Scanning Tenders

Details: Description Bids And Awards Committee Iloilo Provincial Government Procurement Of Scanner Bid No. Jch-24-698-b(rebid-2) Philippine Bidding Documents Sixth Edition July 2020 Table Of Contents Section I. Invitation To Bid……………………………………………………..3 Section Ii. Instructions To Bidders………………………………………..…...5 1. Scope Of Bid ………………………………………………………………………. 5 2. Funding Information………………………………………………………………. 5 3. Bidding Requirements ……………………………………………………………. 5 4. Corrupt, Fraudulent, Collusive, And Coercive Practices 5 5. Eligible Bidders…………………………………………………………………… 5 6. Origin Of Goods ………………………………………………………………….. 6 7. Subcontracts ……………………………………………………………………… 6 8. Pre-bid Conference ………………………………………………………………. 6 9. Clarification And Amendment Of Bidding Documents …………………………… 6 10. Documents Comprising The Bid: Eligibility And Technical Components …………. 6 11. Documents Comprising The Bid: Financial Component …………………………... 7 12. Bid Prices …………………………………………………………………………. 7 13. Bid And Payment Currencies ……………………………………………………… 7 14. Bid Security ………………………………………………………………………. 7 15. Sealing And Marking Of Bids ……………………………………………………… 7 16. Deadline For Submission Of Bids …………………………………………………. 8 17. Opening And Preliminary Examination Of Bids ………………………………….. 8 18. Domestic Preference ……………………………………………………………… 8 19. Detailed Evaluation And Comparison Of Bids ……………………………………. 8 20. Post-qualification ………………………………………………………………… 8 21. Signing Of The Contract …………………………………………………………… 8 Section Iii. Bid Data Sheet …………………………………………………..9 Section Iv. General Conditions Of Contract ……………………...………..10 1. Scope Of Contract ………………………………………………………………… 10 2. Advance Payment And Terms Of Payment ……………………………………….. 10 3. Performance Security ……………………………………………………………. 10 4. Inspection And Tests ……………………………………………………………… 10 5. Warranty …………………………………………………………………………. 10 6. Liability Of The Supplier ………………………………………………………….. 10 Section V. Special Conditions Of Contract ………………………………….11 Section Vi. Schedule Of Requirements ……………………………………....13 Section Vii. Technical Specifications …………………………………………14 Section Viii. Checklist Of Technical And Financial Documents …………..14 Section I. Invitation To Bid Purchase Of Scanner Bid No. Jch-24-698-b(rebid-2) 1. The Iloilo Provincial Government Through The Sb#4 2020 (co) Intends To Apply The Sum Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) Being The Abc To Payments Under The Contract For The Purchase Of Scanner. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Iloilo Provincial Government Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 30 Days Upon Receipt Of The Notice To Proceed (ntp). Bidders Should Have Completed, Within Three (3) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From The Bids And Awards Committee Secretariat Of The Iloilo Provincial Government And Inspect The Bidding Documents At The Address Given Below During 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On July 23,2024 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Hundred Pesos (php500.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees In Person. 6. The Iloilo Provincial Government Will Hold A Pre-bid Conference On N/a At 9:00 A.m. At Bac Secretariat, Iloilo Provincial Capitol And/or Through Video Conferencing Or Webcasting, Upon Request At Least Three (3) Days Before The Pre-bid Conference, Via Zoom Or Other Videoconferencing Portals, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol, Bonifacio Drive, Iloilo City On Or Before August 1,2024 At 9:00 A.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On August 1,,2024 At 9:01 A.m. At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. A. The Participating Bidder/supplier Or Its Authorized Representative Must Indicate In Any Of The Eligibility Documents, An Email Address Or A Working Fax Number. The Absence Of Which Shall Be A Ground For Disqualification. Notice To The Bidder/supplier Through The Use Of Either Of These Means (email/fax) Is Considered Sufficient Notice. The Date Of Filing Of Reconsideration And All Communications With The Bac Shall Be Its (bac) Date Of Receipt. B. The Bidder(s)/awardee(s) Or Its Authorized Representative Must Conform To The Notice Of Award Within Three (3) Calendar Days From Receipt Of Such Notice And The Winning Bidder Shall Post The Required Performance Security And Enter Into Contract With The Procuring Entity Within Ten (10) Calendar Days From Receipt By The Winning Bidder Of The Notice Of Award In Accordance With Section 37.2.1 Of The Revised Irr Of R.a. No. 9184. C. The Bidder/supplier Must Have No Pending Unaccepted Notice To Proceed Three (3) Days From The Date Of Acceptance And Signing Of The Purchase Order. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. D. The Bidder/supplier Must Have No Notice Of Award Pending Its Conformity Three (3) Days From The Date Of Its Receipt Of The Notice Of Award. Otherwise, It Shall Be Aground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. E. The Bidder/supplier Shall Submit A List Of All Its Ongoing And Completed Projects With The Iloilo Provincial Government Indicating The Delivery Periods And Accomplishments Of Such Projects. F. The Bidder/supplier At The Time Of The Bidding Must Have No Pending Unposted Performance Or Warranty Security, As The Case May Be, Beyond The Period Allowed In The Notice Of Award. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. G. When An Occurrence Of A Tie Among Bidders Takes Place, I.e., Two Or More Of The Bidders Are Determined And Declared As The Lowest Calculated And Responsive Bidder (lcrb), The Winning Bidder Shall Be Determined By Draw Lots Upon Notice To The Bidders Concerned And/or Their Authorized Representatives In Accordance With The Relevant Circulars Issued By The Government Procurement Policy Board (gppb). 11. The Iloilo Provincial Government Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Atty. Raemman M. Lagrada Bac Secretariat Head 5th Floor, Bids And Awards Committee Iloilo Provincial Capitol Email Address: Ipg_bacs@yahoo.com/bac@iloilo.gov.ph Website: Iloilo.gov.ph Telephone Number: (033) 336-0736 13. You May Visit The Following Websites For Downloading Of Bidding Documents: Ipg.gov.ph And/or Philgeps.com July 19,2024 Atty. Dennis T. Ventilacion Chairman, Bids And Awards Committee Section Ii. Instructions To Bidders 1. Scope Of Bid The Procuring Entity, Iloilo Provincial Government Wishes To Receive Bids For The Purchase Of Scanner With Bid No. Jch-24-698-b(rebid-2). The Procurement Project (referred To Herein As “project”) Is Composed Of One (1) Item, The Details Of Which Are Described In Section Vii (technical Specifications). 2. Funding Information 2.1. The Gop Through The Source Of Funding As Indicated Below For 2020 In The Amount Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) 2.2. The Source Of Funding Is: Lgus, The Annual Or Supplemental Budget, As Approved By The Sanggunian. 3. Bidding Requirements The Bidding For The Project Shall Be Governed By All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including Its Generic Procurement Manuals And Associated Policies, Rules And Regulations As The Primary Source Thereof, While The Herein Clauses Shall Serve As The Secondary Source Thereof. Any Amendments Made To The Irr And Other Gppb Issuances Shall Be Applicable Only To The Ongoing Posting, Advertisement, Or Ib By The Bac Through The Issuance Of A Supplemental Or Bid Bulletin. The Bidder, By The Act Of Submitting Its Bid, Shall Be Deemed To Have Verified And Accepted The General Requirements Of This Project, Including Other Factors That May Affect The Cost, Duration And Execution Or Implementation Of The Contract, Project, Or Work And Examine All Instructions, Forms, Terms, And Project Requirements In The Bidding Documents. 4. Corrupt, Fraudulent, Collusive, And Coercive Practices The Procuring Entity, As Well As The Bidders And Suppliers, Shall Observe The Highest Standard Of Ethics During The Procurement And Execution Of The Contract. They Or Through An Agent Shall Not Engage In Corrupt, Fraudulent, Collusive, Coercive, And Obstructive Practices Defined Under Annex “i” Of The 2016 Revised Irr Of Ra No. 9184 Or Other Integrity Violations In Competing For The Project. 5. Eligible Bidders 5.1. Only Bids Of Bidders Found To Be Legally, Technically, And Financially Capable Will Be Evaluated. 5.2. A. Foreign Ownership Exceeding Those Allowed Under The Rules May Participate Pursuant To: I. When A Treaty Or International Or Executive Agreement As Provided In Section 4 Of The Ra No. 9184 And Its 2016 Revised Irr Allow Foreign Bidders To Participate; Ii. Citizens, Corporations, Or Associations Of A Country, Included In The List Issued By The Gppb, The Laws Or Regulations Of Which Grant Reciprocal Rights Or Privileges To Citizens, Corporations, Or Associations Of The Philippines; Iii. When The Goods Sought To Be Procured Are Not Available From Local Suppliers; Or Iv. When There Is A Need To Prevent Situations That Defeat Competition Or Restrain Trade. 5.3. Pursuant To Section 23.4.1.3 Of The 2016 Revised Irr Of Ra No.9184, The Bidder Shall Have An Slcc That Is At Least One (1) Contract Similar To The Project The Value Of Which, Adjusted To Current Prices Using The Psa’s Cpi, Must Be At Least Equivalent To: A. For The Procurement Of Non-expendable Supplies And Services: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Fifty Percent (50%) Of The Abc. B. For The Procurement Of Expendable Supplies: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Twenty-five Percent (25%) Of The Abc. C. For Procurement Where The Procuring Entity Has Determined, After The Conduct Of Market Research, That Imposition Of Either (a) Or (b) Will Likely Result To Failure Of Bidding Or Monopoly That Will Defeat The Purpose Of Public Bidding: The Bidder Should Comply With The Following Requirements: [select Either Failure Or Monopoly Of Bidding Based On Market Research Conducted] I. Completed At Least Two (2) Similar Contracts, The Aggregate Amount Of Which Should Be Equivalent To At Least Fifty Percent (50%) In The Case Of Non-expendable Supplies And Services Or Twenty-five Percent (25%) In The Case Of Expendable Supplies] Of The Abc For This Project; And Ii. The Largest Of These Similar Contracts Must Be Equivalent To At Least Half Of The Percentage Of The Abc As Required Above. 5.4. The Bidders Shall Comply With The Eligibility Criteria Under Section 23.4.1 Of The 2016 Irr Of Ra No. 9184. 6. Origin Of Goods There Is No Restriction On The Origin Of Goods Other Than Those Prohibited By A Decision Of The Un Security Council Taken Under Chapter Vii Of The Charter Of The Un, Subject To Domestic Preference Requirements Under Itb Clause 18. 7. Subcontracts 7.1. The Bidder May Subcontract Portions Of The Project To The Extent Allowed By The Procuring Entity As Stated Herein, But In No Case More Than Twenty Percent (20%) Of The Project. The Procuring Entity Has Prescribed That: Subcontracting Is Not Allowed. 