SAMDaily.us | SRCSGT | Q | Lease, Install and maintain ScrubEx LV and alEx machines at the Department of Veterans Affairs, Washington DC Medical Center on 50 Irving St, NW Washington, DC 20422.

SAMDAILY.US - ISSUE OF DECEMBER 07, 2019 SAM #6582
SOURCES SOUGHT

Q -- Lease, Install and maintain ScrubEx LV and alEx machines at the Department of Veterans Affairs, Washington DC Medical Center on 50 Irving St, NW Washington, DC 20422.

Notice Date: 12/5/2019 11:09:18 AM
Notice Type: Sources Sought
NAICS: 561210 — Facilities Support Services
Contracting Office: 245-NETWORK CONTRACT OFFICE 5 (36C245) LINTHICUM MD 21090 USA
ZIP Code: 21090
Solicitation Number: 36C24520Q0110
Response Due: 12/12/2019 8:59:59 PM
Archive Date: 01/11/2020
Point of Contact: Department of Veterans AffairsJerry Jones, Contract SpecialistEmail: Jerry.Jones6@va.govPerry Point VA Medical CenterP.O. Box 1000, Building 101, Room 41Perry Point MD 21902
E-Mail Address: Jerry.Jones6@va.gov
(Jerry.Jones6@va.gov)
Awardee: null
Description: THIS REQUEST FOR INFORMATION (RFI/SOURCES SOUGHT IS ISSUED SOLELY FOR INFORMATION AND PLANNING PURPOSES AND DOES NOT CONSTITUTE A SOLICITATIONTHE SUBMISSION OF PRICING, CAPABILITIES FOR PLANNING PURPOSES AND OTHER MARKET INFORMATION IS HIGHLY ENCOURGAGED AND ALLOWED UNDER THIS RFI IN ACCORDANCE WITH FAR15.201(e).DISCLAIMER:This RFI is issued solely for information and planning purposes and does not constitute a solicitation. Neither unsolicited proposals nor any other kind of offers will be considered in response to this RFI. IAW Far 15.201(e), responses to this notice are not offers and will not be accepted by the government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. At this time, questions concerning the composition and requirements for a future RFP will not be entertained.SOURCES SOUGHT DESCRIPTIONThis is NOT a solicitation announcement. This is a sources sought/RFI only. The purpose of this sources sought/RFI is to gain knowledge of potential qualified sources and their size classification relative to NAICS 561621 (size standard of 20.5 million). Responses to the Sources Sought will be used by the government to make appropriate acquisition decisions. After review of the responses to this sources sough, a solicitation announcement may be published. Responses to this Sources Sought synopsis are not considered adequate responses for a solicitation announcement.The Department of Veterans Affairs (VA), NCO 05 Network Contracting Office, is seeking sources that can complete the requirements for fire extinguisher inspections and maintenance at the VA DC Medical Center.The information identified is intended to be descriptive, not restrictive and to indicate the quality of supplies/services that will be satisfactory. It is the responsibility of the interested source to demonstrate to the government that the interested parties can provide the supplies/services that fulfill the required specifications.If you are interested and capable of providing the sought services/supplies, then please provide the requested information as well as the information indicated below. Responses to this notice should include:Company name, address, and point of contactAny small business designation as certified by the Small Business Administration, size of business pursuant to the RFI.A thorough description of experience managing requirements of this nature.1). Please indicate the size status and representations of your business, such as, but not limited to: SDVOSB, VOSB, Hub-zone, Woman owned Small Business (WOSB), etc.2). Is your company considered to be a small business under the NAICS code identified for this RFI?3). Are you a manufacturer, distributor, or an equivalent solution to the items being referenced?4). If you are a large business, do you have any designated distributors? If so, please provide the company names, telephone numbers, points of contact and size status.5). If you intend to sub-contract any work of the contract, what portion of the total cost will be self-performed? Please provide estimated detailed percentage breakdowns related to sub-contracted work and completion of the job.6). Does your company have an FSS contract with GSA or the NAC, or a NSA SEWP or any other federal contract? Please proved the contract number and any items/solutions available on your schedule/contract.7). General pricing of your products, solution to the calibration of the listed audiology equipment is encouraged. Pricing will be used for market research only. It will not be used to evaluate for any award.8). Please submit your capabilities and any information needed to establish capabilities for planning purposes.9). Please provide your DUNS number.CONTACT INFORMATION; Responses to this notice and any questions related to this RFI shall be directed to Jerry Jones at Jerry.Jones6@va.gov. All information regarding capabilities or proprietary information relative to this RFI shall be submitted via email to Jerry.Jones6@va.gov. Telephone questions will not be accepted. Responses must be received by no later than C.O.B. 12-09-2019. If a solicitation is issued, it shall be announced separately from the responses to the Sources Sought. Responses to this Sources Sought notice are not a request to be added to a prospective bidders list or to receive a copy of the solicitation.GENERAL INFORMATION Title of Project: Audiology