Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JUNE 26, 2020 SAM #6784
SOLICITATION NOTICE

S -- FY21: NF/SG Regulated Medical Waste Base + 4

Notice Date
6/24/2020 10:53:21 AM
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
562112 — Hazardous Waste Collection
 
Contracting Office
248-NETWORK CONTRACT OFFICE 8 (36C248) TAMPA FL 33637 USA
 
ZIP Code
33637
 
Solicitation Number
36C24820Q0800
 
Response Due
7/2/2020 10:00:00 AM
 
Archive Date
09/30/2020
 
Point of Contact
Daniel Dove, Contracting Officer, Department of Veterans Affair, Phone: 352-381-5704
 
E-Mail Address
daniel.dove@va.gov
(daniel.dove@va.gov)
 
Small Business Set-Aside
SDVOSBC Service-Disabled Veteran-Owned Small Business (SDVOSB) Set-Aside (FAR 19.14)
 
Awardee
null
 
Description
36C24820Q0800 NF/SG VHS Regulated Medical Waste Services Amendment 0002 Revised SOW and Security Requirements The following changes have been made to this Solicitation: Section B.3 of the solicitation has been replaced as follows in, to correct the required container sizes for the Tallahassee HCC. Section B.4, Contract Security Requirements, has been added to the solicitation as follows. The due date for quotes has been changed to 07/02/2020 at 1:00 PM EST. There are no further changes. Please acknowledge this and all other amendments on page 3 of your submitted quote(s). B.3 STATEMENT OF WORK Qualification: Vendor must be licensed/ permitted in the State of Florida for Infectious Waste handling, transport, and incineration disposal. GENERAL REQUIREMENTS The vendor shall furnish all labor, equipment, containers appropriately labeled (except for Government-furnished ""Sharps"" needle containers), supplies, materials, transportation and supervision required to provide pick-up, transport, incineration and/or Autoclave of biohazard medical waste, and Government ""Sharps"" containers, from the Veterans Affairs Medical Center (henceforth referred to as ""VA"") medical facilities. Contract period is for one 1-year base period, with four 1-year renewal option periods in accordance with the terms and conditions defined herein response, for the following locations: Malcom Randall VAMC 1601 SW Archer Rd, Gainesville, FL 32608-1197 Dermatology Clinic, 5571 SW 64th St. Gainesville, FL 32608 Pain Clinic, 3401 NW 98th St., Gainesville, FL 32606 Jacksonville VA University, Buildings 100 & 200, Memorial Health Plaza, 3901 University Blvd South Jacksonville, FL 32216, Jacksonville Outpatient Clinic (OPC) 1536 North Jefferson St. Jacksonville, FL 32209 Jacksonville VA South Point, 6900 Southpoint Drive North, Jacksonville, FL 32216 Lake City VAMC, 619 S. Marion Avenue, Lake City, FL 32025-5808 Lake City Commerce Clinic, 484 SW Commerce Drive, Lake City, FL 32025 Marianna CBOC, 4970 Highway 90, Marianna, FL 32446 Middleburg VA Clinic, 400 College Drive, Suite 200, Middleburg, FL 32068 Ocala Community Based Outpatient Clinic (CBOC) 1515 E. Silver Springs Blvd., Ocala FL 34470 Palatka Community Based Outpatient Clinic (CBOC), 400 North State Road 19, Suite 48, Palatka FL, 32177 Perry CBOC, 1224 North Peacock Ave., Perry, FL 32347 St. Augustine CBOC, 195 Southpark Blvd, St. Augustine, FL 32086 St. Marys CBOC, 2603 Osborne Rd Suite E, St. Marys, FL 31558 Tallahassee Health Care Center (THCC), 2181 East Orange Avenue, Tallahassee, FL 32311 Valdosta VA Clinic, 348B Enterprise Drive, Valdosta, GA31601 The Villages OPC, 8900 SE 165th Mulberry Lane, The Villages, FL 32126 Waycross CBOC, 515 South City Blvd, Waycross, GA 31501. The vendor shall treat and/or dispose of bio-hazardous medical waste in accordance with State and Federal (U.S. Environmental Protection Agency - EPA) guidelines, VA infectious medical waste requirements, and all other Federal, State and local regulations. The vendor will maintain all necessary medical waste permits and licenses for the disposal and treatment of such waste. The vendor will also have an assigned U.S. Environmental Protection Agency (EPA) authorization and identification number, necessary Department of Transportation permits, including insurance prior to transport and/or disposal of subject waste. If the vendor requires additional information, they may contact U.S. EPA regional office. The following links are guidelines for the regulations that must be adhere to: EPA guidelines - http://www.epa.gov/reg3wcmd/medical_waste.htm FL State Regulations-https://www.flrules.org/ Green initiatives regarding sustainability in Executive Order 13514. An example of this would be the treatment of medical waste by thermal oxidation which destroys infectious organisms and reduces the solid waste volume by more than (95%) ninety five