8. Pre-bid Conference The Procuring Entity Will Hold A Pre-bid Conference For This Project On The Specified Date And Time And Either At Its Physical Address As Indicated In Paragraph 6 Of The Ib. 9. Clarification And Amendment Of Bidding Documents Prospective Bidders May Request For Clarification On And/or Interpretation Of Any Part Of The Bidding Documents. Such Requests Must Be In Writing And Received By The Procuring Entity, Either At Its Given Address Or Through Electronic Mail Indicated In The Ib, At Least Ten (10) Calendar Days Before The Deadline Set For The Submission And Receipt Of Bids. 10. Documents Comprising The Bid: Eligibility And Technical Components 10.1. The First Envelope Shall Contain The Eligibility And Technical Documents Of The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 10.2. The Bidder’s Slcc As Indicated In Itb Clause 5.3 Should Have Been Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 10.3. If The Eligibility Requirements Or Statements, The Bids, And All Other Documents For Submission To The Bac Are In Foreign Language Other Than English, It Must Be Accompanied By A Translation In English, Which Shall Be Authenticated By The Appropriate Philippine Foreign Service Establishment, Post, Or The Equivalent Office Having Jurisdiction Over The Foreign Bidder’s Affairs In The Philippines. Similar To The Required Authentication Above, For Contracting Parties To The Apostille Convention, Only The Translated Documents Shall Be Authenticated Through An Apostille Pursuant To Gppb Resolution No. 13-2019 Dated 23 May 2019. The English Translation Shall Govern, For Purposes Of Interpretation Of The Bid. 11. Documents Comprising The Bid: Financial Component 11.1. The Second Bid Envelope Shall Contain The Financial Documents For The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 11.2. If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity, A Certification Issued By Dti Shall Be Provided By The Bidder In Accordance With Section 43.1.3 Of The 2016 Revised Irr Of Ra No. 9184. 11.3. Any Bid Exceeding The Abc Indicated In Paragraph 1 Of The Ib Shall Not Be Accepted. 11.4. For Foreign-funded Procurement, A Ceiling May Be Applied To Bid Prices Provided The Conditions Are Met Under Section 31.2 Of The 2016 Revised Irr Of Ra No. 9184. 12. Bid Prices 12.1. Prices Indicated On The Price Schedule Shall Be Entered Separately In The Following Manner: A. For Goods Offered From Within The Procuring Entity’s Country: I. The Price Of The Goods Quoted Exw (ex-works, Ex-factory, Ex-warehouse, Ex-showroom, Or Off-the-shelf, As Applicable); Ii. The Cost Of All Customs Duties And Sales And Other Taxes Already Paid Or Payable; Iii. The Cost Of Transportation, Insurance, And Other Costs Incidental To Delivery Of The Goods To Their Final Destination; And Iv. The Price Of Other (incidental) Services, If Any, Listed In E. B. For Goods Offered From Abroad: I. Unless Otherwise Stated In The Bds, The Price Of The Goods Shall Be Quoted Delivered Duty Paid (ddp) With The Place Of Destination In The Philippines As Specified In The Bds. In Quoting The Price, The Bidder Shall Be Free To Use Transportation Through Carriers Registered In Any Eligible Country. Similarly, The Bidder May Obtain Insurance Services From Any Eligible Source Country. Ii. The Price Of Other (incidental) Services, If Any, As Listed In Section Vii (technical Specifications). 13. Bid And Payment Currencies 13.1. For Goods That The Bidder Will Supply From Outside The Philippines, The Bid Prices May Be Quoted In The Local Currency Or Tradeable Currency Accepted By The Bsp At The Discretion Of The Bidder. However, For Purposes Of Bid Evaluation, Bids Denominated In Foreign Currencies, Shall Be Converted To Philippine Currency Based On The Exchange Rate As Published In The Bsp Reference Rate Bulletin On The Day Of The Bid Opening. 13.2. Payment Of The Contract Price Shall Be Made In: Philippine Pesos. 14. Bid Security 14.1. The Bidder Shall Submit A Bid Securing Declaration Or Any Form Of Bid Security In The Amount Indicated In The Bds, Which Shall Be Not Less Than The Percentage Of The Abc In Accordance With The Schedule In The Bds. 14.2. The Bid And Bid Security Shall Be Valid Until One Hundred Twenty (120) Days. Any Bid Not Accompanied By An Acceptable Bid Security Shall Be Rejected By The Procuring Entity As Non-responsive. 15. Sealing And Marking Of Bids Each Bidder Shall Submit One Copy Of The First And Second Components Of Its Bid. The Procuring Entity May Request Additional Hard Copies And/or Electronic Copies Of The Bid. However, Failure Of The Bidders To Comply With The Said Request Shall Not Be A Ground For Disqualification. 16. Deadline For Submission Of Bids 16.1. The Bidders Shall Submit On The Specified Date And Time At Its Physical Address As Indicated In Paragraph 7 Of The Ib. 17. Opening And Preliminary Examination Of Bids 17.1. The Bac Shall Open The Bids In Public At The Time, On The Date, And At The Place Specified In Paragraph 9 Of The Ib. The Bidders’ Representatives Who Are Present Shall Sign A Register Evidencing Their Attendance. In Case Videoconferencing, Webcasting Or Other Similar Technologies Will Be Used, Attendance Of Participants Shall Likewise Be Recorded By The Bac Secretariat. In Case The Bids Cannot Be Opened As Scheduled Due To Justifiable Reasons, The Rescheduling Requirements Under Section 29 Of The 2016 Revised Irr Of Ra No. 9184 Shall Prevail. 17.2. The Preliminary Examination Of Bids Shall Be Governed By Section 30 Of The 2016 Revised Irr Of Ra No. 9184. 18. Domestic Preference 18.1. The Procuring Entity Will Grant A Margin Of Preference For The Purpose Of Comparison Of Bids In Accordance With Section 43.1.2 Of The 2016 Revised Irr Of Ra No. 9184. 19. Detailed Evaluation And Comparison Of Bids 19.1. The Procuring Bac Shall Immediately Conduct A Detailed Evaluation Of All Bids Rated “passed,” Using Non-discretionary Pass/fail Criteria. The Bac Shall Consider The Conditions In The Evaluation Of Bids Under Section 32.2 Of The 2016 Revised Irr Of Ra No. 9184. 19.2. If The Project Allows Partial Bids, Bidders May Submit A Proposal On Any Of The Lots Or Items, And Evaluation Will Be Undertaken On A Per Lot Or Item Basis, As The Case Maybe. In This Case, The Bid Security As Required By Itb Clause 15 Shall Be Submitted For Each Lot Or Item Separately. 19.3. The Descriptions Of The Lots Or Items Shall Be Indicated In Section Vii (technical Specifications), Although The Abcs Of These Lots Or Items Are Indicated In The Bds For Purposes Of The Nfcc Computation Pursuant To Section 23.4.2.6 Of The 2016 Revised Irr Of Ra No. 9184. The Nfcc Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 19.4. The Project Shall Be Awarded As Follows: Complete Bid - One Project Having Several Items That Shall Be Awarded As One Contract In Case Of Complete Bid. Line Bidding/partial Bidding - One Project Having Several Items, Which Shall Be Awarded As Separate Contracts Per Item 19.5. Except For Bidders Submitting A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation, All Bids Must Include The Nfcc Computation Pursuant To Section 23.4.1.4 Of The 2016 Revised Irr Of Ra No. 9184, Which Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. For Bidders Submitting The Committed Line Of Credit, It Must Be At Least Equal To Ten Percent (10%) Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 20. Post-qualification Within A Non-extendible Period Of Five (5) Calendar Days From Receipt By The Bidder Of The Notice From The Bac That It Submitted The Lowest Calculated Bid, The Bidder Shall Submit Its Latest Income And Business Tax Returns Filed And Paid Through The Bir Electronic Filing And Payment System (efps) And Other Appropriate Licenses And Permits Required By Law And Stated In The Bds. 21. Signing Of The Contract 21.1. The Documents Required In Section 37.2 Of The 2016 Revised Irr Of Ra No. 9184 Shall Form Part Of The Contract. Additional Contract Documents Are Indicated In The Bds. Section Iii. Bid Data Sheet Itb Clause 5.3 For This Purpose, Contracts Similar To The Project Shall Be: A. Refers To The Contracts To Be Bid Or The Object Of The Contract; B. Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 7.1 Subcontracting Is Not Allowed. 12 The Price Of The Goods Shall Be Quoted Ddp [jesus M. Colmenares District Hospital-balasan,iloilo] Or The Applicable International Commercial Terms (incoterms) For This Project. 14.1 The Bid Security Shall Be In The Form Of A Bid Securing Declaration, Or Any Of The Following Forms And Amounts: A. The Amount Of Not Less Than Two Percent (2%) Of Abc, If Bid Security Is In Cash, Cashier’s/manager’s Check, Bank Draft/guarantee Or Irrevocable Letter Of Credit; Or B. The Amount Of Not Less Than Five Percent (5%) Of Abc, If Bid Security Is In Surety Bond. 15 Bidders Shall Prepare An Original Of The First (eligibility And Technical) And Second (financial) Envelopes. In Addition, Bidders Shall Submit Separate Copies Of The First And Second Envelopes (copy 1, Copy 2) And Each Set Of Documents Must Clearly Indicate Whether The Same Is Original, Copy 1, Or Copy 2. In The Event Of Any Discrepancy Between The Original And The Copies, The Original Shall Prevail. 19.3 No Further Instructions. 20.2 For The Procurement Of Drugs And Medicines And Medical Equipment/supplies, The Bidder Shall Submit The Following: A. Certificate Of Product Registration From Food And Drug Administration (fda) For Easy Validation During The Post-qualification; B. Certificate If Good Manufacturing Practice From Fda, For Easy Validation During The Post-qualification; C. Batch Release Certificate From Fda, For Easy Validation During The Post-qualification; D. If The Supplier Is Not The Manufacturer, Certification From The Manufacturer That The Supplier Is An Authorized Distributor/ Dealer Of The Products / Items For Easy Validation During The Post-qualification; E. For The Procurement Of Regulated Drugs, The Applicable Type Of S-license: S-1, S-3 (retailer) S-4 (wholesaler) S-5c (manufacturer) S-5d (bulk Depot/storage) S-5e S-5i (importer); F. License To Operate (lto) Issued By Fda, If Applicable; G. After-sales Services/parts, If Applicable; H. Manpower Requirements, If Applicable. 21.2 No Further Instructions. Section Iv. General Conditions Of Contract 1. Scope Of Contract This Contract Shall Include All Such Items, Although Not Specifically Mentioned, That Can Be Reasonably Inferred As Being Required For Its Completion As If Such Items Were Expressly Mentioned Herein. All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including The Generic Procurement Manual, And Associated Issuances, Constitute The Primary Source For The Terms And Conditions Of The Contract, And Thus, Applicable In Contract Implementation. Herein Clauses Shall Serve As The Secondary Source For The Terms And Conditions Of The Contract. This Is Without Prejudice To Sections 74.1 And 74.2 Of The 2016 Revised Irr Of Ra No. 9184 Allowing The Gppb To Amend The Irr, Which Shall Be Applied To All Procurement Activities, The Advertisement, Posting, Or Invitation Of Which Were Issued After The Effectivity Of The Said Amendment. Additional Requirements For The Completion Of This Contract Shall Be Provided In The Special Conditions Of Contract (scc). 2. Advance Payment And Terms Of Payment 2.1. Advance Payment Of The Contract Amount Is Provided Under Annex “d” Of The Revised 2016 Irr Of Ra No. 9184. 2.2. The Procuring Entity Is Allowed To Determine The Terms Of Payment On The Partial Or Staggered Delivery Of The Goods Procured, Provided Such Partial Payment Shall Correspond To The Value Of The Goods Delivered And Accepted In Accordance With Prevailing Accounting And Auditing Rules And Regulations. The Terms Of Payment Are Indicated In The Scc. 3. Performance Security Within Ten (10) Calendar Days From Receipt Of The Notice Of Award By The Bidder From The Procuring Entity But In No Case Later Than Prior To The Signing Of The Contract By Both Parties, The Successful Bidder Shall Furnish The Performance Security In Any Of The Forms Prescribed In Section 39 Of The 2016 Revised Irr Of Ra No. 9184. 4. Inspection And Tests The Procuring Entity Or Its Representative Shall Have The Right To Inspect And/or To Test The Goods To Confirm Their Conformity To The Project Specifications At No Extra Cost To The Procuring Entity In Accordance With The Generic Procurement Manual. In Addition To Tests In The Scc, Section Iv (technical Specifications) Shall Specify What Inspections And/or Tests The Procuring Entity Requires, And Where They Are To Be Conducted. The Procuring Entity Shall Notify The Supplier In Writing, In A Timely Manner, Of The Identity Of Any Representatives Retained For These Purposes. All Reasonable Facilities And Assistance For The Inspection And Testing Of Goods, Including Access To Drawings And Production Data, Shall Be Provided By The Supplier To The Authorized Inspectors At No Charge To The Procuring Entity. 