Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF APRIL 20, 2024 SAM #8180
SOURCES SOUGHT

R -- Privacy Compliance Service (VA-24-00061333)

Notice Date
4/18/2024 12:16:04 PM
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
TECHNOLOGY ACQUISITION CENTER NJ (36C10B) EATONTOWN NJ 07724 USA
 
ZIP Code
07724
 
Solicitation Number
36C10B24Q0361
 
Response Due
5/2/2024 11:00:00 AM
 
Archive Date
07/01/2024
 
Point of Contact
CS: Michael Lamb, Contract Specialist, Phone: CO: Dana Newcomb, Fax: Dana.Newcomb@va.gov
 
E-Mail Address
Michael.Lamb8@va.gov
(Michael.Lamb8@va.gov)
 
Awardee
null
 
Description
Sources Sought Notice Request for Information Privacy Compliance Support Services (VA-24-00061333) Introduction This Request for Information (RFI) is for planning purposes only and shall not be considered an Invitation for Bid, Request for Task Execution Plan, Request for Quotation or a Request for Proposal. Additionally, there is no obligation on the part of the Government to acquire any products or services described in this RFI. Your response to this RFI will be treated only as information for the Government to consider. You will not be entitled to payment for direct or indirect costs that you incur in responding to this RFI. This request does not constitute a solicitation for proposals or the authority to enter into negotiations to award a contract. No funds have been authorized, appropriated or received for this effort. Interested parties are responsible for adequately marking proprietary, restricted or competition sensitive information contained in their response. The Government does not intend to pay for the information submitted in response to this RFI. The North American Industry Classification System (NAICS) for this requirement is 541519 with a size standard of $34 million. 2. Submittal Information: All responsible sources may submit a response in accordance with the below information. There is a page limitation for this RFI of fifteen (15) pages. The Government will not review any other information or attachments included, that are in excess of the fifteen (15) page limit. NO MARKETING MATERIALS ARE ALLOWED AS PART OF THIS RFI. Generic capability statements will not be accepted or reviewed. Your response must address capabilities specific to the services required in the attached PWS and must include the following: Interested Vendors shall at a minimum, provide the following information in the initial paragraph of the submission: Name of Company Address Point of Contact Phone Number Fax Number Email address Company Business Size and Status For VOSB and SDVOSBs, proof of verification in VIP. NAICS code(s) Socioeconomic data Data Universal Numbering System (DUNS) Number Existing Contractual Vehicles (GWAC, FSS, or MAC) Provide a summary of your capability to meet the requirements contained within the draft PWS for the following areas: VA s privacy practices are subject to regular assessment by oversight bodies such as the Office of Inspector General (OIG) and Government Account Office (GAO). VA is looking for support in preparing privacy assessments and remediating open audit findings related to privacy. Demonstrate your capability to help maintain compliance with evolving policies and adapt to new standards and procedures by discussing your company s direct experience remediating privacy-related audit findings and downgrading material weaknesses at VA and/or similar large scale Federal agencies (e.g., Cabinet Level agency) for multi-year efforts. Provide a description of your experience in audit support in connection with Federal Information Security Modernization Act, Federal Information System Controls Audit Manual or similar privacy and security audits at VA and/or similar large scale Federal agencies (e.g., Cabinet Level agency). VA aspires to transform its enterprise privacy program from compliance activities into proactive risk management, well-integrated with security with its key initiatives such as Privacy Controls and Privacy Continuous Monitoring Programs. VA is looking for a partner well-equipped to support privacy risk management and privacy integration into technical frameworks and product/system development lifecycle. Provide descriptions of up to five (5) direct experiences supporting privacy-related programs across multiple organizations to include large scale Federal (e.g., Cabinet Level agency), state and local government, and commercials entities (e.g., Fortune 500 companies). Pprovide place of performance, name of the organization, point of contact information of the program manager for the organization. Provide a description of your direct experience supporting a large-scale Federal organization (e.g., VA or Cabinet Level agency) with transition and adoption of NIST 800-53 Rev. 5 controls transition, sharing lessons learned and industry best practices applicable to VA. Provide a description of your direct experience supporting a large-scale Federal organization (e.g., VA or Cabinet Level agency) with operationalizing privacy by design to ensure privacy and security controls are properly designed. VA is embracing innovation and emerging technologies to mature and optimize its cybersecurity capabilities. As such, VA Privacy Service is increasingly called upon to provide privacy thought leadership to VA regarding the privacy controls and monitoring required to ensure the use of AI, Cloud, and other technical initiatives are adequately protecting the privacy of Veterans. This increased need makes it critical for VA to partner with the firm that has broad privacy and cybersecurity expertise has demonstrated thought leadership in emerging technologies and is immersed in the cybersecurity and privacy innovation ecosystem. Outline your suite of privacy offerings/capabilities mapping to VA privacy priorities and needs as outlined in the PWS 5.3.2 with respect to AI. Describe your ability to provide reach back to employed and trained privacy and cybersecurity professionals that have obtained leading industry certifications such as CIPP, CISSP, CISA, CISM, OSCP, CompTIA Security+, Comp TIA A+, COMPTIA Advance Security Practitioner (CASP+), CompTIA Cyber Security Analyst (CySA+), CompTIA Network+. Provide the number of professionals with these certifications within your organization. Describe your direct experience providing strong thought leadership on privacy topics. Provide at least 5 examples of your publications and/or conferences and industry presentations on leading privacy topics listing title, location, and year. Please summarize your existing partnerships with organizations such as industry groups standard setting organizations, academic, political, and applied research institutions and think tanks that put forward innovative privacy and cybersecurity thought leadership. Discuss your company s workflows and strategies in providing support for the processing, approval, and publication of System of Records Notices and Matching Agreements for a Federal agency. Provide a description of your technical experience with developing and designing of dashboards using tools such as Microsoft Power BI, Tableau and building database applications to support data collections, queries, and automated analysis of large data sets. Corporate experience or expertise in performing these services and specific examples or references. Specific examples or references provided must include the agency, point of contact, dollar value, and contract number. Your company s intent and ability to meet the set aside requirement in accordance with VAAR 852.219-73 VA NOTICE OF TOTAL SET-ASIDE FOR SERVICE-DISABLED VETERAN-OWNED SMALL BUSINESSES (NOV 2022) and 13 CFR ยง125.6, which states the contractor will not pay more than 50 percent of the amount paid by the Government to it to firms that are not SDVOSBs. Your response shall include information as to available personnel and financial resources; full names of proposed team members and the PWS requirements planned to be subcontracted to them, which must include the prime planned percentage or the names of the potential team members that may be used to fulfill the set aside requirement. Has the draft PWS provided sufficient detail to describe the technical requirements that encompass the software development and production operations support services to be performed under this effort. ______ YES _______ NO (if No, answer question f) If NO , please provide your technical comments/recommendations on elements of the draft PWS that may contribute to a more accurate proposal submission and efficient, cost effective effort. Responses are due no later than 2:00pm EST on 05/02/2024 via email to Michael Lamb, Contract Specialist at Michael.Lamb8@va.gov and Dana Newcomb, Contracting Officer at Dana.Newcomb@va.gov. Please note Privacy Compliance Services in the subject line of your response. Mark your response as Proprietary Information if the information is considered business sensitive. The email file size shall not exceed 5 MB.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/e6df8b7dddb74a6687e4add542a200a1/view)
 
Record
SN07035913-F 20240420/240418230059 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.