Data Center Tenders

Details: In compliance with the provisions of the Energy Efficiency Act (EneffG), and in particular §13 (1) and §12, the PIK must conduct a data analysis with the following scope for the introduction of an Enma system: analyze the results, derive necessary optimization measures, and then decide on/implement them. This should be commissioned to an external third party. The main tasks of the planned contract award include: Transfer of approximately 100 meters / approximately 1,000 meter readings (daily value of the last 3 years) per meter from the building management system into a database system Calculation of consumption for all meters Note: Grouping = creation of DB structures for mapping, entering data, and creating views with presentation of the grouping results Grouping of meters according to primary energy sources (gas, electricity, water) with the objective of providing an overall overview of energy consumed Recording of prices and CO2 conversion factors per primary medium to convert energy into costs and CO2 emissions Grouping of meters into approximately 20 energy-relevant "energy profiles" (as specified by the contracting authority) with the objective of recording all relevant consumers Grouping of energy profiles according to the following significant energy users (SEUs): - heating demand for buildings, - electricity consumption for mainframe computers, - electricity consumption for refrigeration, - electricity consumption for heat pumps, - UPS losses, - electricity consumption for IT technology, - electricity consumption Ulks IT Grouping of energy profiles into ENPIs (Energy Performance Indicators) -ENPI Heat Generation (Efficiency of Heat Generation) -ENPI Cooling Generation (Efficiency of Cooling Generation) -ENPI Cooling Generation for Mainframes (Efficiency of Cooling Generation for IT) -ENPI PUE (Power Usage Effectiveness) Data Center (Ratio of IT + Technology to IT) Creation of a comprehensible, dynamic calculation of the PUE Creation of a dashboard for primary energy demand -Bar chart for total energy per year differentiated by primary medium / time range: 3 years -Bar chart for total energy costs per year differentiated by primary medium / time range: 3 years -Bar chart for total energy CO2 emissions per year differentiated by primary medium / time range: 3 years Creation of a dashboard for the SEU in analogy to primary -Bar chart for SEU total energy per year differentiated by primary medium / time range: 3 years -Bar chart for SEU total energy costs per year differentiated by primary medium / time range: 3 years -Bar chart for SEU total energy CO2 emissions per year differentiated by primary medium / time period: 3 years Creation of a dashboard for the described Enpis Calculation of the Enpis for a selectable time interval and comparison with the Enpis value from a reference year in monthly resolution and as an overall comparison Visualization of the energy trends with Sankey diagram per year The data should be recorded on the basis of MS SQL (express) The dashboard should be created with Grafana Objective: The work serves to fulfill the reporting obligations according to Eneffg, the control of the Pue and other key figures in fulfillment of Section 11 Eneffg as well as long-term planning with regard to necessary optimization requirements. The data should also flow into the sustainability management of the Pik.

Details: Tvhs Va Statement Of Work project Title: Services For The Management Of A Computer Web Based facility Management Solution (cafm) And Capital Asset Inventory (cai) Database Interface Including Reporting Functions. project Main Address: veterans Affairs, Tennessee Valley Health Care System, 1310 24th Ave, Nashville, Tn 37212 see Attachment A For Specific Locations. statement Of Work the Tennessee Valley Healthcare System (tvhs) Has A Requirement For Services To Manage A Computer Aided Web Based Cafm Solution And Supported Services Including: Drawing / Space / Capital Asset Inventory (cai) Database Interface With Reporting Functions, Graphical Tools To Store And Share Architectural Engineering Autocad Drawings, Assign Space And Report Usage Among Vha Organizational Groups And To Maintain A Master Autocad As-built Drawing Database For The Facilities. This Service Is To Include As- Built Surveys & Drawings (annual Survey Required), Maintenance & Updating The Drawings And Software Customization For Database Accuracy To Be Updated Monthly. Cloud Based File Storage Of Drawings Required With 24/7 Access And Built-in Version Control For Security. Square Footage For The Two Main Facilities Is 1,674.423 Of Gsf. offeror S Cafm Solution Shall Provide Maintenance, Upgrades Of All Software And Licensing For 12-month Periods And Implementation And Upgrades Of Future Models With The Ability To Expand The System With Additional Functions As The Tvhs Requires. it Shall Be A Multi-user, Multi-tasking Stand-alone System Supporting Multiple Users (10 Staff Minimum) In Tvhs (tennessee Valley Healthcare System) Designated Services/organizations Spanning Multiple Buildings (multi Levels) In Owned Locations. Cloud-based Access Shall Be Required Via Fedramp Or Va Compliant Csp. task A. Cafm Solution offeror S Cafm Solution Pricing Should Be Based On Annual 12-month Periods And Shall Include Pricing For The Licensing And Set-up Implementation Costs Associated With The Base Cafm Module Suite. general Requirements And Minimum Standards general Requirements And Minimum Standards offeror Shall Deliver And Implement A Cafm Solution That Meets The Following General Application Requirements And Minimum Specifications In Support Of The Tvhs: Includes Space Management, Capital Assets Inventory (cai) Reporting, Move Management, Employee Location Management, Lease Management, Asset Management, Room Scheduling/hoteling And Occupancy Tracking. Get All Floorplans Validated To Service And Staff Level, Updated, And Uploaded To The System. Web Based Solution With User Access Through A Standard Web Browser Includes Chargeback Functionality For Detailed Space Accounting To The Space, Cost Center, Division, Department Or Building Level Supports Industry Standard Area Calculations That Include Gross And Net Area. Allows For Individual Spaces To Be Assigned To One Or More Organizational Entities Includes Both Standard And User Defined Data For Buildings, And Sites. Building Data That Can Be Tracked By Building, Floor Or Room Links Data To Autocad Drawings Utilizes An Industry Standard Database Such As Sql Includes An Easy-to-use, Industry Standard Report Writer And Ad-hoc Report Writing Capabilities Navigation Is Primarily Graphical, With Consistently Designed User Interface Screens And Consistent Keystroke Functionality Throughout The Application Allows An Unlimited Number Of User-definable Data Fields As Delivered Contains A Significant Number Of Facilities Management Space And Asset Reports Ad Hoc Query Capability Includes The Ability To Query Drawings For Such Things As Vacant Spaces Or Spaces With Certain Characteristics Or Occupancy Easy-to-use Reporting Tools That Support Generation Of Standard Reports And The Ability To Generate Special Queries, To Sort And Filter Data In A Variety Of Ways Strong Query Capability With A User-friendly Interface Provides A "notes" Capability Throughout The Application In Order To Record Activities And Actions Taken Which Are Not Accommodated Within The Data Structure Itself Users Can Construct And Save Customized Queries Ability To Use Maps, Drawings And Photos To Drill Down To Critical Data Floor Plan Viewing Does Not Require Plugins Or Active-x Controls Etc. Forms And Fields Can Be Configured To Use Conditional Logic To Change Available Fields, Tabs Etc. Based Upon Values Selected In Drop-down Boxes, Check Boxes Etc. End User Administration Is 100% Web Based Software Hosting Must Be On A Fedramp Li-saas Certified Platform Able To Store Multiple Types Of Files Including But Not Limited To All Microsoft Office Suite Type Documents Along With Jpeg, Pdf, Etc. Ability To Upload Scanned Documents To The Application Ability To Attach A Default Document To Spaces, Assets, Equipment, Lease Information, Etc. Ability To Save And Attach Images And Photographs. Ability To Create Dashboards And Charts Showing Relevant Data From The System And Permission To Various Groups As Relevant Per Role security Requirements offeror Shall Deliver And Implement A Cafm Solution That Meets The Following Security Requirements In Support Of The Tvhs Real Estate Portfolio: Security Can Be Defined By Both Field, User And Function Maintains A Unique Security Profile For Each User I.d. And Groups Of Like Users Can Allow Contractors, As Well As Employees, To Be System Users Without Jeopardizing System Security Cafm Solution Servers Must Be Fedramp Low-impact Certified technical Requirements offeror Shall Deliver And Implement A Cafm Solution That Meets The Following Technical Requirements In Support Of The Tvhs Real Estate Portfolio: Tools To Integrate With Other Systems, Such As Cmms, Hr Or Erp Systems Does Not Rely On Proprietary Software For Either Graphical Display Or Navigation, For Database Functionality Or For Report Development Must Be Built On The Ms .net Framework Web Interface Uses A Standard Web Browser Such As Microsoft Explorer Database Tools To Repair And Recover Files Modules Are Tightly Integrated And Share A Common Data Structure And Data Tables Open, Odbc-compliant Database Design With An Object-oriented, Relational, And Bi- Directional Database Management System Exports And Imports Data To/from Spreadsheets, Databases, And Other Standard Microsoft Products Has Disaster Recovery Capabilities Incorporates Autocad Drawings Must Have An Internal Graphic Engine That Can Open And View Autocad Drawings. There Must Be No Need For Separate Copies Of Autocad. All Modules Share Common Tables, Use Similar Startup Screens, Use Standard Interface Capabilities Throughout And Are Written In A Consistent Language And Development Environment Throughout. Allows Multiple Users To Access The Various Modules At The Same Time Without Noticeable Negative Impact On The Computer Network Response Time Or Product Functionality. Has The Ability To Handle Large Volumes Of Data, To Archive Data And To Import/export Data In All Tables All Modules Must Be Developed On The Same Platform Runs On Ms Sql Server 2008 Or Greater Allows For The Utilization Of Ssrs For Reporting Solutions Has A Fully Documented Data Schema Has The Ability To Extend The Features Of The Existing Application (extensibility) Ability To Mass Upload Data Information Through An Excel Spreadsheet All Fields Have Audit Trail Functionality To Track Who Changed The Field, When It Was Changed, And To / From What Value(s). Provides Standard Audit Trail Functionality That Details The History Of Change To A Field. space & Occupancy Management offeror Shall Provide A Cafm Solution That Supports Tvhs Space And Occupancy Management Related Activities: Tracks Space And Occupancy For Multiple Sites And Buildings Produces Predefined Space Utilization Reports On Demand Can Track Rental And Operating Costs Per Sf By Space Types Can Track Space And The Space Occupant To Different Organizational Entities Tracks Attributes For Rooms Such As Wall Finishes, Floor Finishes, Lighting Conditions, Etc. Tracks Conference Room Characteristics Such As Av Equipment, Room Set-up And Capacity Tracks The Assignment Of Spaces To Divisions, Departments And Employees Ability To Classify All Spaces By User Defined Codes For Categories Of Occupancy And Assignment Calculates Space Charge Backs To Definable Occupant Groups Supports The Ability To Assign Different Rent Rates For Different Types Of Space (for Example: Labs, Data Centers, Offices, Warehouse) Incorporates Functional Stacking And Blocking Capability Ability To Store And Analyze Space Utilization Data For Each Facility Ability To Monitor User-defined Space Standards By Employee Type Or Job Function System Can Compare Actual Space Standards To Space Allocations Both Graphical Display And Text Reporting Of Vacant, Underutilized, Or Over Utilized Spaces Supports User Defined Space Uses And Space Types Tracks Organizational Hierarchy By Matrix Of Department And Division Roll-up Allows For A Distinction Between Occupancy And Ownership Of Spaces Supports Prorating Of Building Common And Primary Circulation Space Ability To Generate Preliminary Restacking Plans And To Save Various Versions Of A Plan For Graphical Review Tools To Allow A User To Implement The Appropriate Measures To Ensure There Is Consistent Documentation And Good Tracking For Handling Of Space Requests Tools To Allow A User To Develop Recommendations For The Appropriate Utilization Of Space, Based On Data Collected Ability To Provide "net Usage" Square Footage Value By Division Or Department Ability To Attach Photographs To Buildings, Floors, And Spaces Has Multiple, Flexible, Detailed Data Fields For Buildings And Floors Has The Ability To Add Additional Fields As Required. Provides Space Use Management Capabilities Ability For Users To Turn On And Off Pre-defined Layers Within The Floorplan Viewer And The Ability To Save Views On A User Or Global Basis. Ability To Update An Employee S Seat Assignment By Dragging And Dropping On A Floor Plan. The System Shall Provide Drawing Redline / Markup Capabilities Ability To Create New Spaces On Floor Plans Within The System Interface Without A Deep Understanding Of Autocad. Privileged Users Can Create New P-lines And Red-line Layers Within The System Interface. Can Run Automatic Graphical Queries Across One Or Several Floor Plans. Drawings Act As Graphic Reports, Displaying Text From The Database On The Drawing. Ability To Store Drawings Depicting Occupancy From Past Time Periods. asset Management Module offeror Shall Provide A Cafm Solution With A Module That Supports Tvhs Asset Management Related Activities: Tracks Assets To Organizational Entities And To Individual Employees Tracks The Location Of Assets Or Equipment, Both In The Software Database And On A Drawing. Create An Asset Catalogue That Includes Digital Photographs, Maintenance Procedures And Other Text Documents Performs Asset Counts Automatically Tracks Asset And Equipment Warranties With Alerts For Warranties Due To Expire Within A User Specified Time Period Tracks Employee Ownership Of Equipment Such As Laptops, Pagers And Cell Phones, Used Both Off-site And On-site Zoom And Print Drawings, To Show Asset Or Equipment Locations Within Rooms Tracks Asset Costs And Depreciation Track Assets Throughout The Purchase, Use And Retirement Process Capable Of Integrating With 3rd Party Handheld Barcode Readers mobile Interface offeror Shall Provide A Cafm Solution With A Cafm Solution Mobile Interface: Mobile Device Support Using Mobile-optimized Website Or App. Mobile Device Support For Android, Ios, Windows, Etc. Users Can Take And Upload Photos To Various Records Within The System From A Mobile Device. Mobile Platform That Offers Responsive Design move Management offeror Shall Provide A Cafm Solution That Supports Tvhs Move Management Related Activities: Handle Large, Planned Moves, As Well As Simple One At A Time Moves Track Multiple Moves On A Single Move Project Create And Modify Move Commitment Dates And Schedule Required Resources Move Work Orders Can Be Sent To Various Departments With Their Specific Responsibilities Itemized On The Work Order Creation Of A Web-enabled Move Work Orders That Provide All Required Information For Move Planning Move Work Orders Can Incorporate A Requirement For Supervisor Approval Prior To The Request Being Routed To Planning Supports Entry Of Contents Of Workspaces That Are To Be Moved With The Employee Store And Report On Move History, Move Costs And Move Trends Over User-defined Time Periods Generate Move Schedules And Tasks Shows Move Details On Floor Plans Crosshatch Floor Plans By Future Department Locations Display Future Occupants Names On Floor Plans Drag And Drop Move Support For Creating Individual Moves, Project Moves Or Adding Occupants To Existing Move Projects room Scheduling/hoteling Module offeror Shall Provide A Cafm Solution That Supports Room Scheduling And Hoteling With The Following Features: The System Shall Be Able To Use Cad Floor Plan Drawings With Furniture Layouts. It Shall Be Possible To Configure Required Rooms As Schedulable For Room Booking. The Seating Capacity Of Schedulable Rooms Shall Be Definable, And It Should Be Possible To Specify Amenities Available Like Projector, Whiteboard, Etc. The System Shall Be Allowed To Attach Photos Of The Rooms If Available. The System Shall Be Capable For Configurable Workflow For Room Booking Approval, And It Should Be Possible To Specify Rooms That Require Approval, If Any The System Shall Be Accessible From Ios And Android Apps For Bookings, Approvals, Check-in, Check-out, Cancellation & Extension The System Shall Be Capable Of Doing Recurring Booking With Daily/weekly/monthly Options Available. It Should Be Possible To View Room Details, Room Calendar And Floor Plan Views For Ready Reference During Booking. The System Shall Be Capable To Support Invitee Management Feature For Inviting Meeting Participants Along With Room Booking The System Shall Be Able To Use Cad Floor Plan Drawings With Furniture Layout. The Seats Shall Be Definable At Their Actual Locations In The Floor Plans. It Should Be Possible To Configure Seat Types (workstation/cubicle/cabin/ ) It Should Be Possible To Do Seat Allocation To Divisions/projects The System Shall Be Accessible From Ios And Android Apps For Bookings, Approvals, Check-in, Check-out, Cancellation & Extension The System Shall Be Capable Of Doing Multiple Booking With Daily/weekly/monthly Recurrence. The System Should Be Capable Manage Bulk Booking By Managers For Reporting Employees. The System Should Be Able To Send Email Notification For Booking Confirmation. The System Shall Be Capable Of Configuring Advance Check-in And Post Check-in Periods. hardware For Occupancy Sensing the Offeror Shall Provide A Cafm Solution With A Module That Supports Tvhs Requirements For Real-time Occupancy Tracking Of Certain Rooms Such As Patient Exam Rooms. The Vendor Shall Provide The Sensors And Associated Hardware And The Software Components For Occupancy Tracking In 300 Rooms. the Components Shall Consist Of: Passive Infrared Infra-red Sensors Deployed In Each Tracked Room For Objectively Tracking Occupancy. Internet-of-things Based Gateways For Collecting Sensor Motion Data The Gateway Shall Then Transmit The Data Over A Cellular Internet Connection To The Servers. Cloud-based Software That Receives Sensor Data From Gateways And Packages It Up For Display To Users. Each Sensor Shall Be Battery Powered (at Least 5-year Life Span). The Sensors Shall Detect Motion In A Cone Of At Least 15 Feet In Diameter For A Total Detection Diameter Of 30 . Gateways Shall Be Plugged Into Ac Power And Shall Include A 24-hour Lithium-ion Battery To Cover Emergency Power Outages All Motion Data Shall Be Encrypted the Tracking Software Component Shall Provide The Following Features: Top Level Metrics Occupancy Data Can Be Filtered By Service Line, Space Function And Location (site/building/room) Over A Day, Week, Month, Or Customer Date Period. Users Can Quickly View The Number Of Rooms Tracked, % Of Utilization, Including Average Utilization. Multiple Data Views Occupancy Data For Any Room Or Groups Of Rooms Can Be Viewed By The Following Criteria: By Date; By Time; By Room; By Service Line; By Space Function; Or By Custom Groups That Match Rooms Organized By Clinic, Sub- Clinic, Or Any Other Grouping Criteria The User Requires. Portable Data All Data Views In The Tracking Module Can Be Viewed In Easy To Consume Bar And Line Graphs. In Addition, Any View Is Exportable To Excel For Convenient Sharing With Colleagues And Reports. task B. Implementation Support Services implementation Support Services, As Defined In Task B, Shall Consist Of One-time Tasks That The Offeror Shall Complete Within The First Year Of The Contract. implementation Project Management offeror Shall Provide Project Management Services Throughout The Implementation Phase (task B) With A Principal Project Manager Who Will Be Responsible For All Aspects Of The Cafm Solution Implementation And The Main Liaison With The Tvhs Team. Within 30 Days Of Award The Offeror Will Submit A Project Management Plan For Review And Approval That Will Include A Project Schedule, Outline All Project Deliverables And Their Schedule, And Define How Progress Will Be Communicated And Monitored Throughout The Initial Implementation. project Management Activities Throughout The Project Will Include The Following At A Minimum: Weekly Meetings Until Implementation Is Accepted By Tvhs Communications Project Coordination Project Status Reporting Priorities, Phasing & Workflows offeror Shall Work With Tvhs To Identify Tvhs Priorities, Phasing, And Ideal Workflows Associated With Implementing The Cafm Solution. These Will Formulate The Implementation Planning Efforts Both In The Short- And Long-term. During This Aspect Of The Process, The Offeror Shall Provide The Following: Priorities: Offeror To Conduct Stakeholder Interviews As It Relates To The Priorities Associated With Implementing The Cafm Solution Across The Tvhs Portfolio. O Identify Tvhs Implementation Priorities o Identify Capital/small Project Improvement Programs/planning Phasing: Offeror To Provide A Recommended Implementation Strategy That Takes Into Consideration Priorities, Budget, User And Portfolio Considerations, And Deployment Strategy. Workflows. Offeror To Validate Current Workflows And Formulate Ideal Workflows For Various Aspects Of The Cafm Solution, Inclusive But Not Limited To Maintenance/facility Work Order, Move, Furniture, And New Employee Requests, Etc. O To Develop Ideal Workflows, The Offeror Shall: o Validate Third-party Operators, Vendors, Or Contractors Responsible For Operations, Maintenance, And Moves At Each Location. O Validate Roles, Responsibilities, Contractual Obligations, And Contact Information For The Following At Each Location: Landlord, Lessor, Building manager/facility Manager, Janitorial, After Hours Support, Va Representative (if Applicable), And Tvhs Representative Etc. o Conduct Vendor/contractor Integrations Analysis And Recommendations. o Develop Standard Operating Procedures To Document The Tvhs New Workflows. task C. On-going Maintenance And Support the Vendor Shall Provide On-going Maintenance And Support For The System. This Shall Consist Of Providing (1) Access To The Software Modules And (2) Updating And Maintaining The Database. c1. Access To Software Modules the Vendor Shall Maintain The Software System On A 24/7 Basis. In Addition To Maintaining The Software, The Vendor Shall Provide Users Support Using Email, Telephone, And On-line Meetings. This Support Shall Be Available During Normal Business Hours. c2. Database Maintenance the Va Will Periodically Notify The Vendor Of Changes In The Database Including Changes In Drawings. The Vendor Shall Promptly Update The Database And Drawings. task D Training the Vendor Shall Develop A Training Program And Offer It To The Va Staff. There Shall Be Two Types Of Training: (1) User Level Training And (2) Administrator Level Training. During The Base Year, After The System Is Completely Implemented, The Vendor Shall Conduct The Training Sessions On-line. After The Base Year, The Vendor Shall Conduct User Level Training On-line As Often As Tvhs Requires. After The Base Year, The Administrative Level Training Shall Be Conducted On-line Once Every Year. other Terms And Conditions various Field Verification Work May Be Done On Site At The Ordering By The Tvhs Va Healthcare System And Shall Be Coordinated With The Contracting Officer Representative (cor) Appointed By The Co And /or Poc (point Of Contact). Generally, Work Will Be Done During Normal Business Hours (m-f 8:00am To 4:00pm), Holidays Excluded. all Drawings And Data Produced By The Vendor Will Become The Property Of The Tennessee Valley Healthcare System. Upon Contract Expiration, The Vendor Will Be Required To Destroy All Paper Data Associated With The Facility Drawings And Data Sets And Verify The Method Of Destruction With The Va Cor & Information Security Officer Prior To Such Action. The vendor Shall Deliver/return All Paper Documents That May Have Been Generated And Electronic Data On Va Laptops To Va Cor For Destruction And Review. All .dwg Drawings Will Be Given To The Va Tvhs Poc. Contractor Will Adhere To Nara Records Management Clause (attachment B) Contractor Will Comply With Va Rules Of Behavior Regarding Data Use And Protection Of Va Sensitive Information. periods Of Performance the Contractor Shall Provide All Services As Described Herein Commencing On The Effective Date Of This Contract, And For A Twelve-month Base Plus Four Twelve-month Periods Thereafter. Additionally, Providing Contractor S Services Meet The Expectations And Standards Described In This Document At The Sole Discretion Of Tvhs Contractor Shall Be Able To Provide The Same Services For Twelve-month Periods Following The Initial Period. should There Be An Issue With The Vendor Performance During This Period And The Contract Is Being Terminated, The Calculation Of The Monthly Service Utilized At That Date Will Be Divided By The Contract Amount And This Will Be The Fee Paid For Services To Date Only. The Full Contract Amount Will Not Be Paid. contractor Security Requirements the Contractor S Employees Shall Bring Photo Id To Obtain A Va Contractor Identification Badge. The Cor Will Identify Personnel Who Will Escort And Coordinate Access To The Areas Of Work. all Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. The C&a Requirements Do Not Apply, And A Security Accreditation Package Is Not Required quality Assurance Plan (qasp) performance Will Be Measured By Software Accessibility To The End User, Vendor Timeliness In Responding To Service Requests, And The Quality Of The Maintained Drawings And Database. the Facilities Drawings Created By The Vendor Shall Be Compliant With Va Standards And Be Compatible With Generally Accepted Industry Practices. When The Vendor Creates New Facility Drawings The Vendor Shall Submit A Preliminary Set Of Drawings For Review By The Medial Center Staff. The Vendor Shall Hold In Person Or On-line Discussions To Discuss The Review Findings And Make Agreed-upon Modifications. the Facilities Related Data Such As Occupancy By Service Lines Collected Or Validated By The Vendor Must Be Reviewed By Healthcare System Staff And The Vendor Shall Make All Agreed-upon Changes. When The Healthcare System Sends Out Existing Drawings For Updating To The Vendor, Vendor Shall Acknowledge The Receipt Within Seven Days Of Receiving Them. Within The Next Seven Days The Vendor Shall Hold Discussions With The Va Staff If The Vendor Has Questions Or Requires Clarifications. Once The Clarifications Are Done, The Vendor Shall Update The Drawings And Load Them On To The Platform Within A 30 Day Period. The Quality Of The Images Maintained In The Vendor S Database Shall Be Legible And High Quality. The Vendor Shall Make All Appointments Scheduled With The Cor On Time And Without Delay. attachment A facilities To Be Included In Scope Of Work At This Time (additional To Be Added In Future) va Alvin C York Campus (43 Buildings; 942,554 Sf), 3400 Lebanon Rd, Murfreesboro, Tn, 37129 va Nashville Campus (3 Buildings; 679,009 Sf), 1310 24th Ave S., Nashville, Tn 37212 Va Albion Street Va Clinic (1 Building; 4892 Sf), 1818 Albion St, Nashville, Tn 37208 Va Athens Va Clinic (1 Building; 5,500 Sf), 1320 Decatur Pike, Athens, Tn 37303 va Charlotte Ave Va Clinic (1 Building; 12,965 Sf), 1919 Charlotte Ave, Nashville, Tn 37203 va Clarksville Va Clinic (1 Building; 34,000 Sf), 782 Weatherly Dr, Clarksville, Tn 37043 Va Dalton Drive Va Clinic (1 Building; 4905 Sf), 2292 Dalton Dr, Ste F, Clarksville, Tn 37043 va Dover Va Clinic (1 Building; 5648 Sf), 1406 Donelson Pkwy, Dover, Tn 37058 va Gallatin Va Clinic (1 Building; 9440 Sf), 419 Steam Plant Rd, Gallatin, Tn 37066 Va International Plaza Va Clinic (1 Building; 11,000 Sf), 2 International Plaza Dr, Ste 300, Nashville, Tn 37217 va Pointe Center Va Clinic (1 Building; 9,999 Sf), 1208 Pointe Centre, Ste 100, Chattanooga, Tn 37421 va Chattanooga Clinic, (1 Building, 96,000 Gsf), 6401 Shallowford Road, Chattanooga, Tn. 37421 va Tullahoma Va Clinic (1 Building; 3895 Sf), 225 Von Karman Rd, Arnold Air Force Base, Tn 37389 attachment B nara Records Management Clause 1. Citations To Pertinent Laws, Codes, And Regulations Such As 44 U.s.c Chapters 21, 29, 31 And 33; Freedom Of Information Act (5 U.s.c. 552); Privacy Act (5 U.s.c. 552a); 36 cfr Part 1222 And Part 1228. 2. Contractor Shall Treat All Deliverables Under The Contract As The Property Of The U.s. Government For Which The Government Agency Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. 3. Contractor Shall Not Create Or Maintain Any Records That Are Not Specifically Tied To Or Authorized By The Contract Using Government It Equipment And/or Government Records. 4. Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected By The Freedom Of Information Act. 5. Contractor Shall Not Create Or Maintain Any Records Containing Any Government Agency Records That Are Not Specifically Tied To Or Authorized By The Contract. 6. The Government Agency Owns The Rights To All Data/records Produced As Part Of This Contract. 7. The Government Agency Owns The Rights To All Electronic Information (electronic Data, Electronic Information Systems, Electronic Databases, Etc.) And All Supporting Documentation Created As Part Of This Contract. Contractor Must Deliver Sufficient Technical Documentation With All Data Deliverables To Permit The Agency To Use The Data. 8. Contractor Agrees To Comply With Federal And Agency Records Management Policies, Including Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974. These Policies Include The Preservation Of All Records Created Or Received Regardless Of Format [paper, Electronic, Etc.] Or Mode Of Transmission [e-mail, Fax, Etc.] Or State Of Completion [draft, Final, Etc.]. 9. No Disposition Of Documents Will Be Allowed Without The Prior Written Consent Of The Contracting Officer. The Agency And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. Records May Not Be Removed From The Legal Custody Of The Agency Or Destroyed Without Regard To The Provisions Of The Agency Records Schedules. 10. Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, This Contract. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And Agency Guidance For Protecting Sensitive And Proprietary Inform

Details: Sources Sought Synopsis for w912pp25ra009 indefinite Delivery Indefinite Quantity (idiq) Civil Works Design And Survey And Photogrammetric Mapping services Contract, Albuquerque District Usace, New Mexico this Is A Sources Sought Announcement; A Market Survey For Information Only, To Be Used For Preliminary Planning Purposes. This Is Not A Solicitation For Proposals And No Contract Will Be Awarded From This Synopsis. No Reimbursement Will Be Made For Any Costs Associated With Providing Information In Response To This Synopsis Or Any Follow Up Information Requests. the U.s. Army Corps Of Engineers – Albuquerque District Has Been Tasked To Solicit And Award An Idiq Contract For Civil Works Design, Surveying, And Mapping, Primarily For A-e Studies And Design On Flood Control And Erosion Protection Projects For The Civil Works And Or Vertical Construction Programs Within The Albuquerque District Corps Of Engineers (coe) Boundaries, Which Include Southern Colorado, New Mexico And Southwest Texas. However, The Contractor May Be Required To Work Outside This Area. The Successful Firm May Be Utilized For Complete Projects Or In Support Of In-house Efforts. Services During The Construction May Include Construction Inspection, Shop Drawing Review And As-built Drawing Preparation. This Contract Will Be Solicited And Awarded In Accordance With Far Part 36 And The Brooks Act (public Law 92-582). The Type Of Set-aside Decision To Be Issued Will Depend Upon The Responses To This Synopsis. purpose Of Sources Sought the Purpose Of This Synopsis Is To Gain Knowledge Of Interest, Capabilities, And Qualifications Of Various Members Of Industry, To Include The Small Business Community: Small Business, Section 8(a), Historically Underutilized Business Zones (hub-zone), Economically Disadvantaged Woman-owned Small Business (edwosb), And Service-disabled Veteran-owned Small Businesses (sdvosb). The Government Must Ensure There Is Adequate Competition Among The Potential Pool Of Responsible Contractors. project Description & Experience Requirements the Anticipated Range Of Task Orders Off Of This Contract Is Between $20,000 And $500,000, With The Total Amount Of The Contract Not To Exceed $49,900,000.00. minimum Capabilities Required For This Idiq Contract For Civil Works Design Include: a/e’s Project Experience In The Areas Listed Above, With A Primary Focus On Recent Corps Of Engineers Flood Control Studies And Plans And Specifications In The Geographical Area Encompassed By The Albuquerque District Area Of Responsibility. a/e’s Experience In Rainfall/runoff Modeling, Discharge And Volume Frequency Analysis, Sediment Yield/sediment Transport Analysis, Geomorphic Assessments, Surface Water Modeling, Surface Ground Water Modeling, Running Operational Scenarios Through The Use Of Riverware® And Computer Aided Design Modeling Software, Hydraulic Design Of Flood Control Structures And Local Drainage Infrastructure To Include Trunklines, Retention, And Detention Basins, Overland And Floodplain Analysis With Inundation Mapping, Flood Hydrograph Analysis, Water Control Management, Preparing Hydrologic And Hydraulic Documentation Reports And Water Control Manuals, Performing Risk And Uncertainty Analysis, Gis Application (data Analysis And Terrain Processing) And Computer Aided Drafting Support For H&h Projects, Climate Change Evaluations, Creating Physical/computer Models, Studies/designs For Flood Control Structures, Implementation Of A Design Quality Control/quality Assurance Program, And Energy Conservation, Pollution Prevention, Stormwater And Sedimentation Reduction, The Use Of Recorded Materials And Achieving Waste Reduction. preparation Of Studies, Designs, And Plans And Specifications For Flood Control Structures (dams, Levees, Basins And Channels), Streambank Stabilization, Streambed Grade Control, Roads, Parking Areas, Bridges, Culverts And Design Of Utility Improvements Associated With Civil Works Type Projects. a/e’s Computer Capability And Experience In Using Coe Programs Including, But Not Limited To The Following, Hec-hms, Hec-ras, Gssha, Hy8, Hec-ssp, , Hec-resim, , Hec-fda, , Adh With Sediment, Riverware, Fme, Python And Other Computer Programming/coding Languages, And Esriarc Gis/qgis And Computer Aided Drafting Supporting H&h Design And Analysis (including Adherence To Current Spatial Data Standards) Is Required. Experience Using The Hec-dss (hydrologic Engineering Center Data Storage System), , And Data Storage Systems Is Desirable a/e Key Personnel Experience: The Project Manager Must Have Experience Managing “civil Works” Studies For Corps Of Engineers Projects. Firms Must Be Able To Provide Registered Professionals Assigned In The Positions: (1) Hydrologic Engineering, (2) Hydraulic Engineering, (3) Sedimentation, (4) Project Management, (5) Civil Design, (6) Geographical Information System (gis), (7) Environmental Engineering, (8) Computer Aided Drafting Experienced And The Architectural Engineering And Construction (aec) Cadd Standards, (9) Geomorphology, And (10) Land Surveying. Firms Must Be Able To Create Drawings In Autocad Civil 3d. a/e Key Personnel That Are Familiar With Corps Of Engineers Planning And Design Criteria And Policy a/e Demonstrated Capability To Accomplish Multiple Concurrent Task Orders minimum Capabilities Required For This Idiq Contract For Surveying And Photogrammetric Mapping Include: acquisition And Processing Of Aerial Lidar photogrammetric Mapping Requiring Acquisition Of Digital Aerial Photography. aerotriangulation stereo Mapping Compilation feature Extraction From Lidar orthophotography land Use And Land Cover Interpretation. creation Of Horizontal And Vertical Control Networks ground Control And Check Control For Support Of Photogrammetric And Lidar Mapping And Accuracy Validation. topographic Mapping Using Total Stations, Optical, Electro-optical Or Global Positioning System (gps) detailed Planimetric Surveys instrumentation Surveys (monitoring Of Data Points For Movement) bathymetric Surveys cadastral And American Land Title Association (alta) Surveys site And Utility Surveys To Include Both Utility Location Via Hydro/vacuum Excavation And Sewer Closed Circuit Television (cctv) Inspection. ground Penetrating Radar (gpr) geographic Information System (gis) Services May Include The Creation, Implementation, Transformation, Manipulation Of Spatial Data Supporting The Management Of Esri Geo-databases. digital 3d Data Integration Of Field Survey, Photogrammetric And Lidar safe Software’s Feature Manipulation Engine (fme) unmanned Aerial Systems (uas) Acquisition Using Imagery And/or Lidar Including Data Processing And Derivative Product Development. conventional Terrestrial Lidar mobile Based Terrestrial Lidar aerial Bathymetric Lidar handheld Based Terrestrial Lidar For Building Inspections. 1. The Firm Must Have A Asprs Certified Photogrammetrist In-house That Has Experience In Managing Large- And Small-scale Mapping Projects. 2. The Firm Must Also Be Able To Provide Professional Engineers And Professional Land Surveyor(s) Registered In New Mexico, Arizona, Colorado, And Texas. 3. The Firm Must Be Able To Provide Surveying And/or Mapping Personnel With Expertise For The Following: ground Control, Topographic, Cadastral, Instrumentation (monitoring Of Data Points For Movement), Bathymetric, Site And Utility Surveys; Aerial Imagery, Gps & Lidar Data Collection And Processing; Orthophoto Generation; Dem And Dtm Development; Analytical Aerotriangulation; Compilation; Cad; Gis; And Metadata Documentation. 4. Firms Must Be Able To Provide Survey And Mapping Data On Either Through File Transfer Protocol (ftp) Or By Portable Hard Drives Directly That Are Readable Autodesk Autocad Software, And Esri Products. 5. Firms Must Be Familiar With Latest Versions Of The Us Army Corps Of Engineers Spatial Data Standards For Facilities, Infrastructure, And Environment (sdsfie), The Aec Cadd Standards. 6. Firms Must Be Able To Provide Federal Geographic Data Committee (fgdc) Compliant Metadata. the North American Industry Classification System Code For This Procurement Is 541330 Which Has A Small Business Size Standard Of $25.5 Million. The Standard Industrial Code Is 8712 And The Federal Supply Code Is C1ka. small Businesses Are Reminded Under Far 52.219-14, Limitations On Subcontracting That They Must Perform At Least 50% Of The Cost Of The Contract, Not Including The Cost Of Materials, With Their Own Employees For General Services-type Procurement. prior Government Contract Work Is Not Required For Submitting A Response Under This Sources Sought Synopsis. both English And Metric Systems Of Measurement May Be Utilized. This Contract Will Be Solicited And Awarded In Accordance With Far Part 36 And The Brooks Act (public Law 92-582). The Type Of Set-aside Decision To Be Issued Will Depend Upon The Responses To This Synopsis. The Purpose Of This Synopsis Is To Gain Knowledge Of Interest, Capabilities And Qualifications Of Various Members Of Industry, To Include The Small Business Community: Small Business, Section 8(a), Historically Underutilized Business Zones (hub-zone), Woman- Owned Small Business (wosb), Economically Disadvantaged Woman-owned Small Business (edwosb), And Service-disabled Veteran-owned Small Businesses (sdvosb). anticipated Solicitation Issuance Date Is On Or About 20 August 2025 And The Estimated Proposal Due Date Will Be On Or About 30 September 2025. The Official Synopsis Citing The Solicitation Number Will Be Issued On Sam.gov Inviting Firms To Register Electronically To Receive A Copy Of The Solicitation When It Is Issued. instructions On Submission Of Responses To This Sources Sought firm's Response To This Synopsis Shall Be Limited To 10 Pages And Shall Include The Following Information: 1. Firm's Name, Address, Point Of Contact, Phone Number, And E-mail Address. 2. Firm's Experience On Projects Of Similar Magnitude That Include The Planning Studies Listed In This Sources Sought Notice (include Firm's Capability To Execute Comparable Work Performed Within The Past 5 Years: 2a. Brief Description Of The Project, Customer Name, Timeliness Of Performance, Customer Satisfaction, And Dollar Value Of The Project) - Provide At Least 3 Examples. 3. Firm's Experience With The Six (6) Listed Minimum Capabilities Included In This Sources Sought Notice 4. Firm's Business Size - Lb, Sb, 8(a), Hubzone, Sdvosb, Ewosb/wosb 5. Firm's Joint Ventures (existing), Including Mentor Protégés And Teaming Arrangement Information Is Acceptable procurement Integrated Enterprise Environment (piee) all Prospective Offerors And Their Subcontractors Must Be Registered In The System For Award Management (sam - Www.sam.gov) And The Piee Website To Be Able To Download Solicitation Information. solicitation Documents, Plans, And Specifications Are Only Available To Be Download From Piee, Which May Be Accessed At Https://wawf.eb.mil Or Https://piee.eb.mil Or Https://piee.eb.mil/xhtml/unauth/home/login.xhtml. registration Should Be Completed One (1) Week Prior To The Anticipated Solicitation Release Date. Usace Will Not Notify Offerors Of Any Changes To The Solicitation; Offerors Must Monitor Piee And Sam For The Solicitation To Be Posted, And For Any Posted Changes Or Amendments. copies Of The Solicitation And The Solicited Plans And Specifications Will Be Made Available For Inspection Without Charge After The Solicitation Is Released, When Accessed Through Piee. interested Firm’s Shall Respond To This Sources Sought Synopsis No Later Than 16 May 2025, 2:00pm Mst. All Interested Firms Must Be Registered In Sam To Be Eligible For Award Of Government Contracts. email Your Response To Robert Mcpherren At Robert.j.mcpherren@usace.army.mil. firms Responding To This Sources Sought Notice Who Fail To Provide All Of The Required Information Requested Will Not Be Used To Assist The Government In The Acquisition Decision, Which Is The Intent Of This Sources Sought Notice. if Inadequate Responses Are Received, This Solicitation May Be Issued For Full And Open Competition.