5. Warranty 6.1. In Order To Assure That Manufacturing Defects Shall Be Corrected By The Supplier, A Warranty Shall Be Required From The Supplier As Provided Under Section 62.1 Of The 2016 Revised Irr Of Ra No. 9184. 6.2. The Procuring Entity Shall Promptly Notify The Supplier In Writing Of Any Claims Arising Under This Warranty. Upon Receipt Of Such Notice, The Supplier Shall, Repair Or Replace The Defective Goods Or Parts Thereof Without Cost To The Procuring Entity, Pursuant To The Generic Procurement Manual. 6. Liability Of The Supplier The Supplier’s Liability Under This Contract Shall Be As Provided By The Laws Of The Republic Of The Philippines. If The Supplier Is A Joint Venture, All Partners To The Joint Venture Shall Be Jointly And Severally Liable To The Procuring Entity. Section V. Special Conditions Of Contract Gcc Clause 1 Delivery And Documents – For Purposes Of The Contract, “exw,” “fob,” “fca,” “cif,” “cip,” “ddp” And Other Trade Terms Used To Describe The Obligations Of The Parties Shall Have The Meanings Assigned To Them By The Current Edition Of Incoterms Published By The International Chamber Of Commerce, Paris. The Delivery Terms Of This Contract Shall Be As Follows: [for Goods Supplied From Within The Philippines, State:] “the Delivery Terms Applicable To This Contract Are Delivered To The Jesus M. Colmenares District Hospital-balasan,iloilo. Risk And Title Will Pass From The Supplier To The Procuring Entity Upon Receipt And Final Acceptance Of The Goods At Their Final Destination.” Delivery Of The Goods Shall Be Made By The Supplier In Accordance With The Terms Specified In Section Vi (schedule Of Requirements). For Purposes Of This Clause The Procuring Entity’s Representative At The Project Site Is The Authorized Employee/official Of The Iloilo Provincial Government. Incidental Services – The Supplier Is Required To Provide All Of The Following Services, Including Additional Services, If Any, Specified In Section Vi. Schedule Of Requirements: A. Performance Or Supervision Of On-site Assembly And/or Start-up Of The Supplied Goods; B. Furnishing Of Tools Required For Assembly And/or Maintenance Of The Supplied Goods; C. Furnishing Of A Detailed Operations And Maintenance Manual For Each Appropriate Unit Of The Supplied Goods; The Contract Price For The Goods Shall Include The Prices Charged By The Supplier For Incidental Services And Shall Not Exceed The Prevailing Rates Charged To Other Parties By The Supplier For Similar Services. Packaging – The Supplier Shall Provide Such Packaging Of The Goods As Is Required To Prevent Their Damage Or Deterioration During Transit To Their Final Destination, As Indicated In This Contract. The Packaging Shall Be Sufficient To Withstand, Without Limitation, Rough Handling During Transit And Exposure To Extreme Temperatures, Salt And Precipitation During Transit, And Open Storage. Packaging Case Size And Weights Shall Take Into Consideration, Where Appropriate, The Remoteness Of The Goods’ Final Destination And The Absence Of Heavy Handling Facilities At All Points In Transit. The Packaging, Marking, And Documentation Within And Outside The Packages Shall Comply Strictly With Such Special Requirements As Shall Be Expressly Provided For In The Contract, Including Additional Requirements, If Any, Specified Below, And In Any Subsequent Instructions Ordered By The Procuring Entity. The Outer Packaging Must Be Clearly Marked On At Least Four (4) Sides As Follows: Name Of The Procuring Entity Name Of The Supplier Contract Description Final Destination Gross Weight Any Special Lifting Instructions Any Special Handling Instructions A Packaging List Identifying The Contents And Quantities Of The Package Is To Be Placed On An Accessible Point Of The Outer Packaging If Practical. If Not Practical The Packaging List Is To Be Placed Inside The Outer Packaging But Outside The Secondary Packaging. Transportation – Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip, Or Ddp, Transport Of The Goods To The Port Of Destination Or Such Other Named Place Of Destination In The Philippines, As Shall Be Specified In This Contract, Shall Be Arranged And Paid For By The Supplier, And The Cost Thereof Shall Be Included In The Contract Price. Where The Supplier Is Required Under This Contract To Transport The Goods To A Specified Place Of Destination Within The Philippines, Defined As The Project Site, Transport To Such Place Of Destination In The Philippines, Including Insurance And Storage, As Shall Be Specified In This Contract, Shall Be Arranged By The Supplier, And Related Costs Shall Be Included In The Contract Price. Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip Or Ddp, Goods Are To Be Transported On Carriers Of Philippine Registry. In The Event That No Carrier Of Philippine Registry Is Available, Goods May Be Shipped By A Carrier Which Is Not Of Philippine Registry Provided That The Supplier Obtains And Presents To The Procuring Entity Certification To This Effect From The Nearest Philippine Consulate To The Port Of Dispatch. In The Event That Carriers Of Philippine Registry Are Available But Their Schedule Delays The Supplier In Its Performance Of This Contract The Period From When The Goods Were First Ready For Shipment And The Actual Date Of Shipment The Period Of Delay Will Be Considered Force Majeure. The Procuring Entity Accepts No Liability For The Damage Of Goods During Transit Other Than Those Prescribed By Incoterms For Ddp Deliveries. In The Case Of Goods Supplied From Within The Philippines Or Supplied By Domestic Suppliers Risk And Title Will Not Be Deemed To Have Passed To The Procuring Entity Until Their Receipt And Final Acceptance At The Final Destination. 2.2 Partial Payment Is Not Allowed. 4 The Inspections And Tests That Will Be Conducted Are Through Physical Inspection. Item Number Description Quantity Total Delivered, Weeks/months 1 Scanner 3 3 Section Vi. Schedule Of Requirements The Delivery Schedule Expressed As Weeks/months Stipulates Hereafter A Delivery Date Which Is The Date Of Delivery To The Project Site. ___________________________________ Signature Over Printed Name Section Vii. Technical Specifications Bid No.: Jch-24-698-b(rebid-2) Item Specification Statement Of Compliance [bidders Must State Here Either “comply” Or “not Comply” Against Each Of The Individual Parameters Of Each Specification Stating The Corresponding Performance Parameter Of The Equipment Offered. Statements Of “comply” Or “not Comply” Must Be Supported By Evidence In A Bidders Bid And Cross-referenced To That Evidence. Evidence Shall Be In The Form Of Manufacturer’s Un-amended Sales Literature, Unconditional Statements Of Specification And Compliance Issued By The Manufacturer, Samples, Independent Test Data Etc., As Appropriate. A Statement That Is Not Supported By Evidence Or Is Subsequently Found To Be Contradicted By The Evidence Presented Will Render The Bid Under Evaluation Liable For Rejection. A Statement Either In The Bidder's Statement Of Compliance Or The Supporting Evidence That Is Found To Be False Either During Bid Evaluation, Post-qualification Or The Execution Of The Contract May Be Regarded As Fraudulent And Render The Bidder Or Supplier Liable For Prosecution Subject To The Applicable Laws And Issuances.] 1 Scanner Scanner Type: Adf, Manual Feed, Duplex Scanning Speed (a4 Portrait): Simplex/duplex: 40ppm, Minimum Image Sensor: Cis X 2 (front X 1, Back X 1), Or Better Light Source: 3 Color Led (red/green/blue) Optical Resolution: 600dpi, Or Better Adf Capacity: 50 Sheets (a4, 80 G/m2 Or 20 Lb) Interface: Usb, Wifi, Minimum Lcd: 4.3 In. Color Tft Touch Screen, Or Wider Terms And Conditions Delivery Period 30 Days Upon Receipt Of Approved Notice To Proceed Warranty: One Year Parts And Services W/ Free Preventive Maintenance During Warranty Period ___________________________________ Signature Over Printed Name Section Viii. Checklist Of Technical And Financial Documents I. Technical Component Envelope Class “a” Documents Legal Documents ⬜ (a) Valid Philgeps Registration Certificate (platinum Membership) (all Pages);or ⬜ (b) Registration Certificate From Securities And Exchange Commission (sec), Department Of Trade And Industry (dti) For Sole Proprietorship, Or Cooperative Development Authority (cda) For Cooperatives Or Its Equivalent Document, And ⬜ (c) Mayor’s Or Business Permit Issued By The City Or Municipality Where The Principal Place Of Business Of The Prospective Bidder Is Located, Or The Equivalent Document For Exclusive Economic Zones Or Areas; And ⬜ (d) Tax Clearance Per E.o. No. 398, S. 2005, As Finally Reviewed And Approved By The Bureau Of Internal Revenue (bir). Technical Documents ⬜ (e) Statement Of The Prospective Bidder Of All Its Ongoing Government And Private Contracts, Including Contracts Awarded But Not Yet Started, If Any, Whether Similar Or Not Similar In Nature And Complexity To The Contract To Be Bid; And ⬜ (f) Statement Of The Bidder’s Single Largest Completed Contract (slcc) Similar To The Contract To Be Bid, Except Under Conditions Provided For In Sections 23.4.1.3 And 23.4.2.4 Of The 2016 Revised Irr Of Ra No. 9184, Within The Relevant Period As Provided In The Bidding Documents; And ⬜ (g) Original Copy Of Bid Security. If In The Form Of A Surety Bond, Submit Also A Certification Issued By The Insurance Commission; Or Original Copy Of Notarized Bid Securing Declaration; And ⬜ (h) Conformity With The Technical Specifications, Which May Include Production/delivery Schedule, Manpower Requirements, And/or After-sales/parts, If Applicable; And ⬜ (i) Original Duly Signed Omnibus Sworn Statement (oss); And If Applicable, Original Notarized Secretary’s Certificate In Case Of A Corporation, Partnership, Or Cooperative; Or Original Special Power Of Attorney Of All Members Of The Joint Venture Giving Full Power And Authority To Its Officer To Sign The Oss And Do Acts To Represent The Bidder. Financial Documents ⬜ (j) The Supplier’s Audited Financial Statements, Showing, Among Others, The Supplier’s Total And Current Assets And Liabilities, Stamped “received” By The Bir Or Its Duly Accredited And Authorized Institutions, For The Preceding Calendar Year Which Should Not Be Earlier Than Two (2) Years From The Date Of Bid Submission; And ⬜ (k) The Prospective Bidder’s Computation Of Net Financial Contracting Capacity (nfcc); Or A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation. Class “b” Documents ⬜ (l) If Applicable, A Duly Signed Joint Venture Agreement (jva) In Case The Joint Venture Is Already In Existence; Or Duly Notarized Statements From All The Potential Joint Venture Partners Stating That They Will Enter Into And Abide By The Provisions Of The Jva In The Instance That The Bid Is Successful. Ii. Financial Component Envelope (m) Original Of Duly Signed And Accomplished Financial Bid Form; And (n) Original Of Duly Signed And Accomplished Price Schedule(s). Other Documentary Requirements Under Ra No. 9184 (as Applicable) (o) [for Foreign Bidders Claiming By Reason Of Their Country’s Extension Of Reciprocal Rights To Filipinos] Certification From The Relevant Government Office Of Their Country Stating That Filipinos Are Allowed To Participate In Government Procurement Activities For The Same Item Or Product. (p) Certification From The Dti If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity.

