Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JULY 31, 2021 SAM #7182
SOURCES SOUGHT

J -- Service for Image Stream Data Center and nCare Recording Devices

Notice Date
7/29/2021 3:24:54 PM
 
Notice Type
Sources Sought
 
NAICS
811219 — Other Electronic and Precision Equipment Repair and Maintenance
 
Contracting Office
256-NETWORK CONTRACT OFFICE 16 (36C256) RIDGELAND MS 39157 USA
 
ZIP Code
39157
 
Solicitation Number
36C25622Q0011
 
Response Due
8/4/2021 12:00:00 PM
 
Archive Date
08/14/2021
 
Point of Contact
Anthony Mitchell, Contract Specialist, Phone: 318-670-7604
 
E-Mail Address
Anthony.Mitchell4@va.gov
(Anthony.Mitchell4@va.gov)
 
Awardee
null
 
Description
SOURCES SOUGHT SYNOPSIS DESCRIPTION: This Sources Sought Synopsis shall be used to determine the availability of potential sources having the skills and capabilities necessary to perform/provide customer technical support and periodic maintenance inspection and repairs. All interested vendors are invited to provide information to contribute to this market survey/sources sought synopsis including, commercial market information. This is not a solicitation announcement. This is a sources sought synopsis only. Questions should be submitted by email to anthony.mitchell4@va.gov. Provide only the requested information below. The purpose of this synopsis is to gain knowledge of potential qualified sources and their size classification (Service Disabled/Veteran Owned Small Business (SDVOSB/VOSB), Hubzone, 8(a), small, small disadvantage, woman owned small business, or large business) relative to NAICS 811219 Other Electronic and Precision Equipment Repair and Maintenance. (size standard of $22 million). Responses to this synopsis will be used by the Government to make appropriate acquisition decisions. After review of the responses to this sources sought synopsis, a solicitation announcement may be published on the Contract Opportunities website. Responses to this sources sought synopsis are not considered adequate responses to the solicitation announcement. All interested offerors must respond to the solicitation announcement in addition to responding to this sources sought announcement. Please demonstrate the contractor's ability to perform services of this nature as the course of its daily business operations. Services shall be performed in accordance with industry standards and practices by qualified personnel. Responses must be emailed to anthony.mitchell4@va.gov no later than 2:00 PM CST, August 4, 2021. Your response should include both the STATEMENT OF CABABILITY and BUSINESS SIZE AND SOCIO-ECONOMIC STATUS information as explained below. Please place Attention: Image Stream , in the subject line of your email. This notice is to assist the VA in determining sources only. A solicitation is not currently available; therefore, DO NOT REQUEST A COPY OF A SOLICITATION THAT DOES NOT EXISTS. If a solicitation is issued it will be announced later, and all interested parties shall respond to that solicitation announcement separately from the responses to this announcement. REQUESTED INFORMATION: (1) STATEMENT OF CABABILITY: (1) Submit a brief [five (5) pages or less] capability statement explaining your capability to perform Other Electronic and Precision Equipment Repair and Maintenance in accordance with Statement of Work. Include the number of qualified personnel needed to accomplish this service. Include experience in performing these services for the VA, other Government (Federal or State) agency, or for a private medical facility. (2) BUSINESS SIZE AND SOCIO-ECONOMIC STATUS: (a) Indicate whether your business is large or small (b) If small, indicate if your firm qualifies as a small, emerging business, or small disadvantaged business (c) If disadvantaged, specify under which disadvantaged group and if your firm is certified under Section 8(a) of the Small Business Act (d) Indicate if your firm is a certified Hub zone firm (e) Indicate if your firm is a woman-owned or operated business (f) Indicate if your firm is a certified Service-Disabled Veteran Owned Small Business (SDVOSB) or Veteran Owned Small Business (VOSB) (g) Include the DUNS number of your firm. (h) State whether your firm is registered with the System for Award Management (SAM) at http://www.sam.gov and/or the VetBiz Registry at http://vip.vetbiz.gov/. If not, please NOTE: any future solicitation could only be awarded to a contractor who is registered in the System for Award Management (SAM). To receive award based on VOSB or SDVOSB status you must be registered in the VetBiz Registry. SPECIFIED REQUIREMENT: The contractor shall communicate its capabilities to accomplish the following: ?.