percent. The reduction of the material and its transport greatly reduces the impact on the environment from truck exhaust in that there are fewer trips made to remove the same amount of material, as opposed to alternative autoclave technology. Thermal oxidation produces residual materials in solid, liquid and gaseous forms. The residual end product in the solid form is an unrecognizable fine ash and spent treatment material from the air pollution control system. This solid residue is non-hazardous and is compatible for the landfill. Veterans Affairs/federal government may ask for proof that this requirement is being met (""cradle to grave""). Copy of all licenses shall be provided to Contracting Officer upon contract award. DEFINITIONS: BIOHAZARD MEDICAL WASTE: Blood saturated dressings, etc. from VA facility, packed and tied in leak-proof ""RED BAGS "". Liquid or semi-liquid blood or other potentially infectious materials (OPIM) Items contaminated with blood or OPIM which would release substances in a liquid or semi-liquid state if compressed. Items that are caked with dried blood or OPIM and are capable of releasing these materials during handling. Pathological and Laboratory wastes, also including blood tubes, needles, urine cup lids, syringes, blood tubes, scalpels, or other OPIM. DISPOSAL AND SANITATION REQUIREMENTS: Vendor will employ the best environmentally sound methods of treating and destruction of wastes such as incineration and recycling or any other acceptable methods, in accordance with EPA and industry standards. Disposal shall be performed in such a manner as not to create conditions detrimental to public health or to constitute a public nuisance. The pick-up area where containers are placed shall be maintained in a clean, orderly, sanitary condition. Particular attention shall be paid to the prompt cleanup of oil and/or grease spills, either generated from the vehicles used to haul containers or because of container leakage. CONTAINERS: The vendor will provide, as part of the unit prices stated in Schedule of Supplies/Services, to include one closed roll off, top load capable container each to the Malcom Randall VAMC and Lake City VAMC (addresses listed above), and appropriate containers/ totes and red bags to the other listed sites. Inspection for leaks will be performed routinely by the COR. If during the contract period, VA determines that the condition of any supplies by the vendor constitutes a hazard to the health, safety or welfare of VA employees, patients, or the general community, the vendor will immediately, upon receiving notice of such determination, by the contracting officer or COR, remove the supplies from the VA installation and shall immediately replace it with supplies which are approved by the VA facility. DOCUMENTATION: The ""manifest"" is a form entitled ""Hazard Waste Hauling Record & Certificate of Destruction"" which is used to track the subject waste from the point of generation to the designated disposal location. Once the material has reached the disposal facility, a copy of the manifest and certificate of destruction shall be provided to the Contracting Officer/ COR or designated representative, confirming that the material has been properly handled and disposed. The Contracting Officer/ COR shall be provided a manifest for each pick-up, certifying the number of containers, types of waste picked up / removed, and transported from the VA. The certificate of destruction form will contain date, location, weight, and method of destruction and/or disposal. VA will keep its copy on file in accordance with agency guidelines point of generation to the designated disposal location. Monthly Report: The vendor will also provide, in accordance with applicable regulation, a detailed daily activity statement which shows in columnar form information including, but not limited to, the service date, roll offs weight (in pounds), invoice numbers, manifest, certificate of destruction, and other important data. This tracking document shall be provided to the CO /COR in-charge of the facility on a monthly basis (no later than 15 days after the previous month: Example March statement due by April 15), along with invoice. CO /COR name, telephone number and address will be provided to the vendor at the time of award. Weighing System: The vendor will provide a certifiable weighing system to enable proper billing for ""tare weight"" waste poundage disposed, i.e., if the disposal container weighs 10 pounds and the Contractor is to dispose of 10 containers, each container shall be weighed and container total weight (100) pounds is subtracted from the gross container weight