Details: Statement Of Work cepheid Genexpert Maintenance And Support general scope Of Services: the Purpose Of This Requirement Is To Provide Full-service Maintenance And Repair For Twelve (12) Cepheid Genexpert Laboratory Analyzer Systems Across The Veterans Integrated Service Network (visn) 5 Medical Centers. The Requirement Includes The Scheduled Maintenance And Corrective Maintenance According To The Manufacturer S Recommendations/procedures. The Contractor Shall Provide All Resources Necessary To Accomplish The Deliverables Described In This Statement Of Work (sow), Except As May Otherwise Be Specified. a Firm-fixed Price Contract Is Anticipated. locations: beckley Va Medical Center, 200 Veterans Ave, Beckley Wv 25801-6444 hershel "woody" Williams Va Medical Center, 1540 Spring Valley Drive, Huntington Wv 25704 louis A. Johnson Va Medical Center, 1 Medical Center Drive, Clarksburg Wv 26301 martinsburg Va Medical Center, 510 Butler Avenue, Martinsburg Wv 25405 va Maryland Healthcare System, 10 N Greene St, Baltimore, Md 21201 washington Dc Va Medical Center, 50 Irving Street, Nw, Washington Dc 20422 work Hours hours Of Operation: Normal Business Hours Are Monday Through Friday, 8:00 A.m. To 4:30 P.m., Excluding Holidays. Should The Contractor Require Work Afterhours, The Contractor Shall Arrange In Advance With The Contracting Officer S Representative (cor). delivery Hours: The Warehouse Is Open To Receive Deliveries Monday Through Friday, 8:00 A.m. To 4:00 P.m., Excluding Holidays. national Holidays: The Holidays Observed By The Federal Government Are: New Year S Day, Martin Luther King Day, President S Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Columbus Day, Veteran S Day, Thanksgiving Day, And Christmas Day And Any Other Day Specifically Declared By The President Of The United States To Be A National Holiday. Contractor May Work On Holidays With Prior Communication And Coordination. period Of Performance base Year march 23, 2024 March 22, 2025 1st Option Period march 23, 2025 March 22, 2026 2nd Option Period march 23, 2026 March 22, 2027 3rd Option Period march 23, 2027 March 22, 2028 4th Option Period march 23, 2028 March 22, 2029 equipment ee# serial # manufacturer model #/name location 544496 808373 cepheid genexpert Infinity-48s baltimore, Md 32749 110004114 cepheid genexpert Iv beckley, Wv 35406 120001412 cepheid genexpert Xvi beckley, Wv 36204 110019557 cepheid genexpert Xvi clarksburg, Wv 34528 110016198 cepheid genexpert Xvi clarksburg, Wv 62866 110019089 cepheid genexpert Xvi huntington, Wv 49996 803748 cepheid genexpert Xvi martinsburg, Wv 75393 110020210 cepheid genexpert Xvi martinsburg, Wv 1291876 802387 cepheid genexpert Xvi washington Dc 1327503 110001056 cepheid genexpert Iv washington Dc specifications preventative Maintenance this Contract Shall Include All Preventative Maintenance Of The Equipment According To Manufacturer S Recommendations/procedures In The Equipment Manual. all Tasks In The Manufacturer S Procedures Shall Be Completed At The Manufacturer S Listed Frequencies. calibration-- Contractor Will Guarantee Proper Calibration Specification (for All Included Equipment) Will Meet Standards For One Full Year Or Until Next Required Calibration. Contractor Shall Provide Certificate Of Calibration For The Equipment. corrective Maintenance the Contract Shall Include All Corrective (unplanned) Maintenance/repair Of The Equipment In Accordance With The Manufacturer S Manual. recalls & Alerts-- Contractor Shall Perform All Remediation Actions Needed For Product Alerts And Recalls Issued For The Equipment. parts/materials/tools/labor all Parts And Materials To Complete The Maintenance Shall Be Included As A Part Of This Contract. all Parts And Materials For Maintenance And Repair Shall Meet Current Manufacturer Standards. contractor Shall Provide Their Own Tools To Complete The Maintenance. all Labor (including Travel) To Complete The Maintenance Is Included In The Contract. updates/patching contractor Shall Complete Available Updates To The Software At The Discretion Of Biomedical Engineering. contractor Shall Complete All Patching According To Manufacturer S Specifications. response Time contractor Shall Respond To Trouble Phone Calls Within Thirty Minutes. contractor Shall Perform All Scheduled And Unscheduled Services (including Emergencies) On-site, During Normal Business Hours To Include Repair, Labor And Travel At No Additional Cost. contractor Shall Maintain An Uptime Guarantee Of 98% Or Better check In/out contractor Personnel Arriving On-site To Perform Work Shall Report To The Biomedical Engineering Department. contractor Personnel Shall Sign In Using The Department S Vendor Sign In Sheet, Filling Out All Required Information. contractor Personnel S Tool Bags Are Subject To Inspection By The Biomedical Engineering Department Upon Arrival And Upon Departure. contractor Personnel Shall Sign Out Upon Completion Of Visit. prior To Departure, Contractor Personnel Are Required To, At A Minimum, Verbally Report Any Issues With The Equipment To The Biomedical Engineering Department, Especially Noting If The System Is Still Down Or Not Fully Repaired. the Va Campus Is Non-smoking. Contractor Personnel Are Required To Comply With This Policy. parking. It Is The Responsibility Of The Contractor To Park In The Appropriate Desig Nated Park Ing Areas. reporting contractor Shall Provide A Copy Of The Service Report, Complete With Test Data, To The Contract Cor Within Five Working Days After Completion Of Any Services. service Reports Shall Include Identifying Information About The Equipment, All Services Provided During The Service Visit, Any Issues Found During The Visit, The Technician/engineer Names Of The Personnel Performing Work, And The Date Service Was Provided. remote Support the Contractor Shall Provide A Telephone Line Available 24/7 For Technical Support. Contractor Shall Also Provide A Phone Number For Va Staff To Call To Dispatch Contractor Field Service Engineers/technicians. if Remote Support Via Site-to-site Virtual Private Network (vpn) Is Required, Contractor Shall Work With The Cor And The Facility Information Security Officer (iso) To Meet The Requirements Prior To Connection. A National Site To Site Mou/isa Is The Preferred Way To Complete This Connection. patient Health Information the Contractor Shall Safeguard Patient Health Information. the Contractor Shall Report To The Biomedical Engineering Department Any Issues With Disclosed Or Unsecure Patient Health Information. contractor Shall Note Remove Any Hard Drives, Storage Devices, Or Anything Containing Patient Health Information From The Site. contractor Requirements all Contractor Personnel Performing Services On The Equipment Shall Have Factory Training And Experience In The Maintenance And Repair Of The Equipment. contractor Shall Provide Copies Of Training Certificates For The Contractor Personnel Performing Work On-site Upon The Request Of The Government. safety And Security contractor Shall Follow All Occupational Safety And Health Administration (osha) Laws And Regulations. The Contractor Is Responsible For Reporting Any Hazards They Come Across To Their Point Of Contact. contractor Shall Follow All Local Procedures Concerning Infection Control. Should The Contractor Be Unsure Of The Requirements, The Cor Can Provide The Specific Information And Procedures. contractor Personnel Shall Wear Visible Identification At All Times While On Va Property. Contract Personnel Are Required To Identify Themselves As Such To Avoid Creating An Impression In The Minds Of Members Of The Public That They Are Government Officials. property Damage the Contractor Shall Take All Necessary Precautions To Prevent Damage To Any Government Property. the Contractor Shall Report Any Damages Immediately And Shall Be Assessed Current Replacement Costs For Property Damaged By The Contractor, Unless Corrective Action Is Taken. any Damaged Material (i.e., Trees, Shrubs, Lawn/turf, Curbs, Gutters, Sidewalks, Etc.) Will Be Replaced In A Timely Manner Or Corrected By The Contractor With Like Materials, At No Extra Cost To The Government, Upon Approval Of The Contracting Officer. chemical Use prior To Performance Of Any Work, The Contractor Will Be Required To Furnish The Contracting Officer With The Trade Names (if Any) And Chemical Names Of All Chemicals To Be Used, Along With A Label Showing Contents, The Use Strength Of The Chemical As Applied, And The Antidote Thereto. contractor Shall Furnish The Same Information Each Time A Change Is Made To The Chemicals Or Products Used In The Performance Of This Contract. this Information Is Required For Emergency Treatment In The Event Of Ingestion Or And/or Contact With The Material By Humans. quality Assurance end-users, Biomedical Engineering, And/or The Contract Cor Shall Perform System Verification Tests To Ensure The System Is Fully Functional Following Service/repairs. issues With The Quality Of The Contractor S Work Will Be Communicated Through The Contracting Officer To The Contractor Point Of Contact For Resolution. documentation With Be Completed In The Government Systems. va Information And Information System Security/privacy Language 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a. A Contractor/subcontrator Shall Request Logical (technical) Or Physical Access To Va information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct On-site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. the Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. the Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. if A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. the Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. the Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. for Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cotr. information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. the Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. the Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. the Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. the Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. the Contractor/subcontractor Agrees To: comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: the Systems Of Records (sor); And the Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform; include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. the Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. the Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than Days. when The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days. all Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. information System Hosting, Operation, Maintenance, Or Use for Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. the Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. the Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor- Owned Equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va- Approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe. all Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: vendor Must Accept The System Without The Drive; va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then; the Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre- Approved And Described In The Purchase Order Or Contract. a Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. security Incident Investigation the Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. to The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. with Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. in Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. liquidated Damages For Data Breach consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. the Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: nature Of The Event (loss, Theft, Unauthorized Access); description Of The Event, Including: date Of Occurrence; data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code; number Of Individuals Affected Or Potentially Affected; names Of Individuals Or Groups Affected Or Potentially Affected; ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; amount Of Time The Data Has Been Out Of Va Control; the Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); known Misuses Of Data Containing Sensitive Personal Information, If Any; assessment Of The Potential Harm To The Affected Individuals; data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $ Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: notification; one Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; data Breach Analysis; fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; one Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems: sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems; successfully Complete The Va Cyber Security Awareness And Rules Of Behavior training And Annually Complete Required Security Training; successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete.