## STATEMENT OF WORK (SOW) SCOPE & EQUIPMENT Customer Technical Support Plan: Customer Support includes: - Software upgrades and updates - Hardware updates that fix an Image Stream defined functionality problem - Routine inspections and maintenance - 24-hour, 7 day per week, 800# Helpline for software, hardware, and user questions - On-site service technician will be dispatched within 24 hours if required (all costs included) - New hardware functionality will be offered as a fee-based service Equipment and components to be serviced/repaired/maintained includes: Data Center in the 4 OR s QTY 4 Gulf Coast Veterans Health Care System S/N: ES-000613, 000614, 000616, 000617 nCare Recording Devices QTY 6 Gulf Coast Veterans Health Care System S/N: MX-10446, MX-10447, MX-10448, MX-10449, MX-10450, MX-10451 2. DEFINITIONS/ACRONYMS: Biomedical Engineering Supervisor or designee, Bldg. 1 Rm 2B112, phone (228) 523-5720. CO Contracting Officer. Government Agent authorized to affect contract, contract changes, and issue direction. COR Contracting Officer Representative. Individual designated by the Contracting Officer to monitor contract performance, and coordinates performance efforts subject to authority designated. A designation letter identifying the COR for this project will be issued and signed by all parties prior to issuance of the NTP, or within ten (10) calendar days of contract award. PMI Preventive Maintenance Inspection. Services that are periodic in nature and are required to maintain the equipment in such condition that it may be operated in accordance with (IAW) its original manufacturers intended design and functional capacity, with minimal incidence of malfunction or inoperative conditions. FSE Field Service Engineer. A person who is authorized by the contractor to perform maintenance (corrective and/or preventive) services. ESR Vendor Engineering Service Report. The documentation/report of services rendered for each incidence of work performance under the terms and condition of the contract. Acceptance Signature Authorized Department of Veterans Affairs (DVA) employee who indicates FSE demonstrated service conclusion/status and User has accepted work as complete/pending as stated in ESR. Authorization Signature COR s signature; indicates COR accepts work status as stated in ESR. NFPA National Fire Protection Association. OEM- Original Equipment Manufacturer. ISO- Independent Service Organization. PO- Purchase Order. The VA document that obligates funds. Include this number, as well as the contract number, on all correspondence. GCVHCS- Gulf Coast Veterans Health Care System 3. CONFORMANCE STANDARDS: Contractor shall ensure that the equipment functions in conformance with the latest published edition of NFPA-99, OSHA, and the original equipment manufacturer s performance standards and specifications. 4. HOURS OF COVERAGE: Normal business hours of coverage are Monday through Friday from 8:00 a.m. to 4:30 p.m., excluding Federal holidays. All service/repairs will be performed during normal hours of coverage unless requested or approved by the COR. Contractor's representative shall check in with Biomedical Engineering upon entering the facility and shall sign in and out of the facility with Biomedical Engineering. Preventive maintenance inspections will be performed annually during the month of July (adjusted for the basic year, depending on DOA). Coordinate with COR. Inspections will be scheduled two weeks in advance with Biomedical Engineering. Work performed outside the normal hours of coverage at the request of COR shall be billed at the prices listed in the schedule. Billing shall include service time plus travel and exclude parts as they are included in the contract. Work performed outside normal hours of coverage at the request of FSE shall be considered service during normal hours of coverage. Federal Holidays observed by the GCVHCS are: New Year s Day Labor Day Martin Luther King Day Columbus Day President s Day Veterans Day Memorial Day Thanksgiving Day Independence Day Christmas Day Or any other day specifically declared by the President of the United States to be a national holiday. 5. SCHEDULED MAINTENANCE: The contractor shall perform PMI service to ensure that equipment listed in the schedule performs IAW the Conformance Standards. The contractor shall provide and utilize procedures and checklists with worksheet originals indicating work performed, and actual values obtained (as applicable) shall be provided to the COR at the completion of the inspection/service. PMI services shall include, but need not be limited to, the following: Cleaning of equipment. Reviewing operating system software diagnostics to ensure that the equipment is operating according to original manufacturer s specifications. Calibrating and lubricating the equipment. Performing remedial maintenance of non-emergent nature. Testing and replacing faulty and worn parts and/or parts which are likely to become faulty, fail or become worn. Measuring, adjusting, and calibrating as necessary for optimal performance. Inspecting, and replacing where indicated, electrical wiring and cables for wear and fraying. The contractor prior to issuance of contract shall identify parts or components that are considered consumables. Return equipment to full operating condition IAW the Conformance Standards. Provide documentation of services performed. B. PMI services shall be performed in accordance with, and during the hours defined in, the preventive maintenance schedule established herein. All exceptions to the PMI schedule shall be arranged and approved in advance with the COR. Any charges for parts, services, manuals, tools, or software required to successfully complete schedule PMI are included within this contract, and it s agreed upon price. C. The contractor shall furnish all documentation of all measurements and calibrations to the COTR, to ensure that the system is performing in accordance with the Conformance Standards (see Para. 10). 