15 Jul 2019

EMI Moodle Hosting

Type of document: Contract Notice
Country: United States

EMI Moodle Hosting

Agency:
Department of Homeland Security

Official Address:
Office of Acquisition Management
16825 South Seton Avenue Emmitsburg MD 21727

Zip Code:
21727

Contact:
James D. Suerdieck, Contract Specialist, Phone 301-447-7244, Email james.suerdieck@fema.dhs.gov – Gary Patrick Topper, Contracting Officer, Phone 301-447-7280, Email gary.topper@fema.dhs.gov

Link:

Date Posted:
12/07/2019

Classification:
D

Contract Description:
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued.

The solicitation is Combined Synopsis/Solicitation number 70FA2019Q00000028. Provisions and clauses in effect through Federal Acquisition Circular 2019-02 are incorporated. It is the contractor’s responsibility to be familiar with the applicable clauses and provisions. The clauses may be accessed in full text at these addresses: or . The NAICS code is 541512, with a small business size of $27.5 million. This acquisition is 100% set-aside for Small Business concerns. All qualified small business concerns are encouraged to submit a proposal.

The Federal Emergency Management Agency request proposals from qualified sources capable of providing a Moodle Hosting Services in a FedRAMP authorized environment. All terms, conditions, requirements, clauses and provision herein shall apply to this combined synopsis/solicitation.

All offerors shall submit a quote for all the following.

PRICE/COST SCHEDULE:

ITEM DESCRIPTION OF QTY UNIT UNIT AMOUNT
NO. SUPPLIES/SVCS PRICE

0001 1.00 LOT ____________ _______________

Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) – Base Period – 12 Months

0002 1.00 LOT ____________ _______________

Implementation Services (See attached Statement of Work (SOW)) – Base Period – 12 Months

1001 1.00 LOT ____________ _______________

Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) – Option Period 1 – 12 Months

1002 1.00 LOT ____________ _______________

Implementation Services (See attached Statement of Work (SOW)) – Option Period 1 – 12 Months

2001 1.00 LOT ____________ _______________

Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) – Option Period 2 – 12 Months

2002 1.00 LOT ____________ _______________

Implementation Services (See attached Statement of Work (SOW)) – Option Period 2 – 12 Months

3001 1.00 LOT ____________ _______________

Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) – Option Period 3 – 12 Months

3002 1.00 LOT ____________ _______________

Implementation Services (See attached Statement of Work (SOW)) – Option Period 3 – 12 Months

4001 1.00 LOT ____________ _______________

Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) – Option Period 3 – 12 Months

4002 1.00 LOT ____________ _______________

Implementation Services (See attached Statement of Work (SOW)) – Option Period 3 – 12 Months

If shipping cost is additional, please be sure to include any applicable shipping cost to the quote as delivered to Emmitsburg, MD (21727).

DELIVERY SCHEDULE:

ITEM NUMBER QUANTITY PERIOD OF PERFRMANCE
0001 1.00 12 Months from Effective Date
0002 1.00 12 Months from Effective Date
1001 1.00 12 Months
1002 1.00 12 Months
2001 1.00 12 Months
2002 1.00 12 Months
3001 1.00 12 Months
3002 1.00 12 Months
4001 1.00 12 Months
4002 1.00 12 Months

PLACE OF DELIVERY:

DHS/FEMA
Emergency Management Institute (EMI)
16825 South Seton Ave
Emmitsburg, MD 17325

All applicable manufacturer commercial warranties shall be valid for all products.

TYPE OF CONTRACT:

The Government contemplates award of a Firm Fixed Price contract resulting from this combined synopsis/solicitation.

PROVISIONS AND CLAUSES:

FAR 52.212-1, Instructions to Offerors—Commercial Items, apply to this acquisition with the exception of (d), (h), and (i) of the clause, which are RESERVED;
FAR 52.212-2 Evaluation-Commercial Items.
(a) The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers:

See EVALUATION FACTORS FOR AWARD below.

The acceptability of the work plan (Factor 1), management plan (Factor 2), key personnel (Factor 3), quality control (Factor 4), experience (Factor 5), and past performance (Factor 6) are all equal in value. The technical factors (combined) and price are of equal value.
(b) Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s).
(c) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer’s specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award.
FAR 52.212-3, Offeror Representations and Certifications-Commercial Items;
FAR 52.212-4, Contract Terms and Conditions—Commercial Items;
FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items. In compliance with said clause, the following FAR clauses apply:
52.203-6, Restrictions on Subcontractor Sales to the Government;
52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards;
52.209-6, Protecting the Government’s Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment;
52.219-6, Notice of Total Small Business Set-Aside;
52.219-8, Utilization of Small Business Concerns;
52.219-13, Notice of Set-Aside of Orders;
52.219-14, Limitations on Subcontracting;
52.219-28, Post Award Small Business Program Rerepresentation;
52.222-3, Convict Labor;
52.222-19, Child Labor-Cooperation with Authorities and Remedies;
52.222-21, Prohibition of Segregated Facilities;
52.222-26, Equal Opportunity;
52.222-35, Equal Opportunity for Veterans;
52.222-36, Affirmative Action for Handicapped Workers with disabilities;
52.222-37, Employment Reports on Veterans;
52.222-40, Notification of Employee Rights Under the National Labor Relations Act;
52.222-50, Combating Trafficking in Persons;
52.223-18, Encouraging Contractor Policies to Ban Text Messaging While Driving;
52.224-3, Privacy Training;
52.225-13, Restrictions on Certain Foreign Purchases;
52.232-33, Payment by Electronic Funds Transfer-System for Award Management.
FAR 52.225-25, Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran-Representation and Certifications;
HSAR 3052.212-70, Contract Terms and Conditions Applicable to DHS Acquisition of Commercial Items. In compliance with said clause, the following FAR clauses apply:
3052.204-70, Security Requirements for Unclassified Information Technology Resources;
3052.204-71, Contractor Employee Access;
3052.204-71 Alternate I, Contractor Employee Access;
3052.205-70, Advertisements, Publicizing Awards, and Releases;
3052.215-70, Key Personnel or Facilities:
(a) The personnel or facilities specified below are considered essential to the work being performed under this contract and may, with the consent of the contracting parties, be changed from time to time during the course of the contract by adding or deleting personnel or facilities, as appropriate.
(b) Before removing or replacing any of the specified individuals or facilities, the Contractor shall notify the Contracting Officer, in writing, before the change becomes effective. The Contractor shall submit sufficient information to support the proposed action and to enable the Contracting Officer to evaluate the potential impact of the change on this contract. The Contractor shall not remove or replace personnel or facilities until the Contracting Officer approves the change.
The Key Personnel or Facilities under this Contract:
Project Manager
(Any others proposed by offeror)
3052.242-72, Contracting Officer’s Representative;
3052.247-72, F.o.B. Destination Only.
FAR 52.252-2, Clauses Incorporated By Reference
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):

NOTICE OF FILING REQUIREMENTS FOR AGENCY PROTESTS

A. Preface

Prior to submission of an agency protest, all parties must use their best efforts to resolve concerns raised by an interested party. FEMA offers, as an option for dispute resolution, Alternative Dispute Resolution (ADR). ADR in an informal, expeditious and inexpensive way to resolve contract issues and is designed to promote satisfying solutions and fair procedures. For more information on FEMA’s ADR services, please contact FEMA’s ADR office at the following address:

Federal Emergency Management Agency
Alternative Dispute Resolution Division
FEMA Office of Chief Counsel
400 Virginia Avenue, SW
Washington, DC 20472-3400

If concerns cannot be resolved, protesters may use these procedures when a resolution is requested from the agency.

These procedures have been designed to create an avenue for resolving third party grievances in connection with the acquisition process outside of formal processes through the Government Accountability Office (GAO) and the United States Court of Federal Claims (CFC). Filing an agency protest is not a prerequisite to filing at the GAO or CFC. If the protester files a protest through the GAO or CFC while their protest is pending at the agency level, FEMA may dismiss the agency protest.