Details: Sources Sought Notice sources Sought Notice page 5 Of 5 sources Sought Notice *= Required Field sources Sought Notice page 1 Of 5 subject: Sources Sought, Microbiology Walk Away Automated Specimen Processor Or Equal For The Va Palo Alto Healthcare System (vapahcs) Located At 3801 Miranda Ave, Palo Alto, Ca 94304. the Purpose Of This Sources Sought Is To Conduct Market Research To Support The Procurement Of A Microbiology Walk Away Automated Specimen Processor Or Equal For The Va Palo Alto Healthcare System. This Notice Serves To Survey The Market In An Attempt To Ascertain Whether Or Not Sources Are Capable Of Providing The Requested Supplies. This Notice Allows Potential Vendors To Submit A Non-binding Statement Of Interest And Documentation Demonstrating Their Capability. The Sources Sought Effort Is Intended To Assess Industry Capabilities And Develop/support The Intended Direction Of Acquisition Planning. The Network Contracting Office (nco 21) Is Requesting Responses From Qualified Business Concerns; The Qualifying Naics Code For This Effort Is 334516 Analytical Laboratory Instrument Manufacturing. this Sources Sought Is To Gain Knowledge Of Potential Qualified Sources And Their Size Classifications (service Disabled/veteran Owned Small Business (sdvosb/vosb), Hub Zone, 8(a), Small, Small Disadvantaged, Woman Owned Small Business, Or Large Business) Relative To Naics 334516. Responses To This Notice, Will Be Used By The Government To Make Appropriate Acquisition Decisions. After Review Of The Responses To This Notice, A Solicitation Announcement May Be Published. Responses To This Notice Are Not Considered Adequate Responses To Any Corresponding Solicitation Announcement. All Interested Offerors Will Have To Respond To The Solicitation Announcement In Addition To Responding To This Notice. background: The Department Of Veterans Affairs (va), Vanchcs Has A Requirement For A Walk-away Automated Specimen Processing Instrument Equivalent To 2.0 Ftes. The Automated Specimen Processor Will Vortex, Inoculate, Streak And Make Gram Slides For A Variety Of Specimens. Refer To Below List Of Requirements: scope Of Work: The Automated Specimen Processor Automatically Opens And Closes Specimen Containers, Which Helps Reduce Repetitive Motion Stress For Employees. The Automated Specimen Processor Utilizes Reusable Metal Loops To Streak In Calibrated, Standardized Patterns. The Use Of Metal Loops Cuts Down On The Cost Of Disposable Loops. Gram Slides Are Automatically Prepared And Labeled By The Specimen Processor Using Permanent Inkjet Directly On The Slide To Reduce The Chance Of Patient Identification Errors. The Specimen Processor Is An On-demand System, So No Batching Of Specimens Is Required Which Helps With The Recovery Of Fastidious Organisms Such As, Haemphilus Influenzae And Neisseria Gonorrhoeae. An Lis Connection Is Used To Label Plates, Tubes And Slides To Ensure Patient Samples Are Not Mislabeled. list Of Requirements Below Are Brand Name Or Equal : item # description/part Number* qty unit 1 wasp - Basic System W/start-up Kit / 419650 1 each 2 wasp - Urine Turning Table / 419861 1 each 3 wasp - Sort Out Carousel / 419651 1 each 4 wasp - Wasp Hepa Filter / 419652 1 each 5 wasp - Bi-directional Interface / 419653 1 each 6 wasp - Automatic Loop Change Module / 419654 1 each 7 wasp - Broth Inoculation And Kb / 410658 1 each 8 wasp - Gram Slide Prep / 419660 1 each 9 vilink Remote Connectivity (on-site) / 421070 10 wasp - Maintenance And Technical Support instrument Requirements: the Automated Specimen Processor Should Automatically Open And Close Specimen Containers streak In Calibrated, Standardized Patterns gram Slides Should Be Automatically Prepared And Clearly Labeled specimen Processor Is An On-demand System, No Batching Of Specimens lis Connection Required maintenance, Training And Service: included In The Agreement Is On-site Training Of Staff, Customer Service By Phone, Emergency And Preventative Service Repair/ Monday Friday Regular Work Hours. operators Training Will Be Provided And All Expenses For Training Will Be Paid For By Vendor As Part Of Purchase Contract. period Of Performance: base Year Plus Four Option Years. Five-year Total Contract. performance Requirements: once A Need For Repair Is Identified, It Is Expected The Service Representative Would Arrive Within 24 Hours. if Equipment Is Inoperable More Than 3 Working Days Replacement Will Be An Option. This Is To Avoid Extended Periods Of Equipment Down Time. billing/invoicing Will Be Monthly Through The Tungsten Online Payment System. Late Or Inaccurate Invoicing Will Cause A Delay In Payment. not Meeting Standards Stated Here Can Result In A Poor Performance Rating In The Va Contract Performance Assessment Reporting System (cpars). This Can Adversely Affect Future Government Contracts. appendix B: va Acquisition Regulation Solicitation Provision And Contract Clause note: This Clause Will Undergo Official Rule Making By The Office Of Acquisitions And Logistics. the Below Language Will Be Submitted For Public Review Through The Federal Register. The Final wording Of The Clause May Be Changed From What Is Outlined Below Based On Public Review And comment. Once Approved, The Final Language In The Clause Can Be Obtained From The Office Of acquisitions And Logistics Programs And Policy. 1. Subpart 839.2 Information And Information Technology Security requirements 839.201 Contract Clause For Information And Information Technology Security: a. Due To The Threat Of Data Breach, Compromise Or Loss Of Information That Resides On either Va-owned Or Contractor-owned Systems, And To Comply With Federal Laws And regulations, Va Has Developed An Information And Information Technology Security Clause To be Used When Va Sensitive Information Is Accessed, Used, Stored, Generated, Transmitted, Or exchanged By And Between Va And A Contractor, Subcontractor Or A Third Party In Any Format (e.g., Paper, Microfiche, Electronic Or Magnetic Portable Media). b. In Solicitations And Contracts Where Va Sensitive Information Or Information Technology will Be Accessed Or Utilized, The Co Shall Insert The Clause Found At 852.273-75, Security requirements For Unclassified Information Technology Resources. 2. 852.273-75 - Security Requirements For Unclassified Information technology Resources (interim- October 2008) as Prescribed In 839.201, Insert The Following Clause: the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws, regulations, Standards, And Va Directives And Handbooks Regarding Information And information System Security As Delineated In This Contract. appendix C: va Information And Information System Security/privacy Language For inclusion Into Contracts, As Appropriate 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks as Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only to The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task order. b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees or Employees Who Have Access To The Same Types Of Information. The Level And Process Of background Security Investigations For Contractors Must Be In Accordance With Va Directive and Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, security, And Preparedness Is Responsible For These Policies And Procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid security Clearance. National Industrial Security Program (nisp) Was Established By Executive order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security clearance Must Be Processed Through The Special Security Officer Located In The Planning And national Security Service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. to The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable by Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves the Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. 3. Va Information Custodial Language a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure that Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, and Destruction/media Sanitization Procedures Are In Compliance With Va Directive requirements. c. Prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives and Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records and Information Management And Its Handbook 6300.1 Records Management Procedures, applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The contract. d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And applicable Federal And Va Information Confidentiality And Security Laws, Regulations And policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies become Applicable To The Va Information Or Information Systems After Execution Of The contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The information Confidentiality And Security Laws, Regulations And Policies In This Contract. e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To an Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For cause Under Federal Acquisition Regulation (far) Part 12. g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated and Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, there Is No Business Associate Relationship. h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information in An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 validated. i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available upon Request. j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All requests For, Demands For Production Of, Or Inquiries About, Va Information And Information systems To The Va Contracting Officer For Response. k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records and/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On a Yearly Basis And Provide It To The Cotr. 4. Information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, nist, And Related Va Security And Privacy Control Requirements For Federal Information systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. part 164, Subpart C, Information And System Security Categorization Level Designations In accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or the Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. information Technology Staff Must Also Use The Windows Installer Service For Installation To The default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented in Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In nist Special Publication 800-37, Guide For Applying The Risk Management Framework To federal Information Systems, Va Handbook 6500, Information Security Program And Va handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On individuals To Accomplish An Agency Function When The Contract Specifically Identifies: (a) The Systems Of Records (sor); And (b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To perform; (2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For the Operation Of A Sor On Individuals To Accomplish An Agency Function, The contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) Operation Of A System Of Records Means Performance Of Any Of The Activities associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, medical history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A fingerprint Or Voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency from Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, symbol, Or Other Identifying Particular Assigned To The Individual. i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout the Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, but Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact the Systems. j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than ____ Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes within ____ Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. 