Cloud Tenders

Details: Description Republic Of The Philippines Region X Province Of Lanao Del Norte Gov. Arsenio A. Quibranza Provincial Government Center Pigcarangan, Tubod, Lanao Del Norte Invitation To Bid For Construction Of Slope Protection Along Baroy- Sta. Cruz- Salong Provincial Road Grouted Riprap (slope Protection), L= 198.62m: (sta. 1+686.05 - Sta. 1+775.05, Sta. 9+087.26 - Sta. 9+119.26 & Sta. 13+080.00 - Sta. 13+117.62), Grouted Riprap (line Canal), L=167.03m: (sta. 9+119.26 - Sta. 9+220.00 & Sta. 13+005.60 - Sta. 13+080.00), Pccp Shoulder, L=236.65 M: (sta. 9+087.26 - Sta. 9+119.26, Sta. 13+080.00 - Sta. 13+117.62 & Sta. 9+119.26 - Sta. 9+220.00 & Sta. 13+005.60 - Sta. 13+080.00), Rein. Concrete Line Ditch, L=183.59 M: (sta.1+819.29 - Sta. 2+002.88) Baroy, Lanao Del Norte Project Number: Ldn-2025-81 April 29, 2025 The Provincial Government Of Lanao Del Norte Through The Provincial Government Of Lanao Del Norte For Cy 2025 Under Peo General Fund And Intends To Apply The Sum Of Five Million Pesos (php 5,000,000.00) Only Being The Approved Budget For The Contract (abc) To Payments Under The Contract For The Construction Of Slope Protection Along Baroy-sta. Cruz-salong Provincial Road ; Grouted Riprap (slope Protection), L= 198.62m: (sta. 1+686.05 - Sta. 1+775.05, Sta. 9+087.26 - Sta. 9+119.26 & Sta. 13+080.00 - Sta. 13+117.62), Grouted Riprap (line Canal), L=167.03m: (sta. 9+119.26 - Sta. 9+220.00 & Sta. 13+005.60 - Sta. 13+080.00), Pccp Shoulder, L=236.65 M: (sta. 9+087.26 - Sta. 9+119.26, Sta. 13+080.00 - Sta. 13+117.62 & Sta. 9+119.26 - Sta. 9+220.00 & Sta. 13+005.60 - Sta. 13+080.00), Rein. Concrete Line Ditch, L=183.59 M: (sta.1+819.29 - Sta. 2+002.88). Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. The Provincial Government Of Lanao Del Norte Now Invites Bids For The Above Procurement Project. Completion Of The Works Is Required 60 Calendar Days (including Saturdays, Sundays, Regular Holidays And 16 Predetermined Unworkable Days). Bidders Should Have Completed A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 1. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. 2. Interested Bidders May Obtain Further Information From The Bids And Awards Committee Of The Provincial Government Of Lanao Del Norte And Inspect The Bidding Documents At The Address Given Below From 8:00 Am To 5:00 Pm. 3. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On April 29, 2025 From Given Address And Website/s Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Thousand Pesos (php 5,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees Which Will Be Presented In Person, By Facsimile, Or Through Electronic Means. 4. The Provincial Government Of Lanao Del Norte Will Hold A Pre-bid Conference On May 8,2025@10:00am At The Office Of Bids And Awards Committee, General Services Office, 1st Floor New Capitol Building, Gov. Arsenio A. Quibranza Provincial Government Center, Pigcarangan, Tubod, Lanao Del Norte, Which Shall Be Open To Prospective Bidders. 5. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address As Indicated Below, (ii) Online Or Electronic Submission As Indicated Below, Or (iii) Both On Or Before May 20,2025@10:00am. Late Bids Shall Not Be Accepted. 6. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 16. 7. Bid Opening Shall Be On May 20,2025@10:00am At Office Of Bids And Awards Committee, General Services Office, 1st Floor New Capitol Building, Gov. Arsenio A. Quibranza Provincial Government Center, Pigcarangan, Tubod, Lanao Del Norte And/or Through [insert Website, Application, Or Technology To Be Used].}bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 8. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 9. The Provincial Government Of Lanao Del Norte Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Implementing Rules And Regulations (irr) Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 10. For Further Information, Please Refer To: [engr. Marietta L. Borillo] [provincial Engineer’s Office] [bulod, Tubod, Lanao Del Norte] [tel. N. (063)341-5475] [email Address: Peo_2017@yahoo.com] 11. You May Visit The Following Websites: For Downloading Of Bidding Documents: [indicate Websites] [if Applicable] For Online Bid Submission: [indicate Website] [date Of Issue] (sgd) Ms. Marietta L. Borillo Bac Chairperson

Details: Description P.r. No. 25-0042 Republic Of The Philippines Zamboanga City Water District Pilar Street, Zamboanga City Invitation To Bid For Supply & Delivery Of Various Brass Fittings For Use In New Tapping Materials And To Be Carried As Stock Delivery Period: 45 Calendar Days Upon Receipt Of Ntp Point Of Delivery: Zcwd Property Section, Motorpool, Pasonanca, Z.c. Note: You Can Download The Philippine Bidding Documents And Omnibus Sworn Statement Revised (as Of July 3, 2023) In The Associated Components. 1. The Zamboanga City Water District, Through The Corporate Budget For The Contract Approved By The Board For Year 2025 Intends To Apply The Sum Of Three Million Five Hundred Seventy-nine Thousand Eight Hundred Sixty-eight Pesos And 92/100 (p 3,579,868.92) Being The Abc To Payments Under The Contract For Purchase Requisition No. 25-0042. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Zamboanga City Water District Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 45 Calendar Days Upon Receipt Of Notice To Proceed (ntp). Bidders Should Have Completed, Within Five (5) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non- Discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Zamboanga City Water District And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 Am To 5:00 Pm. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On May 8, 2025 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Thousand One Hundred Pesos (p 5,100.00) Inclusive Of Franchise/withholding Tax Of 2% Of The Bid Document Fee. The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees And It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. Payment For The Applicable Fee For The Bidding Documents May Be Deposited In Our Zcwd Bid Documents Payment Account: Bank: Landbank Of The Philippines (lbp) Account Name: Zamboanga City Water District Account Number: 0191-3826-84 Account Type: Savings Bank Branch: Lbp Main Branch, Landbank Building F. Marcos Cor. Valderosa Sts., Pettit Barracks, Zamboanga City Thereafter, Send A Screenshot Or Scanned Copy Of The Deposit/confirmation Slip To Our Email Address, Bac@zcwd.gov.ph, On Or Before The Deadline For The Submission Of Bids. 6. The Zamboanga City Water District Will Hold A Pre-bid Conference1 On May 15, 2025 At 2pm At The Office Of The Bids And Awards Committee (bac), 3rd Floor, Zcwd Bldg., Pilar St., Zamboanga City And/or Through Video Conferencing Or Webcasting Via Google Meet, Which Shall Be Open To Prospective Bidders. Please Refer To The Link Below For The Scheduled Meeting: Pre-bid Conference For The Following Purchase Requisition Nos. 25-0038, 25-0042, 25-0046, 25-0047 & 25-0077. Thursday, May 15 · 2:00 – 4:30pm Time Zone: Asia/manila Google Meet Joining Info Video Call Link: Https://meet.google.com/gnd-ywby-ppi 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below, On Or Before 2:00 Pm On May 29, 2025. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On May 29, 2025 At 2pm At The Given Address Below At The Office Of The Bids And Awards Committee (bac), 3rd Floor, Zcwd Bldg., Pilar St., Zamboanga City And/or Via Google Meet. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. Please Refer To The Link Below For The Scheduled Meeting: Public Bid Opening For The Following Purchase Requisition Nos. 25-0038, 25-0042, 25-0046, 25-0047 & 25-0077 Thursday, May 29 · 2:00 – 5:00pm Time Zone: Asia/manila Google Meet Joining Info Video Call Link: Https://meet.google.com/uzt-xxmv-zkv 10. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 11. The Zamboanga City Water District Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Atty. Vincent F. Fernandez Chairperson, Bids & Awards Committee Zamboanga City Water District Zcwd Bldg., Pilar St., Zamboanga City, 7000 Zcwdbacsec.jen@zcwd.gov.ph/ Zcwdbacsec.jeanette@zcwd.gov.ph Telefax No. (062) 991-6185 Www.zcwd.gov.ph 13. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.zcwd.gov.ph; Www.philgeps.gov.ph [if Applicable] For Online Bid Submission: [indicate Website] _________(signed)_________ Atty. Vincent F. Fernandez Chairperson Bids & Awards Committee

Details: Description Republic Of The Philippines Province Of Misamis Occidental Municipality Of Calamba Tel. No. (088) 271-3215 / 271-4730 _______________________________________________ Invitation To Bid For Purchase Of Construction Materials For Rhu Roofing Improvement 1. The Municipality Of Calamba, Misamis Occidental, Through The 20% Development Fund 2025 Intends To Apply The Sum Of Three Hundred Fifty Six Thousand Three Hundred Nineteen Pesos And 53/100 (p356,319.53) Being The Abc To Payments Under The Contract For Purchase Of Construction Materials For Rhu Roofing Improvement, With The Project Identification Number Lgucal-pb-2025-13 . Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. Item # Description Quantity Unit 1 4" X 6.0 G.i. Pippe S-40 6.00 Pcs 2 5 Mm X 4'x 8 'steel Plate 1.00 Sht. 3 Welding Rod 11.50 Kls 4 Portland Cement 5.00 Bags 5 Sand 1.50 Cu.m 6 4"cutting Disc 26.00 Pcs 7 1/4"x 1 1/2" X6.0 M Angle Bar 74.00 Pcs 8 1/4"x 1" X6.0 M Angle Bar 18.00 Pcs 9 2"x 3"x 6m C-purlins 45.00 Length 10 Metal Primer, Red Oxide 4.00 Gal 11 Priimer Gray 4.00 Gal 12 Paint Thinner ( 350 Cc) 3.00 Bot 13 2 1/2"paint Brush 2.00 Pcs 14 0.4 Mm X 1.05 Meter Pre Painted Roofing 273.00 Meter 15 2"tek Screw 1500.00 Pcs. 16 0.4m X 12" X 8'pre Painted Wall Flashing 15.00 Pcs. 17 1/8" Drill Bit 6.00 Pcs 18 Vulcaseal 2.00 Liters 19 1"x 1"aluminum Square Tube 20.00 Length 20 1"x 1"aluminum Angle 6.00 Length 21 1/8 X 1" Blind Rivets 4.00 Box 22 4 Mm X 4"x 8"aluminum Cladding Green 7.00 Sheet 23 Silicone Sealant Black 15.00 Pcs. 24 2"screw 100.00 Pcs. 2. The Municipality Of Calamba, Misamis Occidental Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 30 Calendar Days. Bidders Should Have Completed, Within Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non- Discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From The Office Of Bac Secretariat, Local Government Unit, Calamba, Misamis Occidental And Inspect The Bidding Documents At The Address Given Below During Office Hours, 8:00-12:00 A.m., 1:00-5:00 P.m.) 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On March 8, 2025 To March 20, 2025, From 8:00 Am To 5:00 Pm (mondays To Fridays Only) From The Given Address And Website(s) Below [insert If Necessary: And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of P500.00. The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees. It May Also Be Downloaded Free Of Charge From The Website Of The Philippine Government Electronic Procurement System (philgeps) And The Website Of The Procuring Entity, Provided That Bidders Shall Pay The Applicable Fee For The Bidding Documents Not Later Than The Submission Of Their Bids. 6. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below, (ii) Online Or Electronic Submission As Indicated Below, Or (iii) Both} On Or Before March 20, 2025, 2:00 P.m. Late Bids Shall Not Be Accepted. 7. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 8. Bid Opening Shall Be On March 20, 2025, 2:00 P.m. At The Bac Conference Room, Municipal Multi-purpose Hall, Calamba, Misamis Occidental. {[if Applicable, Insert] And/or Via [insert Website, Application, Or Technology To Be Used].} Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 9. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 10. The Municipality Of Calamba, Misamis Occidental Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Engr. Jopson D. Baones Chairperson, Bids And Awards Committee Lgu-calamba, Misamis Occidental Tel. No. (088) 271-3215 Email Address-baclgucalambamisocc@gmail.com Fax No. (088) 271-3221 Website:www.calambamisocc.gov.ph 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: [indicate Websites] March 7, 2025 [date Of Issue]

Details: Description P.r. No. 25-0046 Republic Of The Philippines Zamboanga City Water District Pilar Street, Zamboanga City Invitation To Bid For 1. Powder Chlorine (calcium Hypochlorite) 65%-70% At 45 Kgs/pail ----------- 300 Pails Specifications: 1. 65%-70% Purity Accompanied By A Result From Pipac Or Other Accredited Laboratory That The Brand Name Offered Passed The % Purity As Required. Delivery Period: 40 Days After Receipt Of Ntp Point Of Delivery: Zcwd Water Treatment Plant, Pasonanca, Z.c. Note: You Can Download The Philippine Bidding Documents And Omnibus Sworn Statement Revised (as Of July 3, 2023) In The Associated Components. 1. The Zamboanga City Water District, Through The Corporate Budget For The Contract Approved By The Board For Year 2025 Intends To Apply The Sum Of One Million Eight Hundred Ninety Thousand Pesos (p 1,890,000.00) Being The Abc To Payments Under The Contract For Purchase Requisition No. 25-0046. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Zamboanga City Water District Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 40 Days After Receipt Of Notice To Proceed (ntp). Bidders Should Have Completed, Within Five (5) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non- Discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Zamboanga City Water District And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 Am To 5:00 Pm. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On May 8, 2025 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Thousand One Hundred Pesos (p 5,100.00) Inclusive Of Franchise/withholding Tax Of 2% Of The Bid Document Fee. The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees And It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. Payment For The Applicable Fee For The Bidding Documents May Be Deposited In Our Zcwd Bid Documents Payment Account: Bank: Landbank Of The Philippines (lbp) Account Name: Zamboanga City Water District Account Number: 0191-3826-84 Account Type: Savings Bank Branch: Lbp Main Branch, Landbank Building F. Marcos Cor. Valderosa Sts., Pettit Barracks, Zamboanga City Thereafter, Send A Screenshot Or Scanned Copy Of The Deposit/confirmation Slip To Our Email Address, Bac@zcwd.gov.ph, On Or Before The Deadline For The Submission Of Bids. 6. The Zamboanga City Water District Will Hold A Pre-bid Conference1 On May 15, 2025 At 2pm At The Office Of The Bids And Awards Committee (bac), 3rd Floor, Zcwd Bldg., Pilar St., Zamboanga City And/or Through Video Conferencing Or Webcasting Via Google Meet, Which Shall Be Open To Prospective Bidders. Please Refer To The Link Below For The Scheduled Meeting: Pre-bid Conference For The Following Purchase Requisition Nos. 25-0038, 25-0042, 25-0046, 25-0047 & 25-0077. Thursday, May 15 · 2:00 – 4:30pm Time Zone: Asia/manila Google Meet Joining Info Video Call Link: Https://meet.google.com/gnd-ywby-ppi 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below, On Or Before 2:00 Pm On May 29, 2025. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On May 29, 2025 At 2pm At The Given Address Below At The Office Of The Bids And Awards Committee (bac), 3rd Floor, Zcwd Bldg., Pilar St., Zamboanga City And/or Via Google Meet. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. Please Refer To The Link Below For The Scheduled Meeting: Public Bid Opening For The Following Purchase Requisition Nos. 25-0038, 25-0042, 25-0046, 25-0047 & 25-0077 Thursday, May 29 · 2:00 – 5:00pm Time Zone: Asia/manila Google Meet Joining Info Video Call Link: Https://meet.google.com/uzt-xxmv-zkv 10. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 11. The Zamboanga City Water District Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Atty. Vincent F. Fernandez Chairperson, Bids & Awards Committee Zamboanga City Water District Zcwd Bldg., Pilar St., Zamboanga City, 7000 Zcwdbacsec.jen@zcwd.gov.ph/ Zcwdbacsec.jeanette@zcwd.gov.ph Telefax No. (062) 991-6185 Www.zcwd.gov.ph 13. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.zcwd.gov.ph; Www.philgeps.gov.ph [if Applicable] For Online Bid Submission: [indicate Website] _________(signed)_________ Atty. Vincent F. Fernandez Chairperson Bids & Awards Committee

Details: Description Republic Of The Philippines Province Of Bukidnon Municipality Of Lantapan Invitation To Bid For Supply & Delivery Of Materials For The Construction Of Laboratory Facilities At Buksu Satellite Campus-lantapan (1st Bid) 1. The Local Government Unit Of Lantapan, Through The Sb # 1 Cy 2025 Intends To Apply The Sum Of Two Hundred Ninety Thousand Nine Hundred Eighty Pesos (php 290,980.00) Being The Abc To Payments Under The Contract Supply & Delivery Of Materials For The Construction Of Laboratory Facilities At Buku Satellite Campus-lantapan Ib # 2025-06-056 Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Local Government Unit Of Lantapan Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Required Is 20 Calendar Days. Bidders Should Have Completed, From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Open To All Interested Bidders, Whether Local Or Foreign, Subject To The Conditions For Eligibility Provided In The 2016 Revised Irr Of Ra No. 9184. 4. Prospective Bidders May Obtain Further Information From The Local Government Unit Of Lantapan And Inspect The Bidding Documents At The Address Given Below During Mondays To Fridays From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 12, 2025 To June 19, 2025 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Hundred Pesos (php 500.00). The Procuring Entity Shall Allow The Bidder To Present Personally Its Proof Of Payment For The Fees. [note: For Lot Procurement, The Maximum Fee For The Bidding Documents For Each Lot Shall Be Based On Its Abc, In Accordance With The Guidelines Issued By The Gppb; Provided That The Total Fees For The Bidding Documents Of All Lots Shall Not Exceed The Maximum Fee Prescribed In The Guidelines For The Sum Of The Abc Of All Lots.] 6. The Local Government Unit Of Lantapan Will Hold A Pre-bid Conference On ______in The Morning Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office 2nd Floor, Municipal Conference Room, Municipal Hall, Poblacion, Lantapan, Bukidnon, On Or Before 8:45 A.m (philippine Standard Time) On June 19, 2025. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On June 19, 2025 At 9:00 O’clock A.m At The Given Address Below. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 11. The Local Government Unit Of Lantapan Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Jefer Mae B. Macana Bac Secretariat Bac Office, 2/f Municipal Hall Purok 6, Poblacion, Lantapan Bukidnon, Philippines Email Add: Lant.bacsec2024@gmail.com 13. You May Visit The Following Website/s: Lantapan.gov.ph For Downloading Of Bidding Documents: Www.philgeps.gov.ph Date Of Issue: June 12, 2025 Engr. Jessell S. Pacturan, C.e. Bac Chairperson Reference No.: Ib # 2025-06-056 Name Of Project: Supply & Delivery Of Materials For The Construction Of Laboratory Facilities At Buksu Satellite Campus - Lantapan Location Of Delivery: Lgu-lantapan, Bukidnon Abc: Php 290,980.00 Item No. Item Description Unit Of Issue Quantity Unit Price Amount 1 3/4" Marine Plywood Lhs 75 2 1-1/2" Hi Lo Screw, For Wood Lhs 15 3 Wood Glue Sachet 20 4 Body Filler, Macilla Gal 2 5 Sand Paper No. 60 Bundle 2 6 Sand Paper No. 180 Bundle 2 7 Putty Knife With Handle, 4" Pcs 4 8 Paint Enamel, Primer Gals 22 9 Semi Gloss Enamel, Snow Gray Gals 22 10 Baby Paint Roller With Tray Sets 6 11 Paint Brush No. 4 Pcs 6 12 Paint Brush No. 3 Pcs 6 13 1-1/2" X 1" Rectangular Tube, 1.2mm Lhs 6 14 12mm Dia Plain Round Bar Lhs 4 15 1/8 Welding Rod Kgs 5 16 Cutting Disc No. 4 Pcs 5 17 1/2" Good Marine Plywood Sheets 18 18 0.500mm Thk Double Furring Lhs 30 19 1/8" X 1/2" Blind Rivets Boc 4 20 1/2" X 1/8" Drillbit Pcs 10 21 0.70 M X 2.70 M Fixed Clear Glass With Sets 1 Aluminum Frame With Installation 22 3.65 M X 2.50 M Fixed Clear Glass With Sets 1 Aluminum Frame With Installation 23 8 Meters X 2.40 Meters Sliding Glass Sets 1 Wall Partition With Installation Total Total Bid Price In Figure: Total Bid Price In Words: Prepared And Submitted By:

Details: This Sources Sought Notice Is For Planning Purposes Only And Shall Not Be Considered As An Invitation For Bid, Request For Quotation, Request For Proposal, Or As An Obligation On The Part Of The Government To Acquire Any Products And/or Services. Your Response To This Sources Sought Notice Will Be Treated As Information Only. No Entitlement To Payment Of Direct Or Indirect Costs Or Charges By The Government Will Arise Because Of Contractor Submission Of Responses To This Announcement Or The Government Use Of Such Information. This Request Does Not Constitute A Solicitation For Proposals Or The Authority To Enter Negotiations To Award A Contract. No Funds Have Been Authorized, Appropriated, Or Received For This Effort. the Information Provided May Be Used By The Department Of Veterans Affairs In Developing Its Acquisition Approach, Statement Of Work/statement Of Objectives And Performance Specifications. Interested Parties Are Responsible For Adequately Marking Proprietary Or Competition Sensitive Information Contained In Their Response. The Government Does Not Intend To Award A Contract Based On This Sources Sought Notice Or To Otherwise Pay For The Information Submitted In Response To This Sources Sought Notice. the Submission Of Pricing, Capabilities For Planning Purposes, And Other Market Information Is Highly Encouraged And Allowed Under This Sources Sought Notice In Accordance With (iaw) Far Part 15.201(e) the Purpose Of This Sources Sought Notice Announcement Is For Market Research To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Potential Qualified Service-disabled Veteran Owned Small Businesses, Veteran Owned Small Businesses, 8(a), Hubzone And Other Small Businesses Interested And Capable Of Providing The Products And/or Services Described Below. documentation Of Technical Expertise Must Be Presented In Sufficient Detail For The Government To Determine That Your Company Possesses The Necessary Functional Area Expertise And Experience To Compete For This Acquisition. Responses To This Notice Shall Include The Following: (a) Company Name; (b) Address; (c) Point Of Contact; (d) Phone, Fax, And Email; (e) Uei Number; (f) Cage Code; (g) Tax Id Number; (h) Type Of Small Business, E.g., Services Disabled Veteran Owned Small Business, Veteran Owned Small Business, 8(a), Hubzone, Women Owned Small Business, Small Disadvantaged Business, Or Small Business Hubzone Business, Etc (i) State If Your Business Has An Fss Contract With Gsa, Va Nac, Nasa Sewp, Or Any Other Federal Contract, That Can Be Utilized To Procure The Requirement Listed Below And Provide The Contract Number; And (j) Must Provide A Capability Statement That Addresses The Organization S Qualifications And Ability To Perform As A Contractor For The Work Described Below. requirement: the Va Heartland Network 15 Contracting Office Located At 3450 South 4th Street, Leavenworth, Ks, 66048-5055 Is Seeking A Potential Qualified Contractor To Provide An Automated Special Staining Instrumentation Lease & Bulk Reagent Purchase (i.e.: Artisan Link Pro Special Staining System & Artisan Reagents) For The Kansas City Va Medical Center, Located In Kansas City, Missouri, And The John J. Cochran Veterans Hospital, Located In St. Louis, Missouri. This Is A Brand Name Or Equal Requirement. Please See The Statement Of Work For More Specifics And Details. the North American Industry Classification System Code (naics Code) Is 334516 (analytical Laboratory Instrument Manufacturing), Size Standard 1,000 Employees. Based On This Information, Please Indicate Whether Your Company Would Be A Large Or Small Business And Have A Socio-economic Designation As A Small Business, Vosb Or Sdvosb. important Information: the Government Is Not Obligated To, Nor Will It Pay For Or Reimburse Any Costs Associated With Responding To This Source Sought Synopsis Request. This Notice Shall Not Be Construed As A Commitment By The Government To Issue A Solicitation Or Ultimately Award A Contract, Nor Does It Restrict The Government To An Acquisition Approach. The Government Will In No Way Be Bound To This Information If Any Solicitation Is Issued. Currently A Total Set-aside For Service-disabled Veteran Owned Small Business Firms Is Anticipated Based On The Veterans Administration Requirement With Public Law 109-461, Section 8127 Veterans Benefit Act. However, If Response By Service-disabled Veteran Owned Small Business Firms Proves Inadequate, An Alternate Set-aside Or Full And Open May Be Used. responses To This Notice Shall Be Submitted Via Email To Erika Kobulnicky At Erika.kobulnicky@va.gov. Telephone Responses Will Not Be Accepted. Responses Must Be Received No Later Than Wednesday, February 19, 2025, At 10:00am Cst. If A Solicitation Is Issued It Shall Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately From The Responses To This Sources Sought. Responses To This Sources Sought Notice Are Not A Request To Be Added To A Prospective Bidders List Or To Receive A Copy Of The Solicit. marion, Il Vamc And Ehcc Outpatient Clinic statement Of Work: Scriptpro Eyecon description Of Use: To Be Used At The Marion Va Medical Center Pharmacy And In The Evansville, In Outpatient Clinic this Solicitation Uses A Brand Name Or Equal Description Of The Product Required. This Permits Prospective Contractors To Offer Products Other Than Those Specifically Referenced By Brand Name. All Offers Must Work With Existing Equipment That Has Already Been Purchased And Is Currently In Use At The Station. minimum Technical Specifications: the Scriptpro Dispensing System Must Also Be Assembled Within The Manufactured Country Or Show Significant Proof Of An Internationally Recognized Quality Assurance Program certificate Of Authenticity Will Need To Be Provided the Dispensing System Must Have The Following: safety must Use Barcode Verification To Ensure Accuracy Of Dispensing And Must Work With Scriptpro Label Barcode unit Must Have Means To Track Dispensed Drug Quantities And Contain Image Verification Of Quantities Dispensed. must Come Equipped With Database Of Drug Images For Dispensing Verification. must Include Additional Counting Platters For Penicillin And Sulfa To Avoid Cross Contamination. workflow must Allow For Integration With Scriptpro/vista To Verify Correct Dispensing Quantities. must Fit In Existing Space With A Footprint Of 28 H X 11 W X 17.5 D. must Count With A Count Accuracy Of At Least 99.9%. verification Should Include Easy Work Flow Optics Such As Color Touch Screen. must Include Large Counting Area Of 48 Sq Inches For Larger Quantity Verification. information Technology must Integrate With Current Equipment, Including Scriptpro Dispensing/filling Stations must Interface With Vista, Ups Worldship, And Usps Sendsuite System Platforms. all Equipment Must Be New description quantity sp Eyecon 9430 2 optional/value Added Features: n/a required Interfaces: must Interface With Current Sp Equipment. Must Also Interface With Vista/cprs. delivery Location(s): department Of Veterans Affairs marion Va Medical Center 2401 West Main Street marion, Il 62959-1188 department Of Veterans Affairs evansville Va Healthcare Center 6211 E Waterford Blvd evansville, In 47715 records Management Obligations applicability this Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists.   definitions Federal Record As Defined In 44 U.s.c. § 3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them.   the Term Federal Record: includes [agency] Records.â  does Not Include Personal Materials. applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. may Include Deliverables And Documentation Associated With Deliverables. requirements contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â  in Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â  in Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â  [agency] And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of [agency] Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To [agency]. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. the Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To [agency] Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). the Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And [agency] Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. the Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With [agency] Policy.â  the Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public [agency] Information That Are Not Specifically Tied To Or Authorized By The Contract.â  the Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â  the [agency] Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which [agency] Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. training.  all Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take [agency]-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â  [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â  flow Down Of Requirements To Subcontractors the Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â  violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. general. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. Contractors, Contractor Personnel, Subcontractors And Subcontractor Personnel Will Be Subject To The Same Federal Laws, Regulations, Standards, Va Directives And Handbooks, As Va Personnel Regarding Information And Information System Security And Privacy. va Information Custodial Language. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. the Government Shall Receive Unlimited Rights To Data/intellectual Property First Produced And Delivered In The Performance Of This Contract Or Order (hereinafter Contract ) Unless Expressly Stated Otherwise In This Contract. This Includes All Rights To Source Code And All Documentation Created In Support Thereof. The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. The Primary Clause Used To Define Computer Software License (not Data/intellectual Property First Produced Under This Contractor Or Order) Is Far 52.227-19, Commercial Computer Software License. information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Will Be Used Only For The Purposes Specified In The Service Agreement, Sow, Pws, Pd, And/or Contract. The Contractor Shall Not Use Va Information In Any Other Manner Without Prior Written Approval From A Va Contracting Officer (co). The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. va Information Will Not Be Co-mingled With Any Other Data On The Contractor S Information Systems Or Media Storage Systems. The Contractor Shall Ensure Compliance With Federal And Va Requirements Related To Data Protection, Data Encryption, Physical Data Segregation, Logical Data Segregation, Classification Requirements And Media Sanitization. va Reserves The Right To Conduct Scheduled Or Unscheduled Audits, Assessments, Or Investigations Of Contractor Information Technology (it) Resources To Ensure Information Security Is Compliant With Federal And Va Requirements. The Contractor Shall Provide All Necessary Access To Records (including Electronic And Documentary Materials Related To The Contracts And Subcontracts) And Support (including Access To Contractor And Subcontractor Staff Associated With The Contract) To Va, Va's Office Inspector General (oig),and/or Government Accountability Office (gao) Staff During Periodic Control Assessments, Audits, Or Investigations. the Contractor May Only Use Va Information Within The Terms Of The Contract And Applicable Federal Law, Regulations, And Va Policies. If New Federal Information Security Laws, Regulations Or Va Policies Become Applicable After Execution Of The Contract, The Parties Agree To Negotiate Contract Modification And Adjustment Necessary To Implement The New Laws, Regulations, And/or Policies. the Contractor Shall Not Make Copies Of Va Information Except As Specifically Authorized And Necessary To Perform The Terms Of The Contract. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Shall Be Destroyed In Accordance With Va Directive 6500, Va Cybersecurity Program And Va Information Security Knowledge Service. if A Veterans Health Administration (vha) Contract Is Terminated For Default Or Cause With A Business Associate, The Related Local Business Associate Agreement (baa) Shall Also Be Terminated And Actions Taken In Accordance With Vha Directive 1605.05, Business Associate Agreements. If There Is An Executed National Baa Associated With The Contract, Va Will Determine What Actions Are Appropriate And Notify The Contactor. the Contractor Shall Store And Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools Which Are, At A Minimum, Federal Information Processing Standards (fips) 140-2, Security Requirements For Cryptographic Modules (or Its Successor) Validated And In Conformance With Va Information Security Knowledge Service Requirements. The Contractor Shall Transmit Va Sensitive Information Using Va Approved Transport Layer Security (tls) Configured With Fips Based Cipher Suites In Conformance With National Institute Of Standards And Technology (nist) 800-52, Guidelines For The Selection, Configuration And Use Of Transport Layer Security (tls) Implementations. the Contractor S Firewall And Web Services Security Controls, As Applicable, Shall Meet Or Exceed Va S Minimum Requirements. except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor May Use And Disclose Va Information Only In Two Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction After Notification To Va Co (ii) With Written Approval From The Va Co. The Contractor Shall Refer All Requests For, Demands For Production Of Or Inquiries About, Va Information And Information Systems To The Va Co For Response. notwithstanding The Provision Above, The Contractor Shall Not Release Va Records Protected By Title 38 U.s.c. § 5705, Confidentiality Of Medical Quality- Assurance Records And/or Title 38 U.s.c. § 7332, Confidentiality Of Certain Medical Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse Or Infection With Human Immunodeficiency Virus (hiv). If The Contractor Is In Receipt Of A Court Order Or Other Requests For The Above- Mentioned Information, The Contractor Shall Immediately Refer Such Court Order Or Other Requests To The Va Co For Response. information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract Will Be Protected And Secured In Accordance With Va Directive 6500 And Identity And Access Management (iam) Security Processes Specified In The Va Information Security Knowledge Service. any Data Destruction Done On Behalf Of Va By A Contractor Shall Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management, Va Handbook 6300.1, Records Management Procedures, And Applicable Va Records Control Schedules. the Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Directive 6500 And Nist 800-88, Guidelines For Media Sanitization Prior To Termination Or Completion Of This Contract. If Directed By The Cor/co, The Contractor Shall Return All Federal Records To Va For Disposition. any Media, Such As Paper, Magnetic Tape, Magnetic Disks, Solid State Devices Or Optical Discs That Is Used To Store, Process, Or Access Va Information That Cannot Be Destroyed Shall Be Returned To Va.the Contractor Shall Hold The Appropriate Material Until Otherwise Directed By The Contracting Officer S Representative (cor) Or Co. Items Shall Be Returned Securely Via Va-approved Methods. Va Sensitive Information Must Be Transmitted Utilizing Va-approved Encryption Tools Which Are Validated Under Fips 140-2 (or Its Successor) And Nist 800-52. If Mailed, The Contractor Shall Send Via A Trackable Method (usps, Ups, Fedex, Etc.) And Immediately Provide The Cor/co With The Tracking Information. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Shall Be Sent To The Cor/co Within 30 Business Days Of Termination Of The Contract. all Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used To Store, Process Or Access Va Information Will Not Be Returned To The Contractor At The End Of Lease, Loan, Or Trade-in. Exceptions To This Paragraph Will Only Be Granted With The Written Approval Of The Va Co. access To Va Information And Va Information Systems. This Section applies When Any Person Requires Access To Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract. a Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees And Subcontractors Only To The Extent Necessary To Perform The Services Specified In The Solicitation Or Contract. This Includes Indirect Entities, Both Affiliate Of Contractor/subcontractor And Agent Of Contractor/subcontractor. contractors And Subcontractors Shall Sign The Va Information Security Rule Of Behavior (rob) Before Access Is Provided To Va Information And Information Systems (see Section 4, Training, Below). The Rob Contains The Minimum User Compliance Requirements And Does Not Supersede Any Policies Of Va Facilities Or Other Agency Components Which Provide Higher Levels Of Protection To Va S Information Or Information Systems. Users Who Require Privileged Access Shall Complete The Va Elevated Privilege Access Request Processes Before Privileged Access Is Granted. all Contractors And Subcontractors Working With Va Information Are Subject To The Same Security Investigative And Clearance Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Shall Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office Of Human Resources And Administration/operations, Security And Preparedness (hra/osp) Is Responsible For These Policies And Procedures. Contract Personnel Who Require Access To Classified Information Or Information Systems Shall Have An Appropriate Security Clearance. Verification Of A Security Clearance Shall Be Processed Through The Special Security Officer Located In Hra/osp. Contractors Shall Conform To All Requirements Stated In The National Industrial Security Program Operating Manual (nispom). all Contractors And Subcontractors Shall Comply With Conditions Specified In Vaar 852.204-71(d); Contractor Operations Required To Be In United States. All Contractors And Subcontractors Working With Va Information Must Be Permanently Located Within A Jurisdiction Subject To The Law Of The United States Or Its Territories To The Maximum Extent Feasible. If Services Are Proposed To Be Performed Abroad The Contractor Must State Where All Non-u.s. Services Are Provided. The Contractor Shall Deliver To Va A Detailed Plan Specifically Addressing Communications, Personnel Control, Data Protection And Potential Legal Issues. The Plan Shall Be Approved By The Cor/co In Writing Prior To Access Being Granted. the Contractor Shall Notify The Cor/co In Writing Immediately (no Later Than 24 Hours) After Personnel Separation Or Occurrence Of Other Causes. Causes May Include The Following: contractor/subcontractor Personnel No Longer Has A Need For Access To Va Information Or Va Information Systems. contractor/subcontractor Personnel Are Terminated, Suspended, Or Otherwise Has Their Work On A Va Project Discontinued For Any Reason. contractor Believes Their Own Personnel Or Subcontractor Personnel May Pose A Threat To Their Company S Working Environment Or To Any Company- Owned Property. This Includes Contractor-owned Assets, Buildings, Confidential Data, Customers, Employees, Networks, Systems, Trade Secrets And/or Va Data. any Previously Undisclosed Changes To Contractor/subcontractor Background History Are Brought To Light, Including But Not Limited To Changes To Background Investigation Or Employee Record. contractor/subcontractor Personnel Have Their Authorization To Work In The United States Revoked. agreement By Which Contractor Provides Products And Services To Va Has Either Been Fulfilled Or Terminated, Such That Va Can Cut Off Electronic And/or Physical Access For Contractor Personnel. in Such Cases Of Contract Fulfillment, Termination, Or Other Causes; The Contractor Shall Take The Necessary Measures To Immediately Revoke Access To Va Network, Property, Information, And Information Systems (logical And Physical) By Contractor/subcontractor Personnel. These Measures Include (but Are Not Limited To): Removing And Then Securing Personal Identity Verification (piv) Badges And Piv Interoperable (piv-i) Access Badges, Va-issued Photo Badges, Credentials For Va Facilities And Devices, Va-issued Laptops, And Authentication Tokens. Contractors Shall Notify The Appropriate Va Cor/co Immediately To Initiate Access Removal. contractors/subcontractors Who No Longer Require Va Accesses Will Return Va- Issued Property To Va. This Property Includes (but Is Not Limited To): Documents, Electronic Equipment, Keys, And Parking Passes. Piv And Piv-i Access Badges Shall Be Returned To The Nearest Va Piv Badge Issuance Office. Once They Have Had Access To Va Information, Information Systems, Networks And Va Property In Their Possessions Removed, Contractors Shall Notify The Appropriate Va Cor/co. training. This Entire Section Applies To All Acquisitions Which Include Section 3. all Contractors And Subcontractors Requiring Access To Va Information And Va Information Systems Shall Successfully Complete The Following Before Being Granted Access To Va Information And Its Systems: va Privacy And Information Security Awareness And Rules Of Behavior Course (talent Management System (tms) #10176) Initially And Annually Thereafter. sign And Acknowledge (electronically Through Tms #10176) Understanding Of And Responsibilities For Compliance With The Organizational Rules Of Behavior, Relating To Access To Va Information And Information Systems Initially And Annually Thereafter; And successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Or Information Access [to Be Defined By The Va Program Official And Provided To The Va Co For Inclusion In The Solicitation Document I.e., Any Role- Based Information Security Training]. the Contractor Shall Provide To The Cor/co A Copy Of The Training Certificates And Certification Of Signing The Organizational Rules Of Behavior For Each Applicable Employee Within Five Days Of The Initiation Of The Contract And Annually Thereafter, As Required. failure To Complete The Mandatory Annual Training Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Required Training Is Complete. security Incident Investigation. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. the Contractor, Subcontractor, Their Employees, Or Business Associates Shall Immediately (within One Hour) Report Suspected Security / Privacy Incidents To The Va Oit S Enterprise Service Desk (esd) By Calling (855) 673-4357 (tty: 711). The Esd Is Oit S 24/7/365 Single Point Of Contact For It-related Issues. After Reporting To The Esd, The Contractor, Subcontractor, Their Employees, Or Business Associates Shall, Within One Hour, Provide The Cor/co The Incident Number Received From The Esd. to The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved And The Circumstances Surrounding The Incident, Including The Following: the Date And Time (or Approximation Of) The Security Incident Occurred. the Names Of Individuals Involved (when Applicable). the Physical And Logical (if Applicable) Location Of The Incident. why The Security Incident Took Place (i.e., Catalyst For The Failure). the Amount Of Data Belonging To Va Believed To Have Been Compromised. the Remediation Measures The Contractor Is Taking To Ensure No Future Incidents Of A Similar Nature. after The Contractor Has Provided The Initial Detailed Incident Summary To Va, They Will Continue To Provide Written Updates On Any New And Relevant Circumstances Or Facts They Discover. The Contractor, Subcontractor, And Their Employes Shall Fully Cooperate With Va Or Third-party Entity Performing An Independent Risk Analysis On Behalf Of Va. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. va It Contractors Shall Follow Va Handbook 6500, Risk Management Framework For Va Information Systems Va Information Security Program, And Va Information Security Knowledge Service Guidance For Implementing An Incident Response Plan Or Integrating With An Existing Va Implementation. in Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig, And The Va Office Of Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. the Contractor Shall Comply With Va Handbook 6500.2, Management Of Breaches Involving Sensitive Personal Information, Which Establishes The Breach Management Policies And Assigns Responsibilities For The Oversight, Management And Reporting Procedures Associated With Managing Of Breaches. with Respect To Unsecured Protected Health Information (phi), The Contractor Is Deemed To Have Discovered A Data Breach When The Contractor Knew Or Should Have Known Of Breach Of Such Information. When A Business Associate Is Part Of Vha Contract, Notification To The Covered Entity (vha) Shall Be Made In Accordance With The Executed Baa. if The Contractor Or Any Of Its Agents Fails To Protect Va Sensitive Personal Information Or Otherwise Engages In Conduct Which Results In A Data Breach Involving Any Va Sensitive Personal Information The Contractor/subcontractor Processes Or Maintains Under The Contract; The Contractor Shall Pay Liquidated Damages To The Va As Set Forth In Clause 852.211-76, Liquidated Damages Reimbursement For Data Breach Costs. information System Design And Development. This Entire Section applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (to Include The Subcomponents Of Each) Designed Or Developed For Or On Behalf Of Va By Any Non-va Entity. information Systems Designed Or Developed On Behalf Of Va At Non-va Facilities Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. This Includes Standards For The Protection Of Electronic Protected Health Information (phi), Outlined In 45 C.f.r. Part 164, Subpart C And Information And System Security Categorization Level Designations In Accordance With Fips 199, Standards For Security Categorization Of Federal Information And Information Systems And Fips 200, Minimum Security Requirements For Federal Information Systems. Baseline Security Controls Shall Be Implemented Commensurate With The Fips 199 System Security Categorization (reference Va Handbook 6500 And Va Trusted Internet Connections (tic) Architecture). contracted New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Va Assessment And Authorization (a&a) Processes In Va Handbook 6500 And Va Information Security Knowledge Service To Obtain An Authority To Operate (ato). Va Directive 6517, Risk Management Framework For Cloud Computing Services, Provides The Security And Privacy Requirements For Cloud Environments. va It Contractors, Subcontractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500, Va Handbook 6517, Risk Management Framework For Cloud Computing Services And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co To Identify The Va Organization Responsible For Governance Or Resolution. Contractors Shall Comply With Far 39.1, Specifically The Prohibitions Referenced. the Contractor (including Producers And Resellers) Shall Comply With Office Of Management And Budget (omb) M-22-18 And M-23-16 When Using Third-party Software On Va Information Systems Or Otherwise Affecting The Va Information. This Includes New Software Purchases And Software Renewals For Software Developed Or Modified By Major Version Change After The Issuance Date Of M- 22-18 (september 14, 2022). The Term Software Includes Firmware, Operating Systems, Applications And Application Services (e.g., Cloud-based Software), As Well As Products Containing Software. The Contractor Shall Provide A Self- Attestation That Secure Software Development Practices Are Utilized As Outlined By Executive Order (eo)14028 And Nist Guidance. A Third-party Assessment Provided By Either A Certified Federal Risk And Authorization Management Program (fedramp) Third Party Assessor Organization (3pao) Or One Approved By The Agency Will Be Acceptable In Lieu Of A Software Producer's Self- Attestation. the Contractor Shall Ensure All Delivered Applications, Systems And Information Systems Are Compliant With Homeland Security Presidential Directive (hspd) 12 And Va Identity And Access Management (iam) Enterprise Identity Management Requirements As Set Forth In Omb M-19-17, M-05-24, Fips 201-3, Personal Identity Verification (piv) Of Federal Employees And Contractors (or Its Successor), M-21-31 And Supporting Nist Guidance. This Applies To Commercial Off-the-shelf (cots) Product(s) That The Contractor Did Not Develop, All Software Configurations And All Customizations. the Contractor Shall Ensure All Contractor Delivered Applications And Systems Provide User Authentication Services Compliant With Va Handbook 6500, Va Information Security Knowledge Service, Iam Enterprise Requirements And Nist 800-63, Digital Identity Guidelines, For Direct, Assertion-based Authentication And/or Trust-based Authentication, As Determined By The Design And Integration Patterns. Direct Authentication At A Minimum Must Include Public Key Infrastructure (pki) Based Authentication Supportive Of Piv And/or Common Access Card (cac), As Determined By The Business Need And Compliance With Va Information Security Knowledge Service Specifications. the Contractor Shall Use Va Authorized Technical Security Baseline Configurations And Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems In Compliance With Va Baselines Prior To Acceptance Or Connection Into An Authorized Va Computing Environment. If The Defense Information Systems Agency (disa) Has Created A Security Technical Implementation Guide (stig) For The Technology, The Contractor May Configure To Comply With That Stig. If Va Determines A New Or Updated Va Configuration Baseline Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Far 39.1 Requires The Population Of Operating Systems And Applications Includes All Listed On The Nist National Checklist Program Checklist Repository. the Standard Installation, Operation, Maintenance, Updating And Patching Of Software Shall Not Alter The Configuration Settings From Va Approved Baseline Configuration. Software Developed For Va Must Be Compatible With Va Enterprise Installer Services And Install To The Default Program Files Directory With Silently Install And Uninstall. The Contractor Shall Perform Testing Of All Updates And Patching Prior To Implementation On Va Systems. applications Designed For Normal End Users Will Run In The Standard User Context Without Elevated System Administration Privileges. the Contractor-delivered Solutions Shall Reside On Va Approved Operating Systems. Exceptions To This Will Only Be Granted With The Written Approval Of The Cor/co. the Contractor Shall Design, Develop, And Implement Security And Privacy Controls In Accordance With The Provisions Of Va Security System Development Life Cycle Outlined In Nist 800-37, Risk Management Framework For Information Systems And Organizations: A System Life Cycle Approach For Security And Privacy, Va Directive And Handbook 6500, And Va Handbook 6517. the Contractor Shall Comply With The Privacy Act Of1974 (the Act), Far 52.224- 2 Privacy Act, And Va Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish A Va Function. the Contractor Shall Ensure The Security Of All Procured Or Developed Information Systems, Systems, Major Applications, Minor Applications, Enclaves And Platform Information Technologies, Including Their Subcomponents (hereinafter Referred To As Information Systems ) Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes Security Configurations, Workarounds, Patches, Hotfixes, Upgrades, Replacements And Any Physical Components Which May Be Necessary To Remediate All Security Vulnerabilities Published Or Known To The Contractor Anywhere In The Information Systems (including Systems, Operating Systems, Products, Hardware, Software, Applications And Firmware). The Contractor Shall Ensure Security Fixes Do Not Negatively Impact The Information Systems. when The Contractor Is Responsible For Operations Or Maintenance Of The Systems, The Contractor Shall Apply The Security Fixes Within The Timeframe Specified By The Associated Controls On The Va Information Security Knowledge Service. When Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Contractor Shall Provide Written Notice To The Va Cor/co That The Patch Has Been Validated As To Not Affecting The Systems Within 10 Business Days. information System Hosting, Operation, Maintenance Or Use. this Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (cloud And Non- Cloud) Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. the Contractor Shall Comply With All Federal Laws, Regulations, And Va Policies For Information Systems (cloud And Non-cloud) That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. Security Controls For Collecting, Processing, Transmitting, And Storing Of Va Sensitive Information, Must Be In Place. The Controls Will Be Tested By Va Or A Va Sanctioned 3pao And Approved By Va Prior To Hosting, Operation, Maintenance Or Use Of The Information System Or Systems By Or On Behalf Of Va. This Includes Conducting Compliance Risk Assessments, Security Architecture Analysis, Routine Vulnerability Scanning, System Patching, Change Management Procedures And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Shall Be The Same As Procedures Used To Secure Va-operated Information Systems. outsourcing (contractor Facility, Equipment, Or Staff) Of Systems Or Network Operations, Telecommunications Services Or Other Managed Services Require Assessment And Authorization (a&a) Of The Contractor S Systems In Accordance With Va Handbook 6500 As Specified In Va Information Security Knowledge Service. Major Changes To The A&a Package May Require Reviewing And Updating All The Documentation Associated With The Change. The Contractor S Cloud Computing Systems Shall Comply With Fedramp And Va Directive 6517 Requirements. the Contractor Shall Return All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) On Non-va Leased Or Non-va Owned It Equipment Used To Store, Process Or Access Va Information To Va In Accordance With A&a Package Requirements. This Applies When The Contract Is Terminated Or Completed And Prior To Disposal Of Media. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Information Security Knowledge Service Requirements And Nist 800-88. The Contractor Shall Send A Self-certification That The Data Destruction Requirements Above Have Been Met To The Cor/co Within 30 Business Days Of Termination Of The Contract. all External Internet Connections To Va Network Involving Va Information Must Be In Accordance With Va Trusted Internet Connection (tic) Reference Architecture And Va Directive And Handbook 6513, Secure External Connections And Reviewed And Approved By Va Prior To Implementation. Government-owned Contractor-operated Systems, Third Party Or Business Partner Networks Require A Memorandum Of Understanding (mou) And Interconnection Security Agreements (isa). contractor Procedures Shall Be Subject To Periodic, Announced, Or Unannounced Assessments By Va Officials, The Oig Or A 3pao. The Physical Security Aspects Associated With Contractor Activities Are Also Subject To Such Assessments. The Contractor Shall Report, In Writing, Any Deficiencies Noted During The Above Assessment To The Va Cor/co. The Contractor Shall Use Va S Defined Processes To Document Planned Remedial Actions That Address Identified Deficiencies In Information Security Policies, Procedures, And Practices. The Contractor Shall Correct Security Deficiencies Within The Timeframes Specified In The Va Information Security Knowledge Service. all Major Information System Changes Which Occur In The Production Environment Shall Be Reviewed By The Va To Determine The Impact On Privacy And Security Of The System. Based On The Review Results, Updates To The Authority To Operate (ato) Documentation And Parameters May Be Required To Remain In Compliance With Va Handbook 6500 And Va Information Security Knowledge Service Requirements. the Contractor Shall Conduct An Annual Privacy And Security Self-assessment On All Information Systems And Outsourced Services As Required. Copies Of The Assessment Shall Be Provided To The Cor/co. The Va/government Reserves The Right To Conduct Assessment Using Government Personnel Or A Third-party If Deemed Necessary. The Contractor Shall Correct Or Mitigate Any Weaknesses Discovered During The Assessment. va Prohibits The Installation And Use Of Personally Owned Or Contractor-owned Equipment Or Software On Va Information Systems. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Pws, Pd Or Contract. All Security Controls Required For Government Furnished Equipment Must Be Utilized In Va Approved Other Equipment (oe). Configuration Changes To The Contractor Oe, Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Use A Va-approved Antivirus Software And A Personal (host-based Or Enclave Based) Firewall With A Va-approved Configuration. The Contractor Shall Ensure Software On Oe Is Kept Current With All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-virus Software And The Firewall On The Non-va Owned Oe. Approved Contractor Oe Will Be Subject To Technical Inspection At Any Time. the Contractor Shall Notify The Cor/co Within One Hour Of Disclosure Or Successful Exploits Of Any Vulnerability Which Can Compromise The Confidentiality, Integrity, Or Availability Of The Information Systems. The System Or Effected Component(s) Need(s) To Be Isolated From The Network. A Forensic Analysis Needs To Be Conducted Jointly With Va. Such Issues Will Be Remediated As Quickly As Practicable, But In No Event Longer Than The Timeframe Specified By Va Information Security Knowledge Service. If Sensitive Personal Information Is Compromised Reference Va Handbook 6500.2 And Section 5, Security Incident Investigation. for Cases Wherein The Contractor Discovers Material Defects Or Vulnerabilities Impacting Products And Services They Provide To Va, The Contractor Shall Develop And Implement Policies And Procedures For Disclosure To Va, As Well As Remediation. The Contractor Shall, Within 30 Business Days Of Discovery, Document A Summary Of These Vulnerabilities Or Defects. The Documentation Will Include A Description Of The Potential Impact Of Each Vulnerability And Material Defect, Compensating Security Controls, Mitigations, Recommended Corrective Actions, Fbonotice Cause Analysis And/or Workarounds (i.e., Monitoring). Should There Exist Any Backdoors In The Products Or Services They Provide To Va (referring To Methods For Bypassing Computer Authentication), The Contractor Shall Provide The Va Co/co Written Assurance They Have Permanently Remediated These Backdoors. all Other Vulnerabilities, Including Those Discovered Through Routine Scans Or Other Assessments, Will Be Remediated Based On Risk, In Accordance With The Remediation Timelines Specified By The Va Information Security Knowledge Service And/or The Applicable Timeframe Mandated By Cybersecurity & Infrastructure Security Agency (cisa) Binding Operational Directive (bod) 22- 01 And Bod 19-02 For Internet-accessible Systems. Exceptions To This Paragraph Will Only Be Granted With The Approval Of The Cor/co. security And Privacy Controls Compliance Testing, Assessment and Auditing. This Entire Section Applies Whenever Section 6 Or 7 Is Included. should Va Request It, The Contractor Shall Provide A Copy Of Their (corporation S, Sole Proprietorship S, Partnership S, Limited Liability Company (llc), Or Other Business Structure Entity S) Policies, Procedures, Evidence And Independent Report Summaries Related To Specified Cybersecurity Frameworks (international Organization For Standardization (iso), Nist Cybersecurity Framework (csf), Etc.). Va Or Its Third-party/partner Designee (if Applicable) Are Further Entitled To Perform Their Own Audits And Security/penetration Tests Of The Contractor S It Or Systems And Controls, To Ascertain Whether The Contractor Is Complying With The Information Security, Network Or System Requirements Mandated In The Agreement Between Va And The Contractor. any Audits Or Tests Of The Contractor Or Third-party Designees/partner Va Elects To Carry Out Will Commence Within 30 Business Days Of Va Notification. Such Audits, Tests And Assessments May Include The Following: (a): Security/penetration Tests Which Both Sides Agree Will Not Unduly Impact Contractor Operations; (b): Interviews With Pertinent Stakeholders And Practitioners; (c): Document Review; And (d): Technical Inspections Of Networks And Systems The Contractor Uses To Destroy, Maintain, Receive, Retain, Or Use Va Information. as Part Of These Audits, Tests And Assessments, The Contractor Shall Provide All Information Requested By Va. This Information Includes, But Is Not Limited To, The Following: Equipment Lists, Network Or Infrastructure Diagrams, Relevant Policy Documents, System Logs Or Details On Information Systems Accessing, Transporting, Or Processing Va Data. the Contractor And At Its Own Expense, Shall Comply With Any Recommendations Resulting From Va Audits, Inspections And Tests. Va Further Retains The Right To View Any Related Security Reports The Contractor Has Generated As Part Of Its Own Security Assessment. The Contractor Shall Also Notify Va Of The Existence Of Any Such Security Reports Or Other Related Assessments, Upon Completion And Validation. va Appointed Auditors Or Other Government Agency Partners May Be Granted Access To Such Documentation On A Need-to-know Basis And Coordinated Through The Cor/co. The Contractor Shall Comply With Recommendations Which Result From These Regulatory Assessments On The Part Of Va Regulators And Associated Government Agency Partners. product Integrity, Authenticity, Provenance, Anti-counterfeit and Anti-tampering. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. the Contractor Shall Comply With Code Of Federal Regulations (cfr) Title 15 Part 7, Securing The Information And Communications Technology And Services (icts) Supply Chain , Which Prohibits Icts Transactions From Foreign Adversaries. Icts Transactions Are Defined As Any Acquisition, Importation, Transfer, Installation, Dealing In Or Use Of Any Information And Communications Technology Or Service, Including Ongoing Activities, Such As Managed Services, Data Transmission, Software Updates, Repairs Or The Platforming Or Data Hosting Of Applications For Consumer Download. when Contracting Terms Require The Contractor To Procure Equipment, The Contractor Shall Purchase Or Acquire The Equipment From An Original Equipment Manufacturer (oem) Or An Authorized Reseller Of The Oem. The Contractor Shall Attest That Equipment Procured From An Oem Or Authorized Reseller Or Distributor Are Authentic. If Procurement Is Unavailable From An Oem Or Authorized Reseller, The Contractor Shall Submit In Writing, Details Of The Circumstances Prohibiting This From Happening And Procure A Product Waiver From The Va Cor/co. all Contractors Shall Establish, Implement, And Provide Documentation For Risk Management Practices For Supply Chain Delivery Of Hardware, Software (to Include Patches) And Firmware Provided Under This Agreement. Documentation Will Include Chain Of Custody Practices, Inventory Management Program, Information Protection Practices, Integrity Management Program For Sub-supplier Provided Components, And Replacement Parts Requests. The Contractor Shall Make Spare Parts Available. All Contractor(s) Shall Specify How Digital Delivery For Procured Products, Including Patches, Will Be Validated And Monitored To Ensure Consistent Delivery. The Contractor Shall Apply Encryption Technology To Protect Procured Products Throughout The Delivery Process. if A Contractor Provides Software Or Patches To Va, The Contractor Shall Publish Or Provide A Hash Conforming To The Fips Security Requirements For Cryptographic Modules (fips 140-2 Or Successor). the Contractor Shall Provide A Software Bill Of Materials (sbom) For Procured (to Include Licensed Products) And Consist Of A List Of Components And Associated Metadata Which Make Up The Product. Sboms Must Be Generated In One Of The Data Formats Defined In The National Telecommunications And Information Administration (ntia) Report The Minimum Elements For A Software Bill Of Materials (sbom). contractors Shall Use Or Arrange For The Use Of Trusted Channels To Ship Procured Products, Such As U.s. Registered Mail And/or Tamper-evident Packaging For Physical Deliveries. throughout The Delivery Process, The Contractor Shall Demonstrate A Capability For Detecting Unauthorized Access (tampering). the Contractor Shall Demonstrate Chain-of-custody Documentation For Procured Products And Require Tamper-evident Packaging For The Delivery Of This Hardware. viruses, Firmware And Malware. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. the Contractor Shall Execute Due Diligence To Ensure All Provided Software And Patches, Including Third-party Patches, Are Free Of Viruses And/or Malware Before Releasing Them To Or Installing Them On Va Information Systems. the Contractor Warrants It Has No Knowledge Of And Did Not Insert, Any Malicious Virus And/or Malware Code Into Any Software Or Patches Provided To Va Which Could Potentially Harm Or Disrupt Va Information Systems. The Contractor Shall Use Due Diligence, If Supplying Third-party Software Or Patches, To Ensure The Third-party Has Not Inserted Any Malicious Code And/or Virus Which Could Damage Or Disrupt Va Information Systems. the Contractor Shall Provide Or Arrange For The Provision Of Technical Justification As To Why Any False Positive Hit Has Taken Place To Ensure Their Code S Supply Chain Has Not Been Compromised. Justification May Be Required, But Is Not Limited To, When Install Files, Scripts, Firmware, Or Other Contractor-delivered Software Solutions (including Third-party Install Files, Scripts, Firmware, Or Other Software) Are Flagged As Malicious, Infected, Or Suspicious By An Anti-virus Vendor. the Contractor Shall Not Upload (intentionally Or Negligently) Any Virus, Worm, Malware Or Any Harmful Or Malicious Content, Component And/or Corrupted Data/source Code (hereinafter Virus Or Other Malware ) Onto Va Computer And Information Systems And/or Networks. If Introduced (and This Clause Is Violated), Upon Written Request From The Va Co, The Contractor Shall: take All Necessary Action To Correct The Incident, To Include Any And All Assistance To Va To Eliminate The Virus Or Other Malware Throughout Va S Information Networks, Computer Systems And Information Systems; And use Commercially Reasonable Efforts To Restore Operational Efficiency And Remediate Damages Due To Data Loss Or Data Integrity Damage, If The Virus Or Other Malware Causes A Loss Of Operational Efficiency, Data Loss, Or Damage To Data Integrity. cryptographic Requirement. This Entire Section Applies Whenever The Acquisition Includes Section 6 Or 7 Is Included. the Contractor Shall Document How The Cryptographic System Supporting The Contractor S Products And/or Services Protect The Confidentiality, Data Integrity, Authentication And Non-repudiation Of Devices And Data Flows In The Underlying System. the Contractor Shall Use Only Approved Cryptographic Methods As Defined In Fips 140-2 (or Its Successor) And Nist 800-52 Standards When Enabling Encryption On Its Products. the Contractor Shall Provide Or Arrange For The Provision Of An Automated Remote Key-establishment Method Which Protects The Confidentiality And Integrity Of The Cryptographic Keys. the Contractor Shall Ensure Emergency Re-keying Of All Devices Can Be Remotely Performed Within 30 Business Days. the Contractor Shall Provide Or Arrange For The Provision Of A Method For Updating Cryptographic Primitives Or Algorithms. patching Governance. This Entire Section Applies Whenever The Acquisition Includes Section 7 Is Included the Contractor Shall Provide Documentation Detailing The Patch Management, Vulnerability Management, Mitigation And Update Processes (to Include Third- Party) Prior To The Connection Of Electronic Devices, Assets Or Equipment To Va S Assets. This Documentation Will Include Information Regarding The Follow: the Resources And Technical Capabilities To Sustain The Program Or Process (e.g., How The Integrity Of A Patch Is Validated By Va); And the Approach And Capability To Remediate Newly Reported Zero-day Vulnerabilities For Contractor Products. the Contractor Shall Verify And Provide Documentation All Procured Products (including Third-party Applications, Hardware, Software, Operating Systems, And Firmware) Have Appropriate Updates And Patches Installed Prior To Delivery To Va. the Contractor Shall Provide Or Arrange The Provision Of Appropriate Software And Firmware Updates To Remediate Newly Discovered Vulnerabilities Or Weaknesses For Their Products And Services Within 30 Days Of Discovery. Updates To Remediate Critical Or Emergent Vulnerabilities Will Be Provided Within Seven Business Days Of Discovery. If Updates Cannot Be Made Available By Contractor Within These Time Periods, The Contractor Shall Submit Mitigations, Methods Of Exploit Detection And/or Workarounds To The Cor/co Prior To The Above Deadlines. the Contractor Shall Provide Or Arrange For The Provision Of Appropriate Hardware, Software And/or Firmware Updates, When Those Products, Including Open-source Software, Are Provided To The Va, To Remediate Newly Discovered Vulnerabilities Or Weaknesses. Remediations Of Products Or Services Provided To The Va S System Environment Must Be Provided Within 30 Business Days Of Availability From The Original Supplier And/or Patching Source. Updates Toremediate Critical Vulnerabilities Applicable To The Contractor S Use Of The Third- Party Product In Its System Environment Will Be Provided Within Seven Business Days Of Availability From The Original Supplier And/or Patching Source. If Applicable Third-party Updates Cannot Be Integrated, Tested And Made Available By Contractor Within These Time Periods, Mitigations And/or Workarounds Will Be Provided To The Cor/co Before The Above Deadlines. specialized Devices/systems (medical Devices, Special Purpose systems, Research Scientific Computing). This Entire Section Applies When The Acquisition Includes One Or More Medical Device, Special Purpose System Or Research Scientific Computing Device. If Appropriate, Ensure Selected Clauses From Section 6 Or 7 And 8 Through 12 Are Included. contractor Supplies/delivered Medical Devices, Special Purpose Systems- Operational Technology (sps-ot) And Research Scientific Computing Devices Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Processes Specified On The Specialized Device Cybersecurity Department Enterprise Risk Management (sdcd-erm) Portal, Va Directive 6550, Pre-procurement Assessment And Implementation Of Medical Devices/systems, Va Handbook 6500, And The Va Information Security Knowledge Service. Deviations From Federal Law, Regulations, And Va Policy Are Identified And Documented As Part Of Va Directive 6550 And/or The Va Enterprise Risk Analysis (era) Processes For Specialized Devices/systems Processes. all Contractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500 And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co For Governance Or Resolution. the Contractor Shall Certify To The Cor/co That Devices/systems That Have Completed The Va Enterprise Risk Analysis (era) Process For Specialized Devices/systems Are Fully Functional And Operate Correctly As Intended. Devices/systems Must Follow The Va Era Authorized Configuration Prior To Acquisition And Connection To The Va Computing Environment. If Va Determines A New Va Era Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Major Changes To A Previously Approved Device/system Will Require A New Era. the Contractor Shall Comply With All Practices Documented By The Food Drug And Administration (fda) Premarket Submission For Management Of Cybersecurity In Medical Devices And Postmarket Management Of Cybersecurity In Medical Devices. the Contractor Shall Design Devices Capable Of Accepting All Applicable Security Patches With Or Without The Support Of The Contractor Personnel. If Patching Can Only Be Completed By The Contractor, The Contractor Shall Commit The Resources Needed To Patch All Applicable Devices At All Va Locations. If Unique Patching Instructions Or Packaging Is Needed, The Contractor Shall Provide The Necessary Information In Conjunction With The Validation/testing Of The Patch. The Contractor Shall Apply Security Patches Within 30 Business Days Of The Patch Release And Have A Formal Tracking Process For Any Security Patches Not Implemented To Include Explanation When A Device Cannot Be Patched. the Contractor Shall Provide Devices Able To Install And Maintain Va-approved Antivirus Capabilities With The Capability To Quarantine Files And Be Updated As Needed In Response To Incidents. Alternatively, A Va-approved Whitelisting Application May Be Used When The Contractor Cannot Install An Anti-virus / Anti- Malware Application. the Contractor Shall Verify And Document All Software Embedded Within The Device Does Not Contain Any Known Viruses Or Malware Before Delivery To Or Installation At A Va Location. devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Solid State, And Storage Via Chips/firmware) With Va Sensitive information Will Be Returned To The Contractor With Media Removed. When The Contract Requires Return Of Equipment, The Options Available To The Contractor Are The Following: the Contractor Shall Accept The System Without The Drive, Firmware And Solid State. va S Initial Device Purchase Includes A Spare Drive Or Other Replacement Media Which Must Be Installed In Place Of The Original Drive At Time Of Turn- In; Or due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With The Device, If It Is Not Possible For Va To Retain The Hard Drive, Firmware, And Solid State, Then: the Equipment Contractor Shall Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact. any Fixed Hard Drive, Complementary Metal-oxide-semiconductor (cmos), Programmable Read-only Memory (prom), Solid State And Firmware On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Solicitation, Contract, Or Order. data Center Provisions. This Entire Section Applies Whenever The Acquisition Requires An Interconnection To/from The Va Network To/from A Non-va Location. the Contractor Shall Ensure The Va Network Is Accessed By In Accordance With Va Directive 6500 And Iam Security Processes Specified In The Va Information Security Knowledge Service. the Contractor Shall Ensure Network Infrastructure And Data Availability In Accordance With Va Information System Business Continuity Procedures Specified In The Va Information Security Knowledge Service. the Contractor Shall Ensure Any Connections To The Internet Or Other External Networks For Information Systems Occur Through Managed Interfaces Utilizing Va Approved Boundary Protection Devices (e.g., Internet Proxies, Gateways, Routers, Firewalls, Guards Or Encrypted Tunnels). the Contractor Shall Encrypt All Traffic Across The Segment Of The Wide Area Network (wan) It Manages And No Unencrypted Out Of Band (oob) Internet Protocol (ip) Traffic Will Traverse The Network. the Contractor Shall Ensure Tunnel Endpoints Are Routable Addresses At Each Va Operating Site. the Contractor Shall Secure Access From Local Area Networks (lans) At Co- Located Sites In Accordance With Va Tic Reference Architecture, Va Directive And Handbook 6513, And Mou/isa Process Specified In The Va Information Security Knowledge Service.

Details: This Sources Sought Notice Is For Planning Purposes Only And Shall Not Be Considered As An Invitation For Bid, Request For Quotation, Request For Proposal, Or As An Obligation On The Part Of The Government To Acquire Any Products And/or Services. Your Response To This Sources Sought Notice Will Be Treated As Information Only. No Entitlement To Payment Of Direct Or Indirect Costs Or Charges By The Government Will Arise Because Of Contractor Submission Of Responses To This Announcement Or The Government Use Of Such Information. This Request Does Not Constitute A Solicitation For Proposals Or The Authority To Enter Negotiations To Award A Contract. No Funds Have Been Authorized, Appropriated, Or Received For This Effort. The Information Provided May Be Used By The Department Of Veterans Affairs In Developing Its Acquisition Approach, Statement Of Work/statement Of Objectives And Performance Specifications. Interested Parties Are Responsible For Adequately Marking Proprietary Or Competition Sensitive Information Contained In Their Response. The Government Does Not Intend To Award A Contract Based On This Sources Sought Notice Or To Otherwise Pay For The Information Submitted In Response To This Sources Sought Notice. The Submission Of Pricing, Capabilities For Planning Purposes, And Other Market Information Is Highly Encouraged And Allowed Under This Sources Sought Notice In Accordance With (iaw) Far Part 15.201(e) The Purpose Of This Sources Sought Notice Announcement Is For Market Research To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Potential Qualified Service-disabled Veteran Owned Small Businesses, Veteran Owned Small Businesses, 8(a), Hubzone And Other Small Businesses Interested And Capable Of Providing The Products And/or Services Described Below. Documentation Of Technical Expertise Must Be Presented In Sufficient Detail For The Government To Determine That Your Company Possesses The Necessary Functional Area Expertise And Experience To Compete For This Acquisition. Responses To This Notice Shall Include The Following: (a) Company Name; (b) Address; (c) Point Of Contact; (d) Phone, Fax, And Email; (e) Uei Number; (f) Cage Code; (g) Tax Id Number; (h) Type Of Small Business, E.g., Services Disabled Veteran Owned Small Business, Veteran Owned Small Business, 8(a), Hubzone, Women Owned Small Business, Small Disadvantaged Business, Or Small Business Hubzone Business, Etc (i) State If Your Business Has An Fss Contract With Gsa, Va Nac, Nasa Sewp, Or Any Other Federal Contract, That Can Be Utilized To Procure The Requirement Listed Below And Provide The Contract Number; And (j) Must Provide A Capability Statement That Addresses The Organization S Qualifications And Ability To Perform As A Contractor For The Work Described Below. Requirement: The Va Heartland Network 15 Contracting Office Located At 3450 South 4th Street, Leavenworth, Ks, 66048-5055 Is Seeking A Potential Qualified Contractor To Provide Scriptpro Eyecon 9430 Pill Dispensing System For The Marion Va Medical Center, Located In Marion, Illinois, And The Evansville Health Care Center, Located In Evansville, Indiana. This Is A Brand Name Or Equal Requirement. Please See The Statement Of Work For More Specifics And Details. The North American Industry Classification System Code (naics Code) Is 339112 Surgical And Medical Instrument Manufacturing, Size Standard 1,000 Employees. Based On This Information, Please Indicate Whether Your Company Would Be A Large Or Small Business And Have A Socio-economic Designation As A Small Business, Vosb Or Sdvosb. Important Information: The Government Is Not Obligated To, Nor Will It Pay For Or Reimburse Any Costs Associated With Responding To This Source Sought Synopsis Request. This Notice Shall Not Be Construed As A Commitment By The Government To Issue A Solicitation Or Ultimately Award A Contract, Nor Does It Restrict The Government To An Acquisition Approach. The Government Will In No Way Be Bound To This Information If Any Solicitation Is Issued. Currently A Total Set-aside For Service-disabled Veteran Owned Small Business Firms Is Anticipated Based On The Veterans Administration Requirement With Public Law 109-461, Section 8127 Veterans Benefit Act. However, If Response By Service-disabled Veteran Owned Small Business Firms Proves Inadequate, An Alternate Set-aside Or Full And Open May Be Used. Responses To This Notice Shall Be Submitted Via Email To Erika Kobulnicky At Erika.kobulnicky@va.gov. Telephone Responses Will Not Be Accepted. Responses Must Be Received No Later Than Wednesday, February 19, 2025, At 10:00am Cst. If A Solicitation Is Issued It Shall Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately From The Responses To This Sources Sought. Responses To This Sources Sought Notice Are Not A Request To Be Added To A Prospective Bidders List Or To Receive A Copy Of The Solicit. Marion, Il Vamc And Ehcc Outpatient Clinic Statement Of Work: Scriptpro Eyecon Description Of Use: To Be Used At The Marion Va Medical Center Pharmacy And In The Evansville, In Outpatient Clinic This Solicitation Uses A Brand Name Or Equal Description Of The Product Required. This Permits Prospective Contractors To Offer Products Other Than Those Specifically Referenced By Brand Name. All Offers Must Work With Existing Equipment That Has Already Been Purchased And Is Currently In Use At The Station. Minimum Technical Specifications: The Scriptpro Dispensing System Must Also Be Assembled Within The Manufactured Country Or Show Significant Proof Of An Internationally Recognized Quality Assurance Program Certificate Of Authenticity Will Need To Be Provided The Dispensing System Must Have The Following: Safety Must Use Barcode Verification To Ensure Accuracy Of Dispensing And Must Work With Scriptpro Label Barcode Unit Must Have Means To Track Dispensed Drug Quantities And Contain Image Verification Of Quantities Dispensed. Must Come Equipped With Database Of Drug Images For Dispensing Verification. Must Include Additional Counting Platters For Penicillin And Sulfa To Avoid Cross Contamination. Workflow Must Allow For Integration With Scriptpro/vista To Verify Correct Dispensing Quantities. Must Fit In Existing Space With A Footprint Of 28 H X 11 W X 17.5 D. Must Count With A Count Accuracy Of At Least 99.9%. Verification Should Include Easy Work Flow Optics Such As Color Touch Screen. Must Include Large Counting Area Of 48 Sq Inches For Larger Quantity Verification. Information Technology Must Integrate With Current Equipment, Including Scriptpro Dispensing/filling Stations Must Interface With Vista, Ups Worldship, And Usps Sendsuite System Platforms. All Equipment Must Be New Description Quantity Sp Eyecon 9430 2 Optional/value Added Features: N/a Required Interfaces: Must Interface With Current Sp Equipment. Must Also Interface With Vista/cprs. Delivery Location(s): Department Of Veterans Affairs Marion Va Medical Center 2401 West Main Street Marion, Il 62959-1188 Department Of Veterans Affairs Evansville Va Healthcare Center 6211 E Waterford Blvd Evansville, In 47715 Records Management Obligations Applicability This Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists. â Definitions Federal Record As Defined In 44 U.s.c. ⧠3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them. â The Term Federal Record: Includes [agency] Records.â Does Not Include Personal Materials. Applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. May Include Deliverables And Documentation Associated With Deliverables. Requirements Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â [agency] And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of [agency] Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To [agency]. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To [agency] Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And [agency] Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With [agency] Policy.â The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public [agency] Information That Are Not Specifically Tied To Or Authorized By The Contract.â The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â The [agency] Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which [agency] Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. Training. âall Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take [agency]-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â Flow Down Of Requirements To Subcontractors The Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â Violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. General. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. Contractors, Contractor Personnel, Subcontractors And Subcontractor Personnel Will Be Subject To The Same Federal Laws, Regulations, Standards, Va Directives And Handbooks, As Va Personnel Regarding Information And Information System Security And Privacy. Va Information Custodial Language. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Government Shall Receive Unlimited Rights To Data/intellectual Property First Produced And Delivered In The Performance Of This Contract Or Order (hereinafter Contract ) Unless Expressly Stated Otherwise In This Contract. This Includes All Rights To Source Code And All Documentation Created In Support Thereof. The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. The Primary Clause Used To Define Computer Software License (not Data/intellectual Property First Produced Under This Contractor Or Order) Is Far 52.227-19, Commercial Computer Software License. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Will Be Used Only For The Purposes Specified In The Service Agreement, Sow, Pws, Pd, And/or Contract. The Contractor Shall Not Use Va Information In Any Other Manner Without Prior Written Approval From A Va Contracting Officer (co). The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. Va Information Will Not Be Co-mingled With Any Other Data On The Contractor S Information Systems Or Media Storage Systems. The Contractor Shall Ensure Compliance With Federal And Va Requirements Related To Data Protection, Data Encryption, Physical Data Segregation, Logical Data Segregation, Classification Requirements And Media Sanitization. Va Reserves The Right To Conduct Scheduled Or Unscheduled Audits, Assessments, Or Investigations Of Contractor Information Technology (it) Resources To Ensure Information Security Is Compliant With Federal And Va Requirements. The Contractor Shall Provide All Necessary Access To Records (including Electronic And Documentary Materials Related To The Contracts And Subcontracts) And Support (including Access To Contractor And Subcontractor Staff Associated With The Contract) To Va, Va's Office Inspector General (oig),and/or Government Accountability Office (gao) Staff During Periodic Control Assessments, Audits, Or Investigations. The Contractor May Only Use Va Information Within The Terms Of The Contract And Applicable Federal Law, Regulations, And Va Policies. If New Federal Information Security Laws, Regulations Or Va Policies Become Applicable After Execution Of The Contract, The Parties Agree To Negotiate Contract Modification And Adjustment Necessary To Implement The New Laws, Regulations, And/or Policies. The Contractor Shall Not Make Copies Of Va Information Except As Specifically Authorized And Necessary To Perform The Terms Of The Contract. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Shall Be Destroyed In Accordance With Va Directive 6500, Va Cybersecurity Program And Va Information Security Knowledge Service. If A Veterans Health Administration (vha) Contract Is Terminated For Default Or Cause With A Business Associate, The Related Local Business Associate Agreement (baa) Shall Also Be Terminated And Actions Taken In Accordance With Vha Directive 1605.05, Business Associate Agreements. If There Is An Executed National Baa Associated With The Contract, Va Will Determine What Actions Are Appropriate And Notify The Contactor. The Contractor Shall Store And Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools Which Are, At A Minimum, Federal Information Processing Standards (fips) 140-2, Security Requirements For Cryptographic Modules (or Its Successor) Validated And In Conformance With Va Information Security Knowledge Service Requirements. The Contractor Shall Transmit Va Sensitive Information Using Va Approved Transport Layer Security (tls) Configured With Fips Based Cipher Suites In Conformance With National Institute Of Standards And Technology (nist) 800-52, Guidelines For The Selection, Configuration And Use Of Transport Layer Security (tls) Implementations. The Contractor S Firewall And Web Services Security Controls, As Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor May Use And Disclose Va Information Only In Two Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction After Notification To Va Co (ii) With Written Approval From The Va Co. The Contractor Shall Refer All Requests For, Demands For Production Of Or Inquiries About, Va Information And Information Systems To The Va Co For Response. Notwithstanding The Provision Above, The Contractor Shall Not Release Va Records Protected By Title 38 U.s.c. ⧠5705, Confidentiality Of Medical Quality- Assurance Records And/or Title 38 U.s.c. ⧠7332, Confidentiality Of Certain Medical Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse Or Infection With Human Immunodeficiency Virus (hiv). If The Contractor Is In Receipt Of A Court Order Or Other Requests For The Above- Mentioned Information, The Contractor Shall Immediately Refer Such Court Order Or Other Requests To The Va Co For Response. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract Will Be Protected And Secured In Accordance With Va Directive 6500 And Identity And Access Management (iam) Security Processes Specified In The Va Information Security Knowledge Service. Any Data Destruction Done On Behalf Of Va By A Contractor Shall Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management, Va Handbook 6300.1, Records Management Procedures, And Applicable Va Records Control Schedules. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Directive 6500 And Nist 800-88, Guidelines For Media Sanitization Prior To Termination Or Completion Of This Contract. If Directed By The Cor/co, The Contractor Shall Return All Federal Records To Va For Disposition. Any Media, Such As Paper, Magnetic Tape, Magnetic Disks, Solid State Devices Or Optical Discs That Is Used To Store, Process, Or Access Va Information That Cannot Be Destroyed Shall Be Returned To Va.the Contractor Shall Hold The Appropriate Material Until Otherwise Directed By The Contracting Officer S Representative (cor) Or Co. Items Shall Be Returned Securely Via Va-approved Methods. Va Sensitive Information Must Be Transmitted Utilizing Va-approved Encryption Tools Which Are Validated Under Fips 140-2 (or Its Successor) And Nist 800-52. If Mailed, The Contractor Shall Send Via A Trackable Method (usps, Ups, Fedex, Etc.) And Immediately Provide The Cor/co With The Tracking Information. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Shall Be Sent To The Cor/co Within 30 Business Days Of Termination Of The Contract. All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used To Store, Process Or Access Va Information Will Not Be Returned To The Contractor At The End Of Lease, Loan, Or Trade-in. Exceptions To This Paragraph Will Only Be Granted With The Written Approval Of The Va Co. Access To Va Information And Va Information Systems. This Section Applies When Any Person Requires Access To Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees And Subcontractors Only To The Extent Necessary To Perform The Services Specified In The Solicitation Or Contract. This Includes Indirect Entities, Both Affiliate Of Contractor/subcontractor And Agent Of Contractor/subcontractor. Contractors And Subcontractors Shall Sign The Va Information Security Rule Of Behavior (rob) Before Access Is Provided To Va Information And Information Systems (see Section 4, Training, Below). The Rob Contains The Minimum User Compliance Requirements And Does Not Supersede Any Policies Of Va Facilities Or Other Agency Components Which Provide Higher Levels Of Protection To Va S Information Or Information Systems. Users Who Require Privileged Access Shall Complete The Va Elevated Privilege Access Request Processes Before Privileged Access Is Granted. All Contractors And Subcontractors Working With Va Information Are Subject To The Same Security Investigative And Clearance Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Shall Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office Of Human Resources And Administration/operations, Security And Preparedness (hra/osp) Is Responsible For These Policies And Procedures. Contract Personnel Who Require Access To Classified Information Or Information Systems Shall Have An Appropriate Security Clearance. Verification Of A Security Clearance Shall Be Processed Through The Special Security Officer Located In Hra/osp. Contractors Shall Conform To All Requirements Stated In The National Industrial Security Program Operating Manual (nispom). All Contractors And Subcontractors Shall Comply With Conditions Specified In Vaar 852.204-71(d); Contractor Operations Required To Be In United States. All Contractors And Subcontractors Working With Va Information Must Be Permanently Located Within A Jurisdiction Subject To The Law Of The United States Or Its Territories To The Maximum Extent Feasible. If Services Are Proposed To Be Performed Abroad The Contractor Must State Where All Non-u.s. Services Are Provided. The Contractor Shall Deliver To Va A Detailed Plan Specifically Addressing Communications, Personnel Control, Data Protection And Potential Legal Issues. The Plan Shall Be Approved By The Cor/co In Writing Prior To Access Being Granted. The Contractor Shall Notify The Cor/co In Writing Immediately (no Later Than 24 Hours) After Personnel Separation Or Occurrence Of Other Causes. Causes May Include The Following: Contractor/subcontractor Personnel No Longer Has A Need For Access To Va Information Or Va Information Systems. Contractor/subcontractor Personnel Are Terminated, Suspended, Or Otherwise Has Their Work On A Va Project Discontinued For Any Reason. Contractor Believes Their Own Personnel Or Subcontractor Personnel May Pose A Threat To Their Company S Working Environment Or To Any Company- Owned Property. This Includes Contractor-owned Assets, Buildings, Confidential Data, Customers, Employees, Networks, Systems, Trade Secrets And/or Va Data. Any Previously Undisclosed Changes To Contractor/subcontractor Background History Are Brought To Light, Including But Not Limited To Changes To Background Investigation Or Employee Record. Contractor/subcontractor Personnel Have Their Authorization To Work In The United States Revoked. Agreement By Which Contractor Provides Products And Services To Va Has Either Been Fulfilled Or Terminated, Such That Va Can Cut Off Electronic And/or Physical Access For Contractor Personnel. In Such Cases Of Contract Fulfillment, Termination, Or Other Causes; The Contractor Shall Take The Necessary Measures To Immediately Revoke Access To Va Network, Property, Information, And Information Systems (logical And Physical) By Contractor/subcontractor Personnel. These Measures Include (but Are Not Limited To): Removing And Then Securing Personal Identity Verification (piv) Badges And Piv Interoperable (piv-i) Access Badges, Va-issued Photo Badges, Credentials For Va Facilities And Devices, Va-issued Laptops, And Authentication Tokens. Contractors Shall Notify The Appropriate Va Cor/co Immediately To Initiate Access Removal. Contractors/subcontractors Who No Longer Require Va Accesses Will Return Va- Issued Property To Va. This Property Includes (but Is Not Limited To): Documents, Electronic Equipment, Keys, And Parking Passes. Piv And Piv-i Access Badges Shall Be Returned To The Nearest Va Piv Badge Issuance Office. Once They Have Had Access To Va Information, Information Systems, Networks And Va Property In Their Possessions Removed, Contractors Shall Notify The Appropriate Va Cor/co. Training. This Entire Section Applies To All Acquisitions Which Include Section 3. All Contractors And Subcontractors Requiring Access To Va Information And Va Information Systems Shall Successfully Complete The Following Before Being Granted Access To Va Information And Its Systems: Va Privacy And Information Security Awareness And Rules Of Behavior Course (talent Management System (tms) #10176) Initially And Annually Thereafter. Sign And Acknowledge (electronically Through Tms #10176) Understanding Of And Responsibilities For Compliance With The Organizational Rules Of Behavior, Relating To Access To Va Information And Information Systems Initially And Annually Thereafter; And Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Or Information Access [to Be Defined By The Va Program Official And Provided To The Va Co For Inclusion In The Solicitation Document I.e., Any Role- Based Information Security Training]. The Contractor Shall Provide To The Cor/co A Copy Of The Training Certificates And Certification Of Signing The Organizational Rules Of Behavior For Each Applicable Employee Within Five Days Of The Initiation Of The Contract And Annually Thereafter, As Required. Failure To Complete The Mandatory Annual Training Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Required Training Is Complete. Security Incident Investigation. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Contractor, Subcontractor, Their Employees, Or Business Associates Shall Immediately (within One Hour) Report Suspected Security / Privacy Incidents To The Va Oit S Enterprise Service Desk (esd) By Calling (855) 673-4357 (tty: 711). The Esd Is Oit S 24/7/365 Single Point Of Contact For It-related Issues. After Reporting To The Esd, The Contractor, Subcontractor, Their Employees, Or Business Associates Shall, Within One Hour, Provide The Cor/co The Incident Number Received From The Esd. To The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved And The Circumstances Surrounding The Incident, Including The Following: The Date And Time (or Approximation Of) The Security Incident Occurred. The Names Of Individuals Involved (when Applicable). The Physical And Logical (if Applicable) Location Of The Incident. Why The Security Incident Took Place (i.e., Catalyst For The Failure). The Amount Of Data Belonging To Va Believed To Have Been Compromised. The Remediation Measures The Contractor Is Taking To Ensure No Future Incidents Of A Similar Nature. After The Contractor Has Provided The Initial Detailed Incident Summary To Va, They Will Continue To Provide Written Updates On Any New And Relevant Circumstances Or Facts They Discover. The Contractor, Subcontractor, And Their Employes Shall Fully Cooperate With Va Or Third-party Entity Performing An Independent Risk Analysis On Behalf Of Va. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. Va It Contractors Shall Follow Va Handbook 6500, Risk Management Framework For Va Information Systems Va Information Security Program, And Va Information Security Knowledge Service Guidance For Implementing An Incident Response Plan Or Integrating With An Existing Va Implementation. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig, And The Va Office Of Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. The Contractor Shall Comply With Va Handbook 6500.2, Management Of Breaches Involving Sensitive Personal Information, Which Establishes The Breach Management Policies And Assigns Responsibilities For The Oversight, Management And Reporting Procedures Associated With Managing Of Breaches. With Respect To Unsecured Protected Health Information (phi), The Contractor Is Deemed To Have Discovered A Data Breach When The Contractor Knew Or Should Have Known Of Breach Of Such Information. When A Business Associate Is Part Of Vha Contract, Notification To The Covered Entity (vha) Shall Be Made In Accordance With The Executed Baa. If The Contractor Or Any Of Its Agents Fails To Protect Va Sensitive Personal Information Or Otherwise Engages In Conduct Which Results In A Data Breach Involving Any Va Sensitive Personal Information The Contractor/subcontractor Processes Or Maintains Under The Contract; The Contractor Shall Pay Liquidated Damages To The Va As Set Forth In Clause 852.211-76, Liquidated Damages Reimbursement For Data Breach Costs. Information System Design And Development. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (to Include The Subcomponents Of Each) Designed Or Developed For Or On Behalf Of Va By Any Non-va Entity. Information Systems Designed Or Developed On Behalf Of Va At Non-va Facilities Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. This Includes Standards For The Protection Of Electronic Protected Health Information (phi), Outlined In 45 C.f.r. Part 164, Subpart C And Information And System Security Categorization Level Designations In Accordance With Fips 199, Standards For Security Categorization Of Federal Information And Information Systems And Fips 200, Minimum Security Requirements For Federal Information Systems. Baseline Security Controls Shall Be Implemented Commensurate With The Fips 199 System Security Categorization (reference Va Handbook 6500 And Va Trusted Internet Connections (tic) Architecture). Contracted New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Va Assessment And Authorization (a&a) Processes In Va Handbook 6500 And Va Information Security Knowledge Service To Obtain An Authority To Operate (ato). Va Directive 6517, Risk Management Framework For Cloud Computing Services, Provides The Security And Privacy Requirements For Cloud Environments. Va It Contractors, Subcontractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500, Va Handbook 6517, Risk Management Framework For Cloud Computing Services And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co To Identify The Va Organization Responsible For Governance Or Resolution. Contractors Shall Comply With Far 39.1, Specifically The Prohibitions Referenced. The Contractor (including Producers And Resellers) Shall Comply With Office Of Management And Budget (omb) M-22-18 And M-23-16 When Using Third-party Software On Va Information Systems Or Otherwise Affecting The Va Information. This Includes New Software Purchases And Software Renewals For Software Developed Or Modified By Major Version Change After The Issuance Date Of M- 22-18 (september 14, 2022). The Term Software Includes Firmware, Operating Systems, Applications And Application Services (e.g., Cloud-based Software), As Well As Products Containing Software. The Contractor Shall Provide A Self- Attestation That Secure Software Development Practices Are Utilized As Outlined By Executive Order (eo)14028 And Nist Guidance. A Third-party Assessment Provided By Either A Certified Federal Risk And Authorization Management Program (fedramp) Third Party Assessor Organization (3pao) Or One Approved By The Agency Will Be Acceptable In Lieu Of A Software Producer's Self- Attestation. The Contractor Shall Ensure All Delivered Applications, Systems And Information Systems Are Compliant With Homeland Security Presidential Directive (hspd) 12 And Va Identity And Access Management (iam) Enterprise Identity Management Requirements As Set Forth In Omb M-19-17, M-05-24, Fips 201-3, Personal Identity Verification (piv) Of Federal Employees And Contractors (or Its Successor), M-21-31 And Supporting Nist Guidance. This Applies To Commercial Off-the-shelf (cots) Product(s) That The Contractor Did Not Develop, All Software Configurations And All Customizations. The Contractor Shall Ensure All Contractor Delivered Applications And Systems Provide User Authentication Services Compliant With Va Handbook 6500, Va Information Security Knowledge Service, Iam Enterprise Requirements And Nist 800-63, Digital Identity Guidelines, For Direct, Assertion-based Authentication And/or Trust-based Authentication, As Determined By The Design And Integration Patterns. Direct Authentication At A Minimum Must Include Public Key Infrastructure (pki) Based Authentication Supportive Of Piv And/or Common Access Card (cac), As Determined By The Business Need And Compliance With Va Information Security Knowledge Service Specifications. The Contractor Shall Use Va Authorized Technical Security Baseline Configurations And Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems In Compliance With Va Baselines Prior To Acceptance Or Connection Into An Authorized Va Computing Environment. If The Defense Information Systems Agency (disa) Has Created A Security Technical Implementation Guide (stig) For The Technology, The Contractor May Configure To Comply With That Stig. If Va Determines A New Or Updated Va Configuration Baseline Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Far 39.1 Requires The Population Of Operating Systems And Applications Includes All Listed On The Nist National Checklist Program Checklist Repository. The Standard Installation, Operation, Maintenance, Updating And Patching Of Software Shall Not Alter The Configuration Settings From Va Approved Baseline Configuration. Software Developed For Va Must Be Compatible With Va Enterprise Installer Services And Install To The Default Program Files Directory With Silently Install And Uninstall. The Contractor Shall Perform Testing Of All Updates And Patching Prior To Implementation On Va Systems. Applications Designed For Normal End Users Will Run In The Standard User Context Without Elevated System Administration Privileges. The Contractor-delivered Solutions Shall Reside On Va Approved Operating Systems. Exceptions To This Will Only Be Granted With The Written Approval Of The Cor/co. The Contractor Shall Design, Develop, And Implement Security And Privacy Controls In Accordance With The Provisions Of Va Security System Development Life Cycle Outlined In Nist 800-37, Risk Management Framework For Information Systems And Organizations: A System Life Cycle Approach For Security And Privacy, Va Directive And Handbook 6500, And Va Handbook 6517. The Contractor Shall Comply With The Privacy Act Of1974 (the Act), Far 52.224- 2 Privacy Act, And Va Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish A Va Function. The Contractor Shall Ensure The Security Of All Procured Or Developed Information Systems, Systems, Major Applications, Minor Applications, Enclaves And Platform Information Technologies, Including Their Subcomponents (hereinafter Referred To As Information Systems ) Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes Security Configurations, Workarounds, Patches, Hotfixes, Upgrades, Replacements And Any Physical Components Which May Be Necessary To Remediate All Security Vulnerabilities Published Or Known To The Contractor Anywhere In The Information Systems (including Systems, Operating Systems, Products, Hardware, Software, Applications And Firmware). The Contractor Shall Ensure Security Fixes Do Not Negatively Impact The Information Systems. When The Contractor Is Responsible For Operations Or Maintenance Of The Systems, The Contractor Shall Apply The Security Fixes Within The Timeframe Specified By The Associated Controls On The Va Information Security Knowledge Service. When Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Contractor Shall Provide Written Notice To The Va Cor/co That The Patch Has Been Validated As To Not Affecting The Systems Within 10 Business Days. Information System Hosting, Operation, Maintenance Or Use. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (cloud And Non- Cloud) Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. The Contractor Shall Comply With All Federal Laws, Regulations, And Va Policies For Information Systems (cloud And Non-cloud) That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. Security Controls For Collecting, Processing, Transmitting, And Storing Of Va Sensitive Information, Must Be In Place. The Controls Will Be Tested By Va Or A Va Sanctioned 3pao And Approved By Va Prior To Hosting, Operation, Maintenance Or Use Of The Information System Or Systems By Or On Behalf Of Va. This Includes Conducting Compliance Risk Assessments, Security Architecture Analysis, Routine Vulnerability Scanning, System Patching, Change Management Procedures And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Shall Be The Same As Procedures Used To Secure Va-operated Information Systems. Outsourcing (contractor Facility, Equipment, Or Staff) Of Systems Or Network Operations, Telecommunications Services Or Other Managed Services Require Assessment And Authorization (a&a) Of The Contractor S Systems In Accordance With Va Handbook 6500 As Specified In Va Information Security Knowledge Service. Major Changes To The A&a Package May Require Reviewing And Updating All The Documentation Associated With The Change. The Contractor S Cloud Computing Systems Shall Comply With Fedramp And Va Directive 6517 Requirements. The Contractor Shall Return All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) On Non-va Leased Or Non-va Owned It Equipment Used To Store, Process Or Access Va Information To Va In Accordance With A&a Package Requirements. This Applies When The Contract Is Terminated Or Completed And Prior To Disposal Of Media. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Information Security Knowledge Service Requirements And Nist 800-88. The Contractor Shall Send A Self-certification That The Data Destruction Requirements Above Have Been Met To The Cor/co Within 30 Business Days Of Termination Of The Contract. All External Internet Connections To Va Network Involving Va Information Must Be In Accordance With Va Trusted Internet Connection (tic) Reference Architecture And Va Directive And Handbook 6513, Secure External Connections And Reviewed And Approved By Va Prior To Implementation. Government-owned Contractor-operated Systems, Third Party Or Business Partner Networks Require A Memorandum Of Understanding (mou) And Interconnection Security Agreements (isa). Contractor Procedures Shall Be Subject To Periodic, Announced, Or Unannounced Assessments By Va Officials, The Oig Or A 3pao. The Physical Security Aspects Associated With Contractor Activities Are Also Subject To Such Assessments. The Contractor Shall Report, In Writing, Any Deficiencies Noted During The Above Assessment To The Va Cor/co. The Contractor Shall Use Va S Defined Processes To Document Planned Remedial Actions That Address Identified Deficiencies In Information Security Policies, Procedures, And Practices. The Contractor Shall Correct Security Deficiencies Within The Timeframes Specified In The Va Information Security Knowledge Service. All Major Information System Changes Which Occur In The Production Environment Shall Be Reviewed By The Va To Determine The Impact On Privacy And Security Of The System. Based On The Review Results, Updates To The Authority To Operate (ato) Documentation And Parameters May Be Required To Remain In Compliance With Va Handbook 6500 And Va Information Security Knowledge Service Requirements. The Contractor Shall Conduct An Annual Privacy And Security Self-assessment On All Information Systems And Outsourced Services As Required. Copies Of The Assessment Shall Be Provided To The Cor/co. The Va/government Reserves The Right To Conduct Assessment Using Government Personnel Or A Third-party If Deemed Necessary. The Contractor Shall Correct Or Mitigate Any Weaknesses Discovered During The Assessment. Va Prohibits The Installation And Use Of Personally Owned Or Contractor-owned Equipment Or Software On Va Information Systems. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Pws, Pd Or Contract. All Security Controls Required For Government Furnished Equipment Must Be Utilized In Va Approved Other Equipment (oe). Configuration Changes To The Contractor Oe, Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Use A Va-approved Antivirus Software And A Personal (host-based Or Enclave Based) Firewall With A Va-approved Configuration. The Contractor Shall Ensure Software On Oe Is Kept Current With All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-virus Software And The Firewall On The Non-va Owned Oe. Approved Contractor Oe Will Be Subject To Technical Inspection At Any Time. The Contractor Shall Notify The Cor/co Within One Hour Of Disclosure Or Successful Exploits Of Any Vulnerability Which Can Compromise The Confidentiality, Integrity, Or Availability Of The Information Systems. The System Or Effected Component(s) Need(s) To Be Isolated From The Network. A Forensic Analysis Needs To Be Conducted Jointly With Va. Such Issues Will Be Remediated As Quickly As Practicable, But In No Event Longer Than The Timeframe Specified By Va Information Security Knowledge Service. If Sensitive Personal Information Is Compromised Reference Va Handbook 6500.2 And Section 5, Security Incident Investigation. For Cases Wherein The Contractor Discovers Material Defects Or Vulnerabilities Impacting Products And Services They Provide To Va, The Contractor Shall Develop And Implement Policies And Procedures For Disclosure To Va, As Well As Remediation. The Contractor Shall, Within 30 Business Days Of Discovery, Document A Summary Of These Vulnerabilities Or Defects. The Documentation Will Include A Description Of The Potential Impact Of Each Vulnerability And Material Defect, Compensating Security Controls, Mitigations, Recommended Corrective Actions, Fbonotice Cause Analysis And/or Workarounds (i.e., Monitoring). Should There Exist Any Backdoors In The Products Or Services They Provide To Va (referring To Methods For Bypassing Computer Authentication), The Contractor Shall Provide The Va Co/co Written Assurance They Have Permanently Remediated These Backdoors. All Other Vulnerabilities, Including Those Discovered Through Routine Scans Or Other Assessments, Will Be Remediated Based On Risk, In Accordance With The Remediation Timelines Specified By The Va Information Security Knowledge Service And/or The Applicable Timeframe Mandated By Cybersecurity & Infrastructure Security Agency (cisa) Binding Operational Directive (bod) 22- 01 And Bod 19-02 For Internet-accessible Systems. Exceptions To This Paragraph Will Only Be Granted With The Approval Of The Cor/co. Security And Privacy Controls Compliance Testing, Assessment And Auditing. This Entire Section Applies Whenever Section 6 Or 7 Is Included. Should Va Request It, The Contractor Shall Provide A Copy Of Their (corporation S, Sole Proprietorship S, Partnership S, Limited Liability Company (llc), Or Other Business Structure Entity S) Policies, Procedures, Evidence And Independent Report Summaries Related To Specified Cybersecurity Frameworks (international Organization For Standardization (iso), Nist Cybersecurity Framework (csf), Etc.). Va Or Its Third-party/partner Designee (if Applicable) Are Further Entitled To Perform Their Own Audits And Security/penetration Tests Of The Contractor S It Or Systems And Controls, To Ascertain Whether The Contractor Is Complying With The Information Security, Network Or System Requirements Mandated In The Agreement Between Va And The Contractor. Any Audits Or Tests Of The Contractor Or Third-party Designees/partner Va Elects To Carry Out Will Commence Within 30 Business Days Of Va Notification. Such Audits, Tests And Assessments May Include The Following: (a): Security/penetration Tests Which Both Sides Agree Will Not Unduly Impact Contractor Operations; (b): Interviews With Pertinent Stakeholders And Practitioners; (c): Document Review; And (d): Technical Inspections Of Networks And Systems The Contractor Uses To Destroy, Maintain, Receive, Retain, Or Use Va Information. As Part Of These Audits, Tests And Assessments, The Contractor Shall Provide All Information Requested By Va. This Information Includes, But Is Not Limited To, The Following: Equipment Lists, Network Or Infrastructure Diagrams, Relevant Policy Documents, System Logs Or Details On Information Systems Accessing, Transporting, Or Processing Va Data. The Contractor And At Its Own Expense, Shall Comply With Any Recommendations Resulting From Va Audits, Inspections And Tests. Va Further Retains The Right To View Any Related Security Reports The Contractor Has Generated As Part Of Its Own Security Assessment. The Contractor Shall Also Notify Va Of The Existence Of Any Such Security Reports Or Other Related Assessments, Upon Completion And Validation. Va Appointed Auditors Or Other Government Agency Partners May Be Granted Access To Such Documentation On A Need-to-know Basis And Coordinated Through The Cor/co. The Contractor Shall Comply With Recommendations Which Result From These Regulatory Assessments On The Part Of Va Regulators And Associated Government Agency Partners. Product Integrity, Authenticity, Provenance, Anti-counterfeit And Anti-tampering. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Comply With Code Of Federal Regulations (cfr) Title 15 Part 7, Securing The Information And Communications Technology And Services (icts) Supply Chain , Which Prohibits Icts Transactions From Foreign Adversaries. Icts Transactions Are Defined As Any Acquisition, Importation, Transfer, Installation, Dealing In Or Use Of Any Information And Communications Technology Or Service, Including Ongoing Activities, Such As Managed Services, Data Transmission, Software Updates, Repairs Or The Platforming Or Data Hosting Of Applications For Consumer Download. When Contracting Terms Require The Contractor To Procure Equipment, The Contractor Shall Purchase Or Acquire The Equipment From An Original Equipment Manufacturer (oem) Or An Authorized Reseller Of The Oem. The Contractor Shall Attest That Equipment Procured From An Oem Or Authorized Reseller Or Distributor Are Authentic. If Procurement Is Unavailable From An Oem Or Authorized Reseller, The Contractor Shall Submit In Writing, Details Of The Circumstances Prohibiting This From Happening And Procure A Product Waiver From The Va Cor/co. All Contractors Shall Establish, Implement, And Provide Documentation For Risk Management Practices For Supply Chain Delivery Of Hardware, Software (to Include Patches) And Firmware Provided Under This Agreement. Documentation Will Include Chain Of Custody Practices, Inventory Management Program, Information Protection Practices, Integrity Management Program For Sub-supplier Provided Components, And Replacement Parts Requests. The Contractor Shall Make Spare Parts Available. All Contractor(s) Shall Specify How Digital Delivery For Procured Products, Including Patches, Will Be Validated And Monitored To Ensure Consistent Delivery. The Contractor Shall Apply Encryption Technology To Protect Procured Products Throughout The Delivery Process. If A Contractor Provides Software Or Patches To Va, The Contractor Shall Publish Or Provide A Hash Conforming To The Fips Security Requirements For Cryptographic Modules (fips 140-2 Or Successor). The Contractor Shall Provide A Software Bill Of Materials (sbom) For Procured (to Include Licensed Products) And Consist Of A List Of Components And Associated Metadata Which Make Up The Product. Sboms Must Be Generated In One Of The Data Formats Defined In The National Telecommunications And Information Administration (ntia) Report The Minimum Elements For A Software Bill Of Materials (sbom). Contractors Shall Use Or Arrange For The Use Of Trusted Channels To Ship Procured Products, Such As U.s. Registered Mail And/or Tamper-evident Packaging For Physical Deliveries. Throughout The Delivery Process, The Contractor Shall Demonstrate A Capability For Detecting Unauthorized Access (tampering). The Contractor Shall Demonstrate Chain-of-custody Documentation For Procured Products And Require Tamper-evident Packaging For The Delivery Of This Hardware. Viruses, Firmware And Malware. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Execute Due Diligence To Ensure All Provided Software And Patches, Including Third-party Patches, Are Free Of Viruses And/or Malware Before Releasing Them To Or Installing Them On Va Information Systems. The Contractor Warrants It Has No Knowledge Of And Did Not Insert, Any Malicious Virus And/or Malware Code Into Any Software Or Patches Provided To Va Which Could Potentially Harm Or Disrupt Va Information Systems. The Contractor Shall Use Due Diligence, If Supplying Third-party Software Or Patches, To Ensure The Third-party Has Not Inserted Any Malicious Code And/or Virus Which Could Damage Or Disrupt Va Information Systems. The Contractor Shall Provide Or Arrange For The Provision Of Technical Justification As To Why Any False Positive Hit Has Taken Place To Ensure Their Code S Supply Chain Has Not Been Compromised. Justification May Be Required, But Is Not Limited To, When Install Files, Scripts, Firmware, Or Other Contractor-delivered Software Solutions (including Third-party Install Files, Scripts, Firmware, Or Other Software) Are Flagged As Malicious, Infected, Or Suspicious By An Anti-virus Vendor. The Contractor Shall Not Upload (intentionally Or Negligently) Any Virus, Worm, Malware Or Any Harmful Or Malicious Content, Component And/or Corrupted Data/source Code (hereinafter Virus Or Other Malware ) Onto Va Computer And Information Systems And/or Networks. If Introduced (and This Clause Is Violated), Upon Written Request From The Va Co, The Contractor Shall: Take All Necessary Action To Correct The Incident, To Include Any And All Assistance To Va To Eliminate The Virus Or Other Malware Throughout Va S Information Networks, Computer Systems And Information Systems; And Use Commercially Reasonable Efforts To Restore Operational Efficiency And Remediate Damages Due To Data Loss Or Data Integrity Damage, If The Virus Or Other Malware Causes A Loss Of Operational Efficiency, Data Loss, Or Damage To Data Integrity. Cryptographic Requirement. This Entire Section Applies Whenever The Acquisition Includes Section 6 Or 7 Is Included. The Contractor Shall Document How The Cryptographic System Supporting The Contractor S Products And/or Services Protect The Confidentiality, Data Integrity, Authentication And Non-repudiation Of Devices And Data Flows In The Underlying System. The Contractor Shall Use Only Approved Cryptographic Methods As Defined In Fips 140-2 (or Its Successor) And Nist 800-52 Standards When Enabling Encryption On Its Products. The Contractor Shall Provide Or Arrange For The Provision Of An Automated Remote Key-establishment Method Which Protects The Confidentiality And Integrity Of The Cryptographic Keys. The Contractor Shall Ensure Emergency Re-keying Of All Devices Can Be Remotely Performed Within 30 Business Days. The Contractor Shall Provide Or Arrange For The Provision Of A Method For Updating Cryptographic Primitives Or Algorithms. Patching Governance. This Entire Section Applies Whenever The Acquisition Includes Section 7 Is Included The Contractor Shall Provide Documentation Detailing The Patch Management, Vulnerability Management, Mitigation And Update Processes (to Include Third- Party) Prior To The Connection Of Electronic Devices, Assets Or Equipment To Va S Assets. This Documentation Will Include Information Regarding The Follow: The Resources And Technical Capabilities To Sustain The Program Or Process (e.g., How The Integrity Of A Patch Is Validated By Va); And The Approach And Capability To Remediate Newly Reported Zero-day Vulnerabilities For Contractor Products. The Contractor Shall Verify And Provide Documentation All Procured Products (including Third-party Applications, Hardware, Software, Operating Systems, And Firmware) Have Appropriate Updates And Patches Installed Prior To Delivery To Va. The Contractor Shall Provide Or Arrange The Provision Of Appropriate Software And Firmware Updates To Remediate Newly Discovered Vulnerabilities Or Weaknesses For Their Products And Services Within 30 Days Of Discovery. Updates To Remediate Critical Or Emergent Vulnerabilities Will Be Provided Within Seven Business Days Of Discovery. If Updates Cannot Be Made Available By Contractor Within These Time Periods, The Contractor Shall Submit Mitigations, Methods Of Exploit Detection And/or Workarounds To The Cor/co Prior To The Above Deadlines. The Contractor Shall Provide Or Arrange For The Provision Of Appropriate Hardware, Software And/or Firmware Updates, When Those Products, Including Open-source Software, Are Provided To The Va, To Remediate Newly Discovered Vulnerabilities Or Weaknesses. Remediations Of Products Or Services Provided To The Va S System Environment Must Be Provided Within 30 Business Days Of Availability From The Original Supplier And/or Patching Source. Updates Toremediate Critical Vulnerabilities Applicable To The Contractor S Use Of The Third- Party Product In Its System Environment Will Be Provided Within Seven Business Days Of Availability From The Original Supplier And/or Patching Source. If Applicable Third-party Updates Cannot Be Integrated, Tested And Made Available By Contractor Within These Time Periods, Mitigations And/or Workarounds Will Be Provided To The Cor/co Before The Above Deadlines. Specialized Devices/systems (medical Devices, Special Purpose Systems, Research Scientific Computing). This Entire Section Applies When The Acquisition Includes One Or More Medical Device, Special Purpose System Or Research Scientific Computing Device. If Appropriate, Ensure Selected Clauses From Section 6 Or 7 And 8 Through 12 Are Included. Contractor Supplies/delivered Medical Devices, Special Purpose Systems- Operational Technology (sps-ot) And Research Scientific Computing Devices Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Processes Specified On The Specialized Device Cybersecurity Department Enterprise Risk Management (sdcd-erm) Portal, Va Directive 6550, Pre-procurement Assessment And Implementation Of Medical Devices/systems, Va Handbook 6500, And The Va Information Security Knowledge Service. Deviations From Federal Law, Regulations, And Va Policy Are Identified And Documented As Part Of Va Directive 6550 And/or The Va Enterprise Risk Analysis (era) Processes For Specialized Devices/systems Processes. All Contractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500 And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co For Governance Or Resolution. The Contractor Shall Certify To The Cor/co That Devices/systems That Have Completed The Va Enterprise Risk Analysis (era) Process For Specialized Devices/systems Are Fully Functional And Operate Correctly As Intended. Devices/systems Must Follow The Va Era Authorized Configuration Prior To Acquisition And Connection To The Va Computing Environment. If Va Determines A New Va Era Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Major Changes To A Previously Approved Device/system Will Require A New Era. The Contractor Shall Comply With All Practices Documented By The Food Drug And Administration (fda) Premarket Submission For Management Of Cybersecurity In Medical Devices And Postmarket Management Of Cybersecurity In Medical Devices. The Contractor Shall Design Devices Capable Of Accepting All Applicable Security Patches With Or Without The Support Of The Contractor Personnel. If Patching Can Only Be Completed By The Contractor, The Contractor Shall Commit The Resources Needed To Patch All Applicable Devices At All Va Locations. If Unique Patching Instructions Or Packaging Is Needed, The Contractor Shall Provide The Necessary Information In Conjunction With The Validation/testing Of The Patch. The Contractor Shall Apply Security Patches Within 30 Business Days Of The Patch Release And Have A Formal Tracking Process For Any Security Patches Not Implemented To Include Explanation When A Device Cannot Be Patched. The Contractor Shall Provide Devices Able To Install And Maintain Va-approved Antivirus Capabilities With The Capability To Quarantine Files And Be Updated As Needed In Response To Incidents. Alternatively, A Va-approved Whitelisting Application May Be Used When The Contractor Cannot Install An Anti-virus / Anti- Malware Application. The Contractor Shall Verify And Document All Software Embedded Within The Device Does Not Contain Any Known Viruses Or Malware Before Delivery To Or Installation At A Va Location. Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Solid State, And Storage Via Chips/firmware) With Va Sensitive Information Will Be Returned To The Contractor With Media Removed. When The Contract Requires Return Of Equipment, The Options Available To The Contractor Are The Following: The Contractor Shall Accept The System Without The Drive, Firmware And Solid State. Va S Initial Device Purchase Includes A Spare Drive Or Other Replacement Media Which Must Be Installed In Place Of The Original Drive At Time Of Turn- In; Or Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With The Device, If It Is Not Possible For Va To Retain The Hard Drive, Firmware, And Solid State, Then: The Equipment Contractor Shall Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact. Any Fixed Hard Drive, Complementary Metal-oxide-semiconductor (cmos), Programmable Read-only Memory (prom), Solid State And Firmware On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Solicitation, Contract, Or Order. Data Center Provisions. This Entire Section Applies Whenever The Acquisition Requires An Interconnection To/from The Va Network To/from A Non-va Location. The Contractor Shall Ensure The Va Network Is Accessed By In Accordance With Va Directive 6500 And Iam Security Processes Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Network Infrastructure And Data Availability In Accordance With Va Information System Business Continuity Procedures Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Any Connections To The Internet Or Other External Networks For Information Systems Occur Through Managed Interfaces Utilizing Va Approved Boundary Protection Devices (e.g., Internet Proxies, Gateways, Routers, Firewalls, Guards Or Encrypted Tunnels). The Contractor Shall Encrypt All Traffic Across The Segment Of The Wide Area Network (wan) It Manages And No Unencrypted Out Of Band (oob) Internet Protocol (ip) Traffic Will Traverse The Network. The Contractor Shall Ensure Tunnel Endpoints Are Routable Addresses At Each Va Operating Site. The Contractor Shall Secure Access From Local Area Networks (lans) At Co- Located Sites In Accordance With Va Tic Reference Architecture, Va Directive And Handbook 6513, And Mou/isa Process Specified In The Va Information Security Knowledge Service.