Pursuing an agency protest does not extend the time for obtaining a stay at GAO.

These procedures are in addition to the existing protest procedures contained in FAR Subpart 33.103.

B. Definitions.

(1) “Agency protest,” as used in this Synopsis/Solicitation, is one that may be filed with either the Contracting Officer or the officer responsible for the resolution of all agency protests filed at the level above the Contracting Officer.

(2) “Ombudsman,” as used in this Synopsis/Solicitation, is the agency official above the level of the Contracting Officer designated by the Director of the Acquisition Management Division to handle and issue the formal agency decision resolving the protest. Protesters using these procedures may protest directly to the Ombudsman.

(3) “Day,” as used in this Synopsis/Solicitation, is a calendar day. In computing a period of time for the purpose of these procedures, the day from which the period begins to run is not counted. When the last day of the period is a Saturday, Sunday or a Federal holiday, the period extends to the next day that is not a Saturday, Sunday or a Federal holiday. Similarly, when the Washington, DC offices of FEMA are closed for all or part of the last day, the period extends to the next day on which the Agency is open.

C. Submission Guidelines.

(1) Agency protests may be filed through the Contracting Officer or, at the level above the Contracting Officer, through the Ombudsman either by FAX transmission or by “Certified Mail” (Return Receipt Requested) as follows:

a. Protests filed through the Contracting Officer or the Ombudsman must be mailed or faxed to:

Gary P. Topper,
Department of Homeland Security/FEMA
Acquisition Preparedness Branch
Building D
16825 South Seton Avenue
Emmitsburg, MD 21727
FAX: 301-447-1092

-OR-

DHS/FEMA
David Orris, Ombudsman
16825 S. Seton Ave, D-123
Emmitsburg, MD 21727
FAX: 301-447-1092

b. The outside of the envelope or beginning of the FAX transmission must be marked “Agency Protest”.

c. If the protester submits the protest directly through the Ombudsman, the protester must also, within one (1) day of submitting the protest to the Ombudsman, submit a copy of the protest to the responsible Contracting Officer either by FAX transmission or by “Certified Mail” (Return Receipt Requested).

(2) To be filed on a given day, protests and any subsequent appeals must be received by 4:30 PM, current-local time. Any protests received after that time will be considered to be filed on the next day.

(3) Protest submissions will not be considered filed until all of the following information is provided:

a. the protester’s name, address, telephone number and fax number;

b. the solicitation or contract number;

c. a detailed statement of all factual and legal grounds for protests, to include an explanation of how the protester was prejudiced;

d. copies of relevant documents;

e. a request for ruling by the agency;

f. a statement detailing the form of relief requested;

g. all information establishing that the protester is an interested party for the purposes of filing a protest; and

h. all information establishing the timeliness of the protest.

(4) All protests must be signed by an authorized representative of the protester, and must be addressed to the Contracting Officer or the Ombudsman.

D. Timeliness/Resolution of Protests.

(1) Protests based upon alleged improprieties in a solicitation which are apparent prior to bid opening or the time set for receipt of initial proposals shall be filed prior to bid opening or the time set for receipt of initial proposals. In procurements where proposals are requested, alleged improprieties which do not exist in the initial solicitation but which are subsequently incorporated into the solicitation must be protested not later than the next closing time for receipt of proposals following the incorporation.

(2) Protests other than those covered by paragraph (1) of this section shall be filed not later than 10 days after the basis of protest is known or should have been known (whichever is earlier), with the exception of protests challenging a procurement conducted on the basis of competitive proposals under which a debriefing is requested and, when requested, is required. In such cases, with respect to any protest basis which is known or should have been known either before or as a result of the debriefing, the initial protest shall not be filed before the debriefing date offered to the protester, but shall be filed not later than 10 days after the date on which the debriefing is held.

(3) Protests filed through the Contracting Officer.

a. Within twenty (20) days after the protest is filed through the Contracting Officer, the Contracting Officer will send a written ruling and a summary of the reasons supporting the ruling to the protester by “Certified Mail (Return Receipt Requested)”.

b. Appeals

i. Protesters who filed protests through the Contracting Officer may, within five (5) days of receipt of the Contracting Officer’s written ruling, appeal to the Ombudsman.

ii. Requests for Appellate Review must be submitted to the Ombudsman by FAX transmission or by “Certified Mail” (Return Receipt Requested).

iii. The Ombudsman will send a written ruling and a summary of the reasons supporting the ruling to the protester by “Certified Mail (Mail Receipt Requested)” within ten (10) days of receipt of the request for appellate review of the Contracting Officer’s decision.

iv. In accordance with FAR 33.103(d)(4) and 4 C.F.R 21.2(a)(3), if there is an agency appellate review of the Contracting Officer’s decision on the protest, it will not extend GAO’S timeliness requirements. Therefore, any subsequent protest to the GAO must be filed within ten (10) days of knowledge of initial adverse agency action.

(4) Protests filed through the Ombudsman:

a. If the protester protests directly through the Ombudsman, the Ombudsman will send a written ruling and a summary of the reasons supporting the ruling to the protester by “Certified Mail (Mail Receipt Requested)” within thirty-five (35) days after the protest was filed.

b. Protests filed directly through the Ombudsman cannot be appealed within the agency.

E. Dismissal of Protests.

The agency may dismiss protests when protesters file protests through the GAO or CFC while their protests are pending at the agency level; and for failure to comply with any of the requirements of these agency protest procedures. For example, the agency may dismiss protests that are procedurally or substantively defective (e.g., the protest is untimely or the protest fails to clearly state legally sufficient grounds of protest).

CONFIDENTIALITY OF INFORMATION

(a) To the extent that the work under this contract requires that the Contractor be given access to sensitive or proprietary business, technical, or financial information belonging to the Government or other companies, the Contractor shall, after receipt thereof, treat such information as confidential and not appropriate such information to its own use or disclose such information to third parties unless specifically authorized by the Contracting Officer in writing. The foregoing obligations, however, shall not apply to information that–

(1) At the time of receipt by the Contractor, is in the public domain

(2) Is published by others after receipt thereof by the Contractor or otherwise becomes part of the public domain through no fault of the Contractor

(3) The Contractor can demonstrate was already in its possession at the time of receipt thereof and was not acquired directly or indirectly from the Government or other companies

(4) The Contractor can demonstrate was received by it from a third party that did not require the Contractor to hold it in confidence.

(b) The Contractor shall obtain from each employee permitted access a written agreement, in a form satisfactory to the Contracting Officer, that he/she will not discuss, divulge or disclose any such information or data to any person or entity except those persons within the Contractor’s organization or the Government directly concerned with the performance of the contract.

NARA RECORDS MANAGEMENT LANGUAGE FOR CONTRACTS

The following standard items relate to records generated in executing the contract and should be included in a typical Electronic Information Systems (EIS) procurement contract:

1. Citations to pertinent laws, codes and regulations such as 44 U.S.C chapters 21, 29, 31 and 33; Freedom of Information Act (5 U.S.C. 552); Privacy Act (5 U.S.C. 552a); 36 CFR Part 1222 and Part 1228.

2. Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest.

3. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government IT equipment and/or Government records.

4. Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected by the Freedom of Information Act.

5. Contractor shall not create or maintain any records containing any Government Agency records that are not specifically tied to or authorized by the contract.

6. The Government Agency owns the rights to all data/records produced as part of this contract.

7. The Government Agency owns the rights to all electronic information (electronic data, electronic information systems, electronic databases, etc.) and all supporting documentation created as part of this contract. Contractor must deliver sufficient technical documentation with all data deliverables to permit the agency to use the data.

8. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of format (paper, electronic, etc.) or mode of transmission (e-mail, fax, etc.) or state of completion (draft, final, etc.).

9. No disposition of documents will be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records may not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules.

10. Contractor is required to obtain the Contracting Officer’s approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. Offerors are reminded to include a completed copy of 52.212-3 with RFP response, or provide an affirmative response that the offeror is registered in ORCA and all information in ORCA is current and complete. All clauses shall be incorporated by reference or full text in the purchase order.