Details: This Sources Sought Notice Is For Planning Purposes Only And Shall Not Be Considered As An Invitation For Bid, Request For Quotation, Request For Proposal, Or As An Obligation On The Part Of The Government To Acquire Any Products And/or Services. Your Response To This Sources Sought Notice Will Be Treated As Information Only. No Entitlement To Payment Of Direct Or Indirect Costs Or Charges By The Government Will Arise Because Of Contractor Submission Of Responses To This Announcement Or The Government Use Of Such Information. This Request Does Not Constitute A Solicitation For Proposals Or The Authority To Enter Negotiations To Award A Contract. No Funds Have Been Authorized, Appropriated, Or Received For This Effort. The Information Provided May Be Used By The Department Of Veterans Affairs In Developing Its Acquisition Approach, Statement Of Work/statement Of Objectives And Performance Specifications. Interested Parties Are Responsible For Adequately Marking Proprietary Or Competition Sensitive Information Contained In Their Response. The Government Does Not Intend To Award A Contract Based On This Sources Sought Notice Or To Otherwise Pay For The Information Submitted In Response To This Sources Sought Notice. The Submission Of Pricing, Capabilities For Planning Purposes, And Other Market Information Is Highly Encouraged And Allowed Under This Sources Sought Notice In Accordance With (iaw) Far Part 15.201(e) The Purpose Of This Sources Sought Notice Announcement Is For Market Research To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Potential Qualified Service-disabled Veteran Owned Small Businesses, Veteran Owned Small Businesses, 8(a), Hubzone And Other Small Businesses Interested And Capable Of Providing The Products And/or Services Described Below. Documentation Of Technical Expertise Must Be Presented In Sufficient Detail For The Government To Determine That Your Company Possesses The Necessary Functional Area Expertise And Experience To Compete For This Acquisition. Responses To This Notice Shall Include The Following: (a) Company Name; (b) Address; (c) Point Of Contact; (d) Phone, Fax, And Email; (e) Uei Number; (f) Cage Code; (g) Tax Id Number; (h) Type Of Small Business, E.g., Services Disabled Veteran Owned Small Business, Veteran Owned Small Business, 8(a), Hubzone, Women Owned Small Business, Small Disadvantaged Business, Or Small Business Hubzone Business, Etc (i) State If Your Business Has An Fss Contract With Gsa, Va Nac, Nasa Sewp, Or Any Other Federal Contract, That Can Be Utilized To Procure The Requirement Listed Below And Provide The Contract Number; And (j) Must Provide A Capability Statement That Addresses The Organization S Qualifications And Ability To Perform As A Contractor For The Work Described Below. Requirement: The Va Heartland Network 15 Contracting Office Located At 3450 South 4th Street, Leavenworth, Ks, 66048-5055 Is Seeking A Potential Qualified Contractor To Provide Scriptpro Eyecon 9430 Pill Dispensing System For The Marion Va Medical Center, Located In Marion, Illinois, And The Evansville Health Care Center, Located In Evansville, Indiana. This Is A Brand Name Or Equal Requirement. Please See The Statement Of Work For More Specifics And Details. The North American Industry Classification System Code (naics Code) Is 339112 Surgical And Medical Instrument Manufacturing, Size Standard 1,000 Employees. Based On This Information, Please Indicate Whether Your Company Would Be A Large Or Small Business And Have A Socio-economic Designation As A Small Business, Vosb Or Sdvosb. Important Information: The Government Is Not Obligated To, Nor Will It Pay For Or Reimburse Any Costs Associated With Responding To This Source Sought Synopsis Request. This Notice Shall Not Be Construed As A Commitment By The Government To Issue A Solicitation Or Ultimately Award A Contract, Nor Does It Restrict The Government To An Acquisition Approach. The Government Will In No Way Be Bound To This Information If Any Solicitation Is Issued. Currently A Total Set-aside For Service-disabled Veteran Owned Small Business Firms Is Anticipated Based On The Veterans Administration Requirement With Public Law 109-461, Section 8127 Veterans Benefit Act. However, If Response By Service-disabled Veteran Owned Small Business Firms Proves Inadequate, An Alternate Set-aside Or Full And Open May Be Used. Responses To This Notice Shall Be Submitted Via Email To Erika Kobulnicky At Erika.kobulnicky@va.gov. Telephone Responses Will Not Be Accepted. Responses Must Be Received No Later Than Wednesday, February 19, 2025, At 10:00am Cst. If A Solicitation Is Issued It Shall Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately From The Responses To This Sources Sought. Responses To This Sources Sought Notice Are Not A Request To Be Added To A Prospective Bidders List Or To Receive A Copy Of The Solicit. Marion, Il Vamc And Ehcc Outpatient Clinic Statement Of Work: Scriptpro Eyecon Description Of Use: To Be Used At The Marion Va Medical Center Pharmacy And In The Evansville, In Outpatient Clinic This Solicitation Uses A Brand Name Or Equal Description Of The Product Required. This Permits Prospective Contractors To Offer Products Other Than Those Specifically Referenced By Brand Name. All Offers Must Work With Existing Equipment That Has Already Been Purchased And Is Currently In Use At The Station. Minimum Technical Specifications: The Scriptpro Dispensing System Must Also Be Assembled Within The Manufactured Country Or Show Significant Proof Of An Internationally Recognized Quality Assurance Program Certificate Of Authenticity Will Need To Be Provided The Dispensing System Must Have The Following: Safety Must Use Barcode Verification To Ensure Accuracy Of Dispensing And Must Work With Scriptpro Label Barcode Unit Must Have Means To Track Dispensed Drug Quantities And Contain Image Verification Of Quantities Dispensed. Must Come Equipped With Database Of Drug Images For Dispensing Verification. Must Include Additional Counting Platters For Penicillin And Sulfa To Avoid Cross Contamination. Workflow Must Allow For Integration With Scriptpro/vista To Verify Correct Dispensing Quantities. Must Fit In Existing Space With A Footprint Of 28 H X 11 W X 17.5 D. Must Count With A Count Accuracy Of At Least 99.9%. Verification Should Include Easy Work Flow Optics Such As Color Touch Screen. Must Include Large Counting Area Of 48 Sq Inches For Larger Quantity Verification. Information Technology Must Integrate With Current Equipment, Including Scriptpro Dispensing/filling Stations Must Interface With Vista, Ups Worldship, And Usps Sendsuite System Platforms. All Equipment Must Be New Description Quantity Sp Eyecon 9430 2 Optional/value Added Features: N/a Required Interfaces: Must Interface With Current Sp Equipment. Must Also Interface With Vista/cprs. Delivery Location(s): Department Of Veterans Affairs Marion Va Medical Center 2401 West Main Street Marion, Il 62959-1188 Department Of Veterans Affairs Evansville Va Healthcare Center 6211 E Waterford Blvd Evansville, In 47715 Records Management Obligations Applicability This Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists. â Definitions Federal Record As Defined In 44 U.s.c. ⧠3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them. â The Term Federal Record: Includes [agency] Records.â Does Not Include Personal Materials. Applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. May Include Deliverables And Documentation Associated With Deliverables. Requirements Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â [agency] And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of [agency] Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To [agency]. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To [agency] Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And [agency] Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With [agency] Policy.â The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public [agency] Information That Are Not Specifically Tied To Or Authorized By The Contract.â The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â The [agency] Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which [agency] Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. Training. âall Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take [agency]-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â Flow Down Of Requirements To Subcontractors The Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â Violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. General. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. Contractors, Contractor Personnel, Subcontractors And Subcontractor Personnel Will Be Subject To The Same Federal Laws, Regulations, Standards, Va Directives And Handbooks, As Va Personnel Regarding Information And Information System Security And Privacy. Va Information Custodial Language. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Government Shall Receive Unlimited Rights To Data/intellectual Property First Produced And Delivered In The Performance Of This Contract Or Order (hereinafter Contract ) Unless Expressly Stated Otherwise In This Contract. This Includes All Rights To Source Code And All Documentation Created In Support Thereof. The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. The Primary Clause Used To Define Computer Software License (not Data/intellectual Property First Produced Under This Contractor Or Order) Is Far 52.227-19, Commercial Computer Software License. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Will Be Used Only For The Purposes Specified In The Service Agreement, Sow, Pws, Pd, And/or Contract. The Contractor Shall Not Use Va Information In Any Other Manner Without Prior Written Approval From A Va Contracting Officer (co). The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. Va Information Will Not Be Co-mingled With Any Other Data On The Contractor S Information Systems Or Media Storage Systems. The Contractor Shall Ensure Compliance With Federal And Va Requirements Related To Data Protection, Data Encryption, Physical Data Segregation, Logical Data Segregation, Classification Requirements And Media Sanitization. Va Reserves The Right To Conduct Scheduled Or Unscheduled Audits, Assessments, Or Investigations Of Contractor Information Technology (it) Resources To Ensure Information Security Is Compliant With Federal And Va Requirements. The Contractor Shall Provide All Necessary Access To Records (including Electronic And Documentary Materials Related To The Contracts And Subcontracts) And Support (including Access To Contractor And Subcontractor Staff Associated With The Contract) To Va, Va's Office Inspector General (oig),and/or Government Accountability Office (gao) Staff During Periodic Control Assessments, Audits, Or Investigations. The Contractor May Only Use Va Information Within The Terms Of The Contract And Applicable Federal Law, Regulations, And Va Policies. If New Federal Information Security Laws, Regulations Or Va Policies Become Applicable After Execution Of The Contract, The Parties Agree To Negotiate Contract Modification And Adjustment Necessary To Implement The New Laws, Regulations, And/or Policies. The Contractor Shall Not Make Copies Of Va Information Except As Specifically Authorized And Necessary To Perform The Terms Of The Contract. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Shall Be Destroyed In Accordance With Va Directive 6500, Va Cybersecurity Program And Va Information Security Knowledge Service. If A Veterans Health Administration (vha) Contract Is Terminated For Default Or Cause With A Business Associate, The Related Local Business Associate Agreement (baa) Shall Also Be Terminated And Actions Taken In Accordance With Vha Directive 1605.05, Business Associate Agreements. If There Is An Executed National Baa Associated With The Contract, Va Will Determine What Actions Are Appropriate And Notify The Contactor. The Contractor Shall Store And Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools Which Are, At A Minimum, Federal Information Processing Standards (fips) 140-2, Security Requirements For Cryptographic Modules (or Its Successor) Validated And In Conformance With Va Information Security Knowledge Service Requirements. The Contractor Shall Transmit Va Sensitive Information Using Va Approved Transport Layer Security (tls) Configured With Fips Based Cipher Suites In Conformance With National Institute Of Standards And Technology (nist) 800-52, Guidelines For The Selection, Configuration And Use Of Transport Layer Security (tls) Implementations. The Contractor S Firewall And Web Services Security Controls, As Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor May Use And Disclose Va Information Only In Two Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction After Notification To Va Co (ii) With Written Approval From The Va Co. The Contractor Shall Refer All Requests For, Demands For Production Of Or Inquiries About, Va Information And Information Systems To The Va Co For Response. Notwithstanding The Provision Above, The Contractor Shall Not Release Va Records Protected By Title 38 U.s.c. ⧠5705, Confidentiality Of Medical Quality- Assurance Records And/or Title 38 U.s.c. ⧠7332, Confidentiality Of Certain Medical Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse Or Infection With Human Immunodeficiency Virus (hiv). If The Contractor Is In Receipt Of A Court Order Or Other Requests For The Above- Mentioned Information, The Contractor Shall Immediately Refer Such Court Order Or Other Requests To The Va Co For Response. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract Will Be Protected And Secured In Accordance With Va Directive 6500 And Identity And Access Management (iam) Security Processes Specified In The Va Information Security Knowledge Service. Any Data Destruction Done On Behalf Of Va By A Contractor Shall Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management, Va Handbook 6300.1, Records Management Procedures, And Applicable Va Records Control Schedules. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Directive 6500 And Nist 800-88, Guidelines For Media Sanitization Prior To Termination Or Completion Of This Contract. If Directed By The Cor/co, The Contractor Shall Return All Federal Records To Va For Disposition. Any Media, Such As Paper, Magnetic Tape, Magnetic Disks, Solid State Devices Or Optical Discs That Is Used To Store, Process, Or Access Va Information That Cannot Be Destroyed Shall Be Returned To Va.the Contractor Shall Hold The Appropriate Material Until Otherwise Directed By The Contracting Officer S Representative (cor) Or Co. Items Shall Be Returned Securely Via Va-approved Methods. Va Sensitive Information Must Be Transmitted Utilizing Va-approved Encryption Tools Which Are Validated Under Fips 140-2 (or Its Successor) And Nist 800-52. If Mailed, The Contractor Shall Send Via A Trackable Method (usps, Ups, Fedex, Etc.) And Immediately Provide The Cor/co With The Tracking Information. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Shall Be Sent To The Cor/co Within 30 Business Days Of Termination Of The Contract. All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used To Store, Process Or Access Va Information Will Not Be Returned To The Contractor At The End Of Lease, Loan, Or Trade-in. Exceptions To This Paragraph Will Only Be Granted With The Written Approval Of The Va Co. Access To Va Information And Va Information Systems. This Section Applies When Any Person Requires Access To Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees And Subcontractors Only To The Extent Necessary To Perform The Services Specified In The Solicitation Or Contract. This Includes Indirect Entities, Both Affiliate Of Contractor/subcontractor And Agent Of Contractor/subcontractor. Contractors And Subcontractors Shall Sign The Va Information Security Rule Of Behavior (rob) Before Access Is Provided To Va Information And Information Systems (see Section 4, Training, Below). The Rob Contains The Minimum User Compliance Requirements And Does Not Supersede Any Policies Of Va Facilities Or Other Agency Components Which Provide Higher Levels Of Protection To Va S Information Or Information Systems. Users Who Require Privileged Access Shall Complete The Va Elevated Privilege Access Request Processes Before Privileged Access Is Granted. All Contractors And Subcontractors Working With Va Information Are Subject To The Same Security Investigative And Clearance Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Shall Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office Of Human Resources And Administration/operations, Security And Preparedness (hra/osp) Is Responsible For These Policies And Procedures. Contract Personnel Who Require Access To Classified Information Or Information Systems Shall Have An Appropriate Security Clearance. Verification Of A Security Clearance Shall Be Processed Through The Special Security Officer Located In Hra/osp. Contractors Shall Conform To All Requirements Stated In The National Industrial Security Program Operating Manual (nispom). All Contractors And Subcontractors Shall Comply With Conditions Specified In Vaar 852.204-71(d); Contractor Operations Required To Be In United States. All Contractors And Subcontractors Working With Va Information Must Be Permanently Located Within A Jurisdiction Subject To The Law Of The United States Or Its Territories To The Maximum Extent Feasible. If Services Are Proposed To Be Performed Abroad The Contractor Must State Where All Non-u.s. Services Are Provided. The Contractor Shall Deliver To Va A Detailed Plan Specifically Addressing Communications, Personnel Control, Data Protection And Potential Legal Issues. The Plan Shall Be Approved By The Cor/co In Writing Prior To Access Being Granted. The Contractor Shall Notify The Cor/co In Writing Immediately (no Later Than 24 Hours) After Personnel Separation Or Occurrence Of Other Causes. Causes May Include The Following: Contractor/subcontractor Personnel No Longer Has A Need For Access To Va Information Or Va Information Systems. Contractor/subcontractor Personnel Are Terminated, Suspended, Or Otherwise Has Their Work On A Va Project Discontinued For Any Reason. Contractor Believes Their Own Personnel Or Subcontractor Personnel May Pose A Threat To Their Company S Working Environment Or To Any Company- Owned Property. This Includes Contractor-owned Assets, Buildings, Confidential Data, Customers, Employees, Networks, Systems, Trade Secrets And/or Va Data. Any Previously Undisclosed Changes To Contractor/subcontractor Background History Are Brought To Light, Including But Not Limited To Changes To Background Investigation Or Employee Record. Contractor/subcontractor Personnel Have Their Authorization To Work In The United States Revoked. Agreement By Which Contractor Provides Products And Services To Va Has Either Been Fulfilled Or Terminated, Such That Va Can Cut Off Electronic And/or Physical Access For Contractor Personnel. In Such Cases Of Contract Fulfillment, Termination, Or Other Causes; The Contractor Shall Take The Necessary Measures To Immediately Revoke Access To Va Network, Property, Information, And Information Systems (logical And Physical) By Contractor/subcontractor Personnel. These Measures Include (but Are Not Limited To): Removing And Then Securing Personal Identity Verification (piv) Badges And Piv Interoperable (piv-i) Access Badges, Va-issued Photo Badges, Credentials For Va Facilities And Devices, Va-issued Laptops, And Authentication Tokens. Contractors Shall Notify The Appropriate Va Cor/co Immediately To Initiate Access Removal. Contractors/subcontractors Who No Longer Require Va Accesses Will Return Va- Issued Property To Va. This Property Includes (but Is Not Limited To): Documents, Electronic Equipment, Keys, And Parking Passes. Piv And Piv-i Access Badges Shall Be Returned To The Nearest Va Piv Badge Issuance Office. Once They Have Had Access To Va Information, Information Systems, Networks And Va Property In Their Possessions Removed, Contractors Shall Notify The Appropriate Va Cor/co. Training. This Entire Section Applies To All Acquisitions Which Include Section 3. All Contractors And Subcontractors Requiring Access To Va Information And Va Information Systems Shall Successfully Complete The Following Before Being Granted Access To Va Information And Its Systems: Va Privacy And Information Security Awareness And Rules Of Behavior Course (talent Management System (tms) #10176) Initially And Annually Thereafter. Sign And Acknowledge (electronically Through Tms #10176) Understanding Of And Responsibilities For Compliance With The Organizational Rules Of Behavior, Relating To Access To Va Information And Information Systems Initially And Annually Thereafter; And Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Or Information Access [to Be Defined By The Va Program Official And Provided To The Va Co For Inclusion In The Solicitation Document I.e., Any Role- Based Information Security Training]. The Contractor Shall Provide To The Cor/co A Copy Of The Training Certificates And Certification Of Signing The Organizational Rules Of Behavior For Each Applicable Employee Within Five Days Of The Initiation Of The Contract And Annually Thereafter, As Required. Failure To Complete The Mandatory Annual Training Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Required Training Is Complete. Security Incident Investigation. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Contractor, Subcontractor, Their Employees, Or Business Associates Shall Immediately (within One Hour) Report Suspected Security / Privacy Incidents To The Va Oit S Enterprise Service Desk (esd) By Calling (855) 673-4357 (tty: 711). The Esd Is Oit S 24/7/365 Single Point Of Contact For It-related Issues. After Reporting To The Esd, The Contractor, Subcontractor, Their Employees, Or Business Associates Shall, Within One Hour, Provide The Cor/co The Incident Number Received From The Esd. To The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved And The Circumstances Surrounding The Incident, Including The Following: The Date And Time (or Approximation Of) The Security Incident Occurred. The Names Of Individuals Involved (when Applicable). The Physical And Logical (if Applicable) Location Of The Incident. Why The Security Incident Took Place (i.e., Catalyst For The Failure). The Amount Of Data Belonging To Va Believed To Have Been Compromised. The Remediation Measures The Contractor Is Taking To Ensure No Future Incidents Of A Similar Nature. After The Contractor Has Provided The Initial Detailed Incident Summary To Va, They Will Continue To Provide Written Updates On Any New And Relevant Circumstances Or Facts They Discover. The Contractor, Subcontractor, And Their Employes Shall Fully Cooperate With Va Or Third-party Entity Performing An Independent Risk Analysis On Behalf Of Va. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. Va It Contractors Shall Follow Va Handbook 6500, Risk Management Framework For Va Information Systems Va Information Security Program, And Va Information Security Knowledge Service Guidance For Implementing An Incident Response Plan Or Integrating With An Existing Va Implementation. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig, And The Va Office Of Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. The Contractor Shall Comply With Va Handbook 6500.2, Management Of Breaches Involving Sensitive Personal Information, Which Establishes The Breach Management Policies And Assigns Responsibilities For The Oversight, Management And Reporting Procedures Associated With Managing Of Breaches. With Respect To Unsecured Protected Health Information (phi), The Contractor Is Deemed To Have Discovered A Data Breach When The Contractor Knew Or Should Have Known Of Breach Of Such Information. When A Business Associate Is Part Of Vha Contract, Notification To The Covered Entity (vha) Shall Be Made In Accordance With The Executed Baa. If The Contractor Or Any Of Its Agents Fails To Protect Va Sensitive Personal Information Or Otherwise Engages In Conduct Which Results In A Data Breach Involving Any Va Sensitive Personal Information The Contractor/subcontractor Processes Or Maintains Under The Contract; The Contractor Shall Pay Liquidated Damages To The Va As Set Forth In Clause 852.211-76, Liquidated Damages Reimbursement For Data Breach Costs. Information System Design And Development. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (to Include The Subcomponents Of Each) Designed Or Developed For Or On Behalf Of Va By Any Non-va Entity. Information Systems Designed Or Developed On Behalf Of Va At Non-va Facilities Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. This Includes Standards For The Protection Of Electronic Protected Health Information (phi), Outlined In 45 C.f.r. Part 164, Subpart C And Information And System Security Categorization Level Designations In Accordance With Fips 199, Standards For Security Categorization Of Federal Information And Information Systems And Fips 200, Minimum Security Requirements For Federal Information Systems. Baseline Security Controls Shall Be Implemented Commensurate With The Fips 199 System Security Categorization (reference Va Handbook 6500 And Va Trusted Internet Connections (tic) Architecture). Contracted New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Va Assessment And Authorization (a&a) Processes In Va Handbook 6500 And Va Information Security Knowledge Service To Obtain An Authority To Operate (ato). Va Directive 6517, Risk Management Framework For Cloud Computing Services, Provides The Security And Privacy Requirements For Cloud Environments. Va It Contractors, Subcontractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500, Va Handbook 6517, Risk Management Framework For Cloud Computing Services And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co To Identify The Va Organization Responsible For Governance Or Resolution. Contractors Shall Comply With Far 39.1, Specifically The Prohibitions Referenced. The Contractor (including Producers And Resellers) Shall Comply With Office Of Management And Budget (omb) M-22-18 And M-23-16 When Using Third-party Software On Va Information Systems Or Otherwise Affecting The Va Information. This Includes New Software Purchases And Software Renewals For Software Developed Or Modified By Major Version Change After The Issuance Date Of M- 22-18 (september 14, 2022). The Term Software Includes Firmware, Operating Systems, Applications And Application Services (e.g., Cloud-based Software), As Well As Products Containing Software. The Contractor Shall Provide A Self- Attestation That Secure Software Development Practices Are Utilized As Outlined By Executive Order (eo)14028 And Nist Guidance. A Third-party Assessment Provided By Either A Certified Federal Risk And Authorization Management Program (fedramp) Third Party Assessor Organization (3pao) Or One Approved By The Agency Will Be Acceptable In Lieu Of A Software Producer's Self- Attestation. The Contractor Shall Ensure All Delivered Applications, Systems And Information Systems Are Compliant With Homeland Security Presidential Directive (hspd) 12 And Va Identity And Access Management (iam) Enterprise Identity Management Requirements As Set Forth In Omb M-19-17, M-05-24, Fips 201-3, Personal Identity Verification (piv) Of Federal Employees And Contractors (or Its Successor), M-21-31 And Supporting Nist Guidance. This Applies To Commercial Off-the-shelf (cots) Product(s) That The Contractor Did Not Develop, All Software Configurations And All Customizations. The Contractor Shall Ensure All Contractor Delivered Applications And Systems Provide User Authentication Services Compliant With Va Handbook 6500, Va Information Security Knowledge Service, Iam Enterprise Requirements And Nist 800-63, Digital Identity Guidelines, For Direct, Assertion-based Authentication And/or Trust-based Authentication, As Determined By The Design And Integration Patterns. Direct Authentication At A Minimum Must Include Public Key Infrastructure (pki) Based Authentication Supportive Of Piv And/or Common Access Card (cac), As Determined By The Business Need And Compliance With Va Information Security Knowledge Service Specifications. The Contractor Shall Use Va Authorized Technical Security Baseline Configurations And Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems In Compliance With Va Baselines Prior To Acceptance Or Connection Into An Authorized Va Computing Environment. If The Defense Information Systems Agency (disa) Has Created A Security Technical Implementation Guide (stig) For The Technology, The Contractor May Configure To Comply With That Stig. If Va Determines A New Or Updated Va Configuration Baseline Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Far 39.1 Requires The Population Of Operating Systems And Applications Includes All Listed On The Nist National Checklist Program Checklist Repository. The Standard Installation, Operation, Maintenance, Updating And Patching Of Software Shall Not Alter The Configuration Settings From Va Approved Baseline Configuration. Software Developed For Va Must Be Compatible With Va Enterprise Installer Services And Install To The Default Program Files Directory With Silently Install And Uninstall. The Contractor Shall Perform Testing Of All Updates And Patching Prior To Implementation On Va Systems. Applications Designed For Normal End Users Will Run In The Standard User Context Without Elevated System Administration Privileges. The Contractor-delivered Solutions Shall Reside On Va Approved Operating Systems. Exceptions To This Will Only Be Granted With The Written Approval Of The Cor/co. The Contractor Shall Design, Develop, And Implement Security And Privacy Controls In Accordance With The Provisions Of Va Security System Development Life Cycle Outlined In Nist 800-37, Risk Management Framework For Information Systems And Organizations: A System Life Cycle Approach For Security And Privacy, Va Directive And Handbook 6500, And Va Handbook 6517. The Contractor Shall Comply With The Privacy Act Of1974 (the Act), Far 52.224- 2 Privacy Act, And Va Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish A Va Function. The Contractor Shall Ensure The Security Of All Procured Or Developed Information Systems, Systems, Major Applications, Minor Applications, Enclaves And Platform Information Technologies, Including Their Subcomponents (hereinafter Referred To As Information Systems ) Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes Security Configurations, Workarounds, Patches, Hotfixes, Upgrades, Replacements And Any Physical Components Which May Be Necessary To Remediate All Security Vulnerabilities Published Or Known To The Contractor Anywhere In The Information Systems (including Systems, Operating Systems, Products, Hardware, Software, Applications And Firmware). The Contractor Shall Ensure Security Fixes Do Not Negatively Impact The Information Systems. When The Contractor Is Responsible For Operations Or Maintenance Of The Systems, The Contractor Shall Apply The Security Fixes Within The Timeframe Specified By The Associated Controls On The Va Information Security Knowledge Service. When Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Contractor Shall Provide Written Notice To The Va Cor/co That The Patch Has Been Validated As To Not Affecting The Systems Within 10 Business Days. Information System Hosting, Operation, Maintenance Or Use. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (cloud And Non- Cloud) Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. The Contractor Shall Comply With All Federal Laws, Regulations, And Va Policies For Information Systems (cloud And Non-cloud) That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. Security Controls For Collecting, Processing, Transmitting, And Storing Of Va Sensitive Information, Must Be In Place. The Controls Will Be Tested By Va Or A Va Sanctioned 3pao And Approved By Va Prior To Hosting, Operation, Maintenance Or Use Of The Information System Or Systems By Or On Behalf Of Va. This Includes Conducting Compliance Risk Assessments, Security Architecture Analysis, Routine Vulnerability Scanning, System Patching, Change Management Procedures And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Shall Be The Same As Procedures Used To Secure Va-operated Information Systems. Outsourcing (contractor Facility, Equipment, Or Staff) Of Systems Or Network Operations, Telecommunications Services Or Other Managed Services Require Assessment And Authorization (a&a) Of The Contractor S Systems In Accordance With Va Handbook 6500 As Specified In Va Information Security Knowledge Service. Major Changes To The A&a Package May Require Reviewing And Updating All The Documentation Associated With The Change. The Contractor S Cloud Computing Systems Shall Comply With Fedramp And Va Directive 6517 Requirements. The Contractor Shall Return All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) On Non-va Leased Or Non-va Owned It Equipment Used To Store, Process Or Access Va Information To Va In Accordance With A&a Package Requirements. This Applies When The Contract Is Terminated Or Completed And Prior To Disposal Of Media. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Information Security Knowledge Service Requirements And Nist 800-88. The Contractor Shall Send A Self-certification That The Data Destruction Requirements Above Have Been Met To The Cor/co Within 30 Business Days Of Termination Of The Contract. All External Internet Connections To Va Network Involving Va Information Must Be In Accordance With Va Trusted Internet Connection (tic) Reference Architecture And Va Directive And Handbook 6513, Secure External Connections And Reviewed And Approved By Va Prior To Implementation. Government-owned Contractor-operated Systems, Third Party Or Business Partner Networks Require A Memorandum Of Understanding (mou) And Interconnection Security Agreements (isa). Contractor Procedures Shall Be Subject To Periodic, Announced, Or Unannounced Assessments By Va Officials, The Oig Or A 3pao. The Physical Security Aspects Associated With Contractor Activities Are Also Subject To Such Assessments. The Contractor Shall Report, In Writing, Any Deficiencies Noted During The Above Assessment To The Va Cor/co. The Contractor Shall Use Va S Defined Processes To Document Planned Remedial Actions That Address Identified Deficiencies In Information Security Policies, Procedures, And Practices. The Contractor Shall Correct Security Deficiencies Within The Timeframes Specified In The Va Information Security Knowledge Service. All Major Information System Changes Which Occur In The Production Environment Shall Be Reviewed By The Va To Determine The Impact On Privacy And Security Of The System. Based On The Review Results, Updates To The Authority To Operate (ato) Documentation And Parameters May Be Required To Remain In Compliance With Va Handbook 6500 And Va Information Security Knowledge Service Requirements. The Contractor Shall Conduct An Annual Privacy And Security Self-assessment On All Information Systems And Outsourced Services As Required. Copies Of The Assessment Shall Be Provided To The Cor/co. The Va/government Reserves The Right To Conduct Assessment Using Government Personnel Or A Third-party If Deemed Necessary. The Contractor Shall Correct Or Mitigate Any Weaknesses Discovered During The Assessment. Va Prohibits The Installation And Use Of Personally Owned Or Contractor-owned Equipment Or Software On Va Information Systems. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Pws, Pd Or Contract. All Security Controls Required For Government Furnished Equipment Must Be Utilized In Va Approved Other Equipment (oe). Configuration Changes To The Contractor Oe, Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Use A Va-approved Antivirus Software And A Personal (host-based Or Enclave Based) Firewall With A Va-approved Configuration. The Contractor Shall Ensure Software On Oe Is Kept Current With All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-virus Software And The Firewall On The Non-va Owned Oe. Approved Contractor Oe Will Be Subject To Technical Inspection At Any Time. The Contractor Shall Notify The Cor/co Within One Hour Of Disclosure Or Successful Exploits Of Any Vulnerability Which Can Compromise The Confidentiality, Integrity, Or Availability Of The Information Systems. The System Or Effected Component(s) Need(s) To Be Isolated From The Network. A Forensic Analysis Needs To Be Conducted Jointly With Va. Such Issues Will Be Remediated As Quickly As Practicable, But In No Event Longer Than The Timeframe Specified By Va Information Security Knowledge Service. If Sensitive Personal Information Is Compromised Reference Va Handbook 6500.2 And Section 5, Security Incident Investigation. For Cases Wherein The Contractor Discovers Material Defects Or Vulnerabilities Impacting Products And Services They Provide To Va, The Contractor Shall Develop And Implement Policies And Procedures For Disclosure To Va, As Well As Remediation. The Contractor Shall, Within 30 Business Days Of Discovery, Document A Summary Of These Vulnerabilities Or Defects. The Documentation Will Include A Description Of The Potential Impact Of Each Vulnerability And Material Defect, Compensating Security Controls, Mitigations, Recommended Corrective Actions, Fbonotice Cause Analysis And/or Workarounds (i.e., Monitoring). Should There Exist Any Backdoors In The Products Or Services They Provide To Va (referring To Methods For Bypassing Computer Authentication), The Contractor Shall Provide The Va Co/co Written Assurance They Have Permanently Remediated These Backdoors. All Other Vulnerabilities, Including Those Discovered Through Routine Scans Or Other Assessments, Will Be Remediated Based On Risk, In Accordance With The Remediation Timelines Specified By The Va Information Security Knowledge Service And/or The Applicable Timeframe Mandated By Cybersecurity & Infrastructure Security Agency (cisa) Binding Operational Directive (bod) 22- 01 And Bod 19-02 For Internet-accessible Systems. Exceptions To This Paragraph Will Only Be Granted With The Approval Of The Cor/co. Security And Privacy Controls Compliance Testing, Assessment And Auditing. This Entire Section Applies Whenever Section 6 Or 7 Is Included. Should Va Request It, The Contractor Shall Provide A Copy Of Their (corporation S, Sole Proprietorship S, Partnership S, Limited Liability Company (llc), Or Other Business Structure Entity S) Policies, Procedures, Evidence And Independent Report Summaries Related To Specified Cybersecurity Frameworks (international Organization For Standardization (iso), Nist Cybersecurity Framework (csf), Etc.). Va Or Its Third-party/partner Designee (if Applicable) Are Further Entitled To Perform Their Own Audits And Security/penetration Tests Of The Contractor S It Or Systems And Controls, To Ascertain Whether The Contractor Is Complying With The Information Security, Network Or System Requirements Mandated In The Agreement Between Va And The Contractor. Any Audits Or Tests Of The Contractor Or Third-party Designees/partner Va Elects To Carry Out Will Commence Within 30 Business Days Of Va Notification. Such Audits, Tests And Assessments May Include The Following: (a): Security/penetration Tests Which Both Sides Agree Will Not Unduly Impact Contractor Operations; (b): Interviews With Pertinent Stakeholders And Practitioners; (c): Document Review; And (d): Technical Inspections Of Networks And Systems The Contractor Uses To Destroy, Maintain, Receive, Retain, Or Use Va Information. As Part Of These Audits, Tests And Assessments, The Contractor Shall Provide All Information Requested By Va. This Information Includes, But Is Not Limited To, The Following: Equipment Lists, Network Or Infrastructure Diagrams, Relevant Policy Documents, System Logs Or Details On Information Systems Accessing, Transporting, Or Processing Va Data. The Contractor And At Its Own Expense, Shall Comply With Any Recommendations Resulting From Va Audits, Inspections And Tests. Va Further Retains The Right To View Any Related Security Reports The Contractor Has Generated As Part Of Its Own Security Assessment. The Contractor Shall Also Notify Va Of The Existence Of Any Such Security Reports Or Other Related Assessments, Upon Completion And Validation. Va Appointed Auditors Or Other Government Agency Partners May Be Granted Access To Such Documentation On A Need-to-know Basis And Coordinated Through The Cor/co. The Contractor Shall Comply With Recommendations Which Result From These Regulatory Assessments On The Part Of Va Regulators And Associated Government Agency Partners. Product Integrity, Authenticity, Provenance, Anti-counterfeit And Anti-tampering. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Comply With Code Of Federal Regulations (cfr) Title 15 Part 7, Securing The Information And Communications Technology And Services (icts) Supply Chain , Which Prohibits Icts Transactions From Foreign Adversaries. Icts Transactions Are Defined As Any Acquisition, Importation, Transfer, Installation, Dealing In Or Use Of Any Information And Communications Technology Or Service, Including Ongoing Activities, Such As Managed Services, Data Transmission, Software Updates, Repairs Or The Platforming Or Data Hosting Of Applications For Consumer Download. When Contracting Terms Require The Contractor To Procure Equipment, The Contractor Shall Purchase Or Acquire The Equipment From An Original Equipment Manufacturer (oem) Or An Authorized Reseller Of The Oem. The Contractor Shall Attest That Equipment Procured From An Oem Or Authorized Reseller Or Distributor Are Authentic. If Procurement Is Unavailable From An Oem Or Authorized Reseller, The Contractor Shall Submit In Writing, Details Of The Circumstances Prohibiting This From Happening And Procure A Product Waiver From The Va Cor/co. All Contractors Shall Establish, Implement, And Provide Documentation For Risk Management Practices For Supply Chain Delivery Of Hardware, Software (to Include Patches) And Firmware Provided Under This Agreement. Documentation Will Include Chain Of Custody Practices, Inventory Management Program, Information Protection Practices, Integrity Management Program For Sub-supplier Provided Components, And Replacement Parts Requests. The Contractor Shall Make Spare Parts Available. All Contractor(s) Shall Specify How Digital Delivery For Procured Products, Including Patches, Will Be Validated And Monitored To Ensure Consistent Delivery. The Contractor Shall Apply Encryption Technology To Protect Procured Products Throughout The Delivery Process. If A Contractor Provides Software Or Patches To Va, The Contractor Shall Publish Or Provide A Hash Conforming To The Fips Security Requirements For Cryptographic Modules (fips 140-2 Or Successor). The Contractor Shall Provide A Software Bill Of Materials (sbom) For Procured (to Include Licensed Products) And Consist Of A List Of Components And Associated Metadata Which Make Up The Product. Sboms Must Be Generated In One Of The Data Formats Defined In The National Telecommunications And Information Administration (ntia) Report The Minimum Elements For A Software Bill Of Materials (sbom). Contractors Shall Use Or Arrange For The Use Of Trusted Channels To Ship Procured Products, Such As U.s. Registered Mail And/or Tamper-evident Packaging For Physical Deliveries. Throughout The Delivery Process, The Contractor Shall Demonstrate A Capability For Detecting Unauthorized Access (tampering). The Contractor Shall Demonstrate Chain-of-custody Documentation For Procured Products And Require Tamper-evident Packaging For The Delivery Of This Hardware. Viruses, Firmware And Malware. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Execute Due Diligence To Ensure All Provided Software And Patches, Including Third-party Patches, Are Free Of Viruses And/or Malware Before Releasing Them To Or Installing Them On Va Information Systems. The Contractor Warrants It Has No Knowledge Of And Did Not Insert, Any Malicious Virus And/or Malware Code Into Any Software Or Patches Provided To Va Which Could Potentially Harm Or Disrupt Va Information Systems. The Contractor Shall Use Due Diligence, If Supplying Third-party Software Or Patches, To Ensure The Third-party Has Not Inserted Any Malicious Code And/or Virus Which Could Damage Or Disrupt Va Information Systems. The Contractor Shall Provide Or Arrange For The Provision Of Technical Justification As To Why Any False Positive Hit Has Taken Place To Ensure Their Code S Supply Chain Has Not Been Compromised. Justification May Be Required, But Is Not Limited To, When Install Files, Scripts, Firmware, Or Other Contractor-delivered Software Solutions (including Third-party Install Files, Scripts, Firmware, Or Other Software) Are Flagged As Malicious, Infected, Or Suspicious By An Anti-virus Vendor. The Contractor Shall Not Upload (intentionally Or Negligently) Any Virus, Worm, Malware Or Any Harmful Or Malicious Content, Component And/or Corrupted Data/source Code (hereinafter Virus Or Other Malware ) Onto Va Computer And Information Systems And/or Networks. If Introduced (and This Clause Is Violated), Upon Written Request From The Va Co, The Contractor Shall: Take All Necessary Action To Correct The Incident, To Include Any And All Assistance To Va To Eliminate The Virus Or Other Malware Throughout Va S Information Networks, Computer Systems And Information Systems; And Use Commercially Reasonable Efforts To Restore Operational Efficiency And Remediate Damages Due To Data Loss Or Data Integrity Damage, If The Virus Or Other Malware Causes A Loss Of Operational Efficiency, Data Loss, Or Damage To Data Integrity. Cryptographic Requirement. This Entire Section Applies Whenever The Acquisition Includes Section 6 Or 7 Is Included. The Contractor Shall Document How The Cryptographic System Supporting The Contractor S Products And/or Services Protect The Confidentiality, Data Integrity, Authentication And Non-repudiation Of Devices And Data Flows In The Underlying System. The Contractor Shall Use Only Approved Cryptographic Methods As Defined In Fips 140-2 (or Its Successor) And Nist 800-52 Standards When Enabling Encryption On Its Products. The Contractor Shall Provide Or Arrange For The Provision Of An Automated Remote Key-establishment Method Which Protects The Confidentiality And Integrity Of The Cryptographic Keys. The Contractor Shall Ensure Emergency Re-keying Of All Devices Can Be Remotely Performed Within 30 Business Days. The Contractor Shall Provide Or Arrange For The Provision Of A Method For Updating Cryptographic Primitives Or Algorithms. Patching Governance. This Entire Section Applies Whenever The Acquisition Includes Section 7 Is Included The Contractor Shall Provide Documentation Detailing The Patch Management, Vulnerability Management, Mitigation And Update Processes (to Include Third- Party) Prior To The Connection Of Electronic Devices, Assets Or Equipment To Va S Assets. This Documentation Will Include Information Regarding The Follow: The Resources And Technical Capabilities To Sustain The Program Or Process (e.g., How The Integrity Of A Patch Is Validated By Va); And The Approach And Capability To Remediate Newly Reported Zero-day Vulnerabilities For Contractor Products. The Contractor Shall Verify And Provide Documentation All Procured Products (including Third-party Applications, Hardware, Software, Operating Systems, And Firmware) Have Appropriate Updates And Patches Installed Prior To Delivery To Va. The Contractor Shall Provide Or Arrange The Provision Of Appropriate Software And Firmware Updates To Remediate Newly Discovered Vulnerabilities Or Weaknesses For Their Products And Services Within 30 Days Of Discovery. Updates To Remediate Critical Or Emergent Vulnerabilities Will Be Provided Within Seven Business Days Of Discovery. If Updates Cannot Be Made Available By Contractor Within These Time Periods, The Contractor Shall Submit Mitigations, Methods Of Exploit Detection And/or Workarounds To The Cor/co Prior To The Above Deadlines. The Contractor Shall Provide Or Arrange For The Provision Of Appropriate Hardware, Software And/or Firmware Updates, When Those Products, Including Open-source Software, Are Provided To The Va, To Remediate Newly Discovered Vulnerabilities Or Weaknesses. Remediations Of Products Or Services Provided To The Va S System Environment Must Be Provided Within 30 Business Days Of Availability From The Original Supplier And/or Patching Source. Updates Toremediate Critical Vulnerabilities Applicable To The Contractor S Use Of The Third- Party Product In Its System Environment Will Be Provided Within Seven Business Days Of Availability From The Original Supplier And/or Patching Source. If Applicable Third-party Updates Cannot Be Integrated, Tested And Made Available By Contractor Within These Time Periods, Mitigations And/or Workarounds Will Be Provided To The Cor/co Before The Above Deadlines. Specialized Devices/systems (medical Devices, Special Purpose Systems, Research Scientific Computing). This Entire Section Applies When The Acquisition Includes One Or More Medical Device, Special Purpose System Or Research Scientific Computing Device. If Appropriate, Ensure Selected Clauses From Section 6 Or 7 And 8 Through 12 Are Included. Contractor Supplies/delivered Medical Devices, Special Purpose Systems- Operational Technology (sps-ot) And Research Scientific Computing Devices Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Processes Specified On The Specialized Device Cybersecurity Department Enterprise Risk Management (sdcd-erm) Portal, Va Directive 6550, Pre-procurement Assessment And Implementation Of Medical Devices/systems, Va Handbook 6500, And The Va Information Security Knowledge Service. Deviations From Federal Law, Regulations, And Va Policy Are Identified And Documented As Part Of Va Directive 6550 And/or The Va Enterprise Risk Analysis (era) Processes For Specialized Devices/systems Processes. All Contractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500 And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co For Governance Or Resolution. The Contractor Shall Certify To The Cor/co That Devices/systems That Have Completed The Va Enterprise Risk Analysis (era) Process For Specialized Devices/systems Are Fully Functional And Operate Correctly As Intended. Devices/systems Must Follow The Va Era Authorized Configuration Prior To Acquisition And Connection To The Va Computing Environment. If Va Determines A New Va Era Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Major Changes To A Previously Approved Device/system Will Require A New Era. The Contractor Shall Comply With All Practices Documented By The Food Drug And Administration (fda) Premarket Submission For Management Of Cybersecurity In Medical Devices And Postmarket Management Of Cybersecurity In Medical Devices. The Contractor Shall Design Devices Capable Of Accepting All Applicable Security Patches With Or Without The Support Of The Contractor Personnel. If Patching Can Only Be Completed By The Contractor, The Contractor Shall Commit The Resources Needed To Patch All Applicable Devices At All Va Locations. If Unique Patching Instructions Or Packaging Is Needed, The Contractor Shall Provide The Necessary Information In Conjunction With The Validation/testing Of The Patch. The Contractor Shall Apply Security Patches Within 30 Business Days Of The Patch Release And Have A Formal Tracking Process For Any Security Patches Not Implemented To Include Explanation When A Device Cannot Be Patched. The Contractor Shall Provide Devices Able To Install And Maintain Va-approved Antivirus Capabilities With The Capability To Quarantine Files And Be Updated As Needed In Response To Incidents. Alternatively, A Va-approved Whitelisting Application May Be Used When The Contractor Cannot Install An Anti-virus / Anti- Malware Application. The Contractor Shall Verify And Document All Software Embedded Within The Device Does Not Contain Any Known Viruses Or Malware Before Delivery To Or Installation At A Va Location. Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Solid State, And Storage Via Chips/firmware) With Va Sensitive Information Will Be Returned To The Contractor With Media Removed. When The Contract Requires Return Of Equipment, The Options Available To The Contractor Are The Following: The Contractor Shall Accept The System Without The Drive, Firmware And Solid State. Va S Initial Device Purchase Includes A Spare Drive Or Other Replacement Media Which Must Be Installed In Place Of The Original Drive At Time Of Turn- In; Or Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With The Device, If It Is Not Possible For Va To Retain The Hard Drive, Firmware, And Solid State, Then: The Equipment Contractor Shall Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact. Any Fixed Hard Drive, Complementary Metal-oxide-semiconductor (cmos), Programmable Read-only Memory (prom), Solid State And Firmware On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Solicitation, Contract, Or Order. Data Center Provisions. This Entire Section Applies Whenever The Acquisition Requires An Interconnection To/from The Va Network To/from A Non-va Location. The Contractor Shall Ensure The Va Network Is Accessed By In Accordance With Va Directive 6500 And Iam Security Processes Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Network Infrastructure And Data Availability In Accordance With Va Information System Business Continuity Procedures Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Any Connections To The Internet Or Other External Networks For Information Systems Occur Through Managed Interfaces Utilizing Va Approved Boundary Protection Devices (e.g., Internet Proxies, Gateways, Routers, Firewalls, Guards Or Encrypted Tunnels). The Contractor Shall Encrypt All Traffic Across The Segment Of The Wide Area Network (wan) It Manages And No Unencrypted Out Of Band (oob) Internet Protocol (ip) Traffic Will Traverse The Network. The Contractor Shall Ensure Tunnel Endpoints Are Routable Addresses At Each Va Operating Site. The Contractor Shall Secure Access From Local Area Networks (lans) At Co- Located Sites In Accordance With Va Tic Reference Architecture, Va Directive And Handbook 6513, And Mou/isa Process Specified In The Va Information Security Knowledge Service.

Details: This Sources Sought Notice Is For Planning Purposes Only And Shall Not Be Considered As An Invitation For Bid, Request For Quotation, Request For Proposal, Or As An Obligation On The Part Of The Government To Acquire Any Products And/or Services. Your Response To This Sources Sought Notice Will Be Treated As Information Only. No Entitlement To Payment Of Direct Or Indirect Costs Or Charges By The Government Will Arise Because Of Contractor Submission Of Responses To This Announcement Or The Government Use Of Such Information. This Request Does Not Constitute A Solicitation For Proposals Or The Authority To Enter Negotiations To Award A Contract. No Funds Have Been Authorized, Appropriated, Or Received For This Effort. the Information Provided May Be Used By The Department Of Veterans Affairs In Developing Its Acquisition Approach, Statement Of Work/statement Of Objectives And Performance Specifications. Interested Parties Are Responsible For Adequately Marking Proprietary Or Competition Sensitive Information Contained In Their Response. The Government Does Not Intend To Award A Contract Based On This Sources Sought Notice Or To Otherwise Pay For The Information Submitted In Response To This Sources Sought Notice. the Submission Of Pricing, Capabilities For Planning Purposes, And Other Market Information Is Highly Encouraged And Allowed Under This Sources Sought Notice In Accordance With (iaw) Far Part 15.201(e) the Purpose Of This Sources Sought Notice Announcement Is For Market Research To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Potential Qualified Service-disabled Veteran Owned Small Businesses, Veteran Owned Small Businesses, 8(a), Hubzone And Other Small Businesses Interested And Capable Of Providing The Products And/or Services Described Below. documentation Of Technical Expertise Must Be Presented In Sufficient Detail For The Government To Determine That Your Company Possesses The Necessary Functional Area Expertise And Experience To Compete For This Acquisition. Responses To This Notice Shall Include The Following: (a) Company Name; (b) Address; (c) Point Of Contact; (d) Phone, Fax, And Email; (e) Uei Number; (f) Cage Code; (g) Tax Id Number; (h) Type Of Small Business, E.g., Services Disabled Veteran Owned Small Business, Veteran Owned Small Business, 8(a), Hubzone, Women Owned Small Business, Small Disadvantaged Business, Or Small Business Hubzone Business, Etc (i) State If Your Business Has An Fss Contract With Gsa, Va Nac, Nasa Sewp, Or Any Other Federal Contract, That Can Be Utilized To Procure The Requirement Listed Below And Provide The Contract Number; And (j) Must Provide A Capability Statement That Addresses The Organization S Qualifications And Ability To Perform As A Contractor For The Work Described Below. requirement: the Va Heartland Network 15 Contracting Office Located At 3450 South 4th Street, Leavenworth, Ks, 66048-5055 Is Seeking A Potential Qualified Contractor To Provide An Automated Special Staining Instrumentation Lease & Bulk Reagent Purchase (i.e.: Artisan Link Pro Special Staining System & Artisan Reagents) For The Kansas City Va Medical Center, Located In Kansas City, Missouri, And The John J. Cochran Veterans Hospital, Located In St. Louis, Missouri. This Is A Brand Name Or Equal Requirement. Please See The Statement Of Work For More Specifics And Details. the North American Industry Classification System Code (naics Code) Is 334516 (analytical Laboratory Instrument Manufacturing), Size Standard 1,000 Employees. Based On This Information, Please Indicate Whether Your Company Would Be A Large Or Small Business And Have A Socio-economic Designation As A Small Business, Vosb Or Sdvosb. important Information: the Government Is Not Obligated To, Nor Will It Pay For Or Reimburse Any Costs Associated With Responding To This Source Sought Synopsis Request. This Notice Shall Not Be Construed As A Commitment By The Government To Issue A Solicitation Or Ultimately Award A Contract, Nor Does It Restrict The Government To An Acquisition Approach. The Government Will In No Way Be Bound To This Information If Any Solicitation Is Issued. Currently A Total Set-aside For Service-disabled Veteran Owned Small Business Firms Is Anticipated Based On The Veterans Administration Requirement With Public Law 109-461, Section 8127 Veterans Benefit Act. However, If Response By Service-disabled Veteran Owned Small Business Firms Proves Inadequate, An Alternate Set-aside Or Full And Open May Be Used. responses To This Notice Shall Be Submitted Via Email To Erika Kobulnicky At Erika.kobulnicky@va.gov. Telephone Responses Will Not Be Accepted. Responses Must Be Received No Later Than Wednesday, February 19, 2025, At 10:00am Cst. If A Solicitation Is Issued It Shall Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately From The Responses To This Sources Sought. Responses To This Sources Sought Notice Are Not A Request To Be Added To A Prospective Bidders List Or To Receive A Copy Of The Solicit. marion, Il Vamc And Ehcc Outpatient Clinic statement Of Work: Scriptpro Eyecon description Of Use: To Be Used At The Marion Va Medical Center Pharmacy And In The Evansville, In Outpatient Clinic this Solicitation Uses A Brand Name Or Equal Description Of The Product Required. This Permits Prospective Contractors To Offer Products Other Than Those Specifically Referenced By Brand Name. All Offers Must Work With Existing Equipment That Has Already Been Purchased And Is Currently In Use At The Station. minimum Technical Specifications: the Scriptpro Dispensing System Must Also Be Assembled Within The Manufactured Country Or Show Significant Proof Of An Internationally Recognized Quality Assurance Program certificate Of Authenticity Will Need To Be Provided the Dispensing System Must Have The Following: safety must Use Barcode Verification To Ensure Accuracy Of Dispensing And Must Work With Scriptpro Label Barcode unit Must Have Means To Track Dispensed Drug Quantities And Contain Image Verification Of Quantities Dispensed. must Come Equipped With Database Of Drug Images For Dispensing Verification. must Include Additional Counting Platters For Penicillin And Sulfa To Avoid Cross Contamination. workflow must Allow For Integration With Scriptpro/vista To Verify Correct Dispensing Quantities. must Fit In Existing Space With A Footprint Of 28 H X 11 W X 17.5 D. must Count With A Count Accuracy Of At Least 99.9%. verification Should Include Easy Work Flow Optics Such As Color Touch Screen. must Include Large Counting Area Of 48 Sq Inches For Larger Quantity Verification. information Technology must Integrate With Current Equipment, Including Scriptpro Dispensing/filling Stations must Interface With Vista, Ups Worldship, And Usps Sendsuite System Platforms. all Equipment Must Be New description quantity sp Eyecon 9430 2 optional/value Added Features: n/a required Interfaces: must Interface With Current Sp Equipment. Must Also Interface With Vista/cprs. delivery Location(s): department Of Veterans Affairs marion Va Medical Center 2401 West Main Street marion, Il 62959-1188 department Of Veterans Affairs evansville Va Healthcare Center 6211 E Waterford Blvd evansville, In 47715 records Management Obligations applicability this Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists.   definitions Federal Record As Defined In 44 U.s.c. § 3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them.   the Term Federal Record: includes [agency] Records.â  does Not Include Personal Materials. applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. may Include Deliverables And Documentation Associated With Deliverables. requirements contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â  in Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â  in Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â  [agency] And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of [agency] Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To [agency]. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. the Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To [agency] Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). the Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And [agency] Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. the Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With [agency] Policy.â  the Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public [agency] Information That Are Not Specifically Tied To Or Authorized By The Contract.â  the Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â  the [agency] Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which [agency] Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. training.  all Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take [agency]-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â  [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â  flow Down Of Requirements To Subcontractors the Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â  violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. general. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. Contractors, Contractor Personnel, Subcontractors And Subcontractor Personnel Will Be Subject To The Same Federal Laws, Regulations, Standards, Va Directives And Handbooks, As Va Personnel Regarding Information And Information System Security And Privacy. va Information Custodial Language. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. the Government Shall Receive Unlimited Rights To Data/intellectual Property First Produced And Delivered In The Performance Of This Contract Or Order (hereinafter Contract ) Unless Expressly Stated Otherwise In This Contract. This Includes All Rights To Source Code And All Documentation Created In Support Thereof. The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. The Primary Clause Used To Define Computer Software License (not Data/intellectual Property First Produced Under This Contractor Or Order) Is Far 52.227-19, Commercial Computer Software License. information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Will Be Used Only For The Purposes Specified In The Service Agreement, Sow, Pws, Pd, And/or Contract. The Contractor Shall Not Use Va Information In Any Other Manner Without Prior Written Approval From A Va Contracting Officer (co). The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. va Information Will Not Be Co-mingled With Any Other Data On The Contractor S Information Systems Or Media Storage Systems. The Contractor Shall Ensure Compliance With Federal And Va Requirements Related To Data Protection, Data Encryption, Physical Data Segregation, Logical Data Segregation, Classification Requirements And Media Sanitization. va Reserves The Right To Conduct Scheduled Or Unscheduled Audits, Assessments, Or Investigations Of Contractor Information Technology (it) Resources To Ensure Information Security Is Compliant With Federal And Va Requirements. The Contractor Shall Provide All Necessary Access To Records (including Electronic And Documentary Materials Related To The Contracts And Subcontracts) And Support (including Access To Contractor And Subcontractor Staff Associated With The Contract) To Va, Va's Office Inspector General (oig),and/or Government Accountability Office (gao) Staff During Periodic Control Assessments, Audits, Or Investigations. the Contractor May Only Use Va Information Within The Terms Of The Contract And Applicable Federal Law, Regulations, And Va Policies. If New Federal Information Security Laws, Regulations Or Va Policies Become Applicable After Execution Of The Contract, The Parties Agree To Negotiate Contract Modification And Adjustment Necessary To Implement The New Laws, Regulations, And/or Policies. the Contractor Shall Not Make Copies Of Va Information Except As Specifically Authorized And Necessary To Perform The Terms Of The Contract. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Shall Be Destroyed In Accordance With Va Directive 6500, Va Cybersecurity Program And Va Information Security Knowledge Service. if A Veterans Health Administration (vha) Contract Is Terminated For Default Or Cause With A Business Associate, The Related Local Business Associate Agreement (baa) Shall Also Be Terminated And Actions Taken In Accordance With Vha Directive 1605.05, Business Associate Agreements. If There Is An Executed National Baa Associated With The Contract, Va Will Determine What Actions Are Appropriate And Notify The Contactor. the Contractor Shall Store And Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools Which Are, At A Minimum, Federal Information Processing Standards (fips) 140-2, Security Requirements For Cryptographic Modules (or Its Successor) Validated And In Conformance With Va Information Security Knowledge Service Requirements. The Contractor Shall Transmit Va Sensitive Information Using Va Approved Transport Layer Security (tls) Configured With Fips Based Cipher Suites In Conformance With National Institute Of Standards And Technology (nist) 800-52, Guidelines For The Selection, Configuration And Use Of Transport Layer Security (tls) Implementations. the Contractor S Firewall And Web Services Security Controls, As Applicable, Shall Meet Or Exceed Va S Minimum Requirements. except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor May Use And Disclose Va Information Only In Two Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction After Notification To Va Co (ii) With Written Approval From The Va Co. The Contractor Shall Refer All Requests For, Demands For Production Of Or Inquiries About, Va Information And Information Systems To The Va Co For Response. notwithstanding The Provision Above, The Contractor Shall Not Release Va Records Protected By Title 38 U.s.c. § 5705, Confidentiality Of Medical Quality- Assurance Records And/or Title 38 U.s.c. § 7332, Confidentiality Of Certain Medical Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse Or Infection With Human Immunodeficiency Virus (hiv). If The Contractor Is In Receipt Of A Court Order Or Other Requests For The Above- Mentioned Information, The Contractor Shall Immediately Refer Such Court Order Or Other Requests To The Va Co For Response. information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract Will Be Protected And Secured In Accordance With Va Directive 6500 And Identity And Access Management (iam) Security Processes Specified In The Va Information Security Knowledge Service. any Data Destruction Done On Behalf Of Va By A Contractor Shall Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management, Va Handbook 6300.1, Records Management Procedures, And Applicable Va Records Control Schedules. the Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Directive 6500 And Nist 800-88, Guidelines For Media Sanitization Prior To Termination Or Completion Of This Contract. If Directed By The Cor/co, The Contractor Shall Return All Federal Records To Va For Disposition. any Media, Such As Paper, Magnetic Tape, Magnetic Disks, Solid State Devices Or Optical Discs That Is Used To Store, Process, Or Access Va Information That Cannot Be Destroyed Shall Be Returned To Va.the Contractor Shall Hold The Appropriate Material Until Otherwise Directed By The Contracting Officer S Representative (cor) Or Co. Items Shall Be Returned Securely Via Va-approved Methods. Va Sensitive Information Must Be Transmitted Utilizing Va-approved Encryption Tools Which Are Validated Under Fips 140-2 (or Its Successor) And Nist 800-52. If Mailed, The Contractor Shall Send Via A Trackable Method (usps, Ups, Fedex, Etc.) And Immediately Provide The Cor/co With The Tracking Information. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Shall Be Sent To The Cor/co Within 30 Business Days Of Termination Of The Contract. all Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used To Store, Process Or Access Va Information Will Not Be Returned To The Contractor At The End Of Lease, Loan, Or Trade-in. Exceptions To This Paragraph Will Only Be Granted With The Written Approval Of The Va Co. access To Va Information And Va Information Systems. This Section applies When Any Person Requires Access To Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract. a Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees And Subcontractors Only To The Extent Necessary To Perform The Services Specified In The Solicitation Or Contract. This Includes Indirect Entities, Both Affiliate Of Contractor/subcontractor And Agent Of Contractor/subcontractor. contractors And Subcontractors Shall Sign The Va Information Security Rule Of Behavior (rob) Before Access Is Provided To Va Information And Information Systems (see Section 4, Training, Below). The Rob Contains The Minimum User Compliance Requirements And Does Not Supersede Any Policies Of Va Facilities Or Other Agency Components Which Provide Higher Levels Of Protection To Va S Information Or Information Systems. Users Who Require Privileged Access Shall Complete The Va Elevated Privilege Access Request Processes Before Privileged Access Is Granted. all Contractors And Subcontractors Working With Va Information Are Subject To The Same Security Investigative And Clearance Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Shall Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office Of Human Resources And Administration/operations, Security And Preparedness (hra/osp) Is Responsible For These Policies And Procedures. Contract Personnel Who Require Access To Classified Information Or Information Systems Shall Have An Appropriate Security Clearance. Verification Of A Security Clearance Shall Be Processed Through The Special Security Officer Located In Hra/osp. Contractors Shall Conform To All Requirements Stated In The National Industrial Security Program Operating Manual (nispom). all Contractors And Subcontractors Shall Comply With Conditions Specified In Vaar 852.204-71(d); Contractor Operations Required To Be In United States. All Contractors And Subcontractors Working With Va Information Must Be Permanently Located Within A Jurisdiction Subject To The Law Of The United States Or Its Territories To The Maximum Extent Feasible. If Services Are Proposed To Be Performed Abroad The Contractor Must State Where All Non-u.s. Services Are Provided. The Contractor Shall Deliver To Va A Detailed Plan Specifically Addressing Communications, Personnel Control, Data Protection And Potential Legal Issues. The Plan Shall Be Approved By The Cor/co In Writing Prior To Access Being Granted. the Contractor Shall Notify The Cor/co In Writing Immediately (no Later Than 24 Hours) After Personnel Separation Or Occurrence Of Other Causes. Causes May Include The Following: contractor/subcontractor Personnel No Longer Has A Need For Access To Va Information Or Va Information Systems. contractor/subcontractor Personnel Are Terminated, Suspended, Or Otherwise Has Their Work On A Va Project Discontinued For Any Reason. contractor Believes Their Own Personnel Or Subcontractor Personnel May Pose A Threat To Their Company S Working Environment Or To Any Company- Owned Property. This Includes Contractor-owned Assets, Buildings, Confidential Data, Customers, Employees, Networks, Systems, Trade Secrets And/or Va Data. any Previously Undisclosed Changes To Contractor/subcontractor Background History Are Brought To Light, Including But Not Limited To Changes To Background Investigation Or Employee Record. contractor/subcontractor Personnel Have Their Authorization To Work In The United States Revoked. agreement By Which Contractor Provides Products And Services To Va Has Either Been Fulfilled Or Terminated, Such That Va Can Cut Off Electronic And/or Physical Access For Contractor Personnel. in Such Cases Of Contract Fulfillment, Termination, Or Other Causes; The Contractor Shall Take The Necessary Measures To Immediately Revoke Access To Va Network, Property, Information, And Information Systems (logical And Physical) By Contractor/subcontractor Personnel. These Measures Include (but Are Not Limited To): Removing And Then Securing Personal Identity Verification (piv) Badges And Piv Interoperable (piv-i) Access Badges, Va-issued Photo Badges, Credentials For Va Facilities And Devices, Va-issued Laptops, And Authentication Tokens. Contractors Shall Notify The Appropriate Va Cor/co Immediately To Initiate Access Removal. contractors/subcontractors Who No Longer Require Va Accesses Will Return Va- Issued Property To Va. This Property Includes (but Is Not Limited To): Documents, Electronic Equipment, Keys, And Parking Passes. Piv And Piv-i Access Badges Shall Be Returned To The Nearest Va Piv Badge Issuance Office. Once They Have Had Access To Va Information, Information Systems, Networks And Va Property In Their Possessions Removed, Contractors Shall Notify The Appropriate Va Cor/co. training. This Entire Section Applies To All Acquisitions Which Include Section 3. all Contractors And Subcontractors Requiring Access To Va Information And Va Information Systems Shall Successfully Complete The Following Before Being Granted Access To Va Information And Its Systems: va Privacy And Information Security Awareness And Rules Of Behavior Course (talent Management System (tms) #10176) Initially And Annually Thereafter. sign And Acknowledge (electronically Through Tms #10176) Understanding Of And Responsibilities For Compliance With The Organizational Rules Of Behavior, Relating To Access To Va Information And Information Systems Initially And Annually Thereafter; And successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Or Information Access [to Be Defined By The Va Program Official And Provided To The Va Co For Inclusion In The Solicitation Document I.e., Any Role- Based Information Security Training]. the Contractor Shall Provide To The Cor/co A Copy Of The Training Certificates And Certification Of Signing The Organizational Rules Of Behavior For Each Applicable Employee Within Five Days Of The Initiation Of The Contract And Annually Thereafter, As Required. failure To Complete The Mandatory Annual Training Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Required Training Is Complete. security Incident Investigation. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. the Contractor, Subcontractor, Their Employees, Or Business Associates Shall Immediately (within One Hour) Report Suspected Security / Privacy Incidents To The Va Oit S Enterprise Service Desk (esd) By Calling (855) 673-4357 (tty: 711). The Esd Is Oit S 24/7/365 Single Point Of Contact For It-related Issues. After Reporting To The Esd, The Contractor, Subcontractor, Their Employees, Or Business Associates Shall, Within One Hour, Provide The Cor/co The Incident Number Received From The Esd. to The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved And The Circumstances Surrounding The Incident, Including The Following: the Date And Time (or Approximation Of) The Security Incident Occurred. the Names Of Individuals Involved (when Applicable). the Physical And Logical (if Applicable) Location Of The Incident. why The Security Incident Took Place (i.e., Catalyst For The Failure). the Amount Of Data Belonging To Va Believed To Have Been Compromised. the Remediation Measures The Contractor Is Taking To Ensure No Future Incidents Of A Similar Nature. after The Contractor Has Provided The Initial Detailed Incident Summary To Va, They Will Continue To Provide Written Updates On Any New And Relevant Circumstances Or Facts They Discover. The Contractor, Subcontractor, And Their Employes Shall Fully Cooperate With Va Or Third-party Entity Performing An Independent Risk Analysis On Behalf Of Va. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. va It Contractors Shall Follow Va Handbook 6500, Risk Management Framework For Va Information Systems Va Information Security Program, And Va Information Security Knowledge Service Guidance For Implementing An Incident Response Plan Or Integrating With An Existing Va Implementation. in Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig, And The Va Office Of Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. the Contractor Shall Comply With Va Handbook 6500.2, Management Of Breaches Involving Sensitive Personal Information, Which Establishes The Breach Management Policies And Assigns Responsibilities For The Oversight, Management And Reporting Procedures Associated With Managing Of Breaches. with Respect To Unsecured Protected Health Information (phi), The Contractor Is Deemed To Have Discovered A Data Breach When The Contractor Knew Or Should Have Known Of Breach Of Such Information. When A Business Associate Is Part Of Vha Contract, Notification To The Covered Entity (vha) Shall Be Made In Accordance With The Executed Baa. if The Contractor Or Any Of Its Agents Fails To Protect Va Sensitive Personal Information Or Otherwise Engages In Conduct Which Results In A Data Breach Involving Any Va Sensitive Personal Information The Contractor/subcontractor Processes Or Maintains Under The Contract; The Contractor Shall Pay Liquidated Damages To The Va As Set Forth In Clause 852.211-76, Liquidated Damages Reimbursement For Data Breach Costs. information System Design And Development. This Entire Section applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (to Include The Subcomponents Of Each) Designed Or Developed For Or On Behalf Of Va By Any Non-va Entity. information Systems Designed Or Developed On Behalf Of Va At Non-va Facilities Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. This Includes Standards For The Protection Of Electronic Protected Health Information (phi), Outlined In 45 C.f.r. Part 164, Subpart C And Information And System Security Categorization Level Designations In Accordance With Fips 199, Standards For Security Categorization Of Federal Information And Information Systems And Fips 200, Minimum Security Requirements For Federal Information Systems. Baseline Security Controls Shall Be Implemented Commensurate With The Fips 199 System Security Categorization (reference Va Handbook 6500 And Va Trusted Internet Connections (tic) Architecture). contracted New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Va Assessment And Authorization (a&a) Processes In Va Handbook 6500 And Va Information Security Knowledge Service To Obtain An Authority To Operate (ato). Va Directive 6517, Risk Management Framework For Cloud Computing Services, Provides The Security And Privacy Requirements For Cloud Environments. va It Contractors, Subcontractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500, Va Handbook 6517, Risk Management Framework For Cloud Computing Services And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co To Identify The Va Organization Responsible For Governance Or Resolution. Contractors Shall Comply With Far 39.1, Specifically The Prohibitions Referenced. the Contractor (including Producers And Resellers) Shall Comply With Office Of Management And Budget (omb) M-22-18 And M-23-16 When Using Third-party Software On Va Information Systems Or Otherwise Affecting The Va Information. This Includes New Software Purchases And Software Renewals For Software Developed Or Modified By Major Version Change After The Issuance Date Of M- 22-18 (september 14, 2022). The Term Software Includes Firmware, Operating Systems, Applications And Application Services (e.g., Cloud-based Software), As Well As Products Containing Software. The Contractor Shall Provide A Self- Attestation That Secure Software Development Practices Are Utilized As Outlined By Executive Order (eo)14028 And Nist Guidance. A Third-party Assessment Provided By Either A Certified Federal Risk And Authorization Management Program (fedramp) Third Party Assessor Organization (3pao) Or One Approved By The Agency Will Be Acceptable In Lieu Of A Software Producer's Self- Attestation. the Contractor Shall Ensure All Delivered Applications, Systems And Information Systems Are Compliant With Homeland Security Presidential Directive (hspd) 12 And Va Identity And Access Management (iam) Enterprise Identity Management Requirements As Set Forth In Omb M-19-17, M-05-24, Fips 201-3, Personal Identity Verification (piv) Of Federal Employees And Contractors (or Its Successor), M-21-31 And Supporting Nist Guidance. This Applies To Commercial Off-the-shelf (cots) Product(s) That The Contractor Did Not Develop, All Software Configurations And All Customizations. the Contractor Shall Ensure All Contractor Delivered Applications And Systems Provide User Authentication Services Compliant With Va Handbook 6500, Va Information Security Knowledge Service, Iam Enterprise Requirements And Nist 800-63, Digital Identity Guidelines, For Direct, Assertion-based Authentication And/or Trust-based Authentication, As Determined By The Design And Integration Patterns. Direct Authentication At A Minimum Must Include Public Key Infrastructure (pki) Based Authentication Supportive Of Piv And/or Common Access Card (cac), As Determined By The Business Need And Compliance With Va Information Security Knowledge Service Specifications. the Contractor Shall Use Va Authorized Technical Security Baseline Configurations And Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems In Compliance With Va Baselines Prior To Acceptance Or Connection Into An Authorized Va Computing Environment. If The Defense Information Systems Agency (disa) Has Created A Security Technical Implementation Guide (stig) For The Technology, The Contractor May Configure To Comply With That Stig. If Va Determines A New Or Updated Va Configuration Baseline Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Far 39.1 Requires The Population Of Operating Systems And Applications Includes All Listed On The Nist National Checklist Program Checklist Repository. the Standard Installation, Operation, Maintenance, Updating And Patching Of Software Shall Not Alter The Configuration Settings From Va Approved Baseline Configuration. Software Developed For Va Must Be Compatible With Va Enterprise Installer Services And Install To The Default Program Files Directory With Silently Install And Uninstall. The Contractor Shall Perform Testing Of All Updates And Patching Prior To Implementation On Va Systems. applications Designed For Normal End Users Will Run In The Standard User Context Without Elevated System Administration Privileges. the Contractor-delivered Solutions Shall Reside On Va Approved Operating Systems. Exceptions To This Will Only Be Granted With The Written Approval Of The Cor/co. the Contractor Shall Design, Develop, And Implement Security And Privacy Controls In Accordance With The Provisions Of Va Security System Development Life Cycle Outlined In Nist 800-37, Risk Management Framework For Information Systems And Organizations: A System Life Cycle Approach For Security And Privacy, Va Directive And Handbook 6500, And Va Handbook 6517. the Contractor Shall Comply With The Privacy Act Of1974 (the Act), Far 52.224- 2 Privacy Act, And Va Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish A Va Function. the Contractor Shall Ensure The Security Of All Procured Or Developed Information Systems, Systems, Major Applications, Minor Applications, Enclaves And Platform Information Technologies, Including Their Subcomponents (hereinafter Referred To As Information Systems ) Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes Security Configurations, Workarounds, Patches, Hotfixes, Upgrades, Replacements And Any Physical Components Which May Be Necessary To Remediate All Security Vulnerabilities Published Or Known To The Contractor Anywhere In The Information Systems (including Systems, Operating Systems, Products, Hardware, Software, Applications And Firmware). The Contractor Shall Ensure Security Fixes Do Not Negatively Impact The Information Systems. when The Contractor Is Responsible For Operations Or Maintenance Of The Systems, The Contractor Shall Apply The Security Fixes Within The Timeframe Specified By The Associated Controls On The Va Information Security Knowledge Service. When Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Contractor Shall Provide Written Notice To The Va Cor/co That The Patch Has Been Validated As To Not Affecting The Systems Within 10 Business Days. information System Hosting, Operation, Maintenance Or Use. this Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (cloud And Non- Cloud) Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. the Contractor Shall Comply With All Federal Laws, Regulations, And Va Policies For Information Systems (cloud And Non-cloud) That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. Security Controls For Collecting, Processing, Transmitting, And Storing Of Va Sensitive Information, Must Be In Place. The Controls Will Be Tested By Va Or A Va Sanctioned 3pao And Approved By Va Prior To Hosting, Operation, Maintenance Or Use Of The Information System Or Systems By Or On Behalf Of Va. This Includes Conducting Compliance Risk Assessments, Security Architecture Analysis, Routine Vulnerability Scanning, System Patching, Change Management Procedures And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Shall Be The Same As Procedures Used To Secure Va-operated Information Systems. outsourcing (contractor Facility, Equipment, Or Staff) Of Systems Or Network Operations, Telecommunications Services Or Other Managed Services Require Assessment And Authorization (a&a) Of The Contractor S Systems In Accordance With Va Handbook 6500 As Specified In Va Information Security Knowledge Service. Major Changes To The A&a Package May Require Reviewing And Updating All The Documentation Associated With The Change. The Contractor S Cloud Computing Systems Shall Comply With Fedramp And Va Directive 6517 Requirements. the Contractor Shall Return All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) On Non-va Leased Or Non-va Owned It Equipment Used To Store, Process Or Access Va Information To Va In Accordance With A&a Package Requirements. This Applies When The Contract Is Terminated Or Completed And Prior To Disposal Of Media. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Information Security Knowledge Service Requirements And Nist 800-88. The Contractor Shall Send A Self-certification That The Data Destruction Requirements Above Have Been Met To The Cor/co Within 30 Business Days Of Termination Of The Contract. all External Internet Connections To Va Network Involving Va Information Must Be In Accordance With Va Trusted Internet Connection (tic) Reference Architecture And Va Directive And Handbook 6513, Secure External Connections And Reviewed And Approved By Va Prior To Implementation. Government-owned Contractor-operated Systems, Third Party Or Business Partner Networks Require A Memorandum Of Understanding (mou) And Interconnection Security Agreements (isa). contractor Procedures Shall Be Subject To Periodic, Announced, Or Unannounced Assessments By Va Officials, The Oig Or A 3pao. The Physical Security Aspects Associated With Contractor Activities Are Also Subject To Such Assessments. The Contractor Shall Report, In Writing, Any Deficiencies Noted During The Above Assessment To The Va Cor/co. The Contractor Shall Use Va S Defined Processes To Document Planned Remedial Actions That Address Identified Deficiencies In Information Security Policies, Procedures, And Practices. The Contractor Shall Correct Security Deficiencies Within The Timeframes Specified In The Va Information Security Knowledge Service. all Major Information System Changes Which Occur In The Production Environment Shall Be Reviewed By The Va To Determine The Impact On Privacy And Security Of The System. Based On The Review Results, Updates To The Authority To Operate (ato) Documentation And Parameters May Be Required To Remain In Compliance With Va Handbook 6500 And Va Information Security Knowledge Service Requirements. the Contractor Shall Conduct An Annual Privacy And Security Self-assessment On All Information Systems And Outsourced Services As Required. Copies Of The Assessment Shall Be Provided To The Cor/co. The Va/government Reserves The Right To Conduct Assessment Using Government Personnel Or A Third-party If Deemed Necessary. The Contractor Shall Correct Or Mitigate Any Weaknesses Discovered During The Assessment. va Prohibits The Installation And Use Of Personally Owned Or Contractor-owned Equipment Or Software On Va Information Systems. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Pws, Pd Or Contract. All Security Controls Required For Government Furnished Equipment Must Be Utilized In Va Approved Other Equipment (oe). Configuration Changes To The Contractor Oe, Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Use A Va-approved Antivirus Software And A Personal (host-based Or Enclave Based) Firewall With A Va-approved Configuration. The Contractor Shall Ensure Software On Oe Is Kept Current With All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-virus Software And The Firewall On The Non-va Owned Oe. Approved Contractor Oe Will Be Subject To Technical Inspection At Any Time. the Contractor Shall Notify The Cor/co Within One Hour Of Disclosure Or Successful Exploits Of Any Vulnerability Which Can Compromise The Confidentiality, Integrity, Or Availability Of The Information Systems. The System Or Effected Component(s) Need(s) To Be Isolated From The Network. A Forensic Analysis Needs To Be Conducted Jointly With Va. Such Issues Will Be Remediated As Quickly As Practicable, But In No Event Longer Than The Timeframe Specified By Va Information Security Knowledge Service. If Sensitive Personal Information Is Compromised Reference Va Handbook 6500.2 And Section 5, Security Incident Investigation. for Cases Wherein The Contractor Discovers Material Defects Or Vulnerabilities Impacting Products And Services They Provide To Va, The Contractor Shall Develop And Implement Policies And Procedures For Disclosure To Va, As Well As Remediation. The Contractor Shall, Within 30 Business Days Of Discovery, Document A Summary Of These Vulnerabilities Or Defects. The Documentation Will Include A Description Of The Potential Impact Of Each Vulnerability And Material Defect, Compensating Security Controls, Mitigations, Recommended Corrective Actions, Fbonotice Cause Analysis And/or Workarounds (i.e., Monitoring). Should There Exist Any Backdoors In The Products Or Services They Provide To Va (referring To Methods For Bypassing Computer Authentication), The Contractor Shall Provide The Va Co/co Written Assurance They Have Permanently Remediated These Backdoors. all Other Vulnerabilities, Including Those Discovered Through Routine Scans Or Other Assessments, Will Be Remediated Based On Risk, In Accordance With The Remediation Timelines Specified By The Va Information Security Knowledge Service And/or The Applicable Timeframe Mandated By Cybersecurity & Infrastructure Security Agency (cisa) Binding Operational Directive (bod) 22- 01 And Bod 19-02 For Internet-accessible Systems. Exceptions To This Paragraph Will Only Be Granted With The Approval Of The Cor/co. security And Privacy Controls Compliance Testing, Assessment and Auditing. This Entire Section Applies Whenever Section 6 Or 7 Is Included. should Va Request It, The Contractor Shall Provide A Copy Of Their (corporation S, Sole Proprietorship S, Partnership S, Limited Liability Company (llc), Or Other Business Structure Entity S) Policies, Procedures, Evidence And Independent Report Summaries Related To Specified Cybersecurity Frameworks (international Organization For Standardization (iso), Nist Cybersecurity Framework (csf), Etc.). Va Or Its Third-party/partner Designee (if Applicable) Are Further Entitled To Perform Their Own Audits And Security/penetration Tests Of The Contractor S It Or Systems And Controls, To Ascertain Whether The Contractor Is Complying With The Information Security, Network Or System Requirements Mandated In The Agreement Between Va And The Contractor. any Audits Or Tests Of The Contractor Or Third-party Designees/partner Va Elects To Carry Out Will Commence Within 30 Business Days Of Va Notification. Such Audits, Tests And Assessments May Include The Following: (a): Security/penetration Tests Which Both Sides Agree Will Not Unduly Impact Contractor Operations; (b): Interviews With Pertinent Stakeholders And Practitioners; (c): Document Review; And (d): Technical Inspections Of Networks And Systems The Contractor Uses To Destroy, Maintain, Receive, Retain, Or Use Va Information. as Part Of These Audits, Tests And Assessments, The Contractor Shall Provide All Information Requested By Va. This Information Includes, But Is Not Limited To, The Following: Equipment Lists, Network Or Infrastructure Diagrams, Relevant Policy Documents, System Logs Or Details On Information Systems Accessing, Transporting, Or Processing Va Data. the Contractor And At Its Own Expense, Shall Comply With Any Recommendations Resulting From Va Audits, Inspections And Tests. Va Further Retains The Right To View Any Related Security Reports The Contractor Has Generated As Part Of Its Own Security Assessment. The Contractor Shall Also Notify Va Of The Existence Of Any Such Security Reports Or Other Related Assessments, Upon Completion And Validation. va Appointed Auditors Or Other Government Agency Partners May Be Granted Access To Such Documentation On A Need-to-know Basis And Coordinated Through The Cor/co. The Contractor Shall Comply With Recommendations Which Result From These Regulatory Assessments On The Part Of Va Regulators And Associated Government Agency Partners. product Integrity, Authenticity, Provenance, Anti-counterfeit and Anti-tampering. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. the Contractor Shall Comply With Code Of Federal Regulations (cfr) Title 15 Part 7, Securing The Information And Communications Technology And Services (icts) Supply Chain , Which Prohibits Icts Transactions From Foreign Adversaries. Icts Transactions Are Defined As Any Acquisition, Importation, Transfer, Installation, Dealing In Or Use Of Any Information And Communications Technology Or Service, Including Ongoing Activities, Such As Managed Services, Data Transmission, Software Updates, Repairs Or The Platforming Or Data Hosting Of Applications For Consumer Download. when Contracting Terms Require The Contractor To Procure Equipment, The Contractor Shall Purchase Or Acquire The Equipment From An Original Equipment Manufacturer (oem) Or An Authorized Reseller Of The Oem. The Contractor Shall Attest That Equipment Procured From An Oem Or Authorized Reseller Or Distributor Are Authentic. If Procurement Is Unavailable From An Oem Or Authorized Reseller, The Contractor Shall Submit In Writing, Details Of The Circumstances Prohibiting This From Happening And Procure A Product Waiver From The Va Cor/co. all Contractors Shall Establish, Implement, And Provide Documentation For Risk Management Practices For Supply Chain Delivery Of Hardware, Software (to Include Patches) And Firmware Provided Under This Agreement. Documentation Will Include Chain Of Custody Practices, Inventory Management Program, Information Protection Practices, Integrity Management Program For Sub-supplier Provided Components, And Replacement Parts Requests. The Contractor Shall Make Spare Parts Available. All Contractor(s) Shall Specify How Digital Delivery For Procured Products, Including Patches, Will Be Validated And Monitored To Ensure Consistent Delivery. The Contractor Shall Apply Encryption Technology To Protect Procured Products Throughout The Delivery Process. if A Contractor Provides Software Or Patches To Va, The Contractor Shall Publish Or Provide A Hash Conforming To The Fips Security Requirements For Cryptographic Modules (fips 140-2 Or Successor). the Contractor Shall Provide A Software Bill Of Materials (sbom) For Procured (to Include Licensed Products) And Consist Of A List Of Components And Associated Metadata Which Make Up The Product. Sboms Must Be Generated In One Of The Data Formats Defined In The National Telecommunications And Information Administration (ntia) Report The Minimum Elements For A Software Bill Of Materials (sbom). contractors Shall Use Or Arrange For The Use Of Trusted Channels To Ship Procured Products, Such As U.s. Registered Mail And/or Tamper-evident Packaging For Physical Deliveries. throughout The Delivery Process, The Contractor Shall Demonstrate A Capability For Detecting Unauthorized Access (tampering). the Contractor Shall Demonstrate Chain-of-custody Documentation For Procured Products And Require Tamper-evident Packaging For The Delivery Of This Hardware. viruses, Firmware And Malware. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. the Contractor Shall Execute Due Diligence To Ensure All Provided Software And Patches, Including Third-party Patches, Are Free Of Viruses And/or Malware Before Releasing Them To Or Installing Them On Va Information Systems. the Contractor Warrants It Has No Knowledge Of And Did Not Insert, Any Malicious Virus And/or Malware Code Into Any Software Or Patches Provided To Va Which Could Potentially Harm Or Disrupt Va Information Systems. The Contractor Shall Use Due Diligence, If Supplying Third-party Software Or Patches, To Ensure The Third-party Has Not Inserted Any Malicious Code And/or Virus Which Could Damage Or Disrupt Va Information Systems. the Contractor Shall Provide Or Arrange For The Provision Of Technical Justification As To Why Any False Positive Hit Has Taken Place To Ensure Their Code S Supply Chain Has Not Been Compromised. Justification May Be Required, But Is Not Limited To, When Install Files, Scripts, Firmware, Or Other Contractor-delivered Software Solutions (including Third-party Install Files, Scripts, Firmware, Or Other Software) Are Flagged As Malicious, Infected, Or Suspicious By An Anti-virus Vendor. the Contractor Shall Not Upload (intentionally Or Negligently) Any Virus, Worm, Malware Or Any Harmful Or Malicious Content, Component And/or Corrupted Data/source Code (hereinafter Virus Or Other Malware ) Onto Va Computer And Information Systems And/or Networks. If Introduced (and This Clause Is Violated), Upon Written Request From The Va Co, The Contractor Shall: take All Necessary Action To Correct The Incident, To Include Any And All Assistance To Va To Eliminate The Virus Or Other Malware Throughout Va S Information Networks, Computer Systems And Information Systems; And use Commercially Reasonable Efforts To Restore Operational Efficiency And Remediate Damages Due To Data Loss Or Data Integrity Damage, If The Virus Or Other Malware Causes A Loss Of Operational Efficiency, Data Loss, Or Damage To Data Integrity. cryptographic Requirement. This Entire Section Applies Whenever The Acquisition Includes Section 6 Or 7 Is Included. the Contractor Shall Document How The Cryptographic System Supporting The Contractor S Products And/or Services Protect The Confidentiality, Data Integrity, Authentication And Non-repudiation Of Devices And Data Flows In The Underlying System. the Contractor Shall Use Only Approved Cryptographic Methods As Defined In Fips 140-2 (or Its Successor) And Nist 800-52 Standards When Enabling Encryption On Its Products. the Contractor Shall Provide Or Arrange For The Provision Of An Automated Remote Key-establishment Method Which Protects The Confidentiality And Integrity Of The Cryptographic Keys. the Contractor Shall Ensure Emergency Re-keying Of All Devices Can Be Remotely Performed Within 30 Business Days. the Contractor Shall Provide Or Arrange For The Provision Of A Method For Updating Cryptographic Primitives Or Algorithms. patching Governance. This Entire Section Applies Whenever The Acquisition Includes Section 7 Is Included the Contractor Shall Provide Documentation Detailing The Patch Management, Vulnerability Management, Mitigation And Update Processes (to Include Third- Party) Prior To The Connection Of Electronic Devices, Assets Or Equipment To Va S Assets. This Documentation Will Include Information Regarding The Follow: the Resources And Technical Capabilities To Sustain The Program Or Process (e.g., How The Integrity Of A Patch Is Validated By Va); And the Approach And Capability To Remediate Newly Reported Zero-day Vulnerabilities For Contractor Products. the Contractor Shall Verify And Provide Documentation All Procured Products (including Third-party Applications, Hardware, Software, Operating Systems, And Firmware) Have Appropriate Updates And Patches Installed Prior To Delivery To Va. the Contractor Shall Provide Or Arrange The Provision Of Appropriate Software And Firmware Updates To Remediate Newly Discovered Vulnerabilities Or Weaknesses For Their Products And Services Within 30 Days Of Discovery. Updates To Remediate Critical Or Emergent Vulnerabilities Will Be Provided Within Seven Business Days Of Discovery. If Updates Cannot Be Made Available By Contractor Within These Time Periods, The Contractor Shall Submit Mitigations, Methods Of Exploit Detection And/or Workarounds To The Cor/co Prior To The Above Deadlines. the Contractor Shall Provide Or Arrange For The Provision Of Appropriate Hardware, Software And/or Firmware Updates, When Those Products, Including Open-source Software, Are Provided To The Va, To Remediate Newly Discovered Vulnerabilities Or Weaknesses. Remediations Of Products Or Services Provided To The Va S System Environment Must Be Provided Within 30 Business Days Of Availability From The Original Supplier And/or Patching Source. Updates Toremediate Critical Vulnerabilities Applicable To The Contractor S Use Of The Third- Party Product In Its System Environment Will Be Provided Within Seven Business Days Of Availability From The Original Supplier And/or Patching Source. If Applicable Third-party Updates Cannot Be Integrated, Tested And Made Available By Contractor Within These Time Periods, Mitigations And/or Workarounds Will Be Provided To The Cor/co Before The Above Deadlines. specialized Devices/systems (medical Devices, Special Purpose systems, Research Scientific Computing). This Entire Section Applies When The Acquisition Includes One Or More Medical Device, Special Purpose System Or Research Scientific Computing Device. If Appropriate, Ensure Selected Clauses From Section 6 Or 7 And 8 Through 12 Are Included. contractor Supplies/delivered Medical Devices, Special Purpose Systems- Operational Technology (sps-ot) And Research Scientific Computing Devices Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Processes Specified On The Specialized Device Cybersecurity Department Enterprise Risk Management (sdcd-erm) Portal, Va Directive 6550, Pre-procurement Assessment And Implementation Of Medical Devices/systems, Va Handbook 6500, And The Va Information Security Knowledge Service. Deviations From Federal Law, Regulations, And Va Policy Are Identified And Documented As Part Of Va Directive 6550 And/or The Va Enterprise Risk Analysis (era) Processes For Specialized Devices/systems Processes. all Contractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500 And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co For Governance Or Resolution. the Contractor Shall Certify To The Cor/co That Devices/systems That Have Completed The Va Enterprise Risk Analysis (era) Process For Specialized Devices/systems Are Fully Functional And Operate Correctly As Intended. Devices/systems Must Follow The Va Era Authorized Configuration Prior To Acquisition And Connection To The Va Computing Environment. If Va Determines A New Va Era Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Major Changes To A Previously Approved Device/system Will Require A New Era. the Contractor Shall Comply With All Practices Documented By The Food Drug And Administration (fda) Premarket Submission For Management Of Cybersecurity In Medical Devices And Postmarket Management Of Cybersecurity In Medical Devices. the Contractor Shall Design Devices Capable Of Accepting All Applicable Security Patches With Or Without The Support Of The Contractor Personnel. If Patching Can Only Be Completed By The Contractor, The Contractor Shall Commit The Resources Needed To Patch All Applicable Devices At All Va Locations. If Unique Patching Instructions Or Packaging Is Needed, The Contractor Shall Provide The Necessary Information In Conjunction With The Validation/testing Of The Patch. The Contractor Shall Apply Security Patches Within 30 Business Days Of The Patch Release And Have A Formal Tracking Process For Any Security Patches Not Implemented To Include Explanation When A Device Cannot Be Patched. the Contractor Shall Provide Devices Able To Install And Maintain Va-approved Antivirus Capabilities With The Capability To Quarantine Files And Be Updated As Needed In Response To Incidents. Alternatively, A Va-approved Whitelisting Application May Be Used When The Contractor Cannot Install An Anti-virus / Anti- Malware Application. the Contractor Shall Verify And Document All Software Embedded Within The Device Does Not Contain Any Known Viruses Or Malware Before Delivery To Or Installation At A Va Location. devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Solid State, And Storage Via Chips/firmware) With Va Sensitive information Will Be Returned To The Contractor With Media Removed. When The Contract Requires Return Of Equipment, The Options Available To The Contractor Are The Following: the Contractor Shall Accept The System Without The Drive, Firmware And Solid State. va S Initial Device Purchase Includes A Spare Drive Or Other Replacement Media Which Must Be Installed In Place Of The Original Drive At Time Of Turn- In; Or due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With The Device, If It Is Not Possible For Va To Retain The Hard Drive, Firmware, And Solid State, Then: the Equipment Contractor Shall Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact. any Fixed Hard Drive, Complementary Metal-oxide-semiconductor (cmos), Programmable Read-only Memory (prom), Solid State And Firmware On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Solicitation, Contract, Or Order. data Center Provisions. This Entire Section Applies Whenever The Acquisition Requires An Interconnection To/from The Va Network To/from A Non-va Location. the Contractor Shall Ensure The Va Network Is Accessed By In Accordance With Va Directive 6500 And Iam Security Processes Specified In The Va Information Security Knowledge Service. the Contractor Shall Ensure Network Infrastructure And Data Availability In Accordance With Va Information System Business Continuity Procedures Specified In The Va Information Security Knowledge Service. the Contractor Shall Ensure Any Connections To The Internet Or Other External Networks For Information Systems Occur Through Managed Interfaces Utilizing Va Approved Boundary Protection Devices (e.g., Internet Proxies, Gateways, Routers, Firewalls, Guards Or Encrypted Tunnels). the Contractor Shall Encrypt All Traffic Across The Segment Of The Wide Area Network (wan) It Manages And No Unencrypted Out Of Band (oob) Internet Protocol (ip) Traffic Will Traverse The Network. the Contractor Shall Ensure Tunnel Endpoints Are Routable Addresses At Each Va Operating Site. the Contractor Shall Secure Access From Local Area Networks (lans) At Co- Located Sites In Accordance With Va Tic Reference Architecture, Va Directive And Handbook 6513, And Mou/isa Process Specified In The Va Information Security Knowledge Service.