5. Information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, routine Vulnerability Scanning, System Patching And Change Management Procedures, And The completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior to The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or network Operations, Telecommunications Services, Or Other Managed Services Requires certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance with Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification program Office. Government-owned (government Facility Or Government Equipment) contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist standards Related To The Annual Fisma Security Controls Assessment And Review And Update the Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, and The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector general. The Physical Security Aspects Associated With Contractor/subcontractor Activities must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing and Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. e. The Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems and Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An assessment Using Government Personnel Or Another Contractor/subcontractor. The contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No additional Cost. f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/sub-contractor Owned equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va Approved configuration. Software Must Be Kept Current, Including All Critical Updates And patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral software And The Firewall On The Non-va Owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment that Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) Vendor Must Accept The System Without The Drive; (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement cost At Time Of Purchase. (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard drive, Then; (a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Preapproved and Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. the Iso Needs To Maintain The Documentation. 6. Security Incident Investigation a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action that Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify the Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive information, Including That Contained In System(s) To Which The Contractor/subcontractor Has access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify the Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive relief Against Any Third Party Arising From, Or Related To, The Incident. 7. Liquidated Damages For Data Breach a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In the Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor processes Or Maintains Under This Contract. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For the Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access); (2) Description Of The Event, Including: (a) Date Of Occurrence; (b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, date Of Birth, Home Address, Account Number, Disability Code; (3) Number Of Individuals Affected Or Potentially Affected; (4) Names Of Individuals Or Groups Affected Or Potentially Affected; (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6) Amount Of Time The Data Has Been Out Of Va Control; (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Sensitive Personal Information, If Any; (9) Assessment Of The Potential Harm To The Affected Individuals; (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating the Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be responsible For Paying To The Va Liquidated Damages In The Amount Of $______ Per Affected individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals consisting Of The Following: (1) Notification; (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; (3) Data Breach Analysis; (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, including Those Initiated By The Office Of Inspector General. The Government May Conduct A security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va information And Va Information Systems Shall Complete The Following Before Being Granted access To Va Information And Its Systems: (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To access To Va Information And Information Systems; (2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior training And Annually Complete Required Security Training; (3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete required Privacy Training; And (4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For va Personnel With Equivalent Information System Access [to Be Defined By The Va Program official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., any Role-based Information Security Training Required In Accordance With Nist Special publication 800-16, Information Technology Security Training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The training And Documents Are Complete. instructions: submit A Brief Description, Two-three (2-3) Pages (including Cover Letter) That Demonstrates How Your Company Can Provide The Requested Supplies That Are Required. Include Past Experience In Providing This System To The Va, Other Government (federal Or State) Agency, Or For A Private Facility. Please Specify Your Availability And Your Address. Please Indicate Whether You Hold A Gsa Federal-supply Schedule Contract That Covers These Products & Services And, If So, The Contract Number. Provide Business Size And Socio-economic Status; (a) Indicate Whether Your Business Is Large Or Small (b) If Small, Indicate If Your Firm Qualifies As A Small, Emerging Business, Or Small Disadvantages Business (c) If Disadvantages, Specify Under Which Disadvantaged Group And If Your Firm Is Certified Under Section 8(a) Of The Small Business Act (d) Indicate If Your Firm Is A Certified Service-disabled Veteran Owned Small Business (sdvosb) Or Veteran Owned Small Business (vosb) (g) Include The Duns Number Of Your Firm. (h) State Whether Your Firm Is Registered With The System For Award Management (sam) At Http://www.sam.gov And/or The Vetbiz Registry At Http://vip.vetbiz.gov. If Not, Please Note That Any Future Solicitation Could Only Be Awarded To A Contractor Who Is Registered In Sam And To Receive Award Based On Vosb Or Sdvosb Status You Must Be Registered In The Vetbiz Registry (i) Provide Current Commercial Pricing And Any Applicable Discounts. (j) Link To The Respondent S General Services Administration (gsa) Schedule, Or Attached File Of Same, If Applicable (k) Citation Of Any Current Or Past Customers (i.e., Within The Past Two (2) Years) To Include Contract Number, Point Of Contact Telephone Number Or E-mail Address; And (l) Other Material Relevant To Establishing Core Competencies Of The Firm. response Is Due By 12:00 Pm Pacific Time, Friday, February 16, 2024. Please Submit E-mail Responses To Ms. Amanda Hildreth, Contracting Officer, At Email Address: Amanda.hildreth@va.gov And Ms. Tawnya Krommenhoek, Contracting Specialist, At Email Address: Tawnya.krommenhoek@va.gov. Your Response Should Include A Statement Of Capablility, Gsa Schedule Information, Duns#, Business Size, And Socio-economic Status Information As Explained Above. Please Place Attention: Microbiology Walk Away Automated Specimen Processor (wasp) - Vapahcs In The Subject Line Of Your Email. This Notice Is To Assist The Va In Determining Sources Only. notes: Issuance Of This Notice Does Not Constitute Any Obligation Whatsoever On The Part Of The Government To Procure These Services, Or To Issue A Solicitation, Nor To Notify Respondents Of The Results Of This Notice. No Solicitation Documents Exists At This Time; However, In The Event The Acquisition Strategy Demonstrates That Gsa Is A Viable Option For Procuring A Solution, The Rfq Shall Be Posted To Gsa Ebuy Where Only Those Firms Who Currently Hold A Gsa Schedule With The Applicable Sin Will Be Able To Respond. The Department Of Veterans Affairs Is Neither Seeking Quotes Nor Accepting Unsolicited Quotes, And Responses To This Notice Cannot Be Accepted As Offers. Any Information The Vendor Considers Proprietary Should Be Clearly Marked As Such. The U.s. Government Will Not Pay For Any Information Or Administrative Costs Incurred In Response To This Sources Sought Notice.

Details: Description 1 Bids And Awards Committee Iloilo Provincial Government Procurement Of Scanner Bid No. Jch-24-698-b Philippine Bidding Documents Sixth Edition July 2020 2 Table Of Contents Section I. Invitation To Bid……………………………………………………..3 Section Ii. Instructions To Bidders………………………………………..…...5 1. Scope Of Bid ………………………………………………………………………. 5 2. Funding Information………………………………………………………………. 5 3. Bidding Requirements ……………………………………………………………. 5 4. Corrupt, Fraudulent, Collusive, And Coercive Practices 5 5. Eligible Bidders…………………………………………………………………… 5 6. Origin Of Goods ………………………………………………………………….. 6 7. Subcontracts ……………………………………………………………………… 6 8. Pre-bid Conference ………………………………………………………………. 6 9. Clarification And Amendment Of Bidding Documents …………………………… 6 10. Documents Comprising The Bid: Eligibility And Technical Components …………. 6 11. Documents Comprising The Bid: Financial Component …………………………... 7 12. Bid Prices …………………………………………………………………………. 7 13. Bid And Payment Currencies ……………………………………………………… 7 14. Bid Security ………………………………………………………………………. 7 15. Sealing And Marking Of Bids ……………………………………………………… 7 16. Deadline For Submission Of Bids …………………………………………………. 8 17. Opening And Preliminary Examination Of Bids ………………………………….. 8 18. Domestic Preference ……………………………………………………………… 8 19. Detailed Evaluation And Comparison Of Bids ……………………………………. 8 20. Post-qualification ………………………………………………………………… 8 21. Signing Of The Contract …………………………………………………………… 8 Section Iii. Bid Data Sheet …………………………………………………..9 Section Iv. General Conditions Of Contract ……………………...………..10 1. Scope Of Contract ………………………………………………………………… 10 2. Advance Payment And Terms Of Payment ……………………………………….. 10 3. Performance Security ……………………………………………………………. 10 4. Inspection And Tests ……………………………………………………………… 10 5. Warranty …………………………………………………………………………. 10 6. Liability Of The Supplier ………………………………………………………….. 10 Section V. Special Conditions Of Contract ………………………………….11 Section Vi. Schedule Of Requirements ……………………………………....13 Section Vii. Technical Specifications …………………………………………14 Section Viii. Checklist Of Technical And Financial Documents …………..14 3 Section I. Invitation To Bid Purchase Of Scanner Bid No. Jch-24-698-b 1. The Iloilo Provincial Government Through The Sb#4 2020 (co) Intends To Apply The Sum Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) Being The Abc To Payments Under The Contract For The Purchase Of Scanner. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Iloilo Provincial Government Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 30 Days Upon Receipt Of The Notice To Proceed (ntp). Bidders Should Have Completed, Within Three (3) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From The Bids And Awards Committee Secretariat Of The Iloilo Provincial Government And Inspect The Bidding Documents At The Address Given Below During 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On May 16 ,2024 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Hundred Pesos (php500.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees In Person. 6. The Iloilo Provincial Government Will Hold A Pre-bid Conference1 On May 23,2024 At 9:00 A.m. At Bac Secretariat, Iloilo Provincial Capitol And/or Through Video Conferencing Or Webcasting, Upon Request At Least Three (3) Days Before The Pre-bid Conference, Via Zoom Or Other Videoconferencing Portals, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol, Bonifacio Drive, Iloilo City On Or Before June 6,2024 At 9:00 A.