SAFEGUARDING OF SENSITIVE INFORMATION (MAR 2015)

(a) Applicability. This clause applies to the Contractor, its subcontractors, and Contractor employees (hereafter referred to collectively as “Contractor”). The Contractor shall insert the substance of this clause in all subcontracts.

(b) Definitions. As used in this clause-
“Personally Identifiable Information (PII)” means information that can be used to distinguish or trace an individual’s identity, such as name, social security number, or biometric records, either alone, or when combined with other personal or identifying information that is linked or linkable to a specific individual, such as date and place of birth, or mother’s maiden name. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-personally identifiable information can become personally identifiable information whenever additional information is made publicly available-in any medium and from any source-that, combined with other available information, could be used to identify an individual.

PII is a subset of sensitive information. Examples of PII include, but are not limited to: name, date of birth, mailing address, telephone number, Social Security number (SSN), email address, zip code, account numbers, certificate/license numbers, vehicle identifiers including license plates, uniform resource locators (URLs), static Internet protocol addresses, biometric identifiers such as fingerprint, voiceprint, iris scan, photographic facial images, or any other unique identifying number or characteristic, and any information where it is reasonably foreseeable that the information will be linked with other information to identify the individual.
“Sensitive Information” is defined in HSAR clause 3052.204-71, Contractor Employee Access, as any information, which if lost, misused, disclosed, or, without authorization is accessed, or modified, could adversely affect the national or homeland security interest, the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of Title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense, homeland security or foreign policy. This definition includes the following categories of information:

(1) Protected Critical Infrastructure Information (PCII) as set out in the Critical Infrastructure Information Act of 2002 (Title II, Subtitle B, of the Homeland Security Act, Public Law 107¬296, 196 Stat. 2135), as amended, the implementing regulations thereto (Title 6, Code of Federal Regulations, Part 29) as amended, the applicable PCII Procedures Manual, as amended, and any supplementary guidance officially communicated by an authorized official of the Department of Homeland Security (including the PCII Program Manager or his/her designee);

(2) Sensitive Security Information (SSI), as defined in Title 49, Code of Federal
Regulations, Part 1520, as amended, “Policies and Procedures of Safeguarding and Control of SSI,” as amended, and any supplementary guidance officially communicated by an authorized official of the Department of Homeland Security (including the Assistant Secretary for the Transportation Security Administration or his/her designee);

(3) Information designated as “For Official Use Only,” which is unclassified information of a sensitive nature and the unauthorized disclosure of which could adversely impact a person’s privacy or welfare, the conduct of Federal programs, or other programs or operations essential to the national or homeland security interest; and

(4) Any information that is designated “sensitive” or subject to other controls, safeguards or protections in accordance with subsequently adopted homeland security information handling procedures.

“Sensitive Information Incident” is an incident that includes the known, potential, or suspected exposure, loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or unauthorized access or attempted access of any Government system, Contractor system, or sensitive information.

“Sensitive Personally Identifiable Information (SPII)” is a subset of PII, which if lost, compromised or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some forms of PII are sensitive as stand-alone elements. Examples of such PII include: Social Security numbers (SSN), driver’s license or state identification number, Alien Registration Numbers (A-number), financial account number, and biometric identifiers such as fingerprint, voiceprint, or iris scan. Additional examples include any groupings of information that contain an individual’s name or other unique identifier plus one or more of the following elements:

(1) Truncated SSN (such as last 4 digits)
(2) Date of birth (month, day, and year)
(3) Citizenship or immigration status
(4) Ethnic or religious affiliation
(5) Sexual orientation
(6) Criminal History
(7) Medical Information
(8) System authentication information such as mother’s maiden name, account passwords or personal identification numbers (PIN)

Other PII may be “sensitive” depending on its context, such as a list of employees and their performance ratings or an unlisted home address or phone number. In contrast, a business card or public telephone directory of agency employees contains PII but is not sensitive.

(c) Authorities. The Contractor shall follow all current versions of Government policies and guidance accessible at , or available upon request from the Contracting Officer, including but not limited to:

(1) DHS Management Directive 11042.1 Safeguarding Sensitive But Unclassified (for Official Use Only) Information
(2) DHS Sensitive Systems Policy Directive 4300A
(3) DHS 4300A Sensitive Systems Handbook and Attachments
(4) DHS Security Authorization Process Guide
(5) DHS Handbook for Safeguarding Sensitive Personally Identifiable Information
(6) DHS Instruction Handbook 121-01-007 Department of Homeland Security Personnel Suitability and Security Program
(7) DHS Information Security Performance Plan (current fiscal year)
(8) DHS Privacy Incident Handling Guidance
(9) Federal Information Processing Standard (FIPS) 140-2 Security Requirements for Cryptographic Modules accessible at
(10) National Institute of Standards and Technology (NIST) Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations accessible at
(11) NIST Special Publication 800-88 Guidelines for Media Sanitization accessible at

(d) Handling of Sensitive Information. Contractor compliance with this clause, as well as the policies and procedures described below, is required.

(1) Department of Homeland Security (DHS) policies and procedures on Contractor personnel security requirements are set forth in various Management Directives (MDs), Directives, and Instructions. MD 11042.1, Safeguarding Sensitive But Unclassified (For Official Use Only) Information describes how Contractors must handle sensitive but unclassified information. DHS uses the term “FOR OFFICIAL USE ONLY” to identify sensitive but unclassified information that is not otherwise categorized by statute or regulation. Examples of sensitive information that are categorized by statute or regulation are PCII, SSI, etc. The DHS Sensitive Systems Policy Directive 4300A and the DHS 4300A Sensitive Systems Handbook provide the policies and procedures on security for Information Technology (IT) resources. The DHS Handbook for Safeguarding Sensitive Personally Identifiable Information provides guidelines to help safeguard SPII in both paper and electronic form. DHS Instruction Handbook 121-01-007 Department of Homeland Security Personnel Suitability and Security Program establishes procedures, program responsibilities, minimum standards, and reporting protocols for the DHS Personnel Suitability and Security Program.

(2) The Contractor shall not use or redistribute any sensitive information processed, stored, and/or transmitted by the Contractor except as specified in the contract.

(3) All Contractor employees with access to sensitive information shall execute DHS Form 11000-6, Department of Homeland Security Non-Disclosure Agreement (NDA), as a condition of access to such information. The Contractor shall maintain signed copies of the NDA for all employees as a record of compliance. The Contractor shall provide copies of the signed NDA to the Contracting Officer’s Representative (COR) no later than two (2) days after execution of the form.

(4) The Contractor’s invoicing, billing, and other recordkeeping systems maintained to support financial or other administrative functions shall not maintain SPII. It is acceptable to maintain in these systems the names, titles and contact information for the COR or other Government personnel associated with the administration of the contract, as needed.

(e) Authority to Operate. The Contractor shall not input, store, process, output, and/or transmit sensitive information within a Contractor IT system without an Authority to Operate (ATO) signed by the Headquarters or Component CIO, or designee, in consultation with the Headquarters or Component Privacy Officer. Unless otherwise specified in the ATO letter, the ATO is valid for three (3) years. The Contractor shall adhere to current Government policies, procedures, and guidance for the Security Authorization (SA) process as defined below.

(1) Complete the Security Authorization process. The SA process shall proceed according to the DHS Sensitive Systems Policy Directive 4300A (Version 11.0, April 30, 2014), or any successor publication, DHS 4300A Sensitive Systems Handbook (Version 9.1, July 24, 2012), or any successor publication, and the Security Authorization Process Guide including templates.