Details: This Sources Sought Notice Is For Planning Purposes Only And Shall Not Be Considered As An Invitation For Bid, Request For Quotation, Request For Proposal, Or As An Obligation On The Part Of The Government To Acquire Any Products And/or Services. Your Response To This Sources Sought Notice Will Be Treated As Information Only. No Entitlement To Payment Of Direct Or Indirect Costs Or Charges By The Government Will Arise Because Of Contractor Submission Of Responses To This Announcement Or The Government Use Of Such Information. This Request Does Not Constitute A Solicitation For Proposals Or The Authority To Enter Negotiations To Award A Contract. No Funds Have Been Authorized, Appropriated, Or Received For This Effort. The Information Provided May Be Used By The Department Of Veterans Affairs In Developing Its Acquisition Approach, Statement Of Work/statement Of Objectives And Performance Specifications. Interested Parties Are Responsible For Adequately Marking Proprietary Or Competition Sensitive Information Contained In Their Response. The Government Does Not Intend To Award A Contract Based On This Sources Sought Notice Or To Otherwise Pay For The Information Submitted In Response To This Sources Sought Notice. The Submission Of Pricing, Capabilities For Planning Purposes, And Other Market Information Is Highly Encouraged And Allowed Under This Sources Sought Notice In Accordance With (iaw) Far Part 15.201(e) The Purpose Of This Sources Sought Notice Announcement Is For Market Research To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Potential Qualified Service-disabled Veteran Owned Small Businesses, Veteran Owned Small Businesses, 8(a), Hubzone And Other Small Businesses Interested And Capable Of Providing The Products And/or Services Described Below. Documentation Of Technical Expertise Must Be Presented In Sufficient Detail For The Government To Determine That Your Company Possesses The Necessary Functional Area Expertise And Experience To Compete For This Acquisition. Responses To This Notice Shall Include The Following: (a) Company Name; (b) Address; (c) Point Of Contact; (d) Phone, Fax, And Email; (e) Uei Number; (f) Cage Code; (g) Tax Id Number; (h) Type Of Small Business, E.g., Services Disabled Veteran Owned Small Business, Veteran Owned Small Business, 8(a), Hubzone, Women Owned Small Business, Small Disadvantaged Business, Or Small Business Hubzone Business, Etc (i) State If Your Business Has An Fss Contract With Gsa, Va Nac, Nasa Sewp, Or Any Other Federal Contract, That Can Be Utilized To Procure The Requirement Listed Below And Provide The Contract Number; And (j) Must Provide A Capability Statement That Addresses The Organization S Qualifications And Ability To Perform As A Contractor For The Work Described Below. Requirement: The Va Heartland Network 15 Contracting Office Located At 3450 South 4th Street, Leavenworth, Ks, 66048-5055 Is Seeking A Potential Qualified Contractor To Provide Scriptpro Eyecon 9430 Pill Dispensing System For The Marion Va Medical Center, Located In Marion, Illinois, And The Evansville Health Care Center, Located In Evansville, Indiana. This Is A Brand Name Or Equal Requirement. Please See The Statement Of Work For More Specifics And Details. The North American Industry Classification System Code (naics Code) Is 339112 Surgical And Medical Instrument Manufacturing, Size Standard 1,000 Employees. Based On This Information, Please Indicate Whether Your Company Would Be A Large Or Small Business And Have A Socio-economic Designation As A Small Business, Vosb Or Sdvosb. Important Information: The Government Is Not Obligated To, Nor Will It Pay For Or Reimburse Any Costs Associated With Responding To This Source Sought Synopsis Request. This Notice Shall Not Be Construed As A Commitment By The Government To Issue A Solicitation Or Ultimately Award A Contract, Nor Does It Restrict The Government To An Acquisition Approach. The Government Will In No Way Be Bound To This Information If Any Solicitation Is Issued. Currently A Total Set-aside For Service-disabled Veteran Owned Small Business Firms Is Anticipated Based On The Veterans Administration Requirement With Public Law 109-461, Section 8127 Veterans Benefit Act. However, If Response By Service-disabled Veteran Owned Small Business Firms Proves Inadequate, An Alternate Set-aside Or Full And Open May Be Used. Responses To This Notice Shall Be Submitted Via Email To Erika Kobulnicky At Erika.kobulnicky@va.gov. Telephone Responses Will Not Be Accepted. Responses Must Be Received No Later Than Wednesday, February 19, 2025, At 10:00am Cst. If A Solicitation Is Issued It Shall Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately From The Responses To This Sources Sought. Responses To This Sources Sought Notice Are Not A Request To Be Added To A Prospective Bidders List Or To Receive A Copy Of The Solicit. Marion, Il Vamc And Ehcc Outpatient Clinic Statement Of Work: Scriptpro Eyecon Description Of Use: To Be Used At The Marion Va Medical Center Pharmacy And In The Evansville, In Outpatient Clinic This Solicitation Uses A Brand Name Or Equal Description Of The Product Required. This Permits Prospective Contractors To Offer Products Other Than Those Specifically Referenced By Brand Name. All Offers Must Work With Existing Equipment That Has Already Been Purchased And Is Currently In Use At The Station. Minimum Technical Specifications: The Scriptpro Dispensing System Must Also Be Assembled Within The Manufactured Country Or Show Significant Proof Of An Internationally Recognized Quality Assurance Program Certificate Of Authenticity Will Need To Be Provided The Dispensing System Must Have The Following: Safety Must Use Barcode Verification To Ensure Accuracy Of Dispensing And Must Work With Scriptpro Label Barcode Unit Must Have Means To Track Dispensed Drug Quantities And Contain Image Verification Of Quantities Dispensed. Must Come Equipped With Database Of Drug Images For Dispensing Verification. Must Include Additional Counting Platters For Penicillin And Sulfa To Avoid Cross Contamination. Workflow Must Allow For Integration With Scriptpro/vista To Verify Correct Dispensing Quantities. Must Fit In Existing Space With A Footprint Of 28 H X 11 W X 17.5 D. Must Count With A Count Accuracy Of At Least 99.9%. Verification Should Include Easy Work Flow Optics Such As Color Touch Screen. Must Include Large Counting Area Of 48 Sq Inches For Larger Quantity Verification. Information Technology Must Integrate With Current Equipment, Including Scriptpro Dispensing/filling Stations Must Interface With Vista, Ups Worldship, And Usps Sendsuite System Platforms. All Equipment Must Be New Description Quantity Sp Eyecon 9430 2 Optional/value Added Features: N/a Required Interfaces: Must Interface With Current Sp Equipment. Must Also Interface With Vista/cprs. Delivery Location(s): Department Of Veterans Affairs Marion Va Medical Center 2401 West Main Street Marion, Il 62959-1188 Department Of Veterans Affairs Evansville Va Healthcare Center 6211 E Waterford Blvd Evansville, In 47715 Records Management Obligations Applicability This Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists. â Definitions Federal Record As Defined In 44 U.s.c. ⧠3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them. â The Term Federal Record: Includes [agency] Records.â Does Not Include Personal Materials. Applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. May Include Deliverables And Documentation Associated With Deliverables. Requirements Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â [agency] And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of [agency] Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To [agency]. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To [agency] Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And [agency] Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With [agency] Policy.â The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public [agency] Information That Are Not Specifically Tied To Or Authorized By The Contract.â The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â The [agency] Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which [agency] Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. Training. âall Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take [agency]-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â Flow Down Of Requirements To Subcontractors The Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â Violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. General. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. Contractors, Contractor Personnel, Subcontractors And Subcontractor Personnel Will Be Subject To The Same Federal Laws, Regulations, Standards, Va Directives And Handbooks, As Va Personnel Regarding Information And Information System Security And Privacy. Va Information Custodial Language. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Government Shall Receive Unlimited Rights To Data/intellectual Property First Produced And Delivered In The Performance Of This Contract Or Order (hereinafter Contract ) Unless Expressly Stated Otherwise In This Contract. This Includes All Rights To Source Code And All Documentation Created In Support Thereof. The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. The Primary Clause Used To Define Computer Software License (not Data/intellectual Property First Produced Under This Contractor Or Order) Is Far 52.227-19, Commercial Computer Software License. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Will Be Used Only For The Purposes Specified In The Service Agreement, Sow, Pws, Pd, And/or Contract. The Contractor Shall Not Use Va Information In Any Other Manner Without Prior Written Approval From A Va Contracting Officer (co). The Primary Clause Used To Define Government And Contractor Data Rights Is Far 52.227-14 Rights In Data General. Va Information Will Not Be Co-mingled With Any Other Data On The Contractor S Information Systems Or Media Storage Systems. The Contractor Shall Ensure Compliance With Federal And Va Requirements Related To Data Protection, Data Encryption, Physical Data Segregation, Logical Data Segregation, Classification Requirements And Media Sanitization. Va Reserves The Right To Conduct Scheduled Or Unscheduled Audits, Assessments, Or Investigations Of Contractor Information Technology (it) Resources To Ensure Information Security Is Compliant With Federal And Va Requirements. The Contractor Shall Provide All Necessary Access To Records (including Electronic And Documentary Materials Related To The Contracts And Subcontracts) And Support (including Access To Contractor And Subcontractor Staff Associated With The Contract) To Va, Va's Office Inspector General (oig),and/or Government Accountability Office (gao) Staff During Periodic Control Assessments, Audits, Or Investigations. The Contractor May Only Use Va Information Within The Terms Of The Contract And Applicable Federal Law, Regulations, And Va Policies. If New Federal Information Security Laws, Regulations Or Va Policies Become Applicable After Execution Of The Contract, The Parties Agree To Negotiate Contract Modification And Adjustment Necessary To Implement The New Laws, Regulations, And/or Policies. The Contractor Shall Not Make Copies Of Va Information Except As Specifically Authorized And Necessary To Perform The Terms Of The Contract. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Shall Be Destroyed In Accordance With Va Directive 6500, Va Cybersecurity Program And Va Information Security Knowledge Service. If A Veterans Health Administration (vha) Contract Is Terminated For Default Or Cause With A Business Associate, The Related Local Business Associate Agreement (baa) Shall Also Be Terminated And Actions Taken In Accordance With Vha Directive 1605.05, Business Associate Agreements. If There Is An Executed National Baa Associated With The Contract, Va Will Determine What Actions Are Appropriate And Notify The Contactor. The Contractor Shall Store And Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools Which Are, At A Minimum, Federal Information Processing Standards (fips) 140-2, Security Requirements For Cryptographic Modules (or Its Successor) Validated And In Conformance With Va Information Security Knowledge Service Requirements. The Contractor Shall Transmit Va Sensitive Information Using Va Approved Transport Layer Security (tls) Configured With Fips Based Cipher Suites In Conformance With National Institute Of Standards And Technology (nist) 800-52, Guidelines For The Selection, Configuration And Use Of Transport Layer Security (tls) Implementations. The Contractor S Firewall And Web Services Security Controls, As Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor May Use And Disclose Va Information Only In Two Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction After Notification To Va Co (ii) With Written Approval From The Va Co. The Contractor Shall Refer All Requests For, Demands For Production Of Or Inquiries About, Va Information And Information Systems To The Va Co For Response. Notwithstanding The Provision Above, The Contractor Shall Not Release Va Records Protected By Title 38 U.s.c. ⧠5705, Confidentiality Of Medical Quality- Assurance Records And/or Title 38 U.s.c. ⧠7332, Confidentiality Of Certain Medical Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse Or Infection With Human Immunodeficiency Virus (hiv). If The Contractor Is In Receipt Of A Court Order Or Other Requests For The Above- Mentioned Information, The Contractor Shall Immediately Refer Such Court Order Or Other Requests To The Va Co For Response. Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract Will Be Protected And Secured In Accordance With Va Directive 6500 And Identity And Access Management (iam) Security Processes Specified In The Va Information Security Knowledge Service. Any Data Destruction Done On Behalf Of Va By A Contractor Shall Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management, Va Handbook 6300.1, Records Management Procedures, And Applicable Va Records Control Schedules. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Directive 6500 And Nist 800-88, Guidelines For Media Sanitization Prior To Termination Or Completion Of This Contract. If Directed By The Cor/co, The Contractor Shall Return All Federal Records To Va For Disposition. Any Media, Such As Paper, Magnetic Tape, Magnetic Disks, Solid State Devices Or Optical Discs That Is Used To Store, Process, Or Access Va Information That Cannot Be Destroyed Shall Be Returned To Va.the Contractor Shall Hold The Appropriate Material Until Otherwise Directed By The Contracting Officer S Representative (cor) Or Co. Items Shall Be Returned Securely Via Va-approved Methods. Va Sensitive Information Must Be Transmitted Utilizing Va-approved Encryption Tools Which Are Validated Under Fips 140-2 (or Its Successor) And Nist 800-52. If Mailed, The Contractor Shall Send Via A Trackable Method (usps, Ups, Fedex, Etc.) And Immediately Provide The Cor/co With The Tracking Information. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Shall Be Sent To The Cor/co Within 30 Business Days Of Termination Of The Contract. All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used To Store, Process Or Access Va Information Will Not Be Returned To The Contractor At The End Of Lease, Loan, Or Trade-in. Exceptions To This Paragraph Will Only Be Granted With The Written Approval Of The Va Co. Access To Va Information And Va Information Systems. This Section Applies When Any Person Requires Access To Information Made Available To The Contractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor In Performance Or Administration Of The Contract. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees And Subcontractors Only To The Extent Necessary To Perform The Services Specified In The Solicitation Or Contract. This Includes Indirect Entities, Both Affiliate Of Contractor/subcontractor And Agent Of Contractor/subcontractor. Contractors And Subcontractors Shall Sign The Va Information Security Rule Of Behavior (rob) Before Access Is Provided To Va Information And Information Systems (see Section 4, Training, Below). The Rob Contains The Minimum User Compliance Requirements And Does Not Supersede Any Policies Of Va Facilities Or Other Agency Components Which Provide Higher Levels Of Protection To Va S Information Or Information Systems. Users Who Require Privileged Access Shall Complete The Va Elevated Privilege Access Request Processes Before Privileged Access Is Granted. All Contractors And Subcontractors Working With Va Information Are Subject To The Same Security Investigative And Clearance Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Shall Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office Of Human Resources And Administration/operations, Security And Preparedness (hra/osp) Is Responsible For These Policies And Procedures. Contract Personnel Who Require Access To Classified Information Or Information Systems Shall Have An Appropriate Security Clearance. Verification Of A Security Clearance Shall Be Processed Through The Special Security Officer Located In Hra/osp. Contractors Shall Conform To All Requirements Stated In The National Industrial Security Program Operating Manual (nispom). All Contractors And Subcontractors Shall Comply With Conditions Specified In Vaar 852.204-71(d); Contractor Operations Required To Be In United States. All Contractors And Subcontractors Working With Va Information Must Be Permanently Located Within A Jurisdiction Subject To The Law Of The United States Or Its Territories To The Maximum Extent Feasible. If Services Are Proposed To Be Performed Abroad The Contractor Must State Where All Non-u.s. Services Are Provided. The Contractor Shall Deliver To Va A Detailed Plan Specifically Addressing Communications, Personnel Control, Data Protection And Potential Legal Issues. The Plan Shall Be Approved By The Cor/co In Writing Prior To Access Being Granted. The Contractor Shall Notify The Cor/co In Writing Immediately (no Later Than 24 Hours) After Personnel Separation Or Occurrence Of Other Causes. Causes May Include The Following: Contractor/subcontractor Personnel No Longer Has A Need For Access To Va Information Or Va Information Systems. Contractor/subcontractor Personnel Are Terminated, Suspended, Or Otherwise Has Their Work On A Va Project Discontinued For Any Reason. Contractor Believes Their Own Personnel Or Subcontractor Personnel May Pose A Threat To Their Company S Working Environment Or To Any Company- Owned Property. This Includes Contractor-owned Assets, Buildings, Confidential Data, Customers, Employees, Networks, Systems, Trade Secrets And/or Va Data. Any Previously Undisclosed Changes To Contractor/subcontractor Background History Are Brought To Light, Including But Not Limited To Changes To Background Investigation Or Employee Record. Contractor/subcontractor Personnel Have Their Authorization To Work In The United States Revoked. Agreement By Which Contractor Provides Products And Services To Va Has Either Been Fulfilled Or Terminated, Such That Va Can Cut Off Electronic And/or Physical Access For Contractor Personnel. In Such Cases Of Contract Fulfillment, Termination, Or Other Causes; The Contractor Shall Take The Necessary Measures To Immediately Revoke Access To Va Network, Property, Information, And Information Systems (logical And Physical) By Contractor/subcontractor Personnel. These Measures Include (but Are Not Limited To): Removing And Then Securing Personal Identity Verification (piv) Badges And Piv Interoperable (piv-i) Access Badges, Va-issued Photo Badges, Credentials For Va Facilities And Devices, Va-issued Laptops, And Authentication Tokens. Contractors Shall Notify The Appropriate Va Cor/co Immediately To Initiate Access Removal. Contractors/subcontractors Who No Longer Require Va Accesses Will Return Va- Issued Property To Va. This Property Includes (but Is Not Limited To): Documents, Electronic Equipment, Keys, And Parking Passes. Piv And Piv-i Access Badges Shall Be Returned To The Nearest Va Piv Badge Issuance Office. Once They Have Had Access To Va Information, Information Systems, Networks And Va Property In Their Possessions Removed, Contractors Shall Notify The Appropriate Va Cor/co. Training. This Entire Section Applies To All Acquisitions Which Include Section 3. All Contractors And Subcontractors Requiring Access To Va Information And Va Information Systems Shall Successfully Complete The Following Before Being Granted Access To Va Information And Its Systems: Va Privacy And Information Security Awareness And Rules Of Behavior Course (talent Management System (tms) #10176) Initially And Annually Thereafter. Sign And Acknowledge (electronically Through Tms #10176) Understanding Of And Responsibilities For Compliance With The Organizational Rules Of Behavior, Relating To Access To Va Information And Information Systems Initially And Annually Thereafter; And Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Or Information Access [to Be Defined By The Va Program Official And Provided To The Va Co For Inclusion In The Solicitation Document I.e., Any Role- Based Information Security Training]. The Contractor Shall Provide To The Cor/co A Copy Of The Training Certificates And Certification Of Signing The Organizational Rules Of Behavior For Each Applicable Employee Within Five Days Of The Initiation Of The Contract And Annually Thereafter, As Required. Failure To Complete The Mandatory Annual Training Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Required Training Is Complete. Security Incident Investigation. This Entire Section Applies To All Acquisitions Requiring Any Information Security And Privacy Language. The Contractor, Subcontractor, Their Employees, Or Business Associates Shall Immediately (within One Hour) Report Suspected Security / Privacy Incidents To The Va Oit S Enterprise Service Desk (esd) By Calling (855) 673-4357 (tty: 711). The Esd Is Oit S 24/7/365 Single Point Of Contact For It-related Issues. After Reporting To The Esd, The Contractor, Subcontractor, Their Employees, Or Business Associates Shall, Within One Hour, Provide The Cor/co The Incident Number Received From The Esd. To The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved And The Circumstances Surrounding The Incident, Including The Following: The Date And Time (or Approximation Of) The Security Incident Occurred. The Names Of Individuals Involved (when Applicable). The Physical And Logical (if Applicable) Location Of The Incident. Why The Security Incident Took Place (i.e., Catalyst For The Failure). The Amount Of Data Belonging To Va Believed To Have Been Compromised. The Remediation Measures The Contractor Is Taking To Ensure No Future Incidents Of A Similar Nature. After The Contractor Has Provided The Initial Detailed Incident Summary To Va, They Will Continue To Provide Written Updates On Any New And Relevant Circumstances Or Facts They Discover. The Contractor, Subcontractor, And Their Employes Shall Fully Cooperate With Va Or Third-party Entity Performing An Independent Risk Analysis On Behalf Of Va. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. Va It Contractors Shall Follow Va Handbook 6500, Risk Management Framework For Va Information Systems Va Information Security Program, And Va Information Security Knowledge Service Guidance For Implementing An Incident Response Plan Or Integrating With An Existing Va Implementation. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig, And The Va Office Of Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. The Contractor Shall Comply With Va Handbook 6500.2, Management Of Breaches Involving Sensitive Personal Information, Which Establishes The Breach Management Policies And Assigns Responsibilities For The Oversight, Management And Reporting Procedures Associated With Managing Of Breaches. With Respect To Unsecured Protected Health Information (phi), The Contractor Is Deemed To Have Discovered A Data Breach When The Contractor Knew Or Should Have Known Of Breach Of Such Information. When A Business Associate Is Part Of Vha Contract, Notification To The Covered Entity (vha) Shall Be Made In Accordance With The Executed Baa. If The Contractor Or Any Of Its Agents Fails To Protect Va Sensitive Personal Information Or Otherwise Engages In Conduct Which Results In A Data Breach Involving Any Va Sensitive Personal Information The Contractor/subcontractor Processes Or Maintains Under The Contract; The Contractor Shall Pay Liquidated Damages To The Va As Set Forth In Clause 852.211-76, Liquidated Damages Reimbursement For Data Breach Costs. Information System Design And Development. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (to Include The Subcomponents Of Each) Designed Or Developed For Or On Behalf Of Va By Any Non-va Entity. Information Systems Designed Or Developed On Behalf Of Va At Non-va Facilities Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. This Includes Standards For The Protection Of Electronic Protected Health Information (phi), Outlined In 45 C.f.r. Part 164, Subpart C And Information And System Security Categorization Level Designations In Accordance With Fips 199, Standards For Security Categorization Of Federal Information And Information Systems And Fips 200, Minimum Security Requirements For Federal Information Systems. Baseline Security Controls Shall Be Implemented Commensurate With The Fips 199 System Security Categorization (reference Va Handbook 6500 And Va Trusted Internet Connections (tic) Architecture). Contracted New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Va Assessment And Authorization (a&a) Processes In Va Handbook 6500 And Va Information Security Knowledge Service To Obtain An Authority To Operate (ato). Va Directive 6517, Risk Management Framework For Cloud Computing Services, Provides The Security And Privacy Requirements For Cloud Environments. Va It Contractors, Subcontractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500, Va Handbook 6517, Risk Management Framework For Cloud Computing Services And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co To Identify The Va Organization Responsible For Governance Or Resolution. Contractors Shall Comply With Far 39.1, Specifically The Prohibitions Referenced. The Contractor (including Producers And Resellers) Shall Comply With Office Of Management And Budget (omb) M-22-18 And M-23-16 When Using Third-party Software On Va Information Systems Or Otherwise Affecting The Va Information. This Includes New Software Purchases And Software Renewals For Software Developed Or Modified By Major Version Change After The Issuance Date Of M- 22-18 (september 14, 2022). The Term Software Includes Firmware, Operating Systems, Applications And Application Services (e.g., Cloud-based Software), As Well As Products Containing Software. The Contractor Shall Provide A Self- Attestation That Secure Software Development Practices Are Utilized As Outlined By Executive Order (eo)14028 And Nist Guidance. A Third-party Assessment Provided By Either A Certified Federal Risk And Authorization Management Program (fedramp) Third Party Assessor Organization (3pao) Or One Approved By The Agency Will Be Acceptable In Lieu Of A Software Producer's Self- Attestation. The Contractor Shall Ensure All Delivered Applications, Systems And Information Systems Are Compliant With Homeland Security Presidential Directive (hspd) 12 And Va Identity And Access Management (iam) Enterprise Identity Management Requirements As Set Forth In Omb M-19-17, M-05-24, Fips 201-3, Personal Identity Verification (piv) Of Federal Employees And Contractors (or Its Successor), M-21-31 And Supporting Nist Guidance. This Applies To Commercial Off-the-shelf (cots) Product(s) That The Contractor Did Not Develop, All Software Configurations And All Customizations. The Contractor Shall Ensure All Contractor Delivered Applications And Systems Provide User Authentication Services Compliant With Va Handbook 6500, Va Information Security Knowledge Service, Iam Enterprise Requirements And Nist 800-63, Digital Identity Guidelines, For Direct, Assertion-based Authentication And/or Trust-based Authentication, As Determined By The Design And Integration Patterns. Direct Authentication At A Minimum Must Include Public Key Infrastructure (pki) Based Authentication Supportive Of Piv And/or Common Access Card (cac), As Determined By The Business Need And Compliance With Va Information Security Knowledge Service Specifications. The Contractor Shall Use Va Authorized Technical Security Baseline Configurations And Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems In Compliance With Va Baselines Prior To Acceptance Or Connection Into An Authorized Va Computing Environment. If The Defense Information Systems Agency (disa) Has Created A Security Technical Implementation Guide (stig) For The Technology, The Contractor May Configure To Comply With That Stig. If Va Determines A New Or Updated Va Configuration Baseline Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Far 39.1 Requires The Population Of Operating Systems And Applications Includes All Listed On The Nist National Checklist Program Checklist Repository. The Standard Installation, Operation, Maintenance, Updating And Patching Of Software Shall Not Alter The Configuration Settings From Va Approved Baseline Configuration. Software Developed For Va Must Be Compatible With Va Enterprise Installer Services And Install To The Default Program Files Directory With Silently Install And Uninstall. The Contractor Shall Perform Testing Of All Updates And Patching Prior To Implementation On Va Systems. Applications Designed For Normal End Users Will Run In The Standard User Context Without Elevated System Administration Privileges. The Contractor-delivered Solutions Shall Reside On Va Approved Operating Systems. Exceptions To This Will Only Be Granted With The Written Approval Of The Cor/co. The Contractor Shall Design, Develop, And Implement Security And Privacy Controls In Accordance With The Provisions Of Va Security System Development Life Cycle Outlined In Nist 800-37, Risk Management Framework For Information Systems And Organizations: A System Life Cycle Approach For Security And Privacy, Va Directive And Handbook 6500, And Va Handbook 6517. The Contractor Shall Comply With The Privacy Act Of1974 (the Act), Far 52.224- 2 Privacy Act, And Va Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish A Va Function. The Contractor Shall Ensure The Security Of All Procured Or Developed Information Systems, Systems, Major Applications, Minor Applications, Enclaves And Platform Information Technologies, Including Their Subcomponents (hereinafter Referred To As Information Systems ) Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes Security Configurations, Workarounds, Patches, Hotfixes, Upgrades, Replacements And Any Physical Components Which May Be Necessary To Remediate All Security Vulnerabilities Published Or Known To The Contractor Anywhere In The Information Systems (including Systems, Operating Systems, Products, Hardware, Software, Applications And Firmware). The Contractor Shall Ensure Security Fixes Do Not Negatively Impact The Information Systems. When The Contractor Is Responsible For Operations Or Maintenance Of The Systems, The Contractor Shall Apply The Security Fixes Within The Timeframe Specified By The Associated Controls On The Va Information Security Knowledge Service. When Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Contractor Shall Provide Written Notice To The Va Cor/co That The Patch Has Been Validated As To Not Affecting The Systems Within 10 Business Days. Information System Hosting, Operation, Maintenance Or Use. This Entire Section Applies To Information Systems, Systems, Major Applications, Minor Applications, Enclaves, And Platform Information Technologies (cloud And Non- Cloud) Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. The Contractor Shall Comply With All Federal Laws, Regulations, And Va Policies For Information Systems (cloud And Non-cloud) That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities. Security Controls For Collecting, Processing, Transmitting, And Storing Of Va Sensitive Information, Must Be In Place. The Controls Will Be Tested By Va Or A Va Sanctioned 3pao And Approved By Va Prior To Hosting, Operation, Maintenance Or Use Of The Information System Or Systems By Or On Behalf Of Va. This Includes Conducting Compliance Risk Assessments, Security Architecture Analysis, Routine Vulnerability Scanning, System Patching, Change Management Procedures And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Shall Be The Same As Procedures Used To Secure Va-operated Information Systems. Outsourcing (contractor Facility, Equipment, Or Staff) Of Systems Or Network Operations, Telecommunications Services Or Other Managed Services Require Assessment And Authorization (a&a) Of The Contractor S Systems In Accordance With Va Handbook 6500 As Specified In Va Information Security Knowledge Service. Major Changes To The A&a Package May Require Reviewing And Updating All The Documentation Associated With The Change. The Contractor S Cloud Computing Systems Shall Comply With Fedramp And Va Directive 6517 Requirements. The Contractor Shall Return All Electronic Storage Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) On Non-va Leased Or Non-va Owned It Equipment Used To Store, Process Or Access Va Information To Va In Accordance With A&a Package Requirements. This Applies When The Contract Is Terminated Or Completed And Prior To Disposal Of Media. The Contractor Shall Provide Its Plan For Destruction Of All Va Data In Its Possession According To Va Information Security Knowledge Service Requirements And Nist 800-88. The Contractor Shall Send A Self-certification That The Data Destruction Requirements Above Have Been Met To The Cor/co Within 30 Business Days Of Termination Of The Contract. All External Internet Connections To Va Network Involving Va Information Must Be In Accordance With Va Trusted Internet Connection (tic) Reference Architecture And Va Directive And Handbook 6513, Secure External Connections And Reviewed And Approved By Va Prior To Implementation. Government-owned Contractor-operated Systems, Third Party Or Business Partner Networks Require A Memorandum Of Understanding (mou) And Interconnection Security Agreements (isa). Contractor Procedures Shall Be Subject To Periodic, Announced, Or Unannounced Assessments By Va Officials, The Oig Or A 3pao. The Physical Security Aspects Associated With Contractor Activities Are Also Subject To Such Assessments. The Contractor Shall Report, In Writing, Any Deficiencies Noted During The Above Assessment To The Va Cor/co. The Contractor Shall Use Va S Defined Processes To Document Planned Remedial Actions That Address Identified Deficiencies In Information Security Policies, Procedures, And Practices. The Contractor Shall Correct Security Deficiencies Within The Timeframes Specified In The Va Information Security Knowledge Service. All Major Information System Changes Which Occur In The Production Environment Shall Be Reviewed By The Va To Determine The Impact On Privacy And Security Of The System. Based On The Review Results, Updates To The Authority To Operate (ato) Documentation And Parameters May Be Required To Remain In Compliance With Va Handbook 6500 And Va Information Security Knowledge Service Requirements. The Contractor Shall Conduct An Annual Privacy And Security Self-assessment On All Information Systems And Outsourced Services As Required. Copies Of The Assessment Shall Be Provided To The Cor/co. The Va/government Reserves The Right To Conduct Assessment Using Government Personnel Or A Third-party If Deemed Necessary. The Contractor Shall Correct Or Mitigate Any Weaknesses Discovered During The Assessment. Va Prohibits The Installation And Use Of Personally Owned Or Contractor-owned Equipment Or Software On Va Information Systems. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Pws, Pd Or Contract. All Security Controls Required For Government Furnished Equipment Must Be Utilized In Va Approved Other Equipment (oe). Configuration Changes To The Contractor Oe, Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Use A Va-approved Antivirus Software And A Personal (host-based Or Enclave Based) Firewall With A Va-approved Configuration. The Contractor Shall Ensure Software On Oe Is Kept Current With All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-virus Software And The Firewall On The Non-va Owned Oe. Approved Contractor Oe Will Be Subject To Technical Inspection At Any Time. The Contractor Shall Notify The Cor/co Within One Hour Of Disclosure Or Successful Exploits Of Any Vulnerability Which Can Compromise The Confidentiality, Integrity, Or Availability Of The Information Systems. The System Or Effected Component(s) Need(s) To Be Isolated From The Network. A Forensic Analysis Needs To Be Conducted Jointly With Va. Such Issues Will Be Remediated As Quickly As Practicable, But In No Event Longer Than The Timeframe Specified By Va Information Security Knowledge Service. If Sensitive Personal Information Is Compromised Reference Va Handbook 6500.2 And Section 5, Security Incident Investigation. For Cases Wherein The Contractor Discovers Material Defects Or Vulnerabilities Impacting Products And Services They Provide To Va, The Contractor Shall Develop And Implement Policies And Procedures For Disclosure To Va, As Well As Remediation. The Contractor Shall, Within 30 Business Days Of Discovery, Document A Summary Of These Vulnerabilities Or Defects. The Documentation Will Include A Description Of The Potential Impact Of Each Vulnerability And Material Defect, Compensating Security Controls, Mitigations, Recommended Corrective Actions, Fbonotice Cause Analysis And/or Workarounds (i.e., Monitoring). Should There Exist Any Backdoors In The Products Or Services They Provide To Va (referring To Methods For Bypassing Computer Authentication), The Contractor Shall Provide The Va Co/co Written Assurance They Have Permanently Remediated These Backdoors. All Other Vulnerabilities, Including Those Discovered Through Routine Scans Or Other Assessments, Will Be Remediated Based On Risk, In Accordance With The Remediation Timelines Specified By The Va Information Security Knowledge Service And/or The Applicable Timeframe Mandated By Cybersecurity & Infrastructure Security Agency (cisa) Binding Operational Directive (bod) 22- 01 And Bod 19-02 For Internet-accessible Systems. Exceptions To This Paragraph Will Only Be Granted With The Approval Of The Cor/co. Security And Privacy Controls Compliance Testing, Assessment And Auditing. This Entire Section Applies Whenever Section 6 Or 7 Is Included. Should Va Request It, The Contractor Shall Provide A Copy Of Their (corporation S, Sole Proprietorship S, Partnership S, Limited Liability Company (llc), Or Other Business Structure Entity S) Policies, Procedures, Evidence And Independent Report Summaries Related To Specified Cybersecurity Frameworks (international Organization For Standardization (iso), Nist Cybersecurity Framework (csf), Etc.). Va Or Its Third-party/partner Designee (if Applicable) Are Further Entitled To Perform Their Own Audits And Security/penetration Tests Of The Contractor S It Or Systems And Controls, To Ascertain Whether The Contractor Is Complying With The Information Security, Network Or System Requirements Mandated In The Agreement Between Va And The Contractor. Any Audits Or Tests Of The Contractor Or Third-party Designees/partner Va Elects To Carry Out Will Commence Within 30 Business Days Of Va Notification. Such Audits, Tests And Assessments May Include The Following: (a): Security/penetration Tests Which Both Sides Agree Will Not Unduly Impact Contractor Operations; (b): Interviews With Pertinent Stakeholders And Practitioners; (c): Document Review; And (d): Technical Inspections Of Networks And Systems The Contractor Uses To Destroy, Maintain, Receive, Retain, Or Use Va Information. As Part Of These Audits, Tests And Assessments, The Contractor Shall Provide All Information Requested By Va. This Information Includes, But Is Not Limited To, The Following: Equipment Lists, Network Or Infrastructure Diagrams, Relevant Policy Documents, System Logs Or Details On Information Systems Accessing, Transporting, Or Processing Va Data. The Contractor And At Its Own Expense, Shall Comply With Any Recommendations Resulting From Va Audits, Inspections And Tests. Va Further Retains The Right To View Any Related Security Reports The Contractor Has Generated As Part Of Its Own Security Assessment. The Contractor Shall Also Notify Va Of The Existence Of Any Such Security Reports Or Other Related Assessments, Upon Completion And Validation. Va Appointed Auditors Or Other Government Agency Partners May Be Granted Access To Such Documentation On A Need-to-know Basis And Coordinated Through The Cor/co. The Contractor Shall Comply With Recommendations Which Result From These Regulatory Assessments On The Part Of Va Regulators And Associated Government Agency Partners. Product Integrity, Authenticity, Provenance, Anti-counterfeit And Anti-tampering. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Comply With Code Of Federal Regulations (cfr) Title 15 Part 7, Securing The Information And Communications Technology And Services (icts) Supply Chain , Which Prohibits Icts Transactions From Foreign Adversaries. Icts Transactions Are Defined As Any Acquisition, Importation, Transfer, Installation, Dealing In Or Use Of Any Information And Communications Technology Or Service, Including Ongoing Activities, Such As Managed Services, Data Transmission, Software Updates, Repairs Or The Platforming Or Data Hosting Of Applications For Consumer Download. When Contracting Terms Require The Contractor To Procure Equipment, The Contractor Shall Purchase Or Acquire The Equipment From An Original Equipment Manufacturer (oem) Or An Authorized Reseller Of The Oem. The Contractor Shall Attest That Equipment Procured From An Oem Or Authorized Reseller Or Distributor Are Authentic. If Procurement Is Unavailable From An Oem Or Authorized Reseller, The Contractor Shall Submit In Writing, Details Of The Circumstances Prohibiting This From Happening And Procure A Product Waiver From The Va Cor/co. All Contractors Shall Establish, Implement, And Provide Documentation For Risk Management Practices For Supply Chain Delivery Of Hardware, Software (to Include Patches) And Firmware Provided Under This Agreement. Documentation Will Include Chain Of Custody Practices, Inventory Management Program, Information Protection Practices, Integrity Management Program For Sub-supplier Provided Components, And Replacement Parts Requests. The Contractor Shall Make Spare Parts Available. All Contractor(s) Shall Specify How Digital Delivery For Procured Products, Including Patches, Will Be Validated And Monitored To Ensure Consistent Delivery. The Contractor Shall Apply Encryption Technology To Protect Procured Products Throughout The Delivery Process. If A Contractor Provides Software Or Patches To Va, The Contractor Shall Publish Or Provide A Hash Conforming To The Fips Security Requirements For Cryptographic Modules (fips 140-2 Or Successor). The Contractor Shall Provide A Software Bill Of Materials (sbom) For Procured (to Include Licensed Products) And Consist Of A List Of Components And Associated Metadata Which Make Up The Product. Sboms Must Be Generated In One Of The Data Formats Defined In The National Telecommunications And Information Administration (ntia) Report The Minimum Elements For A Software Bill Of Materials (sbom). Contractors Shall Use Or Arrange For The Use Of Trusted Channels To Ship Procured Products, Such As U.s. Registered Mail And/or Tamper-evident Packaging For Physical Deliveries. Throughout The Delivery Process, The Contractor Shall Demonstrate A Capability For Detecting Unauthorized Access (tampering). The Contractor Shall Demonstrate Chain-of-custody Documentation For Procured Products And Require Tamper-evident Packaging For The Delivery Of This Hardware. Viruses, Firmware And Malware. This Entire Section Applies When The Acquisition Involves Any Product (application, Hardware, Or Software) Or When Section 6 Or 7 Is Included. The Contractor Shall Execute Due Diligence To Ensure All Provided Software And Patches, Including Third-party Patches, Are Free Of Viruses And/or Malware Before Releasing Them To Or Installing Them On Va Information Systems. The Contractor Warrants It Has No Knowledge Of And Did Not Insert, Any Malicious Virus And/or Malware Code Into Any Software Or Patches Provided To Va Which Could Potentially Harm Or Disrupt Va Information Systems. The Contractor Shall Use Due Diligence, If Supplying Third-party Software Or Patches, To Ensure The Third-party Has Not Inserted Any Malicious Code And/or Virus Which Could Damage Or Disrupt Va Information Systems. The Contractor Shall Provide Or Arrange For The Provision Of Technical Justification As To Why Any False Positive Hit Has Taken Place To Ensure Their Code S Supply Chain Has Not Been Compromised. Justification May Be Required, But Is Not Limited To, When Install Files, Scripts, Firmware, Or Other Contractor-delivered Software Solutions (including Third-party Install Files, Scripts, Firmware, Or Other Software) Are Flagged As Malicious, Infected, Or Suspicious By An Anti-virus Vendor. The Contractor Shall Not Upload (intentionally Or Negligently) Any Virus, Worm, Malware Or Any Harmful Or Malicious Content, Component And/or Corrupted Data/source Code (hereinafter Virus Or Other Malware ) Onto Va Computer And Information Systems And/or Networks. If Introduced (and This Clause Is Violated), Upon Written Request From The Va Co, The Contractor Shall: Take All Necessary Action To Correct The Incident, To Include Any And All Assistance To Va To Eliminate The Virus Or Other Malware Throughout Va S Information Networks, Computer Systems And Information Systems; And Use Commercially Reasonable Efforts To Restore Operational Efficiency And Remediate Damages Due To Data Loss Or Data Integrity Damage, If The Virus Or Other Malware Causes A Loss Of Operational Efficiency, Data Loss, Or Damage To Data Integrity. Cryptographic Requirement. This Entire Section Applies Whenever The Acquisition Includes Section 6 Or 7 Is Included. The Contractor Shall Document How The Cryptographic System Supporting The Contractor S Products And/or Services Protect The Confidentiality, Data Integrity, Authentication And Non-repudiation Of Devices And Data Flows In The Underlying System. The Contractor Shall Use Only Approved Cryptographic Methods As Defined In Fips 140-2 (or Its Successor) And Nist 800-52 Standards When Enabling Encryption On Its Products. The Contractor Shall Provide Or Arrange For The Provision Of An Automated Remote Key-establishment Method Which Protects The Confidentiality And Integrity Of The Cryptographic Keys. The Contractor Shall Ensure Emergency Re-keying Of All Devices Can Be Remotely Performed Within 30 Business Days. The Contractor Shall Provide Or Arrange For The Provision Of A Method For Updating Cryptographic Primitives Or Algorithms. Patching Governance. This Entire Section Applies Whenever The Acquisition Includes Section 7 Is Included The Contractor Shall Provide Documentation Detailing The Patch Management, Vulnerability Management, Mitigation And Update Processes (to Include Third- Party) Prior To The Connection Of Electronic Devices, Assets Or Equipment To Va S Assets. This Documentation Will Include Information Regarding The Follow: The Resources And Technical Capabilities To Sustain The Program Or Process (e.g., How The Integrity Of A Patch Is Validated By Va); And The Approach And Capability To Remediate Newly Reported Zero-day Vulnerabilities For Contractor Products. The Contractor Shall Verify And Provide Documentation All Procured Products (including Third-party Applications, Hardware, Software, Operating Systems, And Firmware) Have Appropriate Updates And Patches Installed Prior To Delivery To Va. The Contractor Shall Provide Or Arrange The Provision Of Appropriate Software And Firmware Updates To Remediate Newly Discovered Vulnerabilities Or Weaknesses For Their Products And Services Within 30 Days Of Discovery. Updates To Remediate Critical Or Emergent Vulnerabilities Will Be Provided Within Seven Business Days Of Discovery. If Updates Cannot Be Made Available By Contractor Within These Time Periods, The Contractor Shall Submit Mitigations, Methods Of Exploit Detection And/or Workarounds To The Cor/co Prior To The Above Deadlines. The Contractor Shall Provide Or Arrange For The Provision Of Appropriate Hardware, Software And/or Firmware Updates, When Those Products, Including Open-source Software, Are Provided To The Va, To Remediate Newly Discovered Vulnerabilities Or Weaknesses. Remediations Of Products Or Services Provided To The Va S System Environment Must Be Provided Within 30 Business Days Of Availability From The Original Supplier And/or Patching Source. Updates Toremediate Critical Vulnerabilities Applicable To The Contractor S Use Of The Third- Party Product In Its System Environment Will Be Provided Within Seven Business Days Of Availability From The Original Supplier And/or Patching Source. If Applicable Third-party Updates Cannot Be Integrated, Tested And Made Available By Contractor Within These Time Periods, Mitigations And/or Workarounds Will Be Provided To The Cor/co Before The Above Deadlines. Specialized Devices/systems (medical Devices, Special Purpose Systems, Research Scientific Computing). This Entire Section Applies When The Acquisition Includes One Or More Medical Device, Special Purpose System Or Research Scientific Computing Device. If Appropriate, Ensure Selected Clauses From Section 6 Or 7 And 8 Through 12 Are Included. Contractor Supplies/delivered Medical Devices, Special Purpose Systems- Operational Technology (sps-ot) And Research Scientific Computing Devices Shall Comply With All Applicable Federal Law, Regulations, And Va Policies. New Developments Require Creation, Testing, Evaluation, And Authorization In Compliance With Processes Specified On The Specialized Device Cybersecurity Department Enterprise Risk Management (sdcd-erm) Portal, Va Directive 6550, Pre-procurement Assessment And Implementation Of Medical Devices/systems, Va Handbook 6500, And The Va Information Security Knowledge Service. Deviations From Federal Law, Regulations, And Va Policy Are Identified And Documented As Part Of Va Directive 6550 And/or The Va Enterprise Risk Analysis (era) Processes For Specialized Devices/systems Processes. All Contractors And Third-party Service Providers Shall Address And/or Integrate Applicable Va Handbook 6500 And Information Security Knowledge Service Specifications In Delivered It Systems/solutions, Products And/or Services. If Systems/solutions, Products And/or Services Do Not Directly Match Va Security Requirements, The Contractor Shall Work Though The Cor/co For Governance Or Resolution. The Contractor Shall Certify To The Cor/co That Devices/systems That Have Completed The Va Enterprise Risk Analysis (era) Process For Specialized Devices/systems Are Fully Functional And Operate Correctly As Intended. Devices/systems Must Follow The Va Era Authorized Configuration Prior To Acquisition And Connection To The Va Computing Environment. If Va Determines A New Va Era Needs To Be Created, The Contractor Shall Provide Required Technical Support To Develop The Configuration Settings. Major Changes To A Previously Approved Device/system Will Require A New Era. The Contractor Shall Comply With All Practices Documented By The Food Drug And Administration (fda) Premarket Submission For Management Of Cybersecurity In Medical Devices And Postmarket Management Of Cybersecurity In Medical Devices. The Contractor Shall Design Devices Capable Of Accepting All Applicable Security Patches With Or Without The Support Of The Contractor Personnel. If Patching Can Only Be Completed By The Contractor, The Contractor Shall Commit The Resources Needed To Patch All Applicable Devices At All Va Locations. If Unique Patching Instructions Or Packaging Is Needed, The Contractor Shall Provide The Necessary Information In Conjunction With The Validation/testing Of The Patch. The Contractor Shall Apply Security Patches Within 30 Business Days Of The Patch Release And Have A Formal Tracking Process For Any Security Patches Not Implemented To Include Explanation When A Device Cannot Be Patched. The Contractor Shall Provide Devices Able To Install And Maintain Va-approved Antivirus Capabilities With The Capability To Quarantine Files And Be Updated As Needed In Response To Incidents. Alternatively, A Va-approved Whitelisting Application May Be Used When The Contractor Cannot Install An Anti-virus / Anti- Malware Application. The Contractor Shall Verify And Document All Software Embedded Within The Device Does Not Contain Any Known Viruses Or Malware Before Delivery To Or Installation At A Va Location. Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Solid State, And Storage Via Chips/firmware) With Va Sensitive Information Will Be Returned To The Contractor With Media Removed. When The Contract Requires Return Of Equipment, The Options Available To The Contractor Are The Following: The Contractor Shall Accept The System Without The Drive, Firmware And Solid State. Va S Initial Device Purchase Includes A Spare Drive Or Other Replacement Media Which Must Be Installed In Place Of The Original Drive At Time Of Turn- In; Or Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With The Device, If It Is Not Possible For Va To Retain The Hard Drive, Firmware, And Solid State, Then: The Equipment Contractor Shall Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact. Any Fixed Hard Drive, Complementary Metal-oxide-semiconductor (cmos), Programmable Read-only Memory (prom), Solid State And Firmware On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Solicitation, Contract, Or Order. Data Center Provisions. This Entire Section Applies Whenever The Acquisition Requires An Interconnection To/from The Va Network To/from A Non-va Location. The Contractor Shall Ensure The Va Network Is Accessed By In Accordance With Va Directive 6500 And Iam Security Processes Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Network Infrastructure And Data Availability In Accordance With Va Information System Business Continuity Procedures Specified In The Va Information Security Knowledge Service. The Contractor Shall Ensure Any Connections To The Internet Or Other External Networks For Information Systems Occur Through Managed Interfaces Utilizing Va Approved Boundary Protection Devices (e.g., Internet Proxies, Gateways, Routers, Firewalls, Guards Or Encrypted Tunnels). The Contractor Shall Encrypt All Traffic Across The Segment Of The Wide Area Network (wan) It Manages And No Unencrypted Out Of Band (oob) Internet Protocol (ip) Traffic Will Traverse The Network. The Contractor Shall Ensure Tunnel Endpoints Are Routable Addresses At Each Va Operating Site. The Contractor Shall Secure Access From Local Area Networks (lans) At Co- Located Sites In Accordance With Va Tic Reference Architecture, Va Directive And Handbook 6513, And Mou/isa Process Specified In The Va Information Security Knowledge Service.

Details: Sources Sought Notice page 13 Of 13 *= Required Field sources Sought Notice page 1 Of 13 this Request For Information (rfi) Sources Sought Is Issued Solely For Market Research And Planning Purposes Only And Does Not Constitute A Solicitation 1. Responses To This Sources Sought Must Be In Writing. The Purpose Of This Sources Sought Announcement Is For Market Research Only To Make Appropriate Acquisition Decisions And To Gain Knowledge Of Small Businesses , Including Service-disabled Veteran-owned Small Businesses And Veteran-owned Small Businesses (sdvosb/vosb), Who Are Interested In Submitting Proposals For This Procurement And Who Are Capable Of Performing The Work Required For This Procurement. 2. The Naics For This Requirement Is 541512 Computer Systems Design Services 3. The Contractor Shall Provide Audiocare Prefill Software Prescription Refill For The Southern Arizona Va Healthcare System (savahcs) (see Attached Draft Sow). The Required Products Shall Be Provided By The Contractor Along With All Resources Necessary To Accomplish The Deliverables Described In The Attached Draft Statement Of Work (sow). 4. Interested And Capable Contractors Are Encouraged To Respond To This Notice Not Later Than Wednesday, Mar 11th 2025, At 11:00 Am Pst, By Providing The Following Information Via Email Only To Jose.espinoza3@va.gov. (a) Company Name (b) Address (c) Point Of Contact (d) Phone, Fax, And Email Of Primary Point Of Contact (e) Contractor S Unique Entity Id (sam) Number (f) Type Of Small Business, If Applicable, (e.g. Service-disabled Veteran-owned Small Business (sdvosb), Veteran-owned Small Business (vosb), 8(a), Hub-zone, Woman Owned Small Business, Small Disadvantaged Business, Or Small Business). (g) Statement Indicating Whether Your Company Is Considered Small Under The Size Standard For The Naics Code Identified Under This Rfi. (h) Statement Indicating The Product Name Of The Audiocare Prefill Software Prescription Refill For The Savahcs Product Referenced Above That You Intend To Provide For This Procurement. (i) Statement Indicating Whether You Are The Manufacturer Of The Audiocare Prefill Software Prescription Refill For The Savahcs That You Intend To Provide For This Procurement. If You Intend To Provide Products Manufactured By A Company Other Than Your Own, State The Name Of The Company Whose Audiocare Prefill Software Prescription Refill For The Savahcs Product You Intend To Provide, The Country Of Origin, And Whether The Company That Manufactures That Product Is A Small Business Under The Size Standard For The Naics Code Identified Under This Rfi. (j) Statement Indicating If You Have A Current Contract To Provide The Audiocare Prefill Software Prescription Refill That You Intend To Provide For This Procurement, Along With The Installation, Configuration, Validation, Support, And Maintenance Services Required By This Procurement, Under Either The General Services Administration (gsa) Federal Supply Schedule (fss) Or With The Va National Acquisition Center (nac), National Aeronautics And Space Administration (nasa) Solutions For Enterprise-wide Procurement (sewp), Or Any Other Federal Contract. If Yes, Provide The Contract Type And Contract Number, As Well As The Identity Of The Federal Agency With Whom You Hold That Contract. (k) Statement Indicating If Your Product That You Intent To Provide For This Procurement Was Assessed By Va Technical Reference Model Management Group And Currently Approved For Use In The Va. (l) Statement Indicating How Many Calendar Days You Estimate It Would Take You To Implement, Configure, And Validate The Audiocare Prefill Software Prescription Refill For The Savahcs That You Intend To Provide For This Procurement In A Medical Center Similar To The Va Medical Center. (m) General Pricing For Your Products/solutions For Market Research Purposes. (n) A Capability Statement That Provides Detailed Information For One Or More Reference Contracts That Demonstrate Your Experience Providing Requested Products That Meets The Requirements Described In The Attached Draft Salient Characteristics And Demonstrates Your Experience Providing The Installation, Configuration, Validation, Support, And Maintenance Services Required By This Procurement. General Statements Of Capability Are Not Acceptable. Respondents Must Provide The Following Information For Each Reference Contract The Respondent Identifies As Evidence Of The Respondent S Capability To Perform The Work Required By This Procurement. Respondents Must Provide The Following Information For Each Reference Contract: (1) The Legal Name Of Entity With Whom The Respondent Held The Contract; (2) The Contract Number; (3) A Description Providing Details Of The Specific Tasks The Respondent Performed Under That Contract; (4) The Dates During Which The Respondent Performed The Contract; (5) The Name, Phone Number, And Email Address Of A Person At The Entity With Whom The Respondent Held The Contract Who Can Verify The Information The Respondent Provides regarding This Reference Contract. if A Respondent Offers To Demonstrate Experience Through The Proposed Use Of Subcontractors, The Respondent Must Provide All Of The Information Required Above For One Or More Reference Contracts Performed By Each Subcontractor The Respondent Intends To Use. note: The Information Requested Above Is Required For The Government To Evaluate Whether There Are Sufficient Small Business Concerns Of A Particular Type Who Are Capable Of Performing The Work Required By This Procurement To Determine If This Procurement Should Be Set Aside For A Given Type Of Small Business Concern. Failure To Submit All Of The Information Requested Above To Support A Respondent S Claimed Experience May Be Viewed By The Government As Evidence That The Respondent Lacks The Ability To Provide The Products Requested In This Procurement. This, In Turn, May Affect The Government S Determination About Whether The Requirements For A Set-aside Procurement Have Been Met. 5. All Offerors Who Provide Goods Or Services To The United States Government Must Be Registered In The System For Award Management (sam) Database Found At Https://www.sam.gov. Registration Must Include Representations And Certifications. 6. Small Business Respondents. (a) If Respondent Is Vosb Or Sdvosb, Respondent Is Encouraged To Provide Proof Of Www.vetbiz.gov Certification. In Addition, Sdvosb/vosb Contractors Are Asked To Acknowledge That They Understand The Limitations On Sub-contracting Pursuant To Far 52.219-14, Limitations On Sub-contracting, Which Will Be Included In The Impending Solicitation. Further Sdvosb/vosb Contractors Are Asked To Respond That They Are Capable Of Providing The Requested Services Keeping Within The Parameters Of This Clause. (b) Small Businesses, Including Sdvosb/vosbs Are Also Advised That Per 13 Cfr, § 125.6 The Prime Contractor's Limitations On Subcontracting Are As Follows: (1) General. In Order To Be Awarded A Full Or Partial Small Business Set-aside Contract With A Value Greater Than $150,000, An 8(a) Contract, An Sdvo Sbc Contract, A Hubzone Contract, A Wosb Or Edwosb Contract Pursuant To Part 127 Of This Chapter, A Small Business Concern Must Agree That: (2) In The Case Of A Contract For Services (except Construction), It Will Not Pay More Than 50% Of The Amount Paid By The Government To It To Firms That Are Not Similarly Situated. Any Work That A Similarly Situated Subcontractor Further Subcontracts Will Count Towards The 50% Subcontract Amount That Cannot Be Exceeded. (c) Please Note That If Va S Pending Market Research Establishes That Two Or More Verified Vosb Or Sdvosb Can Provide The Services Required, Va Will Set Aside The Underlying Solicitation Per 38 U.s.c. §8127. --end Of Sources Sought Announcement-- disclaimer This Rfi Is Issued Solely For Information And Planning Purposes Only And Does Not Constitute A Solicitation. All Information Received In Response To This Rfi That Is Marked As Proprietary Will Be Handled Accordingly. In Accordance With Far 15.201(e), Responses To This Notice Are Not Offers And Cannot Be Accepted By The Government To Form A Binding Contract. Responders Are Solely Responsible For All Expenses Associated With Responding To This Rfi. statement Of Work background: Tucson, Arizona Healthcare System (savahcs) Currently Utilizes Audiocare Software To Help Improve Patient Care. The Additional Of Audiocare Prefill Will Enhance Services That Pharmacy Is Able To Provide Patients. As Savahcs Already Utilizes Audiocare, A Contract Is In Place. at The Conclusion Of Year One With Audiocare Prefill, That Contract Will Be Able To Be Rolled Into The Main Contract With Audiocare. purpose Of Project: Audiocare Is Already A System Used By Icva Pharmacy To Facilitate Communication Between Staff And Patients. Per Audiocare Contact, Prefill Has Started To Roll Out To Other Visns With Impressive Data Being Gathered. Call Centers Are Seeing A Reduction In Refill And Renewal Calls And Sites Are Seeing Up To 2-3 Times Their Previous Rxs Processed Via Their Automated Line. As The Va Does Not Utilize Automatic Refilling, It Is Common For Patients To Wait To Long To Refill/renew Their Prescriptions Which Leads To An Increase In Overnight Shipping Costs As The Local Facility Needs To Then Overnight The Prescription To The Patient To Avoid An Interruption Of Therapeutic Care. These Overnight Shipping Costs Are Quite A Financial Burden To The Facility. Prefill Can Help Combat This And Increase Patient Safety, Patient Satisfaction, And Employee Satisfaction. statement Of Work: The Addition Of Prefill To The Existing Audiocare Software Will Make Managing Prescriptions Easier And More Convenient For Patients. As Savahcs Already Has Audiocare, Installation Would Be Able To Begin Immediately. This Installation Would Involve Savahcs It And Pharmacy Staff. this Procurement Shall Include Any Necessary Networking Equipment, Infrastructure, And Licensing To Properly Integrate Into Savahcs S Existing Service Contract With Audiocare. the Installations Associated With The Infrastructure Are To Be Included In This Procurement. Installation Includes, But Is Not Limited To: project Management And Coordination Of The Install: appropriate Savahcs Staff Shall Assist As Needed To Maintain The Integrity Of Va Sensitive Information. if Applicable, Shipping And Handling Of The Agreed Upon Equipment And Infrastructure And Ensuring It Reaches The Appropriate Destination. installation Of All Agreed Upon Software, Licensure, And Networking Infrastructure. installation Of Prefill Shall Result In A Fully Functioning System. savahcs Information Technology And Pharmacy Staff Shall Assist Contractors As Necessary To Ensure The Integrity Of Any Va Sensitive Information. confirming The Integration Of Audiocare Prefill With The Existing Audiocare Platform. contractor Qualifications: If A Contractor Is Required The Contractor Must Be Certified To Perform Any Installation By The Original Equipment Manufacturer And Have At Least Two Years Prior Of Experience Performing The Install Work. Joint Commission And Accreditation Agencies Are Applicable To This Procurement. evaluation And Award Factors: Award Shall Be Made To The Offer Representing The Best Value To The Government Considering Technical And Price Factors As Stated Below. Offerors Shall Include In Their Proposal S Specific Information Relative To The Evaluation Factors Listed Below To Ensure Proper Evaluation Of Their Proposal. The Technical Evaluation Factors Shall Be Considered More Important Than The Remaining. past Performance specialized Skills, Expertise, And Knowledge ability To Integrate With Existing Audiocare Platform. price program Office Point Of Contact And/or Contracting Officer Technical Representative (cotr): r, Pharmacy Informatics Chief Will Be Identified Upon Award contractor Personnel Security Requirement: Any Contracted Personnel Shall Need Access To Sensitive Patient Data And Systems During Install Of Software To Verify And Test Functionality. market Research: Please Refer To Market Research Document For Information On The Performed Market Research. delivery & Package, Inspection/acceptance Requirements, Warranty: Software Shall Be Combined With Existing Contract After 1 Year. Warranty Would Become Part Of That Contract.