to determine the total waste poundage to be paid. SAFETY TRAINING: Upon contract award and once a year thereafter, the vendor will provide an in-service training session to key VA personnel at each location on bow to identify and handle infectious waste' with special emphasis on ""Right to Know"" compliance, proper sealing of regulated medical waste' for disposal purposes, manifest, weights, etc. Training will be provided during the 1st quarter of the contract. Date will be announced by the COR. Training at the Medical Center location will require multiple sessions (up to four on the same day or alternate days to accommodate all employees) to ensure all three (1st, 2nd, 3rd) shifts are accurately trained. The vendor will comply with the EPA and appropriate state regulations on workers' safety standards and related training. Vendor's personnel involved in the performance of this contract shall have received training regarding the handling of infectious materials, and emergency procedures to be followed in case of a spill. FEDERAL HOLIDAYS: VA observed Federal Holidays are: New Year's Day Martin Luther King Jr.'s Holiday Presidents Day Memorial Day Independence Day Labor Day Columbus Day Veterans Day Thanksgiving Day Christmas Day SERVICE HOURS: The Vendor's services will take place during regular business hours, which are from 6:00 a.m. to 6:30 p.m., as determined by the needs for operation of the facilities or the CO/ COR. Should the day for pick up fall on a holiday, pick-up is to take place on the next regularly scheduled workday. Example: If the holiday falls on a Monday, then pick-up will take place on Tuesday (after the Holiday). DRIVERS: The VA reserves the right to inspect the drivers' licenses and driving records and other qualifications of employees as to capabilities of performing the duties necessary to assure acceptable standards of performance subsequent to award of contract. A copy of driver license and insurance shall be provided to the CO/COR to maintain on record at the Malcom Randall VA, Gainesville, Florida. EVIDENCE OF INSURANCE COVERAGE: Before award of a contract, the vendor will furnish to the Contracting Officer, a Certificate of Insurance which will contain an endorsement to the effect that cancellation of, or any material change in, the policies which adversely affect the interests of the Government in such insurance shall not be effective unless a 30 day written notice of cancellation or change is furnished to the Contracting Officer. INVOICE/PAYMENT: All bills for services incurred under this contract shall be sent to Accounts Payable, Environmental Management Service (137), and VA Medical center, located at 1601 SW Archer Rd., Gainesville, Florida, 32608. All invoices shall identify the proper contract number with the appropriate purchase order, total weights, tons, invoice numbers, and location assigned for each fiscal year and the tax 'identification number. Failure to do so could result in a delay of payment. All invoices will be submitted through the OB-10/Tungsten system and payment transaction through IPPS (invoice payment processing system) according to the prompt payment act. DESIGNATION OF CONTRACTING OFFICER'S TECHNICAL REPRESENTATIVE (COR) A Contracting Officer Representative (COR) of the Contracting Officer (COR) will be designated to represent the Contracting Officer in furnishing technical guidance and advice under this contract. The foregoing is not to be construed as authorization to interpret or furnish advice and information to Contractor relative to the financial or legal aspects of the contract. Those matters are the responsibility of the Contracting Officer and shall not be delegated. SCHEDULE OF SERVICES: Location Size Qty Frequency Est. Total Pounds/Month Malcom Randall VAMC 1601 SW Archer Rd Gainesville, FL 32608 38 cubic yards Chemo Trace Boxes 1 Pull Tues, Thurs & Sat Incinerate Tues & Fri 27800 Dermatology Clinic: 5571 SW 64th St. Gainesville, FL 32608 22-gallon tote 1 case of Bio-hazard bags 30-gal boxes 3 Once a week 285 Pain Clinic: 3401 NW 98 St. Gainesville FL 32606 22-gallon tote 1 case of Bio-hazard bags 3 - 36 gal containers 1 Once a week 30 Jacksonville VA University: Memorial Health Care Plaza 3901 University Blvd Jacksonville, FL 32216 Buildings 100 & 200 96-gallon tote / 2 per site 1 Case of Bio- hazard bags 6 Once a month 125 Jacksonville OPC: 1536 North Jefferson St. Jacksonville, FL 32209 Multiple sizes and quantities Est. 30 Once a week 2650 Jacksonville VA South Point 6900 Southpoint Drive North Jacksonville, FL 32216 96-gallon container 3 28-gallon containers 1 3 Once a month 175 Lake City VAMC 619 S. Marion Ave