(i) Security Authorization Process Documentation. SA documentation shall be developed using the Government provided Requirements Traceability Matrix and Government security documentation templates. SA documentation consists of the following: Security Plan, Contingency Plan, Contingency Plan Test Results, Configuration Management Plan, Security Assessment Plan, Security Assessment Report, and Authorization to Operate Letter. Additional documents that may be required include a Plan(s) of Action and Milestones and Interconnection Security Agreement(s). During the development of SA documentation, the Contractor shall submit a signed SA package, validated by an independent third party, to the COR for acceptance by the Headquarters or Component CIO, or designee, at least thirty (30) days prior to the date of operation of the IT system. The Government is the final authority on the compliance of the SA package and may limit the number of resubmissions of a modified SA package. Once the ATO has been accepted by the Headquarters or Component CIO, or designee, the Contracting Officer shall incorporate the ATO into the contract as a compliance document. The Government’s acceptance of the ATO does not alleviate the Contractor’s responsibility to ensure the IT system controls are implemented and operating effectively.

(ii) Independent Assessment. Contractors shall have an independent third party validate the security and privacy controls in place for the system(s). The independent third party shall review and analyze the SA package, and report on technical, operational, and management level deficiencies as outlined in NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations. The Contractor shall address all deficiencies before submitting the SA package to the Government for acceptance.

(iii) Support the completion of the Privacy Threshold Analysis (PTA) as needed. As part of the SA process, the Contractor may be required to support the Government in the completion of the PTA. The requirement to complete a PTA is triggered by the creation, use, modification, upgrade, or disposition of a Contractor IT system that will store, maintain and use PII, and must be renewed at least every three (3) years. Upon review of the PTA, the DHS Privacy Office determines whether a Privacy Impact Assessment (PIA) and/or Privacy Act System of Records Notice (SORN), or modifications thereto, are required. The Contractor shall provide all support necessary to assist the Department in completing the PIA in a timely manner and shall ensure that project management plans and schedules include time for the completion of the PTA, PIA, and SORN (to the extent required) as milestones. Support in this context includes responding timely to requests for information from the Government about the use, access, storage, and maintenance of PII on the Contractor’s system, and providing timely review of relevant compliance documents for factual accuracy. Information on the DHS privacy compliance process, including PTAs, PIAs, and SORNs, is accessible at

(2) Renewal of ATO. Unless otherwise specified in the ATO letter, the ATO shall be renewed every three (3) years. The Contractor is required to update its SA package as part of the ATO renewal process. The Contractor shall update its SA package by one of the following methods:

(1) Updating the SA documentation in the DHS automated information assurance tool for acceptance by the Headquarters or Component CIO, or designee, at least 90 days before the ATO expiration date for review and verification of security controls; or (2) Submitting an updated SA package directly to the COR for approval by the Headquarters or Component CIO, or designee, at least 90 days before the ATO expiration date for review and verification of security controls. The 90 day review process is independent of the system production date and therefore it is important that the Contractor build the review into project schedules. The reviews may include onsite visits that involve physical or logical inspection of the Contractor environment to ensure controls are in place.

(3) Security Review. The Government may elect to conduct random periodic reviews to ensure that the security requirements contained in this contract are being implemented and enforced. The Contractor shall afford DHS, the Office of the Inspector General, and other Government organizations access to the Contractor’s facilities, installations, operations, documentation, databases and personnel used in the performance of this contract. The Contractor shall, through the Contracting Officer and COR, contact the Headquarters or Component CIO, or designee, to coordinate and participate in review and inspection activity by Government organizations external to the DHS. Access shall be provided, to the extent necessary as determined by the Government, for the Government to carry out a program of inspection, investigation, and audit to safeguard against threats and hazards to the integrity, availability and confidentiality of Government data or the function of computer systems used in performance of this contract and to preserve evidence of computer crime.

(4) Continuous Monitoring. All Contractor-operated systems that input, store, process, output, and/or transmit sensitive information shall meet or exceed the continuous monitoring requirements identified in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The plan is updated on an annual basis. The Contractor shall also store monthly continuous monitoring data at its location for a period not less than one year from the date the data is created. The data shall be encrypted in accordance with FIPS 140-2 Security Requirements for Cryptographic Modules and shall not be stored on systems that are shared with other commercial or Government entities. The Government may elect to perform continuous monitoring and IT security scanning of Contractor systems from Government tools and infrastructure.

(5) Revocation of ATO. In the event of a sensitive information incident, the Government may suspend or revoke an existing ATO (either in part or in whole). If an ATO is suspended or revoked in accordance with this provision, the Contracting Officer may direct the Contractor to take additional security measures to secure sensitive information. These measures may include restricting access to sensitive information on the Contractor IT system under this contract. Restricting access may include disconnecting the system processing, storing, or transmitting the sensitive information from the Internet or other networks or applying additional security controls.

(6) Federal Reporting Requirements. Contractors operating information systems on behalf of the Government or operating systems containing sensitive information shall comply with Federal reporting requirements. Annual and quarterly data collection will be coordinated by the Government. Contractors shall provide the COR with requested information within three (3) business days of receipt of the request. Reporting requirements are determined by the Government and are defined in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The Contractor shall provide the Government with all information to fully satisfy Federal reporting requirements for Contractor systems.

(f) Sensitive Information Incident Reporting Requirements.

(1) All known or suspected sensitive information incidents shall be reported to the Headquarters or Component Security Operations Center (SOC) within one hour of discovery in accordance with 4300A Sensitive Systems Handbook Incident Response and Reporting requirements. When notifying the Headquarters or Component SOC, the Contractor shall also notify the Contracting Officer, COR, Headquarters or Component Privacy Officer, and US-CERT using the contact information identified in the contract. If the incident is reported by phone or the Contracting Officer’s email address is not immediately available, the Contractor shall contact the Contracting Officer immediately after reporting the incident to the Headquarters or Component SOC. The Contractor shall not include any sensitive information in the subject or body of any e-mail. To transmit sensitive information, the Contractor shall use FIPS 140-2 Security Requirements for Cryptographic Modules compliant encryption methods to protect sensitive information in attachments to email. Passwords shall not be communicated in the same email as the attachment. A sensitive information incident shall not, by itself, be interpreted as evidence that the Contractor has failed to provide adequate information security safeguards for sensitive information, or has otherwise failed to meet the requirements of the contract.

(2) If a sensitive information incident involves PII or SPII, in addition to the reporting requirements in 4300A Sensitive Systems Handbook Incident Response and Reporting, Contractors shall also provide as many of the following data elements that are available at the time the incident is reported, with any remaining data elements provided within 24 hours of submission of the initial incident report:

(i) Data Universal Numbering System (DUNS);
(ii) Contract numbers affected unless all contracts by the company are affected;
(iii) Facility CAGE code if the location of the event is different than the prime contractor location;
(iv) Point of contact (POC) if different than the POC recorded in the System for Award Management (address, position, telephone, email);
(v) Contracting Officer POC (address, telephone, email);
(vi) Contract clearance level;
(vii) Name of subcontractor and CAGE code if this was an incident on a subcontractor network;
(viii) Government programs, platforms or systems involved;
(ix) Location(s) of incident;
(x) Date and time the incident was discovered;
(xi) Server names where sensitive information resided at the time of the incident, both at the Contractor and subcontractor level;
(xii) Description of the Government PII and/or SPII contained within the system;
(xiii) Number of people potentially affected and the estimate or actual number of records exposed and/or contained within the system; and
(xiv) Any additional information relevant to the incident.

(g) Sensitive Information Incident Response Requirements.

(1) All determinations related to sensitive information incidents, including response activities, notifications to affected individuals and/or Federal agencies, and related services (e.g., credit monitoring) will be made in writing by the Contracting Officer in consultation with the Headquarters or Component CIO and Headquarters or Component Privacy Officer.

(2) The Contractor shall provide full access and cooperation for all activities determined by the Government to be required to ensure an effective incident response, including providing all requested images, log files, and event information to facilitate rapid resolution of sensitive information incidents.

(3) Incident response activities determined to be required by the Government may include, but are not limited to, the following:

(i) Inspections,
(ii) Investigations,
(iii) Forensic reviews, and
(iv) Data analyses and processing.

(4) The Government, at its sole discretion, may obtain the assistance from other Federal agencies and/or third-party firms to aid in incident response activities.

(h) Additional PII and/or SPII Notification Requirements.