Details: This Notice Is Being Published In Accordance With Federal Acquisition Regulation (far) Part 5.101(a)(2) Requiring The Dissemination Of Information On Proposed Contract Actions. This Is A Notice Of Intent To Award A Sole-source Contract Pursuant To 10 U.s.c 2304 (c)(1), As Implemented By Far 6.302-1(a)(2) And 6.301-1(c), Only One Responsible Source And No Other Supplies Or Services Will Satisfy Agency Requirements And Brand-name Descriptions. the Department Of Veterans Affairs Medical Center Located At Va Connecticut Healthcare System, West Haven Va Medical Center, 950 Campbell Avenue, West Haven, Ct 06516, Has A Requirement As Described In The Attached Statement Of Work. the Government Intends To Award Stryker Sales, Llc, A Firm-fixed-price Sole Source Contract. a Determination By The Government Not To Compete With This Proposed Contract Based Upon Responses To This Notice Is Solely Within The Discretion Of The Government. This Notice Of Intent Is Not A Request For Competitive Proposals. This Is A Written Notice To Inform The Public Of The Governments Intent To Award On A Sole Source Basis. interested Parties May Identify Their Interest And Capability To Respond To The Requirement. Any Response To This Notice Must Show Clear And Convincing Evidence That Competition Will Be Advantageous To The Government. please Contact Manases Cabrera, Contracting Specialist, With The Responses Or Questions Regarding This Requirement At Manases.cabrera@va.gov. this Notice Will Close On February 10, 2025, At 4:30 Pm Eastern Standard Time (est) statement Of Work For Preventative And Corrective Maintenance Service Of Stryker Neptune Rovers And Docking Stations general: The Contractor Shall Furnish All Labor, Travel, Materials, Support, And Service Necessary To Provide Preventative Maintenance (pm) And Corrective Maintenance Services On All Stryker Neptune Waste Management Equipment At The Va Connecticut Hcs In West Haven, Ct. equipment Identification: manufacturer model serial Number asset Tag location stryker Corporation neptune 3 Rover 2028227043 127940 3227-1-w-689 stryker Corporation neptune 3 Rover 2030002513 127939 3227-1-w-689 stryker Corporation neptune 3 Rover 2028700903 127938 3226-1-w-689 stryker Corporation neptune 3 Rover 2019500343 127937 3246-1-w-689 stryker Corporation neptune 3 Rover 2019501313 127936 3244-1-w-689 stryker Corporation neptune 3 Rover 2021015143 127935 3246-1-w-689 stryker Corporation neptune 3 Rover 2028227533 127934 3244-1-w-689 stryker Corporation neptune 3 Rover 2030002013 127933 3244-1-w-689 stryker Corporation neptune Docker 2034900093 127932 3226-1-w-689 stryker Corporation neptune Docker 2033705023 127931 3226-1-w-689 table 1. Manufacturer, Model, Serial Number, Equipment Entry Number And Location Of Equipment period Of Performance: this Agreement Will Include A Base Year Plus Four Option Years. base Year: 03/01/2025-02/28/2026 option Year 1: 03/01/2026-02/28/2027 option Year 2: 03/01/2027-02/29/2028 option Year 3: 03/01/2028-02/28/2029 option Year 4: 03/01/2029-02/28/2030 dates As Specified Unless Contract Award Passes These Dates. Then The First Date Of Performance Will Start The Day Of Award. description Of Work: The Contractor Shall Provide All Required Service Including Emergency Service, Repairs, Preventative And Corrective Maintenance, Labor, Travel, Original Equipment Manufacturer (oem) Replacement And Repair Parts, And Technical Support For The Neptune 3 Rover Systems. All Services Performed Shall Be In Accordance With The (oem) Specifications. Field Service Engineers Must Be Licensed Or Contracted With The Original Manufacturer To Work On The Equipment. All Parts And Software Must Be Certified New From The Original Manufacturer. hours Of Performance: Normal Hours Of Coverage Are Monday Through Friday 8:00 Am To 6:00 Pm Est Excluding Federal Holidays. a. All Service/repairs Will Be Performed During Normal Hours Of Coverage Unless Requested Or Approved By The Contracting Officer S Representative (cor). b. Preventative Periodic Maintenance Will Be Performed Monday Through Friday 8:00 Am To 6:00 Pm Est Or As Agreed To By The User And The Cor In Accordance With Manufacturer S Recommendations. c. There Will Be 24/7 Telephone Support Coverage And 24/7 On-site Support Coverage. d. Federal Holidays Observed By The Vamc Are: New Year S Day Labor Day Martin Luther King Day Columbus/indigenous People S Day Presidents Day Veterans Day Memorial Day Christmas Day thanksgiving Day juneteenth Day independence Day note: Hardware/software Update/upgrade Installations Will Be Scheduled And Performed At A Mutually Agreed Upon Time At No Additional Charge To The Government (unless It Would Be Detrimental To Equipment Up-time; To Be Determined By The Cor Or Designated Representatives. Government Provides Software/hardware Upgrade/update. There Shall Be No Additional Charge For Time Spent At The Site During Or After The Normal Hours Of Coverage Awaiting The Arrival Of Additional Fse And/or Delivery Of Parts. conformance Standards: Contractor Shall Provide Service And Ensure That The Equipment Functions In Accordance With The Equipment Manufacturer S Technical Performance Specifications. Contractor Shall Conform To All Regulations To Include But Not Be Limited To Federal, State, And Local Governing Any Chemicals, Equipment Or Work Which May Be Used Or Performed In The Work Under This Contract. operational Uptime Requirements: The Medical Equipment/system Shall Be Operable And Available For Use 96% Of The Normal Operating Hours Of The Equipment. Downtime Will Be Computed From Notification Of Problem During Normal Work Hours. guaranteed Response Time: The Oem Certified Field Service Engineer (fse) Will Use Commercially Reasonable Efforts To Respond To Customer S Requests Within 24 Hours Of Notification To The Vendor S Service Support Team. live Phone Support: Service Shall Include Phone Support With Vendor Technical Support Engineers 24 Hours, 7 Days A Week. after Hours Phone Support: Service For After Hour Phone Support Shall Include 24 Hours, 7 Days A Week, And 365 Days A Year For Technical Assistance When Required. preventative Maintenance: Perform System Scheduled Maintenance Inspections As Outlined In The User S Manual Developed By The Manufacturer. parts: All Needed Parts For Wear And Tear, Repairs, And Maintenance Conducted Are Covered. parts Exchange And Protection: All Parts Required For The Repair Of The System (excludes Instruments And Accessories) Are Covered. Preferred Pricing On Repairs Or Replacement Due To Accidental Damage. unscheduled Maintenance (emergency Repair Service): a. Contractor Shall Maintain The Equipment In Accordance With The Manufacturer S Specifications. The Contractor Shall Provide Repair Service Which May Consist Of Calibration, Cleaning, Oiling, Adjusting, Replacing Parts, And Maintaining The Equipment, Including All Intervening Calls Necessary Between Regular Services And Calibrations. All Required Parts Shall Be Furnished. b. The Cor Or Government Designated Representatives Are Authorized To Request And Approve Service Calls From The Contractor. c. Response Time: Contractor's Fse Must Respond With A Phone Call To The Cor Or Designated Representative Within 1 Hour After Receipt Of Telephoned Notification During Normal Hours Of Coverage. scheduled Maintenance: All Labor And Travel Conducted During Normal Business Hours: Monday Through Friday, 8:00 Am To 6:00pm Est (excludes Vendor Company Holidays) Are Covered. labor And Travel Expenses: All Labor And Travel Conducted During Normal Business Hours: Monday Through Friday, 8:00 Am To 6:00pm Est (excludes Vendor Company Holidays) Are Covered. service Manuals/tools/equipment: All Required Manuals, Tools, And Equipment For Repairs And Maintenance Conducted Are Covered And Are The Responsibility Of The Vendor. certified Trained Technicians And Key Personnel: The Scheduled Maintenance And Service Calls Shall Be Performed By Oem Trained Personnel In Accordance With The Agreement. Technicians Shall Include Fully Qualified Facility Service Engineers (fse) And A Fully Qualified Fse Who Will Serve As The Backup And Show Proof Of Competency, As Shown By Training Conducted On Said System. "fully Qualified" Is Based Upon Training And On Experience In The Field. For Training, The Fse(s) Has Successfully Completed A Formalized Training Program, For The Equipment Identified In This Statement Of Work. For Field Experience, The Fse(s) Has A Minimum Of Two Years Of Experience (except For Equipment Newly On The Market) With Respect To Scheduled And Unscheduled Preventive And Remedial Maintenance. Proof Of Training Shall Be Provided Upon Demand And Be Immediately Sent Via Fax, Upon Demand To The Cor. All Fse S And Technicians Shall Be Authorized By The Contractor To Perform The Maintenance Services. All Work Shall Be Performed By "fully Qualified" Competent Fse's. The Cor And/or Designated Representative Specifically Reserve The Right To Reject Any Of The Contractor's Personnel And Refuse Them Permission To Work On The Vamc Equipment. It Is Anticipated That Any Hospital Regulatory Inspections (tjc, Etc.) Will Have The Vendor Providing Proof That They Meet Industry Standards Of Quality, And Traceable Standards, As Used To Calibrate This Device- System, At The Time Of The Maintenance Event. check In Requirements: The Field Service Engineer Or Technicians Must Report To The Biomedical Engineering Department To Obtain A Badge And Sign In With The Biomedical Engineering Service Before Work Begins. Submit Any Mobile Media Devices That Would Be Used On The System To A Virus Scan. Upon Completion Of Work, The Field Service Engineer Must Report To The Biomedical Engineering Service To Sign Out And Brief Biomedical Staff Or Supervisor If Biomedical Staff Is Unavailable Concerning Completion Of Service. At The End Of Briefing Field Service Engineer Will Return The Badge And Sign Out In The Biomedical Engineering Department. documentation: Contractor Shall Furnish A Detailed Field Service Report Upon Completion Of Work To Biomedical Staff In The Biomed Department. Payment Will Not Be Processed Until A Properly Completed Service Report Is Received. The Service Report Shall Contain, At A Minimum, The Following Information: identification Of Equipment To Be Serviced: va Ee Number vendor Inventory Id Number manufacturer Name device Name model Number serial Number system Id name Of Contractor And Contract Number name Of Fse Who Performed Services contractor Service Esr Number/log Number date, Time (starting And Ending), Equipment Downtime And Hours On-site For Service Call va Purchase Order Number(s) Covering The Call If Outside Normal Working Hours total Time Spent Performing Maintenance. detailed Narrative And Itemized Description Of The Services Required And Performed Including: labor And Travel parts (with Part Numbers) materials location corrective Action copies Of All Test Reports complete List Of Parts Replaced (when Applicable) date And Time The Repair/support Was Completed total Cost To Be Billed (if Applicable I.e., Part(s) Not Covered, Or Service Rendered After Normal Hours Of Coverage). signatures: fse Performing Services Described authorized Va Employee Who Witnessed Service Described note: - Any Additional Charges Claimed Must Be Approved By The Cor Or Designated Representative Before Service Is Completed! the Service Report Shall Itemize Every Item In The Specification. Each Item Shall State The "as Found" Condition Or Values, The "calibrated To" Or "adjusted To" Values, The Factory Design Tolerances, And A Complete Description Of All Work Performed Concerning The Items. Included Will Be A List Of New Parts Used And Recommended Future Repairs. reporting Requirements: The Contractor Shall Be Required To Report To The Clinical Engineering Department To Log In. This Check- In Is Mandatory. When The Service Is Completed, The Fse Shall Document Services Rendered On A Legible Esr(s). The Fse Shall Be Required To Log Out With Biomedical Engineering And Submit The Esr(s) To The Cor Or Designated Representative. All Esrs Shall Be Submitted To The Equipment User For An "acceptance Signature" And To The Cor Or Designated Representative For An "authorization Signature". If Cor Or Designated Representative Is Unavailable, A Signed, Authorized Copy Of The Esr Will Be Left With The User. place Of Performance: va Connecticut Healthcare System west Haven Va Medical Center 950 Campbell Avenue west Haven, Ct 06516 contracting Officer Representatives: Prior To Contract Award, The Contracting Officer Shall Designate A Va Medical Center Employee As The Cor. All Work Coordination Shall Be Made Through The Cor. The Contractor Shall Be Provided A Copy Of The Letter Of Delegation Authorizing The Cor At The Commencement Of The Term Of The Contract. No Other Person Shall Be Authorized To Act In Such Capacity Unless Appointed In Writing By The Contracting Officer. safety Requirements: In The Performance Of This Contract, The Contractor Shall Take Such Safety Precautions As The Contracting Officer May Determine To Be Reasonably Necessary To Protect The Lives And Health Of Occupants Of The Building. The Contracting Officer Shall Notify The Contractor Of Any Safety Issues And The Action Necessary To Correct These Issues. Such Notice, When Served To The Contractor Or His Representative At The Work Site Shall Be Deemed Sufficient For The Corrective Actions To Be Taken. If The Contractor Fails Or Refuses To Comply Promptly, The Contracting Officer May Issue An Order Stopping All Or Part Of The Work And Hold The Contractor In Default. invoicing: Payment To Be Made Monthly In Arrears By Certified Invoices And Must Contain The Contract Number In Addition To The Requirements Detailed In 52.212-4 (g) To Be Considered Valid. All Invoices Shall Be Submitted To The Va Financial Service Center And Emailed To The Cotr. All Invoices Will Reference The Purchase Order Number Assigned To The Contract. additional Charges: There Shall Be No Additional Charge For Time Spent At The Site (during, Or After The Normal Hours Of Coverage) Awaiting The Arrival Of Additional Fse And/or Delivery Of Parts. transportation Charges: All Costs Associated With Transportation, From Shipping Point To The Destination Specified Above, And All Costs Of Removal After Contract Completion, Shall Be Paid By The Contractor And Incorporated In The Price Proposal. The Contractor Shall Be Responsible For All Damage In Transit Including Any Transportation Costs For Replacement. reporting Required Services Beyond The Contract Scope: The Contractor Shall Immediately, But No Later Than 24 (twenty-four) Consecutive Hours After Discovery, Notify The Cor And/or Designated Representative (in Writing) Of The Existence Or The Development Of Any Defects In, Or Repairs Required, To The Scheduled Equipment Which The Contractor Considers He/she Is Not Responsible For Under The Terms Of The Contract. The Contractor Shall Furnish To The Cor Or Designated Representative A Written Estimate Of The Cost To Make Necessary Repairs. condition Of Equipment: The Contractor Shall Accept Responsibility For The Equipment. Failure To Inspect The Equipment Prior To Contract Award Will Not Relieve The Contractor From Performance Of The Requirements Of This Contract. test Equipment: Prior To Commencement Of Work On This Contract, The Contractor Shall Provide The Vamc With A Copy Of The Current Calibration Certification Of All Test Equipment Which Is To Be Used By The Contractor On Vamc's Equipment. This Certification Shall Also Be Provided On A Periodic Basis When Requested By The Vamc. Test Equipment Calibration Shall Be Traceable To The Original Equipment Manufacture S Standard. identification, Parking, Smoking, And Va Regualtions: The Contractor's Fse's Shall Always Wear Visible Identification While On The Premises Of The Vamc. The Contractor Shall Park In The Appropriate Designated Parking Areas. Information On Parking Is Available From The Va Police Section. The Vamc Will Not Invalidate Or Make Reimbursement For Parking Violations Of The Contractor Under Any Conditions. Smoking Is Prohibited Inside Any Buildings At The Vamc. Possession Of Weapons Is Prohibited. Enclosed Containers, Including Tool Kits, Shall Be Subject To Search. Violations Of Va Regulations May Result In Citation Answerable In The United States (federal) District Court, Not A Local District, State, Or Municipal Court. training: The Contractor Shall Provide First Call Clinical Engineering Training For Current Qualified Technicians At The Vamc, Ct During Regular Service Hours Of Monday Through Friday From 8:00am 6:00 Pm Est. This Is Not An Ongoing Training And Will Only Be Provided On An Annual Basis As Required. All Training For Upgrades To Equipment Shall Be Considered Within Scope Throughout The Life Of The Contract. All Service And Repairs Are Performed By Oem Factory Certified Technicians. transportation Charges: All Costs Associated With Transportation, From Shipping Point To The Destination Specified Above, And All Costs Of Removal After Contract Completion, Shall Be Paid By The Contractor And Incorporated In The Price Proposal. The Contractor Shall Be Responsible For All Damage In Transit Including Any Transportation Costs For Replacement. complaince With Osha Bloodborne Pathogens Standard: The Contractor Shall Comply With The Federal/california Osha Bloodborne Pathogens Standard. The Contractor Shall: a. Have Methods By Which All Employees Are Educated As To Risks Associated With Bloodborne Pathogens. b. Have Policies And Procedures Which Reduce The Risk Of Employee Exposure To Bloodborne Pathogens. c. Have Mechanisms For Employee Counseling And Treatment Following Exposure To Bloodborne Pathogens. d. Provide Appropriate Personal Protective Equipment/clothing Such As Gloves, Gowns, Masks, Protective Eyewear, Mouthpieces For The Employee During Performance Of The Contract. miscellaneous: Additional Equipment May Be Added And/or Removed Throughout The Life Of This Contract And Shall Be Considered Within Scope. contractor Personnel Security Requirements: All Contractor Personnel Shall Obtain A Short-term Identification Badge Issued By The Cor Or Government Designated Representative. Such Badge Shall Be Worn By The Individual And Prominently Always Displayed While On Va Property. No Employee Of The Contractor Shall Enter The Project Site Without A Valid Identification Badge Issued By The Va. To Obtain A Short-term Identification Badge, Contractor Personnel Shall Present To The Cor A Valid (non-expired) Photo Identification Issued By A Us Federal, State, Or Local Government Agency. Escort Will Be Provided As Required In Sensitive Work Areas. The C&a Requirements Do Not Apply, And The Security Accreditation Package Is Not Required. The Identified Sole Source Vendor Shall Be Subject To The Federal Laws, Regulations, Standards, And Va Directives And Handbooks Regarding Information And Information System Security As Delineated In Standard Acquisition Guidelines. Per The Va Handbook 6500.6, No Va Sensitive Information Will Be Transferred, Shared, Or Stored With Vendor. As Such, No Additional Mechanisms Will Be Needed To Ensure The Protection Of Information. records Management Statement: a. Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion. b. In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation. c. In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data. d. Va Medical Center West Haven And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of The Va Medical Center West Haven Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To Va Medical Center West Haven. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. e. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To Va Medical Center West Haven Control Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). f. The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And Va Medical Center West Haven Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. g. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With Va Medical Center West Haven Policy. h. The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public Va Medical Center West Haven Information That Are Not Specifically Tied To Or Authorized By The Contract. i. The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act. j. The Va Medical Center West Haven Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which Va Medical Center West Haven Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. k. Training. All Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take Vha-provided Records Management Training, Talent Management System (tms) Item #3873736, Records Management For Records Officers And Liaisons. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training. vha Supplemental Contract Requirements For Ensuring Adequate Covid-19 Safety Protocols For Federal Contractors: contractor Employees Who Work In Or Travel To Vha Locations Must Comply With The Following: documentation Requirements: If Fully Vaccinated, Shall Show Proof Of Vaccination note: Acceptable Proof Of Vaccination Includes A Signed Record Of Immunization From A Health Care Provider Or Pharmacy, A Copy Of The Covid-19 Vaccination Record Card (cdc Form Mls-319813_r, Published On September 3, 2020), Or A Copy Of Medical Records Documenting The Vaccination if Unvaccinated And Granted A Medical Or Religious Exception, Shall Show Negative Covid-19 Test Results Dated Within Three Calendar Days Prior To Desired Entry Date. Test Must Be Approved By The Food And Drug Administration (fda) For Emergency Use Or Full Approval. This Includes Tests Available By A Doctor S Order Or An Fda Approved Over-the-counter Test. documentation Cited In This Section Shall Be Digitally Or Physically Maintained On Each Contractor Employee While In A Va Facility And Is Subject To Inspection Prior To Entry To Va Facilities And After Entry For Spot Inspections By Contracting Officer Representatives (cors) Or Other Hospital Personnel. Documentation Will Not Be Collected By The Va; Contractors Shall, At All Times, Adhere To And Ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And Personally Identifiable Information. contractor Employees Are Subject To Daily Screening For Covid-19 And May Be Denied Entry To Va Facilities If They Fail To Pass Screening Protocols. As Part Of The Screening Process Contractors May Be Asked Screening Questions Found On The Following Website: Covid-19 Screening Tool. Regularly Check The Website For Updates. contractor Employees Who Work Away From Va Locations, But Who Will Have Direct Patient Contact With Va Patients Shall Self-screen Utilizing The Covid-19 Screening Tool, In Advance Each Day That They Will Have Direct Patient Contact And In Accordance With Their Person Or Persons Who Coordinate Covid-19 Workplace Safety Efforts At Covered Contractor Workplaces. Contractors Shall, At All Times, Adhere To And Ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And Personally Identifiable Information. contractor Must Immediately Notify Their Cor Or Contracting Officer If Contract Performance Is Jeopardized Due To Contractor Employees Being Denied Entry Into Va Facilities. option To Extend Services (nov 1999): The Government May Require Continued Performance Of Any Services Within The Limits And At The Rates Specified In The Contract. These Rates May Be Adjusted Only As A Result Of Revisions To Prevailing Labor Rates Provided By The Secretary Of Labor. The Option Provision May Be Exercised More Than Once, But The Total Extension Of Performance Hereunder Shall Not Exceed 6 Months. The Contracting Officer May Exercise The Option By Written Notice To The Contractor Within 5 Days.

Details: Combined Synopsis-solicitation For Commercial Products And Commercial Services revision 01 effective: 05/30/2023 description this Is A Combined Synopsis/solicitation For Commercial Products And Services Prepared In Accordance With The Format In Federal Acquisition Regulation (far) Subpart 12.6, Streamlined Procedures For Evaluation And Solicitation For Commercial Products And Services, As Supplemented With Additional Information Included In This Notice. This Announcement Constitutes The Only Solicitation; Quotes Are Being Requested, And A Written Solicitation Document Will Not Be Issued. this Solicitation Is Issued As Rfq 36c24125q0290. The Solicitation Document And Incorporated Provisions And Clauses Are Those In Effect Through Federal Acquisition Circular 2025-03. the Associated North American Industrial Classification System (naics) Code For This Procurement Is Naics 811310 (commercial And Industrial Machinery And Equipment Repair And Maintenance) Sba Size Standard $12.5 Million. this Is Being Bid As A Vosb Set-aside. this Is A Solicitation For Va Connecticut Healthcare Systems (vachs) Requires The Periodic Evaluation And Preventative Maintenance For Two Chillers (#2 And #4) And 8 Water Pumps Located In Bldg. 16. Vachs, Requires The Contractor To Provide Services For All Labor, Transportation, And Expertise Necessary For Periodic Evaluation Of And Preventative Maintenance Required To Maintain Cooling Operations During The Summer Months (march Through October). The Full Sow Will Be Attached Below, Any Technical Questions Will Be Directed At Chris Metner (203) 932-5711 X2061. all Interested Companies Shall Provide Quotations For The Following: statement Of Work periodic And Preventative Chiller Maintenance background va Connecticut Healthcare Systems (vachs) Requires The Periodic Evaluation And Preventative Maintenance For Two Chillers (#2 And #4) And 8 Water Pumps Located In Bldg. 16. Vachs, Requires The Contractor To Provide Services For All Labor, Transportation, And Expertise Necessary For Periodic Evaluation Of And Preventative Maintenance Required To Maintain Cooling Operations During The Summer Months (march Through October). justification veterans Health Administration (vha) Seeks To Continue To Improve Operational Capabilities By Establishing Services That Result In Fewer Operational Problems, Improved Communications, Increased Efficiency Within The Facility And To Improve The Quality Of Services To Veterans. locations Of Services va Medical Center West Haven 950 Campbell Ave west Haven, Ct 06516 period Of Performance base Contract Period Shall Be 04/01/2025 03/31/2026. The Contract Will Also Contain The Provision For (3) Annual Option Years: option Year 1: 04/01/2026 03/31/2027 option Year 2: 04/01/2027 03/31/2028 option Year 3: 04/01/2028 03/31/2029 option Year 4: 04/01/2029 03/31/2030 qualifications vendor Shall Have Factory Certified Service/maintenance Technicians That Have Been Trained To Perform Original Equipment Manufacturer (oem) Specific Periodic Maintenance Actions On The Equipment Outlined In This Statement Of Work. To Be Eligible For Consideration, The Vendor Shall Have A Field Service Representative Located Within 200 Miles Of The Newington Campuses Of The Va Connecticut Healthcare System. scope Of Work the Vendor Shall Provide All Labor, Specialized Services, And Travel Necessary For Periodic Evaluations And Preventative Maintenance As Outlined By The Equipment Specific Oem. Work Shall Occur During Regular Business Hours Between 7:00 A.m. 4:30 P.m. Or As Coordinated With The Cor And/or Appropriate Fms Poc. Vendor To Provide Full Report Detailing The Results Of Evaluations And Preventative Maintenance Performed No More Than 10 Working Days After The Completion Of The Work. Vendor Shall Have Technicians Available For 24-hour Emergency Maintenance Response. Vendor Shall Respond To Emergencies Within 2 Hours During Normal Business Hours Between 7:00 A.m. 5:00 P.m. Or Within 4 Hours During Off Business Hours 5:00 P.m. 7:00 A.m. And During Observation Of Federal Holidays. objectives 1. The Periodic Maintenance Shall Be In Conformance With The Following Standards/codes/specifications To Include But Not Limited To: a. Oem Specifications And Maintenance Manuals On Recommended Services b. Dept. Of Veterans Affairs Hvac Design Manual Pg-18-10. c. Dept. Of Veterans Affairs Master Construction Specification Division 23 Packaged Water Chillers Section 23 64 00. 2. The Contractor Will Be Responsible For Coordinating, Scheduling, And Reporting All Work-related Activities. The Responsibilities Shall Include But Are Not Limited To The Following: a. Annual Start-up (march, Or April Per Determination Of Vachs Fms) b. Cooling Season Start-up Preparation And Inspection For Chillers #2 And #4. c. Operating Season Inspections And Preventative Maintenance For Chillers #2 And #4. d. The Annual Equipment Shutdown, Inspection, And Preventative Maintenance Of Chillers #2 And #4. e. Cooling Season Start-up Preparation And Inspection Of Chilled Water Pumps And Condenser Pumps. f. Operating Season Inspections And Preventative Maintenance For Pumps. g. Annual Shutdown Inspection And Preventative Maintenance For Pumps. h. Cooling Season Start-up Preparation And Inspection For The Cooling Tower. i. Operating Season Inspections And Preventative Maintenance For The Cooling Tower. j. The Annual Equipment Shutdown, Inspection, And Preventative Maintenance Of The Cooling Tower. k. Water Treatment And Periodic System Water Tests. a. Clean And Calibrate Control And Feed Equipment. b. Perform A Corrosion Coupon Study If Necessary. c. Manage Water Treatment Inventory And Deliver Product To All Points Of Use And/or Transfer To Any Base Tanks. d. Provide A Written Report With The Results Of Each Water Test And Provide A summary Of Corrective Actions To Water Treatment Plan When Necessary. l. Calibrate And Verify Accuracy Of Flow Meters. m. Annual Shutdown (nov Or Dec.- Per Determination Of Vachs Fms) 4. Additional Items In Need Of Rework/repair That Are Identified During The Scope Of The Work Outlined Above Shall Be Reported Via Email And By Phone Or In Person Nlt Eod On The Day Of Discovery. 5. Coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With Fms Va Cor/maintenance & Operations. 6. Coordinate All Confined Space Entry With Va Safety Department And Fms Va Cor/maintenance & Operations. 7. Protect All Equipment In Place During Work Activities. 8. Contractor Shall Provide A Full Report Detailing All Maintenance Activities Performed For Each Visit, The Names Of Individuals Performing The Maintenance, And A Summary Of Any Notable Concerns That Can Otherwise Impair The Functionality Of The Equipment. 9. Work Hours For Service And Corrective Maintenance Shall Be As Follows, Unless Otherwise Requested/approved By The Cor Or Appropriate Va Representative: a. 7:00 A.m. To 5:00 P.m., Monday Through Friday. submittals/deliverables 1. Prior To The Start Of Work, The Specifications Shall Require The Contractor To Develop And Submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To: a. Job Hazard Analysis (jha) / Activity Hazard Analysis (aha) b. Acknowledgement Of Va Loto Requirements (attachment C) And Contractor Loto Policy. 2. The Contractor Shall Submit Any Waste Manifest Documents As Applicable With Final Reports. 3. Subcontracting Of Any Ensuing Award Of This Solicitation Shall Not Be Allowed Without Written Permission Of The Contracting Officer. Service Response On Calls From Unauthorized Personnel Could Result In Non-payment. special Instructions 1. Subcontracting Of Any Ensuing Award Of This Solicitation Shall Not Be Allowed Without Written Permission Of The Contracting Officer. Service Response On Calls From Unauthorized Personnel Could Result In Non-payment. 2. Federal Holidays Observed By The Department Of Veterans Affairs Are As Follows: new Years Labor Day mlk Day Columbus Day presidents Day Veterans Day memorial Day Thanksgiving Day juneteenth Christmas Day independence Day 3. Contractor Check-in: All Employees Of The Service Provider Shall Comply With Va Security Management Program And Obtain Permission Of The Va Police And Restricted From Unauthorized Access. Upon Arrival, The Contractor Shall Sign-in At Building 15, Fms Office In West Haven, Or Building 3, 3rd Floor, Fms Office In Newington, And/or Receive A Temporary Identification Badge Prior To Performing Services At Va Connecticut Healthcare System. The Contractor Shall Wear Visible Identification Always Displaying The Name And Company Id While On Site. All Site Visits Shall Be Coordinated With The Va Cor. a. The Contracting Officer (co), Contracting Officer S Representative (cor), And/or Project Manager (pm) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided. 4. Per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees. 5. No Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time. 6. Va Reserves The Right To Close Down Or Shut Down The Facilities And Order Service Provider Employees Off The Premises In The Event Of A National Emergency. The Service Provider May Return To The Site Only With The Written Approval Of The Va Contracting Officer. 7. Prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives. 8. Prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021. 9. Parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor. 10. The Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others. 11. Billing: Provide Cor And/or Pm With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report. records Management Statement 1. Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion. 2. In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation. 3. In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data. 4. Va Medical Center West Haven And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of The Va Medical Center West Haven Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To Va Medical Center West Haven. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. 5. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To Va Medical Center West Haven Control, Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). 6. The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And Va Medical Center West Haven Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. 7. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With Va Medical Center West Haven Policy. 8. The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public Va Medical Center West Haven Information That Are Not Specifically Tied To Or Authorized By The Contract. 9. The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act. 10. The Va Medical Center West Haven Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which Va Medical Center West Haven Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.22720.training. All Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take Vha-provided Records Management Training, Talent Management System (tms) Item #3873736, Records Management For Records Officers And Liaisons. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training. safety Codes / Certification / Licensing the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In Va Repair Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor Shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses Shall Be Included In The Reports. travel vendor Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System. terms And Conditions 1. User Responsibility: The Contractor Shall Not Be Held Responsible Under The Terms Of This Contract For Repairs To Equipment Necessitated By User Abuse And/or Misuse Of Equipment. 2. All Work Is Subject To Inspection, Review And Approval By The Boiler Plant Supervisor, Utility System Supervisor, Chief M&o, Chief Engineer, And/or Their Designees evaluation Process award Shall Be Made To The Best Value, As Determined To Be The Most Beneficial To The Government. Please Read Each Section Below Carefully For The Submittals And Information Required As Part Of The Evaluation. Failure To Provide The Requested Information Below Shall Be Considered Non-compliant And Your Quote Could Be Removed From The Evaluation Process. offeror Quotes Shall Be Evaluated Under Far Part 13.106-2(b) -- Evaluation Of Quotations Or Offers. Therefore, The Government Is Not Obligated To Determine A Competitive Range, Conduct Discussions With All Contractors, Solicit Final Revised Quotes, And Use Other Techniques Associated With Far Part 15. The Contracting Techniques Associated With Far Part 15 Are Not Mandatory. the Government Shall Award A Contract Resulting From This Solicitation To The Responsible Offeror Whose Offer Conforming To The Solicitation Shall Be Most Advantageous To The Government, Price And Other Factors Considered. The Following Factors Shall Be Used To Evaluate Offers:â  price (follow These Instructions): offeror Shall Complete The Attached Price Schedule, With Offerors Proposed Contract Line-item Prices Inserted In Appropriate Spaces.â  ensure Your Representations And Certifications Are Complete In The System For Award Management (sam)( Https://www.sam.gov). Otherwise, You Will Need To Fill Out Solicitation Clause 52.212-3 "offeror Representation And Certifications -commercial Items And Submit With The Quote. Federal Acquisition Regulations Require That Federal Contractors Register In The Sam Database At Http://www.sam.gov And Enter All Mandatory Information Into The System. Award Cannot Be Made Until The Contractor Has Registered. Offerors Are Encouraged To Ensure That They Are Registered In Sam Prior To Submitting Their Quotation. past Performance: provide (3) References Of Work, Similar In Scope And Size With The Requirement Detailed In The Statement Of Work. References Must Include Contact Information; Brief Description Of The Work Completed, And Contract # (if Relevant).â  Please Utilize Attachment 1 Past Performance Worksheet For Your References And Please Submit As Part Of Your Quote Submission. References May Be Checked By The Contracting Officer To Ensure Your Company Can Perform The Statement Of Work. The Government Also Reserves The Right To Obtain Information For Use In The Evaluation Of Past Performance From All Sources. technical: The Offeror S Quote Shall Be Evaluated To Determine If The Organization Has The Experience And Capabilities To Provide The Requested Services Iaw The Statement Of Work In A Timely Efficient Manner.â  contractor Shall Demonstrate Their Corporate Experience And Approach To Meet All Requirements Stated In The Statement Of Work. contractor Shall Demonstrate That Their Technicians Meet The Qualification Standards Stated In The Statement Of Work. contractor Shall Provide All Current And Relevant Or License(s) To Include Manufacture Training Certificate Etc. if You Are Planning To Sub-contract Some Or All Of This Work, Please Provide The Name And Address(s) Of All Subcontractor(s) (if Applicable) And A Description Of Their Planned Subcontracting Effort. 