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On June 6,2024 At 9:01 A.m. At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. A. The Participating Bidder/supplier Or Its Authorized Representative Must Indicate In Any Of The Eligibility Documents, An Email Address Or A Working Fax Number. The Absence Of Which Shall Be 1 In Case The Abc Is One Million Pesos (php1,000,000) Or More, And For Contracts Involving The Procurement Of Equipment And Vehicles Regardless Of The Amount Of The Abc. 4 A Ground For Disqualification. Notice To The Bidder/supplier Through The Use Of Either Of These Means (email/fax) Is Considered Sufficient Notice. The Date Of Filing Of Reconsideration And All Communications With The Bac Shall Be Its (bac) Date Of Receipt. B. The Bidder(s)/awardee(s) Or Its Authorized Representative Must Conform To The Notice Of Award Within Three (3) Calendar Days From Receipt Of Such Notice And The Winning Bidder Shall Post The Required Performance Security And Enter Into Contract With The Procuring Entity Within Ten (10) Calendar Days From Receipt By The Winning Bidder Of The Notice Of Award In Accordance With Section 37.2.1 Of The Revised Irr Of R.a. No. 9184. C. The Bidder/supplier Must Have No Pending Unaccepted Notice To Proceed Three (3) Days From The Date Of Acceptance And Signing Of The Purchase Order. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. D. The Bidder/supplier Must Have No Notice Of Award Pending Its Conformity Three (3) Days From The Date Of Its Receipt Of The Notice Of Award. Otherwise, It Shall Be Aground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. E. The Bidder/supplier Shall Submit A List Of All Its Ongoing And Completed Projects With The Iloilo Provincial Government Indicating The Delivery Periods And Accomplishments Of Such Projects. F. The Bidder/supplier At The Time Of The Bidding Must Have No Pending Unposted Performance Or Warranty Security, As The Case May Be, Beyond The Period Allowed In The Notice Of Award. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. G. When An Occurrence Of A Tie Among Bidders Takes Place, I.e., Two Or More Of The Bidders Are Determined And Declared As The Lowest Calculated And Responsive Bidder (lcrb), The Winning Bidder Shall Be Determined By Draw Lots Upon Notice To The Bidders Concerned And/or Their Authorized Representatives In Accordance With The Relevant Circulars Issued By The Government Procurement Policy Board (gppb). 11. The Iloilo Provincial Government Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Atty. Raemman M. Lagrada Bac Secretariat Head 5th Floor, Bids And Awards Committee Iloilo Provincial Capitol Email Address: Ipg_bacs@yahoo.com/bac@iloilo.gov.ph Website: Iloilo.gov.ph Telephone Number: (033) 336-0736 13. You May Visit The Following Websites For Downloading Of Bidding Documents: Ipg.gov.ph And/or Philgeps.com May 14 ,2024 Atty. Dennis T. Ventilacion Chairman, Bids And Awards Committee 5 Section Ii. Instructions To Bidders 1. Scope Of Bid The Procuring Entity, Iloilo Provincial Government Wishes To Receive Bids For The Purchase Of Scanner With Bid No. Jch-24-698-b. The Procurement Project (referred To Herein As “project”) Is Composed Of One (1) Item, The Details Of Which Are Described In Section Vii (technical Specifications). 2. Funding Information 2.1. The Gop Through The Source Of Funding As Indicated Below For 2020 In The Amount Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) 2.2. The Source Of Funding Is: Lgus, The Annual Or Supplemental Budget, As Approved By The Sanggunian. 3. Bidding Requirements The Bidding For The Project Shall Be Governed By All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including Its Generic Procurement Manuals And Associated Policies, Rules And Regulations As The Primary Source Thereof, While The Herein Clauses Shall Serve As The Secondary Source Thereof. Any Amendments Made To The Irr And Other Gppb Issuances Shall Be Applicable Only To The Ongoing Posting, Advertisement, Or Ib By The Bac Through The Issuance Of A Supplemental Or Bid Bulletin. The Bidder, By The Act Of Submitting Its Bid, Shall Be Deemed To Have Verified And Accepted The General Requirements Of This Project, Including Other Factors That May Affect The Cost, Duration And Execution Or Implementation Of The Contract, Project, Or Work And Examine All Instructions, Forms, Terms, And Project Requirements In The Bidding Documents. 4. Corrupt, Fraudulent, Collusive, And Coercive Practices The Procuring Entity, As Well As The Bidders And Suppliers, Shall Observe The Highest Standard Of Ethics During The Procurement And Execution Of The Contract. They Or Through An Agent Shall Not Engage In Corrupt, Fraudulent, Collusive, Coercive, And Obstructive Practices Defined Under Annex “i” Of The 2016 Revised Irr Of Ra No. 9184 Or Other Integrity Violations In Competing For The Project. 5. Eligible Bidders 5.1. Only Bids Of Bidders Found To Be Legally, Technically, And Financially Capable Will Be Evaluated. 5.2. A. Foreign Ownership Exceeding Those Allowed Under The Rules May Participate Pursuant To: I. When A Treaty Or International Or Executive Agreement As Provided In Section 4 Of The Ra No. 9184 And Its 2016 Revised Irr Allow Foreign Bidders To Participate; Ii. Citizens, Corporations, Or Associations Of A Country, Included In The List Issued By The Gppb, The Laws Or Regulations Of Which Grant Reciprocal Rights Or Privileges To Citizens, Corporations, Or Associations Of The Philippines; Iii. When The Goods Sought To Be Procured Are Not Available From Local Suppliers; Or Iv. When There Is A Need To Prevent Situations That Defeat Competition Or Restrain Trade. 5.3. Pursuant To Section 23.4.1.3 Of The 2016 Revised Irr Of Ra No.9184, The Bidder Shall Have An Slcc That Is At Least One (1) Contract Similar To The Project The Value Of Which, Adjusted To Current Prices Using The Psa’s Cpi, Must Be At Least Equivalent To: 6 A. For The Procurement Of Non-expendable Supplies And Services: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Fifty Percent (50%) Of The Abc. B. For The Procurement Of Expendable Supplies: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Twenty-five Percent (25%) Of The Abc. C. For Procurement Where The Procuring Entity Has Determined, After The Conduct Of Market Research, That Imposition Of Either (a) Or (b) Will Likely Result To Failure Of Bidding Or Monopoly That Will Defeat The Purpose Of Public Bidding: The Bidder Should Comply With The Following Requirements: [select Either Failure Or Monopoly Of Bidding Based On Market Research Conducted] I. Completed At Least Two (2) Similar Contracts, The Aggregate Amount Of Which Should Be Equivalent To At Least Fifty Percent (50%) In The Case Of Non-expendable Supplies And Services Or Twenty-five Percent (25%) In The Case Of Expendable Supplies] Of The Abc For This Project; And Ii. The Largest Of These Similar Contracts Must Be Equivalent To At Least Half Of The Percentage Of The Abc As Required Above. 5.4. The Bidders Shall Comply With The Eligibility Criteria Under Section 23.4.1 Of The 2016 Irr Of Ra No. 9184. 6. Origin Of Goods There Is No Restriction On The Origin Of Goods Other Than Those Prohibited By A Decision Of The Un Security Council Taken Under Chapter Vii Of The Charter Of The Un, Subject To Domestic Preference Requirements Under Itb Clause 18. 7. Subcontracts 7.1. The Bidder May Subcontract Portions Of The Project To The Extent Allowed By The Procuring Entity As Stated Herein, But In No Case More Than Twenty Percent (20%) Of The Project. The Procuring Entity Has Prescribed That: Subcontracting Is Not Allowed. 8. Pre-bid Conference The Procuring Entity Will Hold A Pre-bid Conference For This Project On The Specified Date And Time And Either At Its Physical Address As Indicated In Paragraph 6 Of The Ib. 9. Clarification And Amendment Of Bidding Documents Prospective Bidders May Request For Clarification On And/or Interpretation Of Any Part Of The Bidding Documents. Such Requests Must Be In Writing And Received By The Procuring Entity, Either At Its Given Address Or Through Electronic Mail Indicated In The Ib, At Least Ten (10) Calendar Days Before The Deadline Set For The Submission And Receipt Of Bids. 10. Documents Comprising The Bid: Eligibility And Technical Components 10.1. The First Envelope Shall Contain The Eligibility And Technical Documents Of The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 10.2. The Bidder’s Slcc As Indicated In Itb Clause 5.3 Should Have Been Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 10.3. If The Eligibility Requirements Or Statements, The Bids, And All Other Documents For Submission To The Bac Are In Foreign Language Other Than English, It Must Be Accompanied By A Translation In English, Which Shall Be Authenticated By The Appropriate Philippine Foreign Service Establishment, Post, Or The Equivalent Office Having Jurisdiction Over The Foreign Bidder’s Affairs In The Philippines. Similar To The Required Authentication Above, For Contracting Parties To The Apostille Convention, Only The Translated Documents Shall Be Authenticated Through An Apostille Pursuant To Gppb Resolution No. 13-2019 Dated 23 May 2019. The English Translation Shall Govern, For Purposes Of Interpretation Of The Bid. 7 11. Documents Comprising The Bid: Financial Component 11.1. The Second Bid Envelope Shall Contain The Financial Documents For The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 11.2. If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity, A Certification Issued By Dti Shall Be Provided By The Bidder In Accordance With Section 43.1.3 Of The 2016 Revised Irr Of Ra No. 9184. 11.3. Any Bid Exceeding The Abc Indicated In Paragraph 1 Of The Ib Shall Not Be Accepted. 11.4. For Foreign-funded Procurement, A Ceiling May Be Applied To Bid Prices Provided The Conditions Are Met Under Section 31.2 Of The 2016 Revised Irr Of Ra No. 9184. 12. Bid Prices 12.1. Prices Indicated On The Price Schedule Shall Be Entered Separately In The Following Manner: A. For Goods Offered From Within The Procuring Entity’s Country: I. The Price Of The Goods Quoted Exw (ex-works, Ex-factory, Ex-warehouse, Ex-showroom, Or Off-the-shelf, As Applicable); Ii. The Cost Of All Customs Duties And Sales And Other Taxes Already Paid Or Payable; Iii. The Cost Of Transportation, Insurance, And Other Costs Incidental To Delivery Of The Goods To Their Final Destination; And Iv. The Price Of Other (incidental) Services, If Any, Listed In E. B. For Goods Offered From Abroad: I. Unless Otherwise Stated In The Bds, The Price Of The Goods Shall Be Quoted Delivered Duty Paid (ddp) With The Place Of Destination In The Philippines As Specified In The Bds. In Quoting The Price, The Bidder Shall Be Free To Use Transportation Through Carriers Registered In Any Eligible Country. Similarly, The Bidder May Obtain Insurance Services From Any Eligible Source Country. Ii. The Price Of Other (incidental) Services, If Any, As Listed In Section Vii (technical Specifications). 13. Bid And Payment Currencies 13.1. For Goods That The Bidder Will Supply From Outside The Philippines, The Bid Prices May Be Quoted In The Local Currency Or Tradeable Currency Accepted By The Bsp At The Discretion Of The Bidder. However, For Purposes Of Bid Evaluation, Bids Denominated In Foreign Currencies, Shall Be Converted To Philippine Currency Based On The Exchange Rate As Published In The Bsp Reference Rate Bulletin On The Day Of The Bid Opening. 13.2. Payment Of The Contract Price Shall Be Made In: Philippine Pesos. 14. Bid Security 14.1. The Bidder Shall Submit A Bid Securing Declaration2 Or Any Form Of Bid Security In The Amount Indicated In The Bds, Which Shall Be Not Less Than The Percentage Of The Abc In Accordance With The Schedule In The Bds. 14.2. The Bid And Bid Security Shall Be Valid Until One Hundred Twenty (120) Days. Any Bid Not Accompanied By An Acceptable Bid Security Shall Be Rejected By The Procuring Entity As Non-responsive. 15. Sealing And Marking Of Bids Each Bidder Shall Submit One Copy Of The First And Second Components Of Its Bid. The Procuring Entity May Request Additional Hard Copies And/or Electronic Copies Of The Bid. However, Failure Of The Bidders To Comply With The Said Request Shall Not Be A Ground For Disqualification. 2 In The Case Of Framework Agreement, The Undertaking Shall Refer To Entering Into Contract With The Procuring Entity And Furnishing Of The Performance Security Or The Performance Securing Declaration Within Ten (10) Calendar Days From Receipt Of Notice To Execute Framework Agreement. 