(1) The Contractor shall have in place procedures and the capability to notify any individual whose PII resided in the Contractor IT system at the time of the sensitive information incident not later than 5 business days after being directed to notify individuals, unless otherwise approved by the Contracting Officer. The method and content of any notification by the Contractor shall be coordinated with, and subject to prior written approval by the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, utilizing the DHS Privacy Incident Handling Guidance. The Contractor shall not proceed with notification unless the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, has determined in writing that notification is appropriate.

(2) Subject to Government analysis of the incident and the terms of its instructions to the Contractor regarding any resulting notification, the notification method may consist of letters to affected individuals sent by first class mail, electronic means, or general public notice, as approved by the Government. Notification may require the Contractor’s use of address verification and/or address location services. At a minimum, the notification shall include:

(i) A brief description of the incident;
(ii) A description of the types of PII and SPII involved;
(iii) A statement as to whether the PII or SPII was encrypted or protected by other means;
(iv) Steps individuals may take to protect themselves;
(v) What the Contractor and/or the Government are doing to investigate the incident, to mitigate the incident, and to protect against any future incidents; and
(vi) Information identifying who individuals may contact for additional information.

(i) Credit Monitoring Requirements. In the event that a sensitive information incident involves PII or SPII, the Contractor may be required to, as directed by the Contracting Officer:

(1) Provide notification to affected individuals as described above; and/or

(2) Provide credit monitoring services to individuals whose data was under the control of the Contractor or resided in the Contractor IT system at the time of the sensitive information incident for a period beginning the date of the incident and extending not less than 18 months from the date the individual is notified. Credit monitoring services shall be provided from a company with which the Contractor has no affiliation. At a minimum, credit monitoring services shall include:

(i) Triple credit bureau monitoring;
(ii) Daily customer service;
(iii) Alerts provided to the individual for changes and fraud; and
(iv) Assistance to the individual with enrollment in the services and the use of fraud alerts; and/or

(3) Establish a dedicated call center. Call center services shall include:

(i) A dedicated telephone number to contact customer service within a fixed period;
(ii) Information necessary for registrants/enrollees to access credit reports and credit scores;
(iii) Weekly reports on call center volume, issue escalation (i.e., those calls that cannot be handled by call center staff and must be resolved by call center management or DHS, as appropriate), and other key metrics;
(iv) Escalation of calls that cannot be handled by call center staff to call center management or DHS, as appropriate;
(v) Customized FAQs, approved in writing by the Contracting Officer in coordination with the Headquarters or Component Chief Privacy Officer; and
(vi) Information for registrants to contact customer service representatives and fraud resolution representatives for credit monitoring assistance.
(j) Certification of Sanitization of Government and Government-Activity-Related Files and Information. As part of contract closeout, the Contractor shall submit the certification to the COR and the Contracting Officer following the template provided in NIST Special Publication 800-88 Guidelines for Media Sanitization.

INFORMATION TECHNOLOGY SECURITY AND PRIVACY TRAINING (MAR 2015)

(a) Applicability. This clause applies to the Contractor, its subcontractors, and Contractor employees (hereafter referred to collectively as “Contractor”). The Contractor shall insert the substance of this clause in all subcontracts.

(b) Security Training Requirements.

(1) All users of Federal information systems are required by Title 5, Code of Federal Regulations, Part 930.301, Subpart C, as amended, to be exposed to security awareness materials annually or whenever system security changes occur, or when the user’s responsibilities change. The Department of Homeland Security (DHS) requires that Contractor employees take an annual Information Technology Security Awareness Training course before accessing sensitive information under the contract. Unless otherwise specified, the training shall be completed within thirty (30) days of contract award and be completed on an annual basis thereafter not later than October 31st of each year. Any new Contractor employees assigned to the contract shall complete the training before accessing sensitive information under the contract. The training is accessible at The Contractor shall maintain copies of training certificates for all Contractor and subcontractor employees as a record of compliance. Unless otherwise specified, initial training certificates for each Contractor and subcontractor employee shall be provided to the Contracting Officer’s Representative (COR) not later than thirty (30) days after contract award. Subsequent training certificates to satisfy the annual training requirement shall be submitted to the COR via e-mail notification not later than October 31st of each year. The e-mail notification shall state the required training has been completed for all Contractor and subcontractor employees.

(2) The DHS Rules of Behavior apply to every DHS employee, Contractor and subcontractor that will have access to DHS systems and sensitive information. The DHS Rules of Behavior shall be signed before accessing DHS systems and sensitive information. The DHS Rules of Behavior is a document that informs users of their responsibilities when accessing DHS systems and holds users accountable for actions taken while accessing DHS systems and using DHS Information Technology resources capable of inputting, storing, processing, outputting, and/or transmitting sensitive information. The DHS Rules of Behavior is accessible at Unless otherwise specified, the DHS Rules of Behavior shall be signed within thirty (30) days of contract award. Any new Contractor employees assigned to the contract shall also sign the DHS Rules of Behavior before accessing DHS systems and sensitive information. The Contractor shall maintain signed copies of the DHS Rules of Behavior for all Contractor and subcontractor employees as a record of compliance. Unless otherwise specified, the Contractor shall e-mail copies of the signed DHS Rules of Behavior to the COR not later than thirty (30) days after contract award for each employee. The DHS Rules of Behavior will be reviewed annually and the COR will provide notification when a review is required. (c) Privacy Training Requirements. All Contractor and subcontractor employees that will have access to Personally Identifiable Information (PII) and/or Sensitive PII (SPII) are required to take Privacy at DHS: Protecting Personal Information before accessing PII and/or SPII. The training is accessible at

Training shall be completed within thirty (30) days of contract award and be completed on an annual basis thereafter not later than October 31st of each year. Any new Contractor employees assigned to the contract shall also complete the training before accessing PII and/or SPII. The Contractor shall maintain copies of training certificates for all Contractor and subcontractor employees as a record of compliance. Initial training certificates for each Contractor and subcontractor employee shall be provided to the COR not later than thirty (30) days after contract award. Subsequent training certificates to satisfy the annual training requirement shall be submitted to the COR via e-mail notification not later than October 31st of each year. The email notification shall state the required training has been completed for all Contractor and subcontractor employees.

Additional contract terms and conditions applicable to this procurement are:

IDENTIFICATION OF GOVERNMENT OFFICIALS:

The Government Officials assigned to this contract are as follows:

Administrative Contracting Officer:

Name: Gary P. Topper

Phone: 301-447-7280

Email: gary.topper@fema.dhs.gov

Administrative Contract Specialist:

Name: James Suerdieck

Phone: 301-447-7244

Email: james.suerdieck@fema.dhs.gov

Technical Point of Contact hereby delegated authority to accept goods and services and review and approve invoices for this contract:

Name: TBD

Phone: TBD

Email: TBD

TECHNICAL DIRECTION AND SURVEILLANCE

(a) Performance of the work under this contract shall be subject to the surveillance and written technical direction of the Contracting Officer’s Representative (COR), who shall be specifically appointed by the Contracting Officer in writing. Technical direction is defined as a directive to the Contractor which approves approaches, solutions, designs, or refinements; fills in details or otherwise completes the general description of work of documentation items; shifts emphasis among work areas or tasks; or otherwise furnishes guidance to the Contractor. Technical direction includes the process of conducting inquiries, requesting studies, or transmitting information or advice by the COR, regarding matters within the general tasks and requirements in this contract.

(b) The COR does not have the authority to, and shall not, issue any technical direction which:

(1) Constitutes an assignment of additional work outside the Performance Work Statement;

(2) Constitutes a change as defined in the contract clause entitled “Changes”;

(3) In any manner causes an increase or decrease in the total fixed price or the time required for contract performance;

(4) Changes any of the expressed terms, conditions, or specifications of the contract; or

(5) Interferes with the Contractor’s right to perform the specifications of the contract.

(c) All technical directions shall be issued in writing by the COR.