Equipment calibration and maintenance at the Washington D.C. VA Medical Center (DCVAMC).STATEMENT OF WORKSCOPE OF WORK: The Contractor shall provide all labor, personnel, equipment, tools, materials, supervision and other items and services necessary to calibrate, per manufacturer s requirements, the below equipment. Contractor shall provide certifications of calibrations for each unit with the serial number of the unit on the calibration certificate. Contractor shall provide proof of training and credentials to appropriately complete this work. This work is to be done in the designated calibration month. The vendor shall replace parts and make adjustments as needed to ensure the devices are calibrated. The cost of parts and labor will not exceed the amount quoted. Equipment to be calibrated:Brief Description of ServiceTotal Devicescalibration of audioscan verifit6calibration of frye f80002calibration of audioscan verifit 26calibration of madsen asteras10calibration of madsen asteras (HF)10calibration of otoflex9calibration of maico ma412Certification of IAC1Calibration of GSI Audiostar Pro4Calibration of GSI TympstarV23OAE Calibration of Beltone Scout1Sound Room Certification of Eckel Booth7Sound Room Certification of Whisper Room SE2001Calibration of Tympstar Pro5ABR Claibraiton of Interacoustics EP254OAE Calibration of Interacoustics EP2531. EQUIPMENT:The contractor shall provide all tools and equipment necessary to properly and safely perform the services set forth within this statement of work. This shall include, but is not limited, to all Personal Protective Equipment (PPE) which may be required for the work to be completed in a safe manner.2. AREAS TO BE SERVICED:Washington DC VAMC50 Irving Street NWWashington, DC 204223. TASK FREQUENCY AND INSTRUCTIONS:This will be a single visit, be it a single day or multiple days, at the facility for a period sufficient to complete the work set forth in the scope of work. This visit is to be scheduled in advance with the DC VAMC s Biomedical Engineering department. Contractor shall check in with Biomedical Engineering prior to visiting the worksite. Service report shall be provided within 5 business days of work completion. Contractor shall submit all removable media to be used on a VA system to Biomedical Engineering for scanning with anti-virus software prior to use on the system. In the case of equipment turn-in, exchange, repair or replacement hard drives used by the VA shall be removed from the equipment and remain in possession of VA this includes loaned or rented equipment.4. SPECIAL WORK REQUIREMENTS:None.PROPERTY DAMAGE:The contractor shall take all necessary precautions to prevent damage to any government property. The contractor shall report any damages immediately and shall be assessed current replacement costs for property damaged by the contractor, unless corrective action is taken. Any damaged material (i.e., trees, shrubs, lawn/turf, curbs, gutters, sidewalks, etc.) will be replaced in a timely manner or corrected by the contractor with like materials, at no extra cost to the government, upon approval of the Contracting Officer.6. ATTACHMENTS:None.7. IDENTIFICATION, PARKING, SMOKING, CELLULAR PHONE USE AND VA REGULATIONS: The contractor's employees will wear visible identification at all times while on the premises of the VA property. It is the responsibility of the contractor to park in the appropriate desig nated park ing areas. Information on parking is available from the VA Police-Security Service. The VA will not invalidate or make reimbursement for parking viola tions of the con tractor under any con ditions. Smoking is prohibited inside any buildings at the VA. Cellular phones and two-way radios are not to be used within six feet of any medical equipment. Posses sion of weapons is prohibited. Enclosed containers, including tool kits, shall be sub ject to search. Violations of VA regulations may result in a citation answer able in the United States (Federal) Dis trict Court, not a local district state, or municipal court.8. COMPLIANCE WITH OSHA BLOODBORNE PATHOGENS STANDARD: The contractor shall comply with the Federal OSHA Bloodborne Pathogens Standard. The contractor shall: A. Have methods by which all employees are educated as to risks associated with bloodborne pathogens. B. Have policies and procedures which reduce the risk of employee exposure to bloodborne pathogens. C. Have mechanisms for employee counseling and treatment following exposure to bloodborne pathogens. D. Provide appropriate personal protective equipment/clothing such as gloves, gowns, masks, protective eyewear, mouthpieces for the employee during performance of the contract.9. SECURITY CLAUSESSUBPART 839.2 INFORMATION AND INFORMATION TECHNOLOGY SECURITY REQUIREMENTS839.201 Contract clause for Information and Information Technology Security:a. Due to the threat of data breach, compromise or loss of information that resides oneither VA-owned or contractor-owned systems, and to comply with Federal laws andregulations, VA has developed an Information and Information Technology Security clause to be used when VA sensitive information is accessed, used, stored, generated, transmitted, or exchanged by and between VA and a contractor, subcontractor or a third party in any format (e.g., paper, microfiche, electronic or magnetic portable media).b. In solicitations and contracts where VA Sensitive Information or Information Technology will be accessed or utilized, the CO shall insert the clause found at 852.273-75, Security Requirements for Unclassified Information Technology Resources. 