6. UNSCHEDULED MAINTENANCE: Contractor shall maintain the equipment in accordance with the Conformance Standards Section. The contractor shall provide repair services, which may consist of calibration, cleaning, oiling, adjusting, replacing parts, etc., and maintaining the equipment including all intervening calls necessary between regular services and calibrations. All required parts should be furnished. The CO, COR or designated alternate has the authority to approve/request a service call from the contractor. Response Time: Contractor s FSE shall respond to the GCVHCS s initial service request call, with a phone call to the COR and/or his/her designee within one (1) hour after receipt of initial telephoned notification 24 hours per day. If the problem cannot be corrected by phone, the FSE shall commence work (on-site physical response) within eight (8) normal duty hours after receipt of initial notification/service request, and shall proceed progressively to restore equipment to full operating performance IAW the conformance standards, within 48 hours of initial service request. 7. PARTS: The contractor has ready access to unique and/or high mortality replacement repair parts. All parts supplied shall be compatible with existing equipment. The contract shall include all repair parts. The contractor shall use only new or rebuilt parts, approved by the OEM, and shall not install used parts; those removed from another system without written COR approval. 8. UPDATES: Contractor shall provide all software and hardware updates upon release at no additional cost to the Government throughout the life of the contract. Software and Hardware updates are limited to those items, which are commercially available (i.e. to ISOs) from the OEM and are provided by the OEM to their customers at no cost. Hardware/software update/upgrade installations shall be scheduled and performed at no additional charge to the Government. 9. SERVICE MANUALS: The GCVHCS shall not provide service manuals or service diagnostic software to the contractor. The contractor shall obtain, have on file, and make available to its FSE s all operational and service manuals, schematics, parts list, etc., which are necessary to meet the performance requirements of this contract. The location and listing of the service data manuals, by name, and/or the manuals themselves shall be provided to the CO upon request. 10. DOCUMENTATION/REPORTS: The documentation shall include detailed descriptions of the scheduled and unscheduled maintenance procedures performed, including replaced parts and prices, required to maintain the equipment in accordance with conformance standards. Such documentation shall meet the guidelines as set forth in the conformance Standards Section. In addition, each ESR shall at a minimum document the following data legibly and in complete detail: Name of Contractor Name of FSE who performed services Contractor Service ESR Number/Log Number Date, Time (starting and ending), Equipment Downtime and Hours on Site for service call. GCVHCS PO#(s) covering the call, if outside normal working hours. Description of Problem Reported by COR/User. Identification of Equipment to be serviced: Equipment Inventory ID #, Manufacturer s Name, Device Name, Model #, Serial #, and any other Manufacturer s identification #s. Itemized Description of Service Performed (including costs associated with after normal business working hours service), including: Labor and Travel, Parts (with part #s), Materials and Circuit Location of problem/corrective action. Total cost to be billed. Signatures: FSE performing services described. DVA Employee who witnessed service described. Equipment downtime. NOTE: ANY ADDITIONAL CHARGES CLAIMED MUST BE APPROVED BY THE COR BEFORE SERVICE IS COMPLETED. 11. REPORTING REQUIREMENTS: For all on-site service, the contractor shall be required to report to Biomedical Engineering to log in during normal business hours, Monday through Friday. This check in is mandatory. When the service is completed, the FSE shall document services rendered on a legible ESR(S). The FSE shall be required to log out with Biomedical Engineering and submit the ESR(S) to the COR. All ESRs shall be submitted to the equipment user for an acceptance signature and to the COR for an authorization signature . If the COTR is unavailable, a signed, authorized copy of the ESR shall be sent to the contractor after the work can be reviewed (if requested or noted on the ESR.) 12. PAYMENT: Invoices shall be submitted monthly in arrears. Invoice shall have contract number and purchase order identified as well as period of services. Any hourly rate charges shall be itemized as a separate line item, with total cost, on the invoice. Failure to submit a proper invoice shall cause payment delay. 13. ADDITIONAL CHARGES: There will be no additional charge for time spent at the site during, or after the normal hours of coverage awaiting the arrival of additional FSE and/or delivery of parts. 