(d) The Contractor shall proceed promptly with the performance of technical directions duly issued by the COR in the manner prescribed by this clause and within his/her authority under the provisions of this clause. Any instruction or direction by the COR which falls within one, or more, of the categories defined in (b)(1) through (5) above, shall cause the Contractor to notify the Contracting Officer in writing within five (5) working days after receipt of any such instruction or direction and shall request the Contracting Officer to modify the contract accordingly. Upon receiving the notification from the Contractor, the Contracting Officer shall either issue an appropriate contract modification within a reasonable time or advise the Contractor in writing within thirty (30) days after receipt of the Contractor’s Letter that:

(1) the technical direction is rescinded in its entirety

(2) the technical direction is within the scope of the contract, does not constitute a change under the “Changes” clause of the contract and that the Contractor should continue with the performance of the technical direction.

(e) A failure of the Contractor and Contracting Officer to agree that the technical direction is within scope of the contract, or a failure to agree upon the contract action to be taken with respect thereto shall be subject to the provisions of the “Disputes” clause of this contract.

(f) Any action(s) taken by the Contractor in response to any direction given by any person other than the Contracting Officer or the COR whom the Contracting Officer shall appoint shall be at the Contractor’s risk.

(g) Performance of the work under this contract shall also be subject to the surveillance of Technical Monitors, as directed by the COR.

BILLING INSTRUCTIONS (JUN 2014)

Contractors will use Standard Form 1034 (Public Voucher for Purchases and Services Other Than Personal) located at when submitting a payment request. A payment request means any invoice or request for contract financing payment requesting reimbursement for supplies or services rendered. The Contractor shall not be paid more frequently than on a twice monthly basis.

Contractors must submit vouchers electronically in pdf format to the FEMA Finance Center at:

FEMA-Finance-Vendor-Payments@fema.dhs.gov.

A copy of the voucher must be submitted electronically to the contracting officer identified within this contract. The submission of vouchers electronically will reduce correspondence and other causes for delay to a minimum and will facilitate prompt payment to the Contractor. Paper vouchers mailed to the finance center will not be processed for payment. If the Contractor is unable to submit a payment request in electronic form, the contractor shall submit the payment request using a method mutually agreed to by the Contractor, the Contracting Officer, and the payment office.

DEFECTIVE OR IMPROPER INVOICES (JUN 2014)

Name, title, phone number, and email of officials of the business concern who are to be notified when the Government receives an improper invoice.

__To be provided by contractor__________________
___________________________________________
___________________________________________

INVOICE APPROVAL (JUN 2014)

The following FEMA individual (in addition to the Contracting Officer) is hereby delegated authority to accept goods and services and to review and approve invoices for this contract:

Authorized Invoice Approver

Name: TBD
Title: TBD
Phone: TBD
Email: TBD

INVOICE INSTRUCTIONS (JUN 2014)

Invoices shall be submitted as follows:

Contractors will use Standard Form 1034 (Public Voucher for Purchases and Services Other Than Personal) and SF 1035 Continuation sheet when requesting payment for supplies or services rendered. The voucher must provide a description of the supplies or services, by line item (if applicable), quantity, unit price, and total amount. The item description, unit of measure, and unit price must match those specified in the contract. Invoices that do not match the line item pricing in the contract will be considered improper and will be returned to the Contractor.

SF 1034 and 1035 instructions:

SF 1034–Fixed Price

The information which a contractor is required to submit in its Standard Form 1034 is set forth as follows:

(1) U.S. Department, Bureau, or establishment and location insert the names and address of the servicing finance office unless the contract specifically provides otherwise.

(2) Date Voucher Prepared – insert date on which the public voucher is prepared and submitted.

(3) Contract/Delivery Order Number and Date – insert the number and date of the contract and delivery order, if applicable, under which reimbursement is claimed.

(4) Requisition Number and Date – leave blank.

(5) Voucher Number – insert the appropriate serial number of the voucher. A separate series of consecutive numbers, beginning with Number 1, shall be used by the contractor for each new contract. When an original voucher was submitted, but not paid in full because of suspended costs, resubmission vouchers should be submitted in a separate invoice showing the original voucher number and designated with the letter “R” as the last character of the number. If there is more than one resubmission, use the appropriate suffix (R2, R3, etc.) The last voucher of every contract or task order should be marked with the next sequential number, with the words “FINAL” (e.g. Invoice No. 1234-FINAL).

(6) Schedule Number; Paid By; Date Invoice Received – leave blank.

(7) Discount Terms – enter terms of discount, if applicable.

(8) Payee’s Account Number – this space may be used by the contractor to record the account or job number(s) assigned to the contract or may be left blank.

(9) Payee’s Name and Address – show the name of the contractor exactly as it appears in the contract and its correct address, except when an assignment has been made by the contractor, or the right to receive payment has been restricted, as in the case of an advance account. When the right to receive payment is restricted, the type of information to be shown in this space shall be furnished by the Contracting Officer.

(10) Shipped From; To; Weight Government B/L Number – insert for supply contracts.

(11) Date of Delivery or Service – show the month, day and year, beginning and ending dates of supplies or services delivered.

(12) Articles and Services – insert the following: “For detail, see Standard Form 1035 total amount claimed transferred from Page ___ of Standard Form 1035.” Type the following certification, signed by an authorized official, on the face of the Standard Form 1034.

“I certify that all payments requested are for
appropriate purposes and in accordance with the
agreements set forth in the contract.”

_______________________ _________
(Name of Official) (Title)

(13) Quantity; Unit Price – insert for supply contracts.

(14) Amount – insert the amount claimed for the period indicated in (11) above. This amount should be transferred from the total per the SF 1035 Continuation Sheet.

INVOICE PREPARATION INSTRUCTIONS SF 1035

The SF 1035 will be used to identify the specific item description, quantities, unit of measure, and prices for each category of deliverable item or service. Suitable self-designed forms may be submitted instead of the SF 1035 as long as they contain the information required.

The information which a contractor is required to submit in its Standard Form 1035 is set forth as follows:

U.S. Department, Bureau, or Establishment – insert the name and address of the servicing finance office.

Voucher Number – insert the voucher number as shown on the Standard Form 1034.

Schedule Number – leave blank.

Sheet Number – insert the sheet number if more than one sheet is used in numerical sequence. Use as many sheets as necessary to show the information required.

Number and Date of Order – insert payee’s name and address as in the Standard Form 1034.

Articles or Services – insert the contract number as in the Standard Form 1034.

Amount – insert the total quantities contract value, and amount and type of fee payable (as applicable).

A summary of claimed current and cumulative goods and services delivered and accepted to date. – Invoices shall include an itemization of all goods and services delivered and accepted for the period by item and by CLIN. Each invoice shall include sufficient detail to identify goods and services as compared to and in accordance with contract terms and conditions. Invoices that do not match the line item pricing in the contract will be considered improper and returned to the contractor. In addition, each invoice shall detail the total charges by showing current and cumulative goods and services both currently invoiced and cumulative to date.

ATTACHMENTS:

Attachment 1 – Statement of Work (SOW)

PROPOSAL PREPARATION INSTRUCTIONS:

A. GENERAL INSTRUCTIONS

1. Any resultant contract shall include the general provisions applicable to the selected offeror’s organization and type of contract awarded. Any additional clauses required by public law, executive order, or acquisition regulations, in effect at the time of execution of the proposed contract, shall be included.

2. The proposal shall be prepared in two (2) parts: a “Technical Proposal” and “Business Proposal”. Each of the parts shall be separate and complete in itself so that evaluation of one may be accomplished independently from evaluation of the other. The technical proposal (Volume 1) must not contain reference to price; however, resource information (such as data concerning labor hours and categories, materials, subcontracts, etc.) must be contained in the technical proposal so that the contractor’s understanding of the statement of work (SOW) may be evaluated.

The two parts shall be organized as follows:

Volume 1: Technical Proposal

Section 1 Work Plan
Section 2 Management Plan
Section 3 Key Personnel
Section 4 Quality Control
Section 5 Experience
Section 6 Past Performance

Volume 1, Technical Proposal Sections 1 through 4, is limited to 50 single sided total pages. Double sided pages will count against the 50 page limit as two pages for each double sided page.