852.273-75 - SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATIONTECHNOLOGY RESOURCES (INTERIM- OCTOBER 2008)As prescribed in 839.201, insert the following clause:The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. GENERALContractors, contractor personnel, subcontractors, and subcontractor personnel shall besubject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. D. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMSa) A contractor/subcontrator shall request logical (technical) or physical access to VAinformation and VA information systems for their employees, subcontractors, and affiliates onlyto the extent necessary to perform the services specified in the contract, agreement, or taskorder.b) All contractors, subcontractors, and third-party servicers and associates working withVA information are subject to the same investigative requirements as those of VA appointeesor employees who have access to the same types of information. The level and process ofbackground security investigations for contractors must be in accordance with VA Directiveand Handbook 0710, Personnel Suitability and Security Program. The Office for Operations,Security, and Preparedness is responsible for these policies and procedures.c) Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness.d) Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor.e) The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notifiedimmediately by the contractor or subcontractor prior to an unfriendly termination.E. VA INFORMATION CUSTODIAL LANGUAGEInformation made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1).b) VA information should not be co-mingled, if possible, with any other data on thecontractors/subcontractor s information systems or media storage systems in order to ensureVA requirements related to data protection and media sanitization can be met. If co-minglingmust be allowed to meet the requirements of the business need, the contractor must ensurethat VA s information is returned to the VA or destroyed in accordance with VA s sanitizationrequirements. VA reserves the right to conduct on site inspections of contractor andsubcontractor IT resources to ensure data security controls, separation of data and job duties,and destruction/media sanitization procedures are in compliance with VA directiverequirements.c) Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract.d) The contractor/subcontractor must receive, gather, store, back up, maintain, use,disclose and dispose of VA information only in compliance with the terms of the contract andapplicable Federal and VA information confidentiality and security laws, regulations andpolicies. If Federal or VA information confidentiality and security laws, regulations and policiesbecome applicable to the VA information or information systems after execution of thecontract, or if NIST issues or updates applicable FIPS or Special Publications (SP) afterexecution of this contract, the parties agree to negotiate in good faith to implement theinformation confidentiality and security laws, regulations and policies in this contract.e) The contractor/subcontractor shall not make copies of VA information except asauthorized and necessary to perform the terms of the agreement or to preserve electronicinformation stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed.f) If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12.g) If a VHA contract is terminated for cause, the associated BAA must also be terminatedand appropriate actions taken in accordance with VHA Handbook 1600.01, BusinessAssociate Agreements. Absent an agreement to use or disclose protected health information,there is no business associate relationship.h) The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated.i) The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request.j) Except for uses and disclosures of VA information authorized by this contract forperformance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response.k) Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drugaddiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with humanimmunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or otherrequests for the information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response.l) For service that involves the storage, generating, transmitting, or exchanging of VAsensitive information but does not require C&A or an MOU-ISA for system interconnection, thecontractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) ona yearly basis and provide it to the COR.D. INFORMATION SYSTEM DESIGN AND DEVELOPMENT: N/AE. INFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USE: N/AF. SECURITY INCIDENT INVESTIGATIONa) The term security incident means an event that has, or could have, resulted inunauthorized access to, loss or damage to VA assets, or sensitive information, or an actionthat breaches VA security procedures. The contractor/subcontractor shall immediately notifythe COTR and simultaneously, the designated ISO and Privacy Officer for the contract of anyknown or suspected security/privacy incidents, or any unauthorized disclosure of