4. Veterans Preference Factor (per 852.215-70): The Government Will Assign Evaluation Credit For An Offeror (prime Contractor) Which Is A Service-disabled Veteran-owned (sdvosb) Or A Veteran-owned Small Business (vosb). Non-sdvosb/vosb Offerors Proposing To Use Sdvosbs Or Vosbs As Subcontractors Will Receive Some Consideration Under This Evaluation Factor. a. For Sdvosbs/vosbs: In Order To Receive Credit Under This Factor, An Offeror Shall Submit A Statement Of Compliance That It Qualifies As A Sdvosb Or Vosb In Accordance With Vaar 852.215-70, Service-disabled Veteran-owned And Veteran-owned Small Business Evaluation Factors . Offerors Are Cautioned That They Must Be Registered And Verified In Vendor Information Pages (vip) Database (http://www.vetbiz.gov). verified Sdvosbs Will Receive A 5% Price Credit (e.g. If A Sdvosb Submits An Offer Of $100.00, It Will Be Evaluated As If It Submitted An Offer Of $95.00). ii. Verified Vosbs Will Received A 2.5% Price Credit (e.g. If A Vosb Submits An Offer Of $100.00, It Will Be Evaluated As If It Submitted An Offer Of $97.50). the Full Text Of Far Provisions Or Clauses May Be Accessed Electronically At Http://acquisition.gov/comp/far/index.html. (x) Please Include A Completed Copy Of The Provision At 52.212-3, Offeror Representations And Certifications -- Commercial Items, With Your Offer Via The Sam.gov Website Or A Written Copy. (xi) Clause 52.212-4, Contract Terms And Conditions -- Commercial Items, Applies To This Acquisition In Addition To The Following Addenda S To The Clause: 52.252-2 Clauses Incorporated By Reference (feb 1998), 52.203-17 Contractor Employee Whistleblower Rights And Requirement To Inform Employees Of Whistleblower Rights (jun 2020), 52.204-4 Printed Or Copied Double-sided On Postconsumer Fiber Content Paper (may 2011), 52.204-13 System For Award Management Maintenance (oct 2018), 52.204-18 Commercial Government Entity Code Maintenance (aug 2020), 52.217-9 Option To Extend The Term Of The Contract (mar 2000), 52.228-5 Insurance-work On A Government Installation (jan 1997), 52.232-40 Providing Accelerated Payments To Small Business Subcontracting (dec 2013), 852.212-70 Provisions And Clauses Applicable To Va Acquisitions Of Commercial Items (apr 2020) 852.203-70 Commercial Advertising 852.219-74, Va Notice Of Total Service-disabled Veteran-owned Small Business Set-aside 852.232-72 Electronic Submissions Of Payment Requests 852.233-70 Protest Content/alternative Dispute Resolution 852.233-71 Alternate Protest Procedure 852.270-1 Representatives Of Contracting Officers 852.219-74 Limitations On Subcontracting Monitoring And Compliance (jul 2018) as Prescribed In 819.7203(a) Insert The Following Clause: (a) This Solicitation Includes 852.219-74, Va Notice Of Total Service-disabled Veteran-owned Small Business Set-aside, (b) Accordingly, Any Contract Resulting From This Solicitation Is Subject To The Limitation On Subcontracting Requirements In 13 Cfr 125.6. The Contractor Is Advised That In Performing Contract Administration Functions, The Contracting Officer May Use The Services Of A Support Contractor(s) Retained By Va To Assist In Assessing The Contractor S Compliance With The Limitations On Subcontracting Or Percentage Of Work Performance Requirements Specified In The Clause. To That End, The Support Contractor(s) May Require Access To Contractor S Offices Where The Contractor S Business Records Or Other Proprietary Data Are Retained And To Review Such Business Records Regarding The Contractor S Compliance With This Requirement. (c) All Support Contractors Conducting This Review On Behalf Of Va Will Be Required To Sign An Information Protection And Non-disclosure And Disclosure Of Conflicts Of Interest Agreement To Ensure The Contractor S Business Records Or Other Proprietary Data Reviewed Or Obtained In The Course Of Assisting The Contracting Officer In Assessing The Contractor For Compliance Are Protected To Ensure Information Or Data Is Not Improperly Disclosed Or Other Impropriety Occurs. (d) Furthermore, If Va Determines Any Services The Support Contractor(s) Will Perform In Assessing Compliance Are Advisory And Assistance Services As Defined In Far 2.101, Definitions, The Support Contractor(s) Must Also Enter Into An Agreement With The Contractor To Protect Proprietary Information As Required By Far 9.505-4, Obtaining Access To Proprietary Information, Paragraph (b). The Contractor Is Required To Cooperate Fully And Make Available Any Records As May Be Required To Enable The Contracting Officer To Assess The Contractor S Compliance With The Limitations On Subcontracting Or Percentage Of Work Performance Requirement. (end Of Clause) 852.219-77 Va Notice Of Limitations On Subcontracting Certificate Of Compliance For Services And Construction. as Prescribed In 819.7009(c) Insert The Following Clause: va Notice Of Limitations On Subcontracting Certificate Of Compliance For Services And Construction (sep 2021) (deviation) (a) Pursuant To 38 U.s.c. 8127(k)(2), The Offeror Certifies That (1) If Awarded A Contract (see Far 2.101 Definition), It Will Comply With The Limitations On Subcontracting Requirement As Provided In The Solicitation And The Resultant Contract, As Follows: [contracting Officer Check The Appropriate Box Below Based On The Predominant Naics Code Assigned To The Instant Acquisition As Set Forth In Far 19.102.] (i) [x] Services. In The Case Of A Contract For Services (except Construction), The Contractor Will Not Pay More Than 50% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Vip-listed Subcontractor Further Subcontracts Will Count Towards The 50% Subcontract Amount That Cannot Be Exceeded. Other Direct Costs May Be Excluded To The Extent They Are Not The Principal Purpose Of The Acquisition And Small Business Concerns Do Not Provide The Service As Set Forth In 13 Cfr 125.6. (ii) [ ] General Construction. In The Case Of A Contract For General Construction, The Contractor Will Not Pay More Than 85% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Vip-listed Subcontractor Further Subcontracts Will Count Towards The 85% Subcontract Amount That Cannot Be Exceeded. Cost Of Materials Are Excluded And Not Considered To Be Subcontracted. (iii) Special Trade Construction Contractors. In The Case Of A Contract For Special Trade Contractors, The Contractor Will Not Pay More Than 75% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Subcontractor Further Subcontracts Will Count Towards The 75% Subcontract Amount That Cannot Be Exceeded. Cost Of Materials Are Excluded And Not Considered To Be Subcontracted. (2) The Offeror Acknowledges That This Certification Concerns A Matter Within The Jurisdiction Of An Agency Of The United States. The Offeror Further Acknowledges That This Certification Is Subject To Title 18, United States Code, Section 1001, And, As Such, A False, Fictitious, Or Fraudulent Certification May Render The Offeror Subject To Criminal, Civil, Or Administrative Penalties, Including Prosecution. (3) If Va Determines That An Sdvosb/vosb Awarded A Contract Pursuant To 38 U.s.c. 8127 Did Not Act In Good Faith, Such Sdvosb/vosb Shall Be Subject To Any Or All Of The Following: (i) Referral To The Va Suspension And Debarment Committee; (ii) A Fine Under Section 16(g)(1) Of The Small Business Act (15 U.s.c. 645(g)(1)); And (iii) Prosecution For Violating Section 1001 Of Title 18. (b) The Offeror Represents And Understands That By Submission Of Its Offer And Award Of A Contract It May Be Required To Provide Copies Of Documents Or Records To Va That Va May Review To Determine Whether The Offeror Complied With The Limitations On Subcontracting Requirement Specified In The Contract. The Contracting Officer May, At Their Discretion, Require The Contractor To Demonstrate Its Compliance With The Limitations On Subcontracting At Any Time During Performance And Upon Completion Of A Contract If The Information Regarding Such Compliance Is Not Already Available To The Contracting Officer. Evidence Of Compliance Includes, But Is Not Limited To, Invoices, Copies Of Subcontracts, Or A List Of The Value Of Tasks Performed. (c) The Offeror Further Agrees To Cooperate Fully And Make Available Any Documents Or Records As May Be Required To Enable Va To Determine Compliance With The Limitations On Subcontracting Requirement. The Offeror Understands That Failure To Provide Documents As Requested By Va May Result In Remedial Action As The Government Deems Appropriate. (d) Offeror Completed Certification/fill-in Required. The Formal Certification Must Be Completed, Signed, And Returned With The Offeror S Bid, Quotation, Or Proposal. The Government Will Not Consider Offers For Award From Offerors That Do Not Provide The Certification, And All Such Responses Will Be Deemed Ineligible For Evaluation And Award. i Hereby Certify That If Awarded The Contract, [insert Name Of Offeror] Will Comply With The Limitations On Subcontracting Specified In This Clause And In The Resultant Contract. I Further Certify That I Am Authorized To Execute This Certification On Behalf Of [insert Name Of Offeror]. printed Name Of Signee: _________________________________ printed Title Of Signee: ________________________________ signature: ______________________________________________ date: ___________________________________________________ company Name And Address: _____________________________________________________________________________________ (end Of Clause) 852.242-71 Administrative Contracting Officer. as Prescribed In 842.271, Insert The Following Clause: administrative Contracting Officer (oct 2020) the Contracting Officer Reserves The Right To Designate An Administrative Contracting Officer (aco) For The Purpose Of Performing Certain Tasks/duties In The Administration Of The Contract. Such Designation Will Be In Writing Through An Aco Letter Of Delegation And Will Identify The Responsibilities And Limitations Of The Aco. A Copy Of The Aco Letter Of Delegation Shall Be Furnished To The Contractor. (end Of Clause) (xii) Clause At 52.212-5, Contract Terms And Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items, Applies To This Acquisition And In Addition To The Following Far Clauses Cited, Which Are Also Applicable To The Acquisition: 52.203-6, 52.204-10, 52.209-6, 52.219-4, 52.219-8, 52.219-6, 52.219-28, 52.222-3, 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.222-40, 52.222-50, 52.223-18, 52.225-3, 52.225-13, 52.232-33, 52.222-41 (wage Determination West Haven And Newington Vamc Wd 2015-4127 And 2015-4119 (rev-28), 52.222-42, 52.222-43, 52.222-55, 52.222-6 (xiii) All Contract Requirement(s) And/or Terms And Conditions Are Stated Above. (xiv) The Defense Priorities And Allocations System (dpas) And Assigned Rating Are Not Applicable To This Requirement. (xv) Rfq Questions Are Due Nlt 03/12/2025 At 17:00 Pm Est. Rfq Responses Are Due Nlt 03/14/2025 At 17:00 Pm Est. Rfq Responses Must Be Submitted Via Email With Rfq #36c24125q0290 In The Subject Line To: Nathan.langone@va.gov Hand Deliveries Shall Not Be Accepted. (xvi) The Poc Of This Solicitation Is Nathan Langone (nathan.langone@va.gov)

Details: Combined Synopsis-solicitation For Commercial Products And Commercial Services revision 01 effective: 05/30/2023 description this Is A Combined Synopsis/solicitation For Commercial Products And Services Prepared In Accordance With The Format In Federal Acquisition Regulation (far) Subpart 12.6, Streamlined Procedures For Evaluation And Solicitation For Commercial Products And Services, As Supplemented With Additional Information Included In This Notice. This Announcement Constitutes The Only Solicitation; Quotes Are Being Requested, And A Written Solicitation Document Will Not Be Issued. this Solicitation Is Issued As Rfq 36c24125q0373. The Solicitation Document And Incorporated Provisions And Clauses Are Those In Effect Through Federal Acquisition Circular 2025-06. the Associated North American Industrial Classification System (naics) Code For This Procurement Is Naics 238220 (plumbing, Heating, And Air-conditioning Contractors) Sba Size Standard $19 Million. this Is Being Posted As A Sdvosb Set-aside. this Is A Solicitation For Va Connecticut Healthcare Systems (vachs). They Require Periodic Testing And Treatment Of Boiler Feed Water Supply. Vachs, Requires The Vendor To Provide Services For All Labor, Transportation, Equipment, Materials, And The Expertise Necessary For The Periodic Evaluation Of And Maintenance Of Feed Water Supply To 5 Boilers In West Haven, And 3 Boilers In Newington. The Full Sow Will Be Attached Below, Any Technical Questions Will Be Directed At Chris Metner 203-932-5711 X3817. all Interested Companies Shall Provide Quotations For The Following: statement Of Work boiler Plant Water Treatment & Testing background va Connecticut Healthcare Systems (vachs) Requires The Periodic Testing And Treatment Of Boiler Feed Water Supply. Vachs, Requires The Vendor To Provide Services For All Labor, Transportation, Equipment, Materials, And The Expertise Necessary For The Periodic Evaluation Of And Maintenance Of Feed Water Supply To 5 Boilers In West Haven, And 3 Boilers In Newington. justification chemical Water Treatment Of Boilers Is Necessary For Longevity Of Equipment And Efficiency Of Performance. Boiler Maintenance Is Critical To Maintaining A Functional Clinical Operating Environment. locations Of Services va Medical Center West Haven 950 Campbell Ave west Haven, Ct 06516 newington Va Medical Center 555 Willard Ave newington, Ct 06111 qualifications the Vendor Shall Have Been In Business At Least Five Years Providing Chemical Treatment Of Boiler Plant And Steam Distribution Systems Similar In Design And Annual Steam Production Rates To That Of The Va Facility. one Water Treatment Specialist Shall Be Assigned To This Contract. The Water Treatment Specialist Shall Have At Minimum Five Years Experience With Boiler Water Treatment Programs. the Water Treatment Specialist Assigned Must Be Located Within 100 Miles Of The Site To Enable Reasonable Response Times To Request For Site Visits. the Contractor Shall Operate (or Continuously Maintain A Contract With) A State Certified Laboratory To Perform Complete Scientific Analyses Of Water Chemistry, Deposits, Metallic Materials Affected By Corrosion And Provide Recommendations For Correction Of Problems Related To The Chemical And Mechanical Water Treatment Program. A Professional Chemist Shall Supervise The Laboratory. scope Of Work the Vendor Shall Provide All Labor, Materials, Specialized Services, And Travel Necessary For Evaluation And Treatment Of Boiler Feed Water. the Vendor Shall Include An Additional Line Item For A Total Of $5,000 Per Period Of Performance To Account For Any Additional Chemicals And Labor Associated With Boiler Feedwater Treatments, And Emergency Responses. the Vendor Shall Include Charges For New Feedwater Chemical Treatment Equipment On The Base Year Quote, And Each Year Following Shall Include The Estimate For Chemicals, And Labor Associated With The Objectives Outlined Below. work Shall Occur During Regular Business Hours Between 7:00 A.m. 4:30 P.m. Or As Coordinated With The Cor And/or Appropriate Fms Poc. Vendor To Provide Full Report Detailing The Products Used As Well As The Results Of Feedwater Testing And Any Adjustments Made To The Treatment Plan As A Result Of Feedwater Water Analysis. vendor Shall Provide Emergency Response, Including A Site Visit If Requested, Within 4 Hours Of Request, 24 Hours A Day, And 365 Days Per Year. Maintain A Toll-free (800) Telephone Number And Email And Pager System For 24-hour Access. objectives 1. The Feedwater Treatment Plan Shall Be In Conformance With The Following Standards/codes/specifications To Include But Not Limited To: A. Vha Boiler Directive 1810. B. Dept. Of Veterans Affairs Master Construction Specification Division 23 Hvac Water Treatment Section 23 25 00, Para 2.2: Chemical Treatment For Closed Loop Systems. C. Federal Department Of Agriculture (fda): Cfr 21, 173.310, Boiler Water Additives Permitted In Plants Where Steam Contacts Food. 2. The Contractor Will Be Responsible For Coordinating, Scheduling, And Reporting All Work-related Activities. The Responsibilities Shall Include But Are Not Limited To The Following: a. Chemicals And Testing Supplies i. The Vendor Shall Provide All Chemicals, Test Kits, Test Reagents, Corrosion Coupons, And Instructional Materials As Necessary To Comply With All Contract Requirements. Deliver To The Boiler Plant Supervisor Or His/her Designate. ii. Chelating Chemicals Are Not Permitted. iii. All Chemicals Utilized Shall Conform To Fda Guidelines; In Addition, In Addition, The Chemicals Shall Conform To All Local, State, And Federal Government Regulations On Water Pollution And Have Appropriate Epa Registration. The Vactmc Utilizes Boiler Steam For Food Preparation And For Humidification. iv. Furnish On Site Chemical Storage Containers With Secondary Containment When Needed. Provide Bulk Delivery Service, Which Delivers The Chemicals Directly Into The Onsite Storage Containers With No Assistance Necessary From Va Employees Other Than To Provide Access, All Spills, Shall Be Reported To Va Employees, All Personal Shall Have And Use Personal Protective Equipment (ppe) When Transferring Or Handling Chemicals. v. All Existing Chemicals, Which Are Suitable For The Contract Program, Shall Be Utilized Prior To The Use Of Any New Chemicals, Tanks Shall Be Pumped Down Empty, And Cleaned Before New Chemicals Are Introduced To The Tank Or System. vi. Submit Msds, Sds Sheets For All Chemicals, Test Kits Or Replacements Utilized During The Performance Of Services Under This Contract. The Msds, Sds Sheets Shall Accompany All Delivery Of The Chemicals, In Place At The Holding Tanks; Copies Shall Be Given To Both Boiler Plant Supervisors And To The Contracting Officer Representative (cor). vii. All Chemical Containers Shall Be Labeled With Complete Information On Contents And Shall Be Returnable. Containers With Missing Labels Shall Be Removed From The Site. All Containers Remain The Property Of The Contractor And Shall Be Immediately Removed From; The Site When They Are No Longer Needed At The Site. b. Performance Requirements: i. Total Hardness In Feed Water Shall Be Less Than One {1} Part Per Million (ppm). Advise Va Personnel On Proper Softener Monitoring And Operation. ii. Dissolved Oxygen In The Feed Water Shall Be Seven {7} Parts Per Billion (ppb) Maximum With Oxygen Scavenger Treatment Temporarily Suspended. If It Exceeds Twelve {12} Ppb, Provide Recommendation To Boiler Plant Supervisor That Deaerator Shall Be Inspected And Repaired. iii. Prevent Embrittlement Of Boiler Pressure Vessels. iv. Condition The Boiler Sludge To Obtain Effective Bottom Blow Off. v. Boiler Residual Of Sodium Sulfite, 30-60 Ppm. vi. Boiler Phosphate Residual, 20-40 Ppm. vii. Total Dissolved Solids (tds) In Boilers As High As Possible, But Not To Exceed 4000 Ppm. viii. Total Alkalinity In Boilers 800 Ppm Maximum (1/5 X Solids Tds). ix. Maximum Suspended Solids In Boilers 350 Ppm, Maximum Silica 250 Ppm. x. Boiler Polymer Dispersant Residual As Recommended By Supplier. xi. There Shall Be No Pitting Corrosion. xii. There Shall Be No Scale And Deposit Formation In The Boilers. xiii. Moisture Content Of The Steam Shall Not Exceed One Percent. Perform Condensate Conductivity Tests At A Steam Trap Near The Boiler Steam Outlet (at A Point With No Amines) To Evaluate The Moisture Content Of The Steam. If Necessary, Utilize An Antifoam Agent To Limit Solids Carryover In The Steam From The Boilers And To Control Boiler Priming, Foaming, And Misting. xiv. Control Boiler Water Chemistry To Minimize Blowdown And Thus Improve Efficiency. xv. Provide Steam Amine Treatment To Provide Condensate Ph Of 8.0 8.5 At Each Condensate Receiver Throughout The Facility And In The Condensate Storage Tank In The Boiler Plant. Feed The Amines Into The Boilers Instead Of The Steam Header To Achieve Even Dispersal Throughout The Distribution System. xvi. Control Corrosion Rates. Steel Corrosion Rates Shall Be Less Than 2.0 Mils Per Year. Copper Corrosion Rates Shall Be Less Than 0.2 Mils Per Year. xvii. Establish Layer Of Magnetic Iron Oxide (black Or Dark Gray In Color) On All Steel Surfaces As A Corrosion Barrier. c. On-site Services: i. Provide Complete Written Instructions, Supplemented By Oral Instructions And Demonstrations, To All Boiler Plant Personnel For Their Performance Of Routine Water Tests And For Feeding The Chemicals Into The Systems. The Instructions Shall Cover All Aspects Of Safe Chemical Handling And Safe And Accurate Testing, And Proper Chemical Feed Quantities, And Methods To Suit The Plant Operating Parameters, And Water Treatment Performance Requirements, And That All Testing Materiel Reflect The New Product, Copies Shall Be Given To Boiler Plant Supervisors And Cor. ii. Provide Three Two-hour Training Sessions Within Two Months Of The Start Of A New Contract. The First Session Shall Be Within One Week Of The Start Of The Contract. Provide One Two- Hour Training Session Every Six Months After The Contract Has Been In Force For Six Months, To Ensure All Boiler Plant Operators Have Been Instructed And A Training Log Kept. All Training Courses Shall Take Place At The Va Facility And At A Date And Time Mutually Acceptable To The Vendor And Va. iii. Perform The Following Tests Monthly, Provide Complete Written Reports With All Test Results And Or Recommendations, Chemical Usage And Or Reorders, Test Kits Ordered Or Changes Made, And Review Reports With Plant Supervisor, Copy S Shall Be Sent To Cor For Records. 1. Condensate Return Systems: Ph, Hardness, Dissolved Iron And Copper, Total Dissolved Solids (conductivity), Amine. Condensate Conductivity At A Steam Trap Near The Boiler Steam Outlet. Test The Condensate For Ph At Representative Samples Of Condensate Receivers Throughout The Facility At Least Twice Per Year. Vary The Sample Sites Every Year. 2. Make-up Water Including Soft Water, Ph, Alkalinity, And Hardness, Total Dissolved Solids, Suspended Solids, And Silica. 3. Boiler Feed Water: Dissolved Oxygen, Ph, Alkalinity, Hardness, Total Dissolved Solids, Suspended Solids, And Silica. Feed Water Dissolved Oxygen Shall Be Tested Twice Per Year With Oxygen Scavenger Chemical Treatment Temporarily Suspended So That Feed Water Deaerator Performance Can Be Evaluated. 4. Boiler Water: Total Dissolved Solids, Suspended Solids, Sulfite, Phosphate, And Alkalinity. 5. Continuous Blowdown Systems: Check Calibration And Settings Monthly. 6. Chemical Feed Systems: Advise Plant Personals And Supervisor On Adjustments To Maintain Proper Chemical Dosage And Feed Rates And Blowdown Rates. iv. Visit The Plant Weekly During The First Two Months Of The Contract. After Two Months, Visit The Plant Monthly, Perform Tests Listed Above, And Review Daily Logs Of Tests Performed By Boiler Plant Personnel. Discuss The Test Results With The Plant Supervisor. Provide Recommendations On Treatment Methods And Consult On Boiler Plant, Steam, And Condensate Distribution Systems Problems As Requested. Send Water Samples To The Laboratory As Necessary To Resolve Problems And Questions. Make Additional Visits At The Request Of The Plant Supervisor To Address Potential Problems. v. Conduct Waterside Inspection Of Boilers, Feed Water Deaerator, And Condensate Storage Tank At Least Once Per Year. Boiler And Feed Water Deaerator Inspection To Coincide With The Inspection By The Qualified Professional Inspector (boiler Inspector). Coordinate Inspection With Cor And/or Boiler Plant Supervisor. Va Personnel Shall Prepare Equipment For Inspection. vi. Provide Recommendations On Wet And Dry Boiler Lay-up Procedures, Including Monitoring, Of Boilers Not In Service. vii. Provide Recommendations On Proper Operation Of Continuous Boiler Blowdown Systems And Boiler Bottom Blow Off Procedures. viii. Test Corrosion Coupons From Condensate Lines Once Per Year And Provide Report. Va Personnel Shall Install, Remove, And Deliver The Coupons To The Water Treatment Specialist. ix. Any Deficiencies Or Problems Noted With Va Test Results Or With The Water Treatment Specialist S Test, Results Are To Be Reported Immediately To The Boiler Plant Supervisor And The Cor. If Problems Are Found, Corrective Actions Shall Be Recommended Immediately, Chemicals Provided As Necessary, And Tests Performed As Necessary To Confirm That Desired Results Are Achieved. d. Va Boiler Plant Staff Responsibilities: i. The Plant Personnel Shall Perform Routine Testing For Chemical Residuals, Conductivity, Hardness, Alkalinity, Ph, Chloride, Silica, Iron And Copper, And Other Tests As Recommended By The Water Treatment Specialist. e. Administrative Requirements: i. All On Site Work Is To Be Coordinated With The Boiler Plant Supervisor At Least Seven (7) Days Prior To Performance Of Services. ii. Situations Requiring More Frequent Analysis And/or Special Testing Other Than The Specified Requirements May Arise. Do Not Perform Any Extra Cost Work Without Written Authorization From The Cor. A Separate Purchase Order Will Be Issued To Cover The Costs Associated With These Extra Tests Upon Request And Justification From The Contractor. iii. Provide Information On The Normal Time Delivery Time For Chemicals. Provide Method For Emergency Chemical Deliveries. iv. A Laboratory Certified By The State Shall Perform Laboratory Work. v. A Written Report Of Each Analysis And Inspection Shall Be Submitted Immediately Upon Completion Of Each Analysis And/or Inspection To Include A Summary Report Of Treatment Recommendations Based On The Analysis Report. Reports Shall Be Submitted In Duplicate To The Boiler Plant Supervisor And To The Cor. vi. Failure To Achieve Required Performance Goals Shall Be Justification For Termination Of Contract. vii. Immediately Prior To Commencing The Chemical Treatment Contract, Vactmc Shall Arrange For An Internal Inspection Of Each Boiler By The Boiler Plant Supervisor And The Contractor S (chemical Supplier) Field Representative. A Visual And Written Record Of The Condition Of Each Of The Boilers Shall Be Signed By The Contractor And The Vactmc Representative. Upon Termination Of The Contract, A Similar Inspection Shall Be Conducted. Any Deterioration In The Boiler Conditions Attributable To The Contractor S Program Shall Be Corrected By The Contractor At No Additional Cost To Va. 5. Coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With Fms Va Cor/maintenance & Operations. 6. Coordinate All Confined Space Entry With Va Safety Department And Fms Va Cor/maintenance & Operations. 7. Protect All Equipment In Place During Work Activities. 8. Contractor Shall Provide A Full Report Detailing All Maintenance Activities Performed For Each Visit, The Names Of Individuals Performing The Maintenance, And A Summary Of Any Notable Concerns That Can Otherwise Impair The Functionality Of The Equipment. 9. Work Hours For Service And Corrective Maintenance Shall Be As Follows, Unless Otherwise Requested/approved By The Cor Or Appropriate Va Representative: a. 7:00 A.m. To 5:00 P.m., Monday Through Friday. submittals/deliverables 1. Prior To The Start Of Work, The Specifications Shall Require The Contractor To Develop And Submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To: a. Job Hazard Analysis (jha) / Activity Hazard Analysis (aha) b. Acknowledgement Of Va Loto Requirements (attachment C) And Contractor Loto Policy. 2. The Contractor Shall Submit Any Waste Manifest Documents As Applicable With Final Reports. 3. Subcontracting Of Any Ensuing Award Of This Solicitation Shall Not Be Allowed Without Written Permission Of The Contracting Officer. Service Response On Calls From Unauthorized Personnel Could Result In Non-payment. special Instructions 1. Subcontracting Of Any Ensuing Award Of This Solicitation Shall Not Be Allowed Without Written Permission Of The Contracting Officer. Service Response On Calls From Unauthorized Personnel Could Result In Non-payment. 2. Federal Holidays Observed By The Department Of Veterans Affairs Are As Follows: new Years Labor Day mlk Day Columbus Day presidents Day veterans Day memorial Day thanksgiving Day juneteenth christmas Day independence Day 3. Contractor Check-in: All Employees Of The Service Provider Shall Comply With Va Security Management Program And Obtain Permission Of The Va Police And Restricted From Unauthorized Access. Upon Arrival, The Contractor Shall Sign-in At Building 15, Fms Office In West Haven, Or Building 3, 3rd Floor, Fms Office In Newington, And/or Receive A Temporary Identification Badge Prior To Performing Services At Va Connecticut Healthcare System. The Contractor Shall Wear Visible Identification Always Displaying The Name And Company Id While On Site. All Site Visits Shall Be Coordinated With The Va Cor. a. The Contracting Officer (co), Contracting Officer S Representative (cor), And/or Project Manager (pm) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided. 4. Per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees. 5. No Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time. 6. Va Reserves The Right To Close Down Or Shut Down The Facilities And Order Service Provider Employees Off The Premises In The Event Of A National Emergency. The Service Provider May Return To The Site Only With The Written Approval Of The Va Contracting Officer. 7. Prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives. 8. Prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021. 9. Parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor. 10. The Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others. 11. Billing: Provide Cor And/or Pm With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report. records Management Statement 1. Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chs. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion. 2. In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation. 3. In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created While Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data. 4. Va Medical Center West Haven And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of The Va Medical Center West Haven Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To Va Medical Center West Haven. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. 5. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To Va Medical Center West Haven Control, Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). 6. The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And Va Medical Center West Haven Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. 7. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With Va Medical Center West Haven Policy. 8. The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public Va Medical Center West Haven Information That Are Not Specifically Tied To Or Authorized By The Contract. 9. The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act. 10. The Va Medical Center West Haven Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which Va Medical Center West Haven Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.22720. Training. All Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take Vha-provided Records Management Training, Talent Management System (tms) Item #3873736, Records Management For Records Officers And Liaisons. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training. safety Codes / Certification / Licensing the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In Va Repair Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor Shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses Shall Be Included In The Reports. Travel Vendor Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System. terms And Conditions 1. User Responsibility: The Contractor Shall Not Be Held Responsible Under The Terms Of This Contract For Repairs To Equipment Necessitated By User Abuse And/or Misuse Of Equipment. 2. All Work Is Subject To Inspection, Review And Approval By The Boiler Plant Supervisor, Utility System Supervisor, Chief M&o, Chief Engineer, And/or Their Designees price (follow These Instructions): offeror Shall Complete Pricing For The Scope Of Work Provided.â  ensure Your Representations And Certifications Are Complete In The System For Award Management (sam)( Https://www.sam.gov). Otherwise, You Will Need To Fill Out Solicitation Clause 52.212-3 "offeror Representation And Certifications -commercial Items And Submit With The Quote. Federal Acquisition Regulations Require That Federal Contractors Register In The Sam Database At Http://www.sam.gov And Enter All Mandatory Information Into The System. Award Cannot Be Made Until The Contractor Has Registered. Offerors Are Encouraged To Ensure That They Are Registered In Sam Prior To Submitting Their Quotation. 2. Past Performance: a. Provide (3) References Of Work, Similar In Scope And Size With The Requirement Detailed In The Statement Of Work. References Must Include Contact Information; Brief Description Of The Work Completed, And Contract # (if Relevant). Please Utilize Attachment 1 Past Performance Worksheet For Your References And Please Submit As Part Of Your Quote Submission. References May Be Checked By The Contracting Officer To Ensure Your Company Can Perform The Statement Of Work. The Government Also Reserves The Right To Obtain Information For Use In The Evaluation Of Past Performance From All Sources. 3. Technical: The Offeror S Quote Shall Be Evaluated To Determine If The Organization Has The Experience And Capabilities To Provide The Requested Services Iaw The Statement Of Work In A Timely Efficient Manner. a. Contractor Shall Demonstrate Their Corporate Experience And Approach To Meet All Requirements Stated In The Statement Of Work. b. Contractor Shall Demonstrate That Their Technicians Meet The Qualification Standards Stated In The Statement Of Work. c. Contractor Shall Provide All Current And Relevant Or License(s) To Include Manufacture Training Certificate Etc. d. If You Are Planning To Sub-contract Some Or All Of This Work, Please Provide The Name And Address(s) Of All Subcontractor(s) (if Applicable) And A Description Of Their Planned Subcontracting Effort. 4. Veterans Preference Factor (per 852.215-70): The Government Will Assign Evaluation Credit For An Offeror (prime Contractor) Which Is A Service-disabled Veteran-owned (sdvosb) Or A Veteran-owned Small Business (vosb). Non-sdvosb/vosb Offerors Proposing To Use Sdvosbs Or Vosbs As Subcontractors Will Receive Some Consideration Under This Evaluation Factor. a. For Sdvosbs/vosbs: In Order To Receive Credit Under This Factor, An Offeror Shall Submit A Statement Of Compliance That It Qualifies As A Sdvosb Or Vosb In Accordance With Vaar 852.215-70, Service-disabled Veteran-owned And Veteran-owned Small Business Evaluation Factors . Offerors Are Cautioned That They Must Be Registered And Verified In Vendor Information Pages (vip) Database (http://www.vetbiz.gov). verified Sdvosbs Will Receive A 5% Price Credit (e.g. If A Sdvosb Submits An Offer Of $100.00, It Will Be Evaluated As If It Submitted An Offer Of $95.00). ii. Verified Vosbs Will Received A 2.5% Price Credit (e.g. If A Vosb Submits An Offer Of $100.00, It Will Be Evaluated As If It Submitted An Offer Of $97.50). the Full Text Of Far Provisions Or Clauses May Be Accessed Electronically At Http://acquisition.gov/comp/far/index.html. (x) Please Include A Completed Copy Of The Provision At 52.212-3, Offeror Representations And Certifications -- Commercial Items, With Your Offer Via The Sam.gov Website Or A Written Copy. (xi) Clause 52.212-4, Contract Terms And Conditions -- Commercial Items, Applies To This Acquisition In Addition To The Following Addenda S To The Clause: 52.252-2 Clauses Incorporated By Reference (feb 1998), 52.203-17 Contractor Employee Whistleblower Rights And Requirement To Inform Employees Of Whistleblower Rights (jun 2020), 52.204-4 Printed Or Copied Double-sided On Postconsumer Fiber Content Paper (may 2011), 52.204-13 System For Award Management Maintenance (oct 2018), 52.204-18 Commercial Government Entity Code Maintenance (aug 2020), 52.217-9 Option To Extend The Term Of The Contract (mar 2000), 52.228-5 Insurance-work On A Government Installation (jan 1997), 52.232-40 Providing Accelerated Payments To Small Business Subcontracting (dec 2013), 852.212-70 Provisions And Clauses Applicable To Va Acquisitions Of Commercial Items (apr 2020) 852.203-70 Commercial Advertising 852.219-74, Va Notice Of Total Service-disabled Veteran-owned Small Business Set-aside 852.232-72 Electronic Submissions Of Payment Requests 852.233-70 Protest Content/alternative Dispute Resolution 852.233-71 Alternate Protest Procedure 852.270-1 Representatives Of Contracting Officers 852.219-74 Limitations On Subcontracting Monitoring And Compliance (jul 2018) as Prescribed In 819.7203(a) Insert The Following Clause: (a) This Solicitation Includes 852.219-74, Va Notice Of Total Service-disabled Veteran-owned Small Business Set-aside, (b) Accordingly, Any Contract Resulting From This Solicitation Is Subject To The Limitation On Subcontracting Requirements In 13 Cfr 125.6. The Contractor Is Advised That In Performing Contract Administration Functions, The Contracting Officer May Use The Services Of A Support Contractor(s) Retained By Va To Assist In Assessing The Contractor S Compliance With The Limitations On Subcontracting Or Percentage Of Work Performance Requirements Specified In The Clause. To That End, The Support Contractor(s) May Require Access To Contractor S Offices Where The Contractor S Business Records Or Other Proprietary Data Are Retained And To Review Such Business Records Regarding The Contractor S Compliance With This Requirement. (c) All Support Contractors Conducting This Review On Behalf Of Va Will Be Required To Sign An Information Protection And Non-disclosure And Disclosure Of Conflicts Of Interest Agreement To Ensure The Contractor S Business Records Or Other Proprietary Data Reviewed Or Obtained In The Course Of Assisting The Contracting Officer In Assessing The Contractor For Compliance Are Protected To Ensure Information Or Data Is Not Improperly Disclosed Or Other Impropriety Occurs. (d) Furthermore, If Va Determines Any Services The Support Contractor(s) Will Perform In Assessing Compliance Are Advisory And Assistance Services As Defined In Far 2.101, Definitions, The Support Contractor(s) Must Also Enter Into An Agreement With The Contractor To Protect Proprietary Information As Required By Far 9.505-4, Obtaining Access To Proprietary Information, Paragraph (b). The Contractor Is Required To Cooperate Fully And Make Available Any Records As May Be Required To Enable The Contracting Officer To Assess The Contractor S Compliance With The Limitations On Subcontracting Or Percentage Of Work Performance Requirement. (end Of Clause) 852.219-77 Va Notice Of Limitations On Subcontracting Certificate Of Compliance For Services And Construction. as Prescribed In 819.7009(c) Insert The Following Clause: va Notice Of Limitations On Subcontracting Certificate Of Compliance For Services And Construction (sep 2021) (deviation) (a) Pursuant To 38 U.s.c. 8127(k)(2), The Offeror Certifies That (1) If Awarded A Contract (see Far 2.101 Definition), It Will Comply With The Limitations On Subcontracting Requirement As Provided In The Solicitation And The Resultant Contract, As Follows: [contracting Officer Check The Appropriate Box Below Based On The Predominant Naics Code Assigned To The Instant Acquisition As Set Forth In Far 19.102.] (i) [x] Services. In The Case Of A Contract For Services (except Construction), The Contractor Will Not Pay More Than 50% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Vip-listed Subcontractor Further Subcontracts Will Count Towards The 50% Subcontract Amount That Cannot Be Exceeded. Other Direct Costs May Be Excluded To The Extent They Are Not The Principal Purpose Of The Acquisition And Small Business Concerns Do Not Provide The Service As Set Forth In 13 Cfr 125.6. (ii) [ ] General Construction. In The Case Of A Contract For General Construction, The Contractor Will Not Pay More Than 85% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Vip-listed Subcontractor Further Subcontracts Will Count Towards The 85% Subcontract Amount That Cannot Be Exceeded. Cost Of Materials Are Excluded And Not Considered To Be Subcontracted. (iii) Special Trade Construction Contractors. In The Case Of A Contract For Special Trade Contractors, The Contractor Will Not Pay More Than 75% Of The Amount Paid By The Government To It To Firms That Are Not Vip-listed Sdvosbs As Set Forth In 852.219-74 Or Vosbs As Set Forth In 852.219-11. Any Work That A Similarly Situated Subcontractor Further Subcontracts Will Count Towards The 75% Subcontract Amount That Cannot Be Exceeded. Cost Of Materials Are Excluded And Not Considered To Be Subcontracted. (2) The Offeror Acknowledges That This Certification Concerns A Matter Within The Jurisdiction Of An Agency Of The United States. The Offeror Further Acknowledges That This Certification Is Subject To Title 18, United States Code, Section 1001, And, As Such, A False, Fictitious, Or Fraudulent Certification May Render The Offeror Subject To Criminal, Civil, Or Administrative Penalties, Including Prosecution. (3) If Va Determines That An Sdvosb/vosb Awarded A Contract Pursuant To 38 U.s.c. 8127 Did Not Act In Good Faith, Such Sdvosb/vosb Shall Be Subject To Any Or All Of The Following: (i) Referral To The Va Suspension And Debarment Committee; (ii) A Fine Under Section 16(g)(1) Of The Small Business Act (15 U.s.c. 645(g)(1)); And (iii) Prosecution For Violating Section 1001 Of Title 18. (b) The Offeror Represents And Understands That By Submission Of Its Offer And Award Of A Contract It May Be Required To Provide Copies Of Documents Or Records To Va That Va May Review To Determine Whether The Offeror Complied With The Limitations On Subcontracting Requirement Specified In The Contract. The Contracting Officer May, At Their Discretion, Require The Contractor To Demonstrate Its Compliance With The Limitations On Subcontracting At Any Time During Performance And Upon Completion Of A Contract If The Information Regarding Such Compliance Is Not Already Available To The Contracting Officer. Evidence Of Compliance Includes, But Is Not Limited To, Invoices, Copies Of Subcontracts, Or A List Of The Value Of Tasks Performed. (c) The Offeror Further Agrees To Cooperate Fully And Make Available Any Documents Or Records As May Be Required To Enable Va To Determine Compliance With The Limitations On Subcontracting Requirement. The Offeror Understands That Failure To Provide Documents As Requested By Va May Result In Remedial Action As The Government Deems Appropriate. (d) Offeror Completed Certification/fill-in Required. The Formal Certification Must Be Completed, Signed, And Returned With The Offeror S Bid, Quotation, Or Proposal. The Government Will Not Consider Offers For Award From Offerors That Do Not Provide The Certification, And All Such Responses Will Be Deemed Ineligible For Evaluation And Award. i Hereby Certify That If Awarded The Contract, [insert Name Of Offeror] Will Comply With The Limitations On Subcontracting Specified In This Clause And In The Resultant Contract. I Further Certify That I Am Authorized To Execute This Certification On Behalf Of [insert Name Of Offeror]. printed Name Of Signee: _________________________________ printed Title Of Signee: ________________________________ signature: ______________________________________________ date: ___________________________________________________ company Name And Address: _____________________________________________________________________________________ (end Of Clause) 852.242-71 Administrative Contracting Officer. as Prescribed In 842.271, Insert The Following Clause: administrative Contracting Officer (oct 2020) the Contracting Officer Reserves The Right To Designate An Administrative Contracting Officer (aco) For The Purpose Of Performing Certain Tasks/duties In The Administration Of The Contract. Such Designation Will Be In Writing Through An Aco Letter Of Delegation And Will Identify The Responsibilities And Limitations Of The Aco. A Copy Of The Aco Letter Of Delegation Shall Be Furnished To The Contractor. (end Of Clause) (xii) Clause At 52.212-5, Contract Terms And Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items, Applies To This Acquisition And In Addition To The Following Far Clauses Cited, Which Are Also Applicable To The Acquisition: 52.203-6, 52.204-10, 52.209-6, 52.219-4, 52.219-8, 52.219-6, 52.219-28, 52.222-3, 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.222-40, 52.222-50, 52.223-18, 52.225-3, 52.225-13, 52.232-33, 52.222-41 (wage Determination West Haven And Newington Vamc Wd 2015-4127 And 2015-4119 (rev-28), 52.222-42, 52.222-43, 52.222-55, 52.222-6 (xiii) All Contract Requirement(s) And/or Terms And Conditions Are Stated Above. (xiv) The Defense Priorities And Allocations System (dpas) And Assigned Rating Are Not Applicable To This Requirement. (xv) Rfq Questions Are Due Nlt 04/15/2025 At 17:00 Pm Est. Rfq Responses Are Due Nlt 04/18/2025 At 17:00 Pm Est. Rfq Responses Must Be Submitted Via Email With Rfq #36c24125q0373 In The Subject Line To: Nathan.langone@va.gov Hand Deliveries Shall Not Be Accepted. (xvi) The Poc Of This Solicitation Is Nathan Langone (nathan.langone@va.gov)