Resumes of proposed key personnel (limited to 3 pages each) under section 3, the experience (limited to 5 pages each) under section 5 and past performance (limited to 5 pages each) under section 6 will not be counted towards the 50 page limitation of the Technical Proposal. Pages submitted in excess of the limitations specified above may not be evaluated by the Government.

Volume 2, Business Proposal, has no page limit and shall include: 1) fixed price, as set forth in the CLIN structure under Section Price/Cost Schedule above, 2) a copy of the offeror’s Representations, Certifications, and Other Statements of Offerors (FAR 52.212-3), 3) evidence of responsibility, 4) letters of commitment (subcontractors, if applicable), and 5) information to support consent to subcontractors (if applicable).

All of the above business proposal information must be provided to be considered for contract award.

Each volume shall be marked with proposal number, title and Offeror’s name. Pages shall be numbered. Front matter (title pages, tables of contents, cross-reference matrices, acronym lists, and glossaries) may be provided solely for the purpose of easing evaluation. The typewritten or printed letters shall be no smaller than Courier or Times New Roman 12 point or equivalent as the minimum size standard, with no reduction permitted except organization charts or other graphic illustrations; in those instances where reduction is allowable (no smaller than 10 point recommended). Offerors shall ensure that the print is easily readable. Each page shall have not less than one-inch margins on each side of the page. Header/footer information (which does not include any information to be evaluated) may be included in the 1″ margin space. Each 8 and 1/2 by 11 inch “sheet” shall count as one page. Foldouts for complete spreadsheets and/or organization charts are permissible up to 11″ by 17″ and shall count as two pages.

3. Amendments to Proposal – Any changes to a proposal made by the offeror after its initial submittal (i.e., in the final revised proposal) shall be accomplished by replacement pages. Changes from the original page shall be indicated on the outside margin by vertical lines adjacent to the change. The offeror shall include the date of the amendment on the lower right corner of the changed pages.

4. The Government will evaluate proposals in accordance with the evaluation criteria set forth in Evaluation Factors for Award section of this combined synopsis/solicitation. Failure to respond or follow the instructions regarding the organization and content of the Technical and the Business Proposals may result in the Offeror’s proposal being removed from further consideration.

B. TECHNICAL PROPOSAL INSTRUCTIONS/CONTENT (VOLUME 1)

Offeror shall provide sufficient written technical documentation including, but not limited to: Work Plan, Management Plan, Key Personnel, Quality Control, Experience, and Past Performance, sufficient enough to explain their ability to meet the requirements of the Statement of Work (SOW) and to allow for thorough evaluation of the proposal.

The following content is required:

Section 1 – Work Plan (Volume 1)

The work plan shall fully describe the offeror’s proposed solution to achieve requirements of the SOW and address the offeror’s technical approach and methodology to successfully achieve the requirements of the SOW. The technical approach shall adequately describe how the offeror will accomplish the requirements of the SOW in a clear, concise, specific, and convincing manner.

The work plan shall be specific, detailed and complete enough to demonstrate the offeror has a thorough understanding of the requirements in the SOW. At a minimum, the offeror shall address the functions and disciplines involved for each objective, skill levels, quantity of resources and methods of operation required for each contract period of performance (base period and option periods). The plan shall describe the proposed allocation of resources (i.e., distribution of staff, types of labor, categories, subcontractors, proposed contractor owned equipment, etc.).

The work plan shall include a phase-out plan that generally describes how the offeror will transfer the duties and responsibilities of all SOW requirements to an incoming new contractor and closeout contract performance in a timely, efficient and effective manner.

Section 2 – Management Plan (Volume 1)

The management plan shall demonstrate the offeror’s ability to direct and control the operation of this requirement both programmatically and on a daily basis in an efficient manner. As part of the management plan, the offeror shall include a risk management plan. The risk management plan shall address how the offeror will manage risks (including both identifying and mitigating risks).

The management plan shall address schedule controls.

Section 3 – Key Personnel (Volume 1)

The offeror shall identify and present resumes of key personnel who will be assigned to this contract and the rationale for positions designated as key (i.e., why the offeror determined the position(s) to be key). The offeror shall demonstrate that the proposed key personnel have an understanding of the program scope and objectives as well as relevant experience. The offeror shall demonstrate an understanding of the importance of assigning experienced, key personnel in the completion of the contract. The offeror shall provide resumes for all proposed key personnel. Letters of commitment shall be provided for key personnel that are not currently employees of the offeror or its proposed subcontractors. Resumes shall be limited to 3 pages each.

Section 4 – Quality Control Plan (Volume 1)

The offeror shall propose quality control that demonstrates the offeror’s ability to propose and execute quality control, whereby the contractor manages and monitors the process and takes the appropriate corrective action to correct performance to meet program objectives.

The quality control shall discuss the offeror’s policies and procedures to ensure compliance with the contract requirements and its methods of documenting and enforcing quality control procedures.

Section 5 – Experience (Volume 1)

The offeror shall describe its recent and relevant experience. Offerors shall submit three (3) examples of experience. Offerors shall provide the information listed below for prime contracts under which it performed relevant work similar in size, scope, and complexity to the subject requirement. [Size – contract dollar value and project duration. Scope – work that is same or similar to that identified in the SOW. Complexity – consideration of performance challenges or complicated tasks and processes.] This information may include the relative experience of predecessor company (resulting from mergers and acquisitions), major subcontractor(s) (defined as a subcontract with a total value greater than $750,000 over the life of the contract), or Contractor Team Arrangement/Joint Venture (FAR 9.6), or an offeror’s parent or affiliated companies (where the offeror’s proposal demonstrates that the resources of the parent or affiliated company will affect the performance of the offeror).

A. Contracting Agency (Company), address and phone number.

B. Contract number and type of contract for work completed in last 5 years or currently in progress

C. Date of contract, period of performance (duration), and place of performance.

D. Address and phone number of contracting and technical officers.

E. Size of contract (average number full time full time equivalents provided per year) and dollar value.

F. Brief description of contract work and responsibilities.

G. Indicate relevance of each project to the immediate one. It is not sufficient to merely state that a project is similar in size, scope, and complexity. Rationale shall be provided to the Government that a project is indeed relevant.

Experience that cannot be verified may not be considered. Past and present customers may be randomly selected out of each offeror’s proposal to verify experience. The point of contact for each of these customers may then be contacted by the source selection team and asked a standard set of predetermined questions regarding the offeror’s experience. Contact with customers must be documented.

Section 6 – Past Performance (Volume 1)

The offeror shall submit three (3) past performance summaries. The offeror shall consider the following:

• Past performance summaries are for contractual work completed in the last five years or currently in process, which are of similar size, scope, and complexity.
• If the offeror has no similar corporate or organizational past performance, the offeror may substitute past performance of a predecessor company (resulting from mergers and acquisitions); major subcontractor(s) (defined as a subcontract with a total value greater than $750,000 over the life of the contract); Contractor Team Arrangement/Joint Venture (FAR 9.6), or an offeror’s parent or affiliated companies (where the offeror’s proposal demonstrates that the resources of the parent or affiliated company will affect the performance of the offeror), or key personnel with relative past performance. If using past performance of key personnel, while they were employed for another company, it should be for the same key personnel role being proposed for this requirement and also verifiable.
• The offeror has provided a list of any contracts terminated for convenience or terminated for default within the last three years.
• Contracts listed include those entered into by the Federal Government, agencies of State and local governments, and commercial customers.

The Government will not restrict its consideration of the quality of past performance to the information provided by the offeror and, when evaluating past performance, the Government may consider any additional information available, such as the information available in Past Performance Information Retrieval System (PPIRS). Proposed past performance that cannot be verified may not be considered. Past and present customers may be randomly selected out of each offeror’s proposal. The point of contact for each of these customers may then be contacted by the source selection team and asked a standard set of predetermined questions regarding the offeror’s performance. Contact with past performance references must be documented. Offerors with no similar past performance will be rated “neutral” for past performance only.