14. REPORTING REQUIRED SERVICES BEYOND THE CONTRACT SCOPE: The Contractor shall immediately, but not later than 24 consecutive hours after discovery, notify the CO and COR, (in writing), of the existence or the development of any defects in or repairs required to the scheduled equipment, which the Contractor considers he/she is not responsible for under the terms of the contract. The contractor shall furnish the CO and COR with a written estimate of the cost to make the necessary repairs. This contract does not include labor or materials for service lines and fittings, equipment not set forth on this schedule, or operating problems related to environmental conditions, e.g. electrical, steam, water, and/or ventilation that do not comply with equipment specifications. This also applies to improper operation of the equipment by operating personnel. Repairs made by the contractor, which are the result of neglect or improper operation of the equipment by the medical center, will result in issuance of a separate purchase order by the Government. Contractor must obtain a purchase order in this respect prior to affecting such repairs. Contractor must notify the Biomedical Program Manager and/or his representative prior to this type of repair and secure a purchase order before proceeding further. 15. CONDITION OF EQUIPMENT: The contractor accepts responsibility for the equipment listed in an as is condition. Failure to inspect the equipment prior to contract award will not relieve the contractor from performance of the requirements of this contract. 16. COMPETENCY OF PERSONNEL SERVICING EQUIPMENT: Each respondent must have an established business, with an office and full-time staff. The staff includes a fully qualified FSE and a fully qualified FSE who will serve as the backup. Fully Qualified is based upon training and on experience in the field. For training, the FSE(s) shall have successfully completed a training program, for the equipment listed in this SOW. For field experience, the FSE(s) shall have a minimum of two years of experience, with respect to scheduled and unscheduled preventive and remedial maintenance, on the equipment listed in this SOW, or comparable to similar equipment. Evidence of said training shall be provided with your proposal (see PROPOSAL PREPARATION ADDENDUM). 17. TEST EQUIPMENT: Prior to commencement of work on this contract, the contract awardee shall provide the GCVHCS with a copy of the current calibration certification of all test equipment that is to be used by the contractor on GCVHCS s equipment, not later than ten (10) calendar days after contract award. 18. IDENTIFICATION & PARKING: The contractor s FSE s shall always wear visible company identification while on the premises of the GCVHCS. It is the responsibility of the contractor to park in the appropriate designated parking areas, to avoid ticketing or towing. Information on parking is available from the GCVHCS Police & Security Section. 19. SECURITY CLAUSES: 1. GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA personnel regarding information and information system security. 2. SECURITY CLAUSE: Ensure that a Contractor Security Control Assessment (CSCA) is completed within 30 days of contract approval and yearly on the renewal date of the contract. Ensure that the CSCA is sent to the ISO and the OCS Certification Program Office for review to ensure that appropriate security controls are being implemented in service contracts. Ensure a copy of the CSCA is maintained in the GRC Risk Vision database. COTR will provide a copy of the completed CSCA to ISO for uploading into GRC Risk Vision database. 3. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A Contractor/Subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, Subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All Contractors, Subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for Contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d. Custom software development and outsourced operations must be in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the Contractor/Subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e. The Contractor or Subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the Contractor or Subcontractor s employ. The Contracting Officer must also be notified immediately by the Contractor or Subcontractor prior to an unfriendly termination. 4. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures follow VA directive requirements. c. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor while performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. g. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. h. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. i. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. l. Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: (1) Vendor must accept the system without the drive. (2) VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or (3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase (4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then. (a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact. (b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. (c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. 5. SECURITY INCIDENT INVESTIGATION a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover. 6. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. ยง5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. However, it is the policy of VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in an amount determined to be adequate by the agency. b. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access). (2) Description of the eve...
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/eb04796733404d97a4e1d524ae6c1ece/view)
 
Place of Performance
Address: Department of Veterans Affairs Gulf Coast Veterans Health Care System Network Contracting Office 16 400 Veterans Avenue 39531, USA
Zip Code: 39531
Country: USA
 
Record
SN06078840-F 20210731/210729230130 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.