiring access to the Medical Center. After contract award and prior to contract performance, the contractor shall submit a letter to the Contracting Officer and Chief of Police providing the following information: List of names of contractor personnel. Social Security Numbers of contractor personnel. Dates of birth of contractor personnel. Current home addresses of contractor personnel. Contractor is responsible to update lists as changes in personnel occur. The contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration to work under the contract. Failure to comply with the contractor personnel security requirements may result in termination of the contract for default. Contractor is required to take privacy training, which will be assigned at the time of award, if on-site training is to be provided. Contractor access will be through web-ex and monitored by IT. B. Government Responsibilities: After receiving and reviewing the contractor s list of employees the VA Police Service will schedule the contractor employees for appropriate PIV processing. Place of Performance: Work will be performed at Veterans Affairs Medical Center,135 East 38th Street, Erie PA. 16504. Other areas requiring access will be discussed upon acceptance of contract. Contractor Personnel Security Requirements: All contractor employees and subcontractor employees requiring unescorted access to VA facilities and/or access to VA Technology resources (network and/or protected data) must complete a Special Agreement Check (SAC) investigation conducted by the FBI National Criminal History Check (NCHC). The following forms are required for a SAC: Fingerprints and OF306 Declaration For Federal Employment. The employee must be fingerprinted as part of the investigation. Electronic fingerprinting can be performed at the VA Pittsburgh Medical Center and will be coordinated through the COR and Human Resources Office. The Contractor shall bear the expense of the background investigation(s), regardless of the final adjudication determination. A Bill of Collections shall be generated by the VA after final adjudication determination has been received. Access to VA Information and VA Information Systems: A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA Information Custodial Language: Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/ subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (I) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/ subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. Security Incident Investigation: The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/ subcontractor considers relevant. Liquidated Damages For Data Breach: Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Training: All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall completethe following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements]. The contractor shall provide to the Contracting Officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within one (1) week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. The Contractor may use the VA Talent Management System (TMS) Managed Self Enrollment (https://www.tms.va.gov/SecureAuth35/) method to complete the training in TMS. The Contracting Officer Representative shall ensure that all contractors are validated in the PIH domain. Contractor Rules Of Behavior: This User Agreement contains rights and authorizations regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the Department of Veterans Affairs (VA). This User Agreement covers my access to all VA data whether electronic or hard copy ("Data"), VA information systems and resources ("Systems"), and VA sites ("Sites"). This User Agreement incorporates Rules of Behavior for using VA, and other information systems and resources under the contract. General Terms and Conditions For All Actions And Activities Under The Contract: a. I understand and agree that I have no reasonable expectation of privacy in accessing or using any VA, or other Federal Government information systems. b. I consent to reviews and actions by the Office of Information & Technology (OI&T) staff designated and authorized by the VA Chief Information Officer (CIO) and to the VA OIG regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. These actions may include monitoring, recording, copying, inspecting, restricting access, blocking, tracking, and disclosing to all authorized OI&T, VA, and law enforcement personnel as directed by the VA CIO without my prior consent or notification. c. I consent to reviews and actions by authorized VA systems administrators and Information Security Officers solely for protection of the VA infrastructure, including, but not limited to monitoring, recording, auditing, inspecting, investigating, restricting access, blocking, tracking, disclosing to authorized personnel, or any other authorized actions by all authorized OI&T, VA, and law enforcement personnel. d. I understand and accept that unauthorized attempts or acts to access, upload, change, or delete information on Federal Government systems; modify Federal government systems; deny access to Federal government systems; accrue resources for unauthorized use on Federal government systems; or otherwise misuse Federal government systems or resources are prohibited. e. I understand that such unauthorized attempts or acts are subject to action that may result in criminal, civil, or administrative penalties. This includes penalties for violations of Federal laws including, but not limited to, 18 U.S.C. §1030 (fraud and related activity in connection with computers) and 18 U.S.C. §2701 (unlawful access to stored communications). f. I agree that OI&T staff, in the course of obtaining access to information or systems on my behalf for performance under the contract, may provide information about me including, but not limited to, appropriate unique personal identifiers such as date of birth and social security number to other system administrators, Information Security Officers (ISOs), or other authorized staff without further notifying me or obtaining additional written or verbal permission from me. g. I understand I must comply with VA s security and data privacy directives and handbooks. I understand that copies of those directives and handbooks can be obtained from the Contracting Officer's Technical Representative (COTR). If the contractor believes the policies and guidance provided by the COTR is a material unilateral change to the contract, the contractor must elevate such concerns to the Contracting Officer for resolution. h. I will report suspected or identified information security/privacy incidents to the COTR and to the local ISO or Privacy Officer as appropriate. GENERAL RULES OF BEHAVIOR: a. Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job. b. The following rules apply to all VA contractors. I agree to: (1) Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract. (2) Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions. (3) I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment. I must ensure that the system meets all applicable 6500 Handbook requirements for OE. (4) Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract. (5) Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee. (6) Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply. (7) Grant access to systems and information only to those who have an official need to know. (8) Protect passwords from access by other individuals. (9) Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the particular system in question. (10) Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. (11) Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR s orders. (12) Ensure that the COR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information through the use of any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs. (13) Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COR. (14) Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COR. (15) Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA. (16) Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COR. (17) Understand that restoration of service of any VA system is a concern of all users of the system. (18) Complete required information security and privacy training, and complete required training for the particular systems to which I require access. ADDITIONAL CONDITIONS FOR USE OF NON- VA INFORMATION TECHNOLOGY RESOURCES a. When required to complete work under the contract, I will directly connect to the VA network whenever possible. If a direct connection to the VA network is not possible, then I will use VA approved remote access software and services. b. Remote access to non-public VA information technology resources is prohibited from publicly-available IT computers, such as remotely connecting to the internal VA network from computers in a public library. c. I will not have both a VA network line and any kind of non-VA network line including a wireless network card, modem with phone line, or other network device physically connected to my computer at the same time, unless the dual connection is explicitly authorized by the COR. d. I understand that I may not obviate or evade my responsibility to adhere to VA security requirements by subcontracting any work under any given contract or agreement with VA, and that any subcontractor(s) I engage shall likewise be bound by the same security requirements and penalties for violating the same. Additional Security Requirement: HIPAA focused training prior to the performance of the contract and annually thereafter. Training must be completed in VA s TMS system (https://www.tms.va.gov/) or via hard copy training documents. Point-of-Contact: POC: TBA Phone Number: TBA Email: TBA NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (26-AUG-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link To Document
(https://www.fbo.gov/spg/VA/PiVAMC646/PiVAMC646/36C24419Q1110/listing.html)
 
Place of Performance
Address: Department of Veterans Affairs;Erie VA Medical Center;135 East 38th Street;Erie, PA
Zip Code: 16504
Country: U.S.A.
 
Record
SN05418490-F 20190828/190826230038 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.