Lake City, FL 32025-5808 38 cubic yards Chemo Pill Wrappers 1 Once a week- Friday Incinerate -4th Thurs 4100 Lake City Commerce Clinic 484 SW Commerce Drive Lake City, FL 32025 96-gallon containers 2 Once a month 75 Marianna CBOC 4970 Highway 90 Marianna, FL 32446 22-gallon tote 1 case of Bio-hazard bags 3 Once a week 40 Middleburg VA Clinic 400 College Drive, Suite 200 Middleburg, FL 32068 TBD New Location Schedule to open August 2020 Once a week 1300 Ocala CBOC: 1515 E. Silver Springs Blvd. Ocala FL 34470 Suites 225, 226, 113-115 (2) per site. 22-gallon tote 1 Case of Bio- hazard bags 22 - 36 gal boxes 6 Once a week 500 Palatka CBOC: 400 North State Road 19, Suite 48 Palatka, FL 32177 22-gallon tote 1 Case of Bio- hazard bags 30-gal boxes 5 2 Once a week 250 Perry CBOC 1224 North Peacock Ave. Perry, FL 32347 TBD TBD Once a month 50 St. Augustine CBOC 195 Southpark Blvd St. Augustine, FL 32086 96-gallon containers 2 Once a week 475 St. Marys CBOC 2603 Osborne Rd Suite E St. Marys, FL 31558 96-gallon container 1 Once a month 50 Tallahassee HCC: 2181 Orange Avenue East. Tallahassee, FL 32301 96-gallon container 3 Cases of Bio-hazard bags 1 Once a week 1235 Valdosta VA Clinic 348B Enterprise Drive Valdosta, GA 31601 96-gallon containers 2 Once a month 210 The Villages CBOC: 8900 SE 165th Mulberry Ln. The Villages, FL 32162 22-gallon tote 1 case of Bio-hazard bags 8 - 96 gal containers 1 8 Once a week 1300 Waycross CBOC 515 South City Blvd. Waycross, GA 31501. 96-gallon containers 2 Once a month 100 B.4 CONTRACT SECURITY REQUIREMENTS APPENDIX B: VA ACQUISITION REGULATION SOLICITATION PROVISION AND CONTRACT CLAUSE NOTE: This clause will undergo official rule making by the Office of Acquisitions and Logistics. The below language will be submitted for public review through the Federal Register. The final wording of the clause may be changed from what is outlined below based on public review and comment. Once approved, the final language in the clause can be obtained from the Office of Acquisitions and Logistics Programs and Policy. SUBPART 839.2 INFORMATION AND INFORMATION TECHNOLOGY SECURITY REQUIREMENTS 839.201 Contract clause for Information and Information Technology Security: Due to the threat of data breach, compromise or loss of information that resides on either VA-owned or contractor-owned systems, and to comply with Federal laws and regulations, VA has developed an Information and Information Technology Security clause to be used when VA sensitive information is accessed, used, stored, generated, transmitted, or exchanged by and between VA and a contractor, subcontractor or a third party in any format (e.g., paper, microfiche, electronic or magnetic portable media). In solicitations and contracts where VA Sensitive Information or Information Technology will be accessed or utilized, the CO shall insert the clause found at 852.273-75, Security Requirements for Unclassified Information Technology Resources. 852.273-75 - SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES (INTERIM- OCTOBER 2008) As prescribed in 839.201, insert the following clause: The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. (END OF CLAUSE) APPENDIX C - VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE FOR INCLUSION INTO CONTRACTS, AS APPROPRIATE GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS A contractor/subcontrator shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA INFORMATION CUSTODIAL LANGUAGE Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). VA information should not be co-mingled, if possible, with any other data on the contractors/ subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on-site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. INFORMATION SYSTEM DESIGN AND DEVELOPMENT Information systems that are designed or developed for or on behalf of VA at non-VA facilities shall comply with all VA directives developed in accordance with FISMA, HIPAA, NIST, and related VA security and privacy control requirements for Federal information systems. This includes standards for the protection of electronic PHI, outlined in 45 C.F.R. Part 164, Subpart C, information and system security categorization level designations in accordance with FIPS 199 and FIPS 200 with implementation of all baseline security controls commensurate with the FIPS 199 system security categorization (reference Appendix D of VA Handbook 6500, VA Information Security Program). During the development cycle a Privacy Impact Assessment (PIA) must be completed, provided to the COTR, and approved by the VA Privacy Service in accordance with Directive 6507, VA Privacy Impact Assessment. The