sensitiveinformation, including that contained in system(s) to which the contractor/subcontractor hasaccess.b) To the extent known by the contractor/subcontractor, the contractor/subcontractor snotice to VA shall identify the information involved, the circumstances surrounding the incident(including to whom, how, when, and where the VA information or assets were placed at risk orcompromised), and any other information that the contractor/subcontractor considers relevant.c) With respect to unsecured protected health information, the business associate isdeemed to have discovered a data breach when the business associate knew or should haveknown of a breach of such information. Upon discovery, the business associate must notifythe covered entity of the breach. Notifications need to be made in accordance with theexecuted business associate agreement.d) In instances of theft or break-in or other criminal activity, the contractor/ subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident.G. LIQUIDATED DAMAGES FOR DATA BREACHa) Consistent with the requirements of 38 U.S.C. �5725, a contract may require access tosensitive personal information. If so, the contractor is liable to VA for liquidated damages inthe event of a data breach or privacy incident involving any SPI the contractor/subcontractorprocesses or maintains under this contract.b) The contractor/subcontractor shall provide notice to VA of a security incident as setforth in the Security Incident Investigation section above. Upon such notification, VA mustsecure from a non-Department entity or the VA Office of Inspector General an independent riskanalysis of the data breach to determine the level of risk associated with the data breach forthe potential misuse of any sensitive personal information involved in the data breach. Theterm 'data breach' means the loss, theft, or other unauthorized access, or any access otherthan that incidental to the scope of employment, to data containing sensitive personalinformation, in electronic or printed form, that results in the potential compromise of theconfidentiality or integrity of the data. Contractor shall fully cooperate with the entityperforming the risk analysis. Failure to cooperate may be deemed a material breach andgrounds for contract termination.c) Each risk analysis shall address all relevant information concerning the data breach,including the following:(1) Nature of the event (loss, theft, unauthorized access);(2) Description of the event, including:(a) date of occurrence;(b) data elements involved, including any PII, such as full name, social security number,date of birth, home address, account number, disability code;(3) Number of individuals affected or potentially affected;(4) Names of individuals or groups affected or potentially affected;(5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text;(6) Amount of time the data has been out of VA control;(7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons);(8) Known misuses of data containing sensitive personal information, if any;(9) Assessment of the potential harm to the affected individuals;(10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and(11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised.d) Based on the determinations of the independent risk analysis, the contractor shall beresponsible for paying to the VA liquidated damages in the amount of $______ per affectedindividual to cover the cost of providing credit protection services to affected individualsconsisting of the following:(1) Notification;(2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports;(3) Data breach analysis;(4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution;(5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and(6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.H. SECURITY CONTROLS COMPLIANCE TESTING: N/AI. TRAININGa) All contractor employees and subcontractor employees requiring access to VAinformation and VA information systems shall complete the following before being granted access to VA information and its systems:(1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems;(2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training;(3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and(4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.]b) The contractor shall provide to the contracting officer and/or the COTR a copy of thetraining certificates and certification of signing the Contractor Rules of Behavior for eachapplicable employee within 1 week of the initiation of the contract and annually thereafter, as required.c) Failure to complete the mandatory annual training and sign the Rules of Behaviorannually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.
Web Link: SAM.gov Permalink
(https://beta.sam.gov/opp/de9da9f63b034583b4e03743ab4324f6/view)
Place of Performance: Address: Dept of Veterans Affairs;Washington DC Medical Center;50 Irving St, NW;Washington, DC 20422 20422, USA; Zip Code: 20422; Country: USA
Record: SN05510475-F 20191207/191205230249 (samdaily.us)
Source: SAM.gov Link to This Notice
(may not be valid after Archive Date)

| FSG Index | This Issue's Index | Today's SAM Daily Index Page |

Loren Data's SAM Daily™

Q -- Lease, Install and maintain ScrubEx LV and alEx machines at the Department of Veterans Affairs, Washington DC Medical Center on 50 Irving St, NW Washington, DC 20422.