Evaluation of past performance will be a subjective assessment based on consideration of all relevant facts and circumstances. It will not be based on absolute standards of acceptable performance. The Government is seeking to determine whether the offeror has consistently demonstrated a commitment to customer satisfaction and timely delivery of services at fair and reasonable prices.

C. BUSINESS PROPOSAL INSTRUCTIONS (Volume 2)

1. Price/Cost Schedule – The offeror shall propose price (base and all options). The proposed price shall be based on the requirements of the SOW.

2. Representations, Certifications, and Other Statements of Offerors (FAR 52.212-3). This shall be completed and submitted as part of the Business Proposal, or included the offeror’s registration in the System for Award Management (SAM) – www.sam.gov.

3. Evidence of Responsibility

The offeror must submit sufficient evidence of responsibility for the Contracting Officer to make an affirmative determination of responsibility pursuant to the requirements of FAR Subsection 9.104-1. However, in the case of a small business offeror, the Contracting Officer will comply with FAR 19.6. Accordingly, prime offerors should seriously address each element of responsibility. To be determined responsible, a prospective contractor must:

a. Have adequate resources, including financial, facilities, equipment and personnel, to perform the contract, or the ability to obtain them (see FAR 9.104-3(a));

b. Be able to comply with the required or proposed delivery or performance schedule, taking into consideration all existing commercial and governmental commitments;

c. Have a satisfactory performance record (See FAR 9.104-3(b) and Subpart 42.15). A prospective contractor shall not be determined responsible or non-responsible solely on the basis of a lack of relevant performance history, except as provided in FAR 9.104-2;

d. Have a satisfactory record of integrity and business ethics;

e. Have the necessary organization, experience, accounting and operational controls, and technical skills, or the ability to obtain them (including, as appropriate, such elements as production control procedures, property control systems, quality assurance measures, and safety programs applicable to materials to be produced or services to be performed by the prospective contractor and subcontractors). (See FAR 9.104-3(a));

f. Have the necessary production, construction, and technical equipment and facilities, or the ability to obtain them (See FAR 9.104- 3(a)); and

g. Be otherwise qualified and eligible to receive an award under applicable laws and regulations (e.g., Equal Opportunity, Clean Air and Water, Small Business Subcontracting, etc.).

4. Letters of Commitment (Subcontractors) – if applicable

The Business Proposal shall include a letter, on subcontractor letterhead, and signed by an authorized representative of each subcontractor, which specifically indicates the subcontractor’s agreement to be included in the offeror’s proposed teaming arrangement.

5. Information to Support Consent to Subcontractors – if applicable

The offeror must address each of the elements in FAR 44.202-2 in order for proposed subcontractors to be considered by the contracting officer for consent of subcontractors to be granted with the initial award.

EVALUATION FACTORS FOR AWARD:

This acquisition will utilize the Lowest Priced Technically Acceptable (LPTA) procedure to make a best value award. Award will be made on the basis of the lowest evaluated price of proposals meeting or exceeding the acceptability standards for non-cost technical factors. A decision on the technical acceptability of each offeror’s proposals will be made. For those offerors which are determined to be technically acceptable, award will be made to that offeror with the lowest overall price.

The Government intends to evaluate proposals and award a purchase order without discussions with offerors (except clarifications). Therefore, the offeror’s initial proposal should contain the offeror’s best terms from a price and technical standpoint. The Government reserves the right to conduct discussions if the Contracting Officer later determines them to be necessary. The Government reserves the right to make no award at all as a result of this solicitation.

All information provided in the offeror’s proposal will be evaluated for technical acceptability in accordance with the following technical evaluation factors

Factor 1 Work Plan
Factor 2 Management Plan
Factor 3 Key Personnel
Factor 4 Quality Control
Factor 5 Experience
Factor 6 Past Performance

The merits of the work plan (Factor 1), management plan (Factor 2), key personnel (Factor 3), Quality Control (Factor 4), Experience (Factor 5), and Past Performance (Factor 6) are equal in importance.

The technical factors and price are of equal importance.

TECHNICAL EVALUATION FACTORS:

Factor 1 – Work Plan

The technical evaluation will consider the merits of work plan and conformance/technical acceptability of the following:

– the proposed technical approach/methodology.
– the proposed solution to successfully achieve the requirements of the Statement of Work (SOW).
– how the offeror will successfully meet the requirements of the SOW, that are required to meet industry regulations and standards, and are in full compliance with the requirement set forth in the SOW.
– the offeror’s understanding of the requirements of the SOW and ensure the plan is clear, concise, specific, and efficient.
– the phase-out plan and how it fully describes how the offeror will transfer the duties and responsibilities of all SOW requirements to an incoming new contractor and closeout contract performance in a timely, efficient and effective manner.

Factor 2 – Management Plan

The technical evaluation will consider the merits of the management plan and conformance/technical acceptability of the following:

– the offeror’s ability to direct and control the operation of this requirement both programmatically and on a daily basis in an efficient and effective manner.
– how the offeror will manage risks (including both identifying and mitigating risks) through the management plan.
– how the offeror will successfully and efficiently manage the requirements of the SOW.
– how management plan addresses schedule controls.

Factor 3 – Key Personnel

The technical evaluation will consider the merits of the key personnel and conformance/technical acceptability of the following:

– the merits of the key personnel, who will be assigned to this contract.
– how the offeror demonstrates that the proposed key personnel will have an understanding of the program scope and objectives as well as relevant experience.

Factor 4 – Quality Control

The technical evaluation will consider the merits of the quality control and conformance/technical acceptability of the following:

– how the quality control demonstrates the offeror’s ability to execute quality control, whereby the contractor manages and monitors the process and takes the appropriate corrective action to correct performance to meet program objectives.
– how the quality control demonstrates the offeror’s provision of effective quality control for all requirement of the SOW.
– how the quality control discusses the offeror’s policies and procedures to ensure compliance with the contract requirements and its methods of documenting and enforcing quality control procedures.

Factor 5 – Experience

The technical evaluation will consider the merits of the experience and conformance/technical acceptability of the following:

– the relevance of the experience.
– has the offeror performed contractual work that is the same or similar to the requirements set forth in this solicitation.

Factor 6 – Past Performance

The technical evaluation will consider the merits of the past performance and conformance/technical acceptability of the following:

– the relevance of the past performance.
– how well the offeror performed (satisfactory or better) for contractual work that is the same or similar to the requirements set forth in this solicitation.

PRICE EVALUATION FACTORS:

Price proposals will be evaluated but will not be assigned a rating. Adequate price competition is expected for this acquisition. The evaluated price will be based on the total price of all CLINS inclusive of options. The following factors will be used to evaluate price:

(1) Complete. The business proposal will be evaluated to determine if all price information required by the Combined Synopsis/Solicitation has been submitted in accordance with Proposal Preparation Instructions.

(2) Price reasonableness. Price reasonableness will be based on competitive quotations or offers. In the event of a single offer, price reasonableness will be evaluated based on the degree a prudent person would expect to incur for the same or similar services. Fixed prices, that are higher than the amount a prudent person would expect to pay for the services will be considered unreasonable.

OFFEROR QUESTIONS:

If you have any questions, please contact both James Suerdieck and Gary Topper by email to: james.suerdieck@fema.dhs.gov and gary.topper@fema.dhs.gov. Questions shall be submitted no later than August 5, 2019. No phone calls accepted. Questions submitted after this deadline may not receive a response.

PROPOSAL SUBMISSION INSTRUCTIONS:

Your Original Proposal (Volumes 1 and 2) including all supporting documentation shall be submitted electronically by email (using PDF, MS Word, and/or MS Excel) to  both James Suerdieck, james.suerdieck@fema.dhs.gov and Gary Topper, gary.topper@fema.dhs.gov, not later than 4:00 p.m. (Eastern Time) on August 13, 2019.

Response Date:
081319

Sol Number:
70FA2019Q00000028