8 16. Deadline For Submission Of Bids 16.1. The Bidders Shall Submit On The Specified Date And Time At Its Physical Address As Indicated In Paragraph 7 Of The Ib. 17. Opening And Preliminary Examination Of Bids 17.1. The Bac Shall Open The Bids In Public At The Time, On The Date, And At The Place Specified In Paragraph 9 Of The Ib. The Bidders’ Representatives Who Are Present Shall Sign A Register Evidencing Their Attendance. In Case Videoconferencing, Webcasting Or Other Similar Technologies Will Be Used, Attendance Of Participants Shall Likewise Be Recorded By The Bac Secretariat. In Case The Bids Cannot Be Opened As Scheduled Due To Justifiable Reasons, The Rescheduling Requirements Under Section 29 Of The 2016 Revised Irr Of Ra No. 9184 Shall Prevail. 17.2. The Preliminary Examination Of Bids Shall Be Governed By Section 30 Of The 2016 Revised Irr Of Ra No. 9184. 18. Domestic Preference 18.1. The Procuring Entity Will Grant A Margin Of Preference For The Purpose Of Comparison Of Bids In Accordance With Section 43.1.2 Of The 2016 Revised Irr Of Ra No. 9184. 19. Detailed Evaluation And Comparison Of Bids 19.1. The Procuring Bac Shall Immediately Conduct A Detailed Evaluation Of All Bids Rated “passed,” Using Non-discretionary Pass/fail Criteria. The Bac Shall Consider The Conditions In The Evaluation Of Bids Under Section 32.2 Of The 2016 Revised Irr Of Ra No. 9184. 19.2. If The Project Allows Partial Bids, Bidders May Submit A Proposal On Any Of The Lots Or Items, And Evaluation Will Be Undertaken On A Per Lot Or Item Basis, As The Case Maybe. In This Case, The Bid Security As Required By Itb Clause 15 Shall Be Submitted For Each Lot Or Item Separately. 19.3. The Descriptions Of The Lots Or Items Shall Be Indicated In Section Vii (technical Specifications), Although The Abcs Of These Lots Or Items Are Indicated In The Bds For Purposes Of The Nfcc Computation Pursuant To Section 23.4.2.6 Of The 2016 Revised Irr Of Ra No. 9184. The Nfcc Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 19.4. The Project Shall Be Awarded As Follows: Complete Bid - One Project Having Several Items That Shall Be Awarded As One Contract In Case Of Complete Bid. Line Bidding/partial Bidding - One Project Having Several Items, Which Shall Be Awarded As Separate Contracts Per Item 19.5. Except For Bidders Submitting A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation, All Bids Must Include The Nfcc Computation Pursuant To Section 23.4.1.4 Of The 2016 Revised Irr Of Ra No. 9184, Which Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. For Bidders Submitting The Committed Line Of Credit, It Must Be At Least Equal To Ten Percent (10%) Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 20. Post-qualification Within A Non-extendible Period Of Five (5) Calendar Days From Receipt By The Bidder Of The Notice From The Bac That It Submitted The Lowest Calculated Bid, The Bidder Shall Submit Its Latest Income And Business Tax Returns Filed And Paid Through The Bir Electronic Filing And Payment System (efps) And Other Appropriate Licenses And Permits Required By Law And Stated In The Bds. 21. Signing Of The Contract 21.1. The Documents Required In Section 37.2 Of The 2016 Revised Irr Of Ra No. 9184 Shall Form Part Of The Contract. Additional Contract Documents Are Indicated In The Bds. 9 Section Iii. Bid Data Sheet Itb Clause 5.3 For This Purpose, Contracts Similar To The Project Shall Be: A. Refers To The Contracts To Be Bid Or The Object Of The Contract; B. Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 7.1 Subcontracting Is Not Allowed. 12 The Price Of The Goods Shall Be Quoted Ddp [jesus M. Colmenares District Hospital-balasan,iloilo] Or The Applicable International Commercial Terms (incoterms) For This Project. 14.1 The Bid Security Shall Be In The Form Of A Bid Securing Declaration, Or Any Of The Following Forms And Amounts: A. The Amount Of Not Less Than Two Percent (2%) Of Abc, If Bid Security Is In Cash, Cashier’s/manager’s Check, Bank Draft/guarantee Or Irrevocable Letter Of Credit; Or B. The Amount Of Not Less Than Five Percent (5%) Of Abc, If Bid Security Is In Surety Bond. 15 Bidders Shall Prepare An Original Of The First (eligibility And Technical) And Second (financial) Envelopes. In Addition, Bidders Shall Submit Separate Copies Of The First And Second Envelopes (copy 1, Copy 2) And Each Set Of Documents Must Clearly Indicate Whether The Same Is Original, Copy 1, Or Copy 2. In The Event Of Any Discrepancy Between The Original And The Copies, The Original Shall Prevail. 19.3 No Further Instructions. 20.2 For The Procurement Of Drugs And Medicines And Medical Equipment/supplies, The Bidder Shall Submit The Following: A. Certificate Of Product Registration From Food And Drug Administration (fda) For Easy Validation During The Post-qualification; B. Certificate If Good Manufacturing Practice From Fda, For Easy Validation During The Post-qualification; C. Batch Release Certificate From Fda, For Easy Validation During The Post-qualification; D. If The Supplier Is Not The Manufacturer, Certification From The Manufacturer That The Supplier Is An Authorized Distributor/ Dealer Of The Products / Items For Easy Validation During The Post-qualification; E. For The Procurement Of Regulated Drugs, The Applicable Type Of S-license: S-1, S-3 (retailer) S-4 (wholesaler) S-5c (manufacturer) S-5d (bulk Depot/storage) S-5e S-5i (importer); F. License To Operate (lto) Issued By Fda, If Applicable; G. After-sales Services/parts, If Applicable; H. Manpower Requirements, If Applicable. 21.2 No Further Instructions. 10 Section Iv. General Conditions Of Contract 1. Scope Of Contract This Contract Shall Include All Such Items, Although Not Specifically Mentioned, That Can Be Reasonably Inferred As Being Required For Its Completion As If Such Items Were Expressly Mentioned Herein. All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including The Generic Procurement Manual, And Associated Issuances, Constitute The Primary Source For The Terms And Conditions Of The Contract, And Thus, Applicable In Contract Implementation. Herein Clauses Shall Serve As The Secondary Source For The Terms And Conditions Of The Contract. This Is Without Prejudice To Sections 74.1 And 74.2 Of The 2016 Revised Irr Of Ra No. 9184 Allowing The Gppb To Amend The Irr, Which Shall Be Applied To All Procurement Activities, The Advertisement, Posting, Or Invitation Of Which Were Issued After The Effectivity Of The Said Amendment. Additional Requirements For The Completion Of This Contract Shall Be Provided In The Special Conditions Of Contract (scc). 2. Advance Payment And Terms Of Payment 2.1. Advance Payment Of The Contract Amount Is Provided Under Annex “d” Of The Revised 2016 Irr Of Ra No. 9184. 2.2. The Procuring Entity Is Allowed To Determine The Terms Of Payment On The Partial Or Staggered Delivery Of The Goods Procured, Provided Such Partial Payment Shall Correspond To The Value Of The Goods Delivered And Accepted In Accordance With Prevailing Accounting And Auditing Rules And Regulations. The Terms Of Payment Are Indicated In The Scc. 3. Performance Security Within Ten (10) Calendar Days From Receipt Of The Notice Of Award By The Bidder From The Procuring Entity But In No Case Later Than Prior To The Signing Of The Contract By Both Parties, The Successful Bidder Shall Furnish The Performance Security In Any Of The Forms Prescribed In Section 39 Of The 2016 Revised Irr Of Ra No. 9184. 4. Inspection And Tests The Procuring Entity Or Its Representative Shall Have The Right To Inspect And/or To Test The Goods To Confirm Their Conformity To The Project Specifications At No Extra Cost To The Procuring Entity In Accordance With The Generic Procurement Manual. In Addition To Tests In The Scc, Section Iv (technical Specifications) Shall Specify What Inspections And/or Tests The Procuring Entity Requires, And Where They Are To Be Conducted. The Procuring Entity Shall Notify The Supplier In Writing, In A Timely Manner, Of The Identity Of Any Representatives Retained For These Purposes. All Reasonable Facilities And Assistance For The Inspection And Testing Of Goods, Including Access To Drawings And Production Data, Shall Be Provided By The Supplier To The Authorized Inspectors At No Charge To The Procuring Entity. 5. Warranty 6.1. In Order To Assure That Manufacturing Defects Shall Be Corrected By The Supplier, A Warranty Shall Be Required From The Supplier As Provided Under Section 62.1 Of The 2016 Revised Irr Of Ra No. 9184. 6.2. The Procuring Entity Shall Promptly Notify The Supplier In Writing Of Any Claims Arising Under This Warranty. Upon Receipt Of Such Notice, The Supplier Shall, Repair Or Replace The Defective Goods Or Parts Thereof Without Cost To The Procuring Entity, Pursuant To The Generic Procurement Manual. 6. Liability Of The Supplier The Supplier’s Liability Under This Contract Shall Be As Provided By The Laws Of The Republic Of The Philippines. If The Supplier Is A Joint Venture, All Partners To The Joint Venture Shall Be Jointly And Severally Liable To The Procuring Entity. 11 Section V. Special Conditions Of Contract Gcc Clause 1 Delivery And Documents – For Purposes Of The Contract, “exw,” “fob,” “fca,” “cif,” “cip,” “ddp” And Other Trade Terms Used To Describe The Obligations Of The Parties Shall Have The Meanings Assigned To Them By The Current Edition Of Incoterms Published By The International Chamber Of Commerce, Paris. The Delivery Terms Of This Contract Shall Be As Follows: [for Goods Supplied From Within The Philippines, State:] “the Delivery Terms Applicable To This Contract Are Delivered To The Jesus M. Colmenares District Hospital-balasan,iloilo. Risk And Title Will Pass From The Supplier To The Procuring Entity Upon Receipt And Final Acceptance Of The Goods At Their Final Destination.” Delivery Of The Goods Shall Be Made By The Supplier In Accordance With The Terms Specified In Section Vi (schedule Of Requirements). For Purposes Of This Clause The Procuring Entity’s Representative At The Project Site Is The Authorized Employee/official Of The Iloilo Provincial Government. Incidental Services – The Supplier Is Required To Provide All Of The Following Services, Including Additional Services, If Any, Specified In Section Vi. Schedule Of Requirements: A. Performance Or Supervision Of On-site Assembly And/or Start-up Of The Supplied Goods; B. Furnishing Of Tools Required For Assembly And/or Maintenance Of The Supplied Goods; C. Furnishing Of A Detailed Operations And Maintenance Manual For Each Appropriate Unit Of The Supplied Goods; The Contract Price For The Goods Shall Include The Prices Charged By The Supplier For Incidental Services And Shall Not Exceed The Prevailing Rates Charged To Other Parties By The Supplier For Similar Services. Packaging – The Supplier Shall Provide Such Packaging Of The Goods As Is Required To Prevent Their Damage Or Deterioration During Transit To Their Final Destination, As Indicated In This Contract. The Packaging Shall Be Sufficient To Withstand, Without Limitation, Rough Handling During Transit And Exposure To Extreme Temperatures, Salt And Precipitation During Transit, And Open Storage. Packaging Case Size And Weights Shall Take Into Consideration, Where Appropriate, The Remoteness Of The Goods’ Final Destination And The Absence Of Heavy Handling Facilities At All Points In Transit. The Packaging, Marking, And Documentation Within And Outside The Packages Shall Comply Strictly With Such Special Requirements As Shall Be Expressly Provided For In The Contract, Including Additional Requirements, If Any, Specified Below, And In Any Subsequent Instructions Ordered By The Procuring Entity. 12 The Outer Packaging Must Be Clearly Marked On At Least Four (4) Sides As Follows: Name Of The Procuring Entity Name Of The Supplier Contract Description Final Destination Gross Weight Any Special Lifting Instructions Any Special Handling Instructions A Packaging