contractor/subcontractor shall certify to the COTR that applications are fully functional and operate correctly as intended on systems using the VA Federal Desktop Core Configuration (FDCC), and the common security configuration guidelines provided by NIST or the VA. This includes Internet Explorer 7 configured to operate on Windows XP and Vista (in Protected Mode on Vista) and future versions, as required. The standard installation, operation, maintenance, updating, and patching of software shall not alter the configuration settings from the VA approved and FDCC configuration. Information technology staff must also use the Windows Installer Service for installation to the default program files directory and silently install and uninstall. Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. The security controls must be designed, developed, approved by VA, and implemented in accordance with the provisions of VA security system development life cycle as outlined in NIST Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, VA Handbook 6500, Information Security Program and VA Handbook 6500.5, Incorporating Security and Privacy in System Development Lifecycle. The contractor/subcontractor is required to design, develop, or operate a System of Records Notice (SOR) on individuals to accomplish an agency function subject to the Privacy Act of 1974, (as amended), Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Privacy Act may involve the imposition of criminal and civil penalties. The contractor/subcontractor agrees to: Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies: The Systems of Records (SOR); and The design, development, or operation work that the contractor/subcontractor is to perform; Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a SOR on individuals that is subject to the Privacy Act; and Include this Privacy Act clause, including this subparagraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a SOR. In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a SOR on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a SOR on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a SOR on individuals to accomplish an agency function, the contractor/subcontractor is considered to be an employee of the agency. Operation of a System of Records means performance of any of the activities associated with maintaining the SOR, including the collection, use, maintenance, and dissemination of records. Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and contains the person s name, or identifying number, symbol, or any other identifying particular assigned to the individual, such as a fingerprint or voiceprint, or a photograph. System of Records means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The vendor shall ensure the security of all procured or developed systems and technologies, including their subcomponents (hereinafter referred to as Systems ), throughout the life of this contract and any extension, warranty, or maintenance periods. This includes, but is not limited to workarounds, patches, hotfixes, upgrades, and any physical components (hereafter referred to as Security Fixes) which may be necessary to fix all security vulnerabilities published or known to the vendor anywhere in the Systems, including Operating Systems and firmware. The vendor shall ensure that Security Fixes shall not negatively impact the Systems. The vendor shall notify VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or integrity of its data and operations, or the availability of the system). Such issues shall be remediated as quickly as is practical, but in no event longer than 10 days. When the Security Fixes involve installing third party patches (such as Microsoft OS patches or Adobe Acrobat), the vendor will provide written notice to the VA that the patch has been validated as not affecting the Systems within 10 working days. When the vendor is responsible for operations or maintenance of the Systems, they shall apply the Security Fixes within 10 days. All other vulnerabilities shall be remediated as specified in this paragraph in a timely manner based on risk, but within 60 days of discovery or disclosure. Exceptions to this paragraph (e.g. for the convenience of VA) shall only be granted with approval of the contracting officer and the VA Assistant Secretary for Office of Information and Te...
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/1d59b780abcf48f8b8e14d38cc7750e2/view)
 
Place of Performance
Address: North Florida/South Georgia Veterans Health System, USA
Country: USA
 
Record
SN05701354-F 20200626/200624230149 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.