Details: Description Rfq-2025-297 (0907-05-23-25) 1. 1 Unit Digital Copier/printer/scanner In 1 Specifications - Ineo + 226 System Overview System Memory Interface 10-base-t/100-base-tx/1,000-base-t Ethernet, Usb 2.0 Wi-fi 802.11a/b/g/n/ac (optional) Network Protocolstcp/ip (pv4/pv6), Ftp, Smb, Smtp, Webdav Frame Types Ethernet 802.2, Ethemet 802.3, Ethernet Il, Ethernet Snap Automatic Document Feeder Df-630 (optional) Up To 70 Originals, A5-a3, 35-128 Gsm Printable Paper Size A5-a3, Customised Paper Sizes (width: 90 - 270 Mm, Length: 139.7 Mm - 431.8 Mm), Banner Paper Max. 1,200 X 297 Mm Printable Paper Weight 60-256 Gsm "paper Input Capacity Standard: 1,100 Sheets Max: 3,600 Sheets" Tray 1 500 Sheets, B5-b4, 60-256 Gsm Tray 2 500 Sheets, 85-a3, 60-256 Gsm Tray 3 Pc-114 (optional) 1 × 500 Sheets, B5-a3, 60-256 Gsm Tray 4 Pc-214 (optional) 2 X 500 Sheets, B5-a3, 60-256 Gsm Paper Feed Cabinet Pc-414 (optional) 2,500 Sheets, A4, 60-256 Gsm Bypass Tray 100 Sheets, A5-a3, Custom Sizes (width: 90-270mm, Length: 139.7 Mm - 1,200 Mm), Banner 210 X 1,200 Mm, 127-210 Gsm Automatic Duplexing A5-a3, 50-128 Gsm Finishing Modes (optional) Group, Sort, Booklet Power Consumption [220-240 V, 50/60 Hz] Less Than 1.58 Kw (system) System Dimensions (wxdxh) 571 × 660 X 785.5 Mm (excl. Adf And Lower Paper Tray Unit) 22.5 X 26.0 X 30.9 Inch (excl. Adf And Lower Paper Tray Unit) System Weight" Approx. 71 Kg (156.5 Lb) ** Incl. Drum/toner Bottle Copier Specifications Copying Process Electrostatic Laser Copy, Tandem, Intermediate Toner System Simitri @hd Polymerized Toner Copy/print Speed A4 Up To 22 Ppm Copy/print Speed A3 Up To 14 Ppm 1st Copy Out Time 8.4 Sec. Warm-up Time 7 Approx. 20 Sec. Copy Resolution 600 × 600 Dpl Gradation 256 Gradations Multicopy 1-9,999 Original Format A5-a3 Magnification 25-400% In 0.1% Steps, Auto-zooming Warm-up Time May Vary Depending On The Operating Environment And Usage Printer Specifications Print Resolution 1,800 (equivalent) X 600 Dp Page Description Pcl 6 (xl Version 3.0) Emulation, Pcl 5e/c, Language Postscript 3 (3016) Emulation, Xps "operating Systems Windows 7 (32/64), Windows 8.1 (32/64), Windows 10 (32/64), Windows Server 2008 (32/64), Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Macintosh Os X 10.8 Or Later, Linux" Printer Fonts 80 Pcl, 137 Postscript 3 Emulation "mobile Printing Alrprint (ics), Mopria (android), Google Cloud Print (optional), Wi-fi Direct (optional), Ineoprint(ios, Android, Windows 10 Mobile)" Scanner Specifications Scan Speed Up To 30 Lpm Resolution Max .: 600 X 600 Dpi "scan Modes Scan To Email, Scan To Pc (smb), Scan To Ftp, Scan To Webdav, Scan To Wsd (web Service), Scan To Dpws (device Profile For Web Service), Network Twain Scan" File Formats Jpeg, Tiff, Pdf, Compact Pdf3, Xps?, Compact Xps?, Pptx? Destinations 1,300 (single + Group), Ldap Support "optional Upgrade Kit Uk-211 Is Required. " Components And Options Dk-514 Copler Desk Provides Storage Space For Print Media And Other Materials Df-630 Document Feeder Reversing Automatic Document Feeder, Capacity 70 Originals Oc-513 Original Cover Cover Instead Of Adf Cu-101 Air Cleaning Unit Improving Indoor Air Quality By Reduced Emissions Mk-748 Mount Kit Installation Kit For Cu-101 Installation Kit For Cu-101 Ht-509 Dehumidification Heater For Paper Feed Cabinet, Dehumidification Heater For Pc-114/214/414, Dk-514 Mk-734 Dehumidification Heater Power Supply Box (cabinet Heater), Dehumidification Heaterpower Supply Box For Pc-114/214/414, Dk-514 Kp-101 10-key Pad 10-key Ah-101 Assist Handle Assist Handle Uk-211 Upgrade Kit 2 Gb Memory Extension For Upgrades Uk-215 Wireless Lan Kit Wireless Lan And Wireless Lan Access Point Mode Ek-608 Usb Vf Kit Usb Hub Kit Ek-609 Usb Vf Kit Usb Hub Kit, Bluetooth Le Mk-735 Mount Kit Installation Kit For Ic Card Reader Au-201s Authentication Ic Card Ic Card Authentication Unit Au-102 Biometric Authentication Finger Vein Scanner Wt-515 Working Table Authentication Device Placement - All Specifications Refer To A4-size Paper Of 80 Gsm Quality. The Support And Availability Of The Listed Specifications And Functionalides Vary Depending On Operaling Systenis, Applications And Network Protocols As Well As Network And System Configurations. Some Of The Product Illustrations Contain Optional Accessories. Specifications And Accessories Are Based On The Information Available At The Time Of Printing And Are Subject To Change Without Notice. Specificatione Is Correct At Time Of Printing. All Brand And Product Names May Be Registered Trademarks Or Trademarks Of Their Respective Holders And Are Hereby Acknowledged. Deadline For Submission Of Bids: June 2, 2025, 11:00 Am Payment Term: 30 Days *for Price Quotations (preferably Through Email At Lgu.spcbac7@gmail.com) Please See Attached Quotation Form (associated Components)

Details: Description Republic Of The Philippines Province Of Bukidnon Municipality Of Lantapan Invitation To Bid For Supply & Installation Aircondition Unit For Municipal Gym (1st Bid) 1. The Local Government Unit Of Lantapan, Through The Mmo-capital Outlay Sb # 3 Cy 2024 Intends To Apply The Sum Of One Million Nine Hundred Sixty-seven Thousand Two Hundred Fifty Pesos (php 1,967,250.00) Being The Abc To Payments Under The Contract Supply & Installation Of Aircondition Unit For Municipal Gym Ib # 2025-01-007 Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Local Government Unit Of Lantapan Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Required Is 30 Calendar Days. Bidders Should Have Completed, From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Open To All Interested Bidders, Whether Local Or Foreign, Subject To The Conditions For Eligibility Provided In The 2016 Revised Irr Of Ra No. 9184. 4. Prospective Bidders May Obtain Further Information From The Local Government Unit Of Lantapan And Inspect The Bidding Documents At The Address Given Below During Mondays To Fridays From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On January 31, 2025 To February 18, 2025 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Thousand Pesos (php 5,000.00). The Procuring Entity Shall Allow The Bidder To Present Personally Its Proof Of Payment For The Fees. [note: For Lot Procurement, The Maximum Fee For The Bidding Documents For Each Lot Shall Be Based On Its Abc, In Accordance With The Guidelines Issued By The Gppb; Provided That The Total Fees For The Bidding Documents Of All Lots Shall Not Exceed The Maximum Fee Prescribed In The Guidelines For The Sum Of The Abc Of All Lots.] 6. The Local Government Unit Of Lantapan Will Hold A Pre-bid Conference On February 6, 2025 At 9:00 O’clock A.m At Municipal Conference Room Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office 2nd Floor, Municipal Conference Room, Municipal Hall, Poblacion, Lantapan, Bukidnon, On Or Before 8:45 A.m (philippine Standard Time) On February 18, 2025. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On February 18, 2025 At 9:00 O’clock A.m At The Given Address Below. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. [insert Such Other Necessary Information Deemed Relevant By The Procuring Entity Such As The Use Of A Back-up Data Or Cloud Storage For Large Files Uploaded For Online Bid Submissions] 11. The Local Government Unit Of Lantapan Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Jefer Mae B. Macana Bac Secretariat Bac Office, 2/f Municipal Hall Purok 6, Poblacion, Lantapan Bukidnon, Philippines Email Add: Lant.bacsec2024@gmail.com 13. You May Visit The Following Website/s: Lantapan.gov.ph For Downloading Of Bidding Documents: Www.philgeps.gov.ph Date Of Issue: January 31, 2025 Engr. Jessell S. Pacturan, C.e. Bac Chairperson Reference No.: Ib # 2025-01-007 Name Of Project: Supply & Installation Of Aircondition Unit For Municipal Gym Location Of Delivery: Lgu-lantapan, Bukidnon Abc: Php 1,967,250.00 Item No. Item Description Unit Of Issue Quantity Unit Price Amount 1 5.0 Tr Floor Mounted Inverter Aircondation Unit Unit 230v, 60hz, 1 Phase With Complete Standard Accessories Including Installation, & Free Copper Tubing Within 10ft, From Outdoor To Indoor,and Delivery At Job Site 2 3.0 Tr Wall Mounted Inverter Aircondation Unit Unit 230v, 60hz 1 Phase With Complete Standard Accessories Including Installation, Free Copper Tubing Within 10ft,from Outdoor To Indoor And Delivery At Job Site 3 Turbo Air Curtain With Standard Installation 230v, Unit 60hz, 248watts ,with Uv Light, 2,370m³/h Air Volume Electrical Materials For Wiring 4 Thhn Copper Wire # 22mm² Black (150mtr/box) Box 5 Thhn Copper Wire # 22mm² White (150mtr/box) Mtr 6 Electrical Pvc Pipe 1"ø Pcs 7 150 Amp. Molded Case Circuit Breaker Unit 2 Pole/ 230v 8 Circuit Breaker Inclosure For 150amp. Unit Circuit Breaker 9 Circuit Breaker Inclosure For 30amp. Pcs Circuit Breaker With Cover Bolt On 10 30 Amp. Circuit Breaker Bolt On Pair 11 Pvc Pull Box With Cover 4 X 4 Pcs 12 Emt Clip 1" 2 Hole Pcs 13 Thhn Copper Wire # 5.5mm² Mtr 14 Electrical Tape Big Pcs 15 Thhn Wire # 3.5mm Box 16 Electrical Pvc Pipe 1/2"ø Pcs 17 Pvc Male Adapter W/locknut 1"ø Pcs 18 Flixible Pipe 3/4" Mtr 19 Pvc Flixible Connector 3/4" Pcs 20 Pvc Electrical Pvc Short Elbow 1" Pcs 21 Pvc Clip 1" Pcs 22 Thhn Copper Wire # 30mm² Mtr Total Total Bid Price In Figure: ____________________________________________ Total Bid Price In Words: ____________________________________________ Prepared And Submitted By: __________________________________________

Details: Description 2 Request For Quotation (rfq) One-time Digital Signing Services Subscription For 1 Year Rfq No. Emb-sisms-2025-03-045 1. The Department Of Environment And Natural Resources – Environmental Management Bureau (denr-emb) Hereinafter Referred To As The “purchaser” Now Requests For Submission Of Price Quotations For The Procurement Of The Aforesaid Items Described In The Technical Specifications/scope Of Works/terms Of Reference. No. Description Qty Uom Unit Price Abc 1. One-time Digital Signing Service Subscription For 1 Year General Requirements: Must Support Various Certificate Types, Including Individual And Organizational Certificates; Must Primarily Support The Dict National Certification Authority (nca) -pnpki, With Optional Or Secondary Support Extended To Global Or Third-party Cas; Must Support The Signing Of Documents Using A Trusted Certification Authority (ca) Recognized By The Philippine Government; Must Support Documents Using Publicly Trusted Certificates; Must Provide Wildcard Ssl Certificate For Emb Domain, Preferred To Utilize Existing Provider; Must Comply With The Philippine Electronic Commerce Act (ra No. 8792); Must Comply With The Phil. Data Privacy Act Of 2012; Should Leverage The Pdf Advanced Electronic Signature (pades) Framework; Must Utilize The Cryptographic Message Syntax Advanced Electronic Signature (cades) Framework; Must Comply With Iso Standards (iso/ Ies 27001:2013, Iso 10002:2018), And (iso 9001:2015) For Service Provision; Must Support The Elliptic Curve Digital Signature Algorithm (ecdsa) With A Minimum Key Size Of 256 Bits For Signature Generation And Verification; Must Support Hashing Algorithm Sha-256 Or Higher; Must Support The Asymmetric Encryption Algorithm Rsa With A Minimum Key Size Of 2048 Bits; Must Come With Cloud-based Management Console And Application Programming Interfaces (api) Management Console Requirements: Must Support Unlimited Number Of Doc Signings; Must Support Role-based Access Control With Granular Permissions; Must Have A Minimum Storage Capacity Of 250 Gb Must Be Scalable To Accommodate Future Growth In The Number Of Users And Documents; Must Allow Individual Or Group Signing Capabilities Per Document; All Signed Documents Must Remain Valid Forever; Must Be Able To Sign Documents With Or Without A Digital Signature Solution Account; Must Provide The Option For Users To Sign Multiple-page Documents In One Instance; Must Allow Replacement And Re-delegation Of Signers If They Are Not Available; Must Generate An Audit Trail That Serves As Proof Of The Transaction; Must Support Signing Multiple Document Formats; Must Support Various Channels, Including Web Applications For (desktop And Mobile Devices), As Well As Mobile Applications For (ios & Android); Should Include The Option To Import Users And Contacts In Bulk (csv Or Ad); Comes With Option To Allow Users To Edit And Upload Their Own Signature Images; Must Support Major Operating Systems (windows, Macos, And Linux) Platforms And Commonly Used Web Browsers. Api Requirements. The Solution Should Be Flexible To Allow Api Integrations With Commonly Used Applications; Through User Management, The Solution Should Have The Capability To Perform Document Uploading, Downloading, Signing, & Deleting Through Api Calls; Must Provide Integration Options With Sharepoint, Onedrive, Google Drive, Dropbox, And Others; Must Have Comprehensive Logging And Auditing Capabilities For Transaction And Key Usage; Support Services Requirements - Service Should Include Local Support For Online A Nd Email Assistance, Available 8x5 As Needed; Provide Remediation Based On Health Checks Performed For The Signing Solution, With Service Reports Delivered Upon Completion Of The Remediation Works; (30) Calendar Days Delivery; 1 Lot 980,000.00 980,000.00 2. A Set Of Technical Requirements Are Provided In Attachment/s. Item/s Listed Under The Purchaser’s Terms Of Reference/s Must Be Complied With On A Pass-fail Basis. Failure To Meet Any One Of The Requirements May Result In Rejection Of The Quotation. The Approved Budget For This Contract Is Php980,000.00. 3. Bidding Procedures Will Be Conducted In Accordance With The Provisions Of The Implementing Rules And Regulations (irr) Of Republic Act 9184. 4. It Is The Intent Of The Purchaser To Evaluate The Bid/quotation On A Lot Basis. And Award Will Be Made To The Bid/quotation Or Combination Of Quotations Resulting In The Lowest Evaluated Quotation Meeting The Purchaser’s Technical Specifications. 5. Quotations Must Be Delivered At The Address Below Not Later Than Of 08:00 A.m. Of April 25, 2025. Department Of Environment And Natural Resources Environmental Management Bureau Emb Hrd Building Ground Floor, Afmd Denr Compound, Visayas Avenue, Diliman, Quezon City 6. Prices Must Be Quoted In Philippine Peso And Must Include The Unit Price And Total Price, Inclusive Of All Taxes To Be Paid And Other Incidental Cost To The Delivery Site/s If The Contract Is Awarded. 7. Bid/quotation Submission Maybe Typewritten And Must Be Placed In A Sealed Envelope Marked One-time Digital Signing Service Subscriprion For 1 Year Under Rfq No. Emb-sisms-2025-03-045 Sealed Bids Must Be Forwarded To Bac Secretariat (administrative, Financial And Management Division) Located At Emb-afmd, Hrd Building Ground Floor Or May Email To Embquotations@gmail.com Submission Must Be Or On Before The Indicated Date At Time. Late Bids And Proposals Above The Abc Shall Be Automatically Disqualified. 8. Bids/quotations Shall Be Valid For Sixty (60) Calendar Days From The Deadline Of Submission Of Bids. 9. The Delivery Period Shall Be Within Fifteen To Thirty (15-30) Calendar Days From Receipt Of The Purchase Order (po) And/or Job Order (jo). The Supplier Must Inform The Purchaser At Least Three (3) Days Before The Date Of Delivery. The Delivery Will Be Made Only During Working Days And Hours. 10. Delivery Sites: See Delivery Sites Enumerated In The Quotation Form Environmental Management Bureau Hrd Building Ground Floor Denr Compound, Visayas Avenue, Diliman, Quezon City Attention: Afmd-property And General Services Section 11. The Applicable Rate For Late Deliveries Is One Tenth (1/10) Of One (1) Percent Of The Cost Of The Unperformed Portion Of The Contract For Every Day Of Delay. The Maximum Deduction Shall Be Ten Percent (10%) Of The Amount Of Contract. Once The Cumulative Amount Of Liquidated Damages Reaches Ten Percent (10%) Of The Contract Amount, The Purchaser Shall Rescind The Contract Without Prejudice To Other Courses Of Action And Remedies Open To It. 12. The Purchaser Reserves The Right To Accept Or Reject Any Quotation, And To Annul The Bidding/shopping Process Or Reject All Quotations At Any Time Prior To Contract Award, Without Thereby Incurring Any Liability To The Affected Bidder/bidders. The Purchaser Also Reserves The Right To Waive Minor Deviations/defects Or Infirmities Therein. A Minor Deviation/defect Or Infirmity Is One That Does Not Materially Affect The Overall Functionality Of The Material And The Capability Of The Supplier To Perform The Contract. 13. Participating Service Provider/s Must Abide By The Existing Health, Safety, Environment, Quality And Other Related Laws And Procedures As Prescribed By The Philippine Government. 14. Documents To Submit The Following: A) Quotation Form With Technical Specifications. B) Mayor’s/business Permit. C) Philgeps Registration Number/proof Of Philgeps Registration D) Tax Clearance E) Omnibus Sworn Statement-original & Notarized Engr. Rodney V. Diaz Oic-property & General Services Section Attachment 1 Republic Of The Philippines Department Of Environment And Natural Resources Environmental Management Bureau Technical Specifications Item No. 1 One-time Digital Signing Subscription Quantity: 1 Lot Country Of Origin: Brand/model: All Items Listed Under The Purchasers’ Specifications Must Be Complied On A Pass-fail Basis. Failure To Meet Any One Of The Requirements May Result To Rejection. Qty Uom Purchaser’s Specifications Bidder’s Specifications 1 Lot One-time Digital Signing Service Subscription For 1 Year General Requirements: Must Support Various Certificate Types, Including Individual And Organizational Certificates; Must Primarily Support The Dict National Certification Authority (nca) -pnpki, With Optional Or Secondary Support Extended To Global Or Third-party Cas; Must Support The Signing Of Documents Using A Trusted Certification Authority (ca) Recognized By The Philippine Government; Must Support Documents Using Publicly Trusted Certificates; Must Provide Wildcard Ssl Certificate For Emb Domain, Preferred To Utilize Existing Provider; Must Comply With The Philippine Electronic Commerce Act (ra No. 8792); Must Comply With The Phil. Data Privacy Act Of 2012; Should Leverage The Pdf Advanced Electronic Signature (pades) Framework; Must Utilize The Cryptographic Message Syntax Advanced Electronic Signature (cades) Framework; Must Comply With Iso Standards (iso/ Ies 27001:2013, Iso 10002:2018), And (iso 9001:2015) For Service Provision; Must Support The Elliptic Curve Digital Signature Algorithm (ecdsa) With A Minimum Key Size Of 256 Bits For Signature Generation And Verification; Must Support Hashing Algorithm Sha-256 Or Higher; Must Support The Asymmetric Encryption Algorithm Rsa With A Minimum Key Size Of 2048 Bits; Must Come With Cloud-based Management Console And Application Programming Interfaces (api) Management Console Requirements: Must Support Unlimited Number Of Doc Signings; Must Support Role-based Access Control With Granular Permissions; Must Have A Minimum Storage Capacity Of 250 Gb Must Be Scalable To Accommodate Future Growth In The Number Of Users And Documents; Must Allow Individual Or Group Signing Capabilities Per Document; All Signed Documents Must Remain Valid Forever; Must Be Able To Sign Documents With Or Without A Digital Signature Solution Account; Must Provide The Option For Users To Sign Multiple-page Documents In One Instance; Must Allow Replacement And Re-delegation Of Signers If They Are Not Available; Must Generate An Audit Trail That Serves As Proof Of The Transaction; Must Support Signing Multiple Document Formats; Must Support Various Channels, Including Web Applications For (desktop And Mobile Devices), As Well As Mobile Applications For (ios & Android); Should Include The Option To Import Users And Contacts In Bulk (csv Or Ad); Comes With Option To Allow Users To Edit And Upload Their Own Signature Images; Must Support Major Operating Systems (windows, Macos, And Linux) Platforms And Commonly Used Web Browsers. Api Requirementsthe Solution Should Be Flexible To Allow Api Integrations With Commonly Used Applications; Through User Management, The Solution Should Have The Capability To Perform Document Uploading, Downloading, Signing, & Deleting Through Api Calls; Must Provide Integration Options With Sharepoint, Onedrive, Google Drive, Dropbox, And Others; Must Have Comprehensive Logging And Auditing Capabilities For Transaction And Key Usage; Support Services Requirements - Service Should Include Local Support For Online A Nd Email Assistance, Available 8x5 As Needed; Provide Remediation Based On Health Checks Performed For The Signing Solution, With Service Reports Delivered Upon Completion Of The Remediation Works; (30) Calendar Days Delivery; Name Of Company : _________________________________ Postal Address : _________________________________ Email Address : _________________________________ Telephone & Fax No. : _________________________________ Signature Over Printed Name : _________________________________ Designation : _________________________________ Other Requirements 1. Quotation Submission Requirements - Supplier Must Submit A Duly Accomplished And Signed Price Quotation, And Supplier’s Line By Line Technical Specifications Compliance. - Supplier’s Must Accomplish/fill All Required Pages To Facilitate Documentation - Supplier Must Be Philgeps Registered. - Business Permit/license Permit - Failure To Follow The Above Requirements May Result To Outright Rejection Of Submitted Quotation/s. 2. Evaluation And Awarding Of Quotation - The Purchaser Will Evaluate And Compare The Offers, Which Have Been Determined As Responsive Pursuant To The Completeness Of The Purchaser Requirements - Compliance To The Technical Specifications - Awards Shall Be Made To The Lowest Evaluated And Responsive Quotation. - Submission Of Requirements Containing False Information Or Falsified Documents That Contain False Information Or Concealment Of Such Information In Order To Influence The Outcome Of Eligibility Screening Or Any Other Stage Of The Procurement Process May Result To Blacklisting Guidelines As Provided In The Irr Of Ra 9184. 3. Terms Of Payment - 100% Of The Contract Price Will Be Paid Upon Verification/inspection And Acceptance Of The Services In Compliance To Existing Government Auditing And Accounting Procedures. Quotation Form Date: ____________________ Attention: Afmd-property And General Services Section Environmental Management Bureau Hrd Building Ground Floor, Afmd Denr Compound, Visayas Avenue, Diliman, Quezon City 1) Having Examined The Subject Request For Quotation (rfq) Including The Technical Specifications, We, The Undersigned Offer To Supply And Deliver The Following: No. Description Delivery Site Quantity Uom Unit Price Total Price One-time Digital Signing Service Subscription For 1 Year General Requirements: Must Support Various Certificate Types, Including Individual And Organizational Certificates; Must Primarily Support The Dict National Certification Authority (nca) -pnpki, With Optional Or Secondary Support Extended To Global Or Third-party Cas; Must Support The Signing Of Documents Using A Trusted Certification Authority (ca) Recognized By The Philippine Government; Must Support Documents Using Publicly Trusted Certificates; Must Provide Wildcard Ssl Certificate For Emb Domain, Preferred To Utilize Existing Provider; Must Comply With The Philippine Electronic Commerce Act (ra No. 8792); Must Comply With The Phil. Data Privacy Act Of 2012; Should Leverage The Pdf Advanced Electronic Signature (pades) Framework; Must Utilize The Cryptographic Message Syntax Advanced Electronic Signature (cades) Framework; Must Comply With Iso Standards (iso/ Ies 27001:2013, Iso 10002:2018), And (iso 9001:2015) For Service Provision; Must Support The Elliptic Curve Digital Signature Algorithm (ecdsa) With A Minimum Key Size Of 256 Bits For Signature Generation And Verification; Must Support Hashing Algorithm Sha-256 Or Higher; Must Support The Asymmetric Encryption Algorithm Rsa With A Minimum Key Size Of 2048 Bits; Must Come With Cloud-based Management Console And Application Programming Interfaces (api) Management Console Requirements: Must Support Unlimited Number Of Doc Signings; Must Support Role-based Access Control With Granular Permissions; Must Have A Minimum Storage Capacity Of 250 Gb Must Be Scalable To Accommodate Future Growth In The Number Of Users And Documents; Must Allow Individual Or Group Signing Capabilities Per Document; All Signed Documents Must Remain Valid Forever; Must Be Able To Sign Documents With Or Without A Digital Signature Solution Account; Must Provide The Option For Users To Sign Multiple-page Documents In One Instance; Environmental Management Bureau, Hrd Building Ground Floor, Afmd Denr Compound, Visayas Avenue, Diliman, Quezon City 1 Lot Must Allow Replacement And Re-delegation Of Signers If They Are Not Available; Must Generate An Audit Trail That Serves As Proof Of The Transaction; Must Support Signing Multiple Document Formats; Must Support Various Channels, Including Web Applications For (desktop And Mobile Devices), As Well As Mobile Applications For (ios & Android); Should Include The Option To Import Users And Contacts In Bulk (csv Or Ad); Comes With Option To Allow Users To Edit And Upload Their Own Signature Images; Must Support Major Operating Systems (windows, Macos, And Linux) Platforms And Commonly Used Web Browsers. Api Requirements The Solution Should Be Flexible To Allow Api Integrations With Commonly Used Applications; Through User Management, The Solution Should Have The Capability To Perform Document Uploading, Downloading, Signing, & Deleting Through Api Calls; Must Provide Integration Options With Sharepoint, Onedrive, Google Drive, Dropbox, And Others; Must Have Comprehensive Logging And Auditing Capabilities For Transaction And Key Usage; Support Services Requirements - Service Should Include Local Support For Online A Nd Email Assistance, Available 8x5 As Needed; Provide Remediation Based On Health Checks Performed For The Signing Solution, With Service Reports Delivered Upon Completion Of The Remediation Works; (30) Calendar Days Delivery; 2) We Undertake, If Our Quotation Or Bid Is Accepted, To Deliver The Above Goods Within The Fifteen To Thirty (15-30) Calendar Day Delivery Period From Receipt Purchase Order (po) Or Job Order (jo). 3) We Agree To Abide By This Quotation/bid For A Period Of Sixty (60) Days After The Deadline Of Submission Specified In The Rfq. 4) We Understand That Payment For Items Delivered Will Be Made To The Winning Supplier After The Inspection And Acceptance Of Goods Delivered. Name Of Company : _________________________________ Postal Address : _________________________________ Email Address : _________________________________ Telephone & Fax No. : _________________________________ Signature Over Printed Name : _________________________________ Designation : _________________________________ Omnibus Sworn Statement (revised) [shall Be Submitted With The Bid] _________________________________________________________________________ Republic Of The Philippines) City/municipality Of ______ ) S.s. Affidavit I, [name Of Affiant], Of Legal Age, [civil Status], [nationality], And Residing At [address Of Affiant], After Having Been Duly Sworn In Accordance With Law, Do Hereby Depose And State That: 1. [select One, Delete The Other:] [if A Sole Proprietorship:] I Am The Sole Proprietor Or Authorized Representative Of [name Of Bidder] With Office Address At [address Of Bidder]; [if A Partnership, Corporation, Cooperative, Or Joint Venture:] I Am The Duly Authorized And Designated Representative Of [name Of Bidder] With Office Address At [address Of Bidder]; 2. [select One, Delete The Other:] [if A Sole Proprietorship:] As The Owner And Sole Proprietor, Or Authorized Representative Of [name Of Bidder], I Have Full Power And Authority To Do, Execute And Perform Any And All Acts Necessary To Participate, Submit The Bid, And To Sign And Execute The Ensuing Contract For [name Of The Project] Of The [name Of The Procuring Entity], As Shown In The Attached Duly Notarized Special Power Of Attorney; [if A Partnership, Corporation, Cooperative, Or Joint Venture:] I Am Granted Full Power And Authority To Do, Execute And Perform Any And All Acts Necessary To Participate, Submit The Bid, And To Sign And Execute The Ensuing Contract For [name Of The Project] Of The [name Of The Procuring Entity], As Shown In The Attached [state Title Of Attached Document Showing Proof Of Authorization (e.g., Duly Notarized Secretary’s Certificate, Board/partnership Resolution, Or Special Power Of Attorney, Whichever Is Applicable;)]; 3. [name Of Bidder] Is Not “blacklisted” Or Barred From Bidding By The Government Of The Philippines Or Any Of Its Agencies, Offices, Corporations, Or Local Government Units, Foreign Government/foreign Or International Financing Institution Whose Blacklisting Rules Have Been Recognized By The Government Procurement Policy Board, By Itself Or By Relation, Membership, Association, Affiliation, Or Controlling Interest With Another Blacklisted Person Or Entity As Defined And Provided For In The Uniform Guidelines On Blacklisting; 4. Each Of The Documents Submitted In Satisfaction Of The Bidding Requirements Is An Authentic Copy Of The Original, Complete, And All Statements And Information Provided Therein Are True And Correct. 5. [name Of Bidder] Is Authorizing The Head Of The Procuring Entity Or Its Duly Authorized Representative(s) To Verify All The Documents Submitted. 6. [select One, Delete The Rest:] [if A Sole Proprietorship:] The Owner Or Sole Proprietor Is Not Related To The Head Of The Procuring Entity, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree. [if A Partnership Or Cooperative:] None Of The Officers And Members Of [name Of Bidder] Is Related To The Head Of The Procuring Entity, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree. [if A Corporation Or Joint Venture:] None Of The Officers, Directors, And Controlling Stockholders Of [name Of Bidder] Is Related To The Head Of The Procuring Entity, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree; 7. [name Of Bidder] Complies With Existing Labor Laws And Standards; And 8. [name Of Bidder] Is Aware Of And Has Undertaken The Responsibilities As A Bidder In Compliance With The Philippine Bidding Documents, Which Includes: A. Carefully Examining All Of The Bidding Documents; B. Acknowledging All Conditions, Local Or Otherwise, Affecting The Implementation Of The Contract; C. Making An Estimate Of The Facilities Available And Needed For The Contract To Be Bid, If Any; And D. Inquiring Or Securing Supplemental/bid Bulletin(s) Issued For The [name Of The Project]. 9. [name Of Bidder] Did Not Give Or Pay Directly Or Indirectly, Any Commission, Amount, Fee, Or Any Form Of Consideration, Pecuniary Or Otherwise, To Any Person Or Official, Personnel Or Representative Of The Government In Relation To Any Procurement Project Or Activity. 10. In Case Advance Payment Was Made Or Given, Failure To Perform Or Deliver Any Of The Obligations And Undertakings In The Contract Shall Be Sufficient Grounds To Constitute Criminal Liability For Swindling (estafa) Or The Commission Of Fraud With Unfaithfulness Or Abuse Of Confidence Through Misappropriating Or Converting Any Payment Received By A Person Or Entity Under An Obligation Involving The Duty To Deliver Certain Goods Or Services, To The Prejudice Of The Public And The Government Of The Philippines Pursuant To Article 315 Of Act No. 3815 S. 1930, As Amended, Or The Revised Penal Code. In Witness Whereof, I Have Hereunto Set My Hand This __ Day Of ___, 20__ At ____________, Philippines. _____________________________________ Bidder’s Representative/authorized Signatory Subscribed And Sworn To Before Me This ___ Day Of [month] [year] At [place Of Execution], Philippines. Affiant/s Is/are Personally Known To Me And Was/were Identified By Me Through Competent Evidence Of Identity As Defined In The 2004 Rules On Notarial Practice (a.m. No. 02-8-13-sc). Affiant/s Exhibited To Me His/her [insert Type Of Government Identification Card Used], With His/her Photograph And Signature Appearing Thereon, With No. ________ And His/her Community Tax Certificate No. _______ Issued On ____ At ______. Witness My Hand And Seal This ___ Day Of [month] [year]. Name Of Notary Public Serial No. Of Commission _______________ Notary Public For _______ Until __________ Roll Of Attorneys No. __________________ Ptr No. ______ [date Issued], [place Issued] Ibp No. ______ [date Issued], [place Issued] Doc. No. _____ Page No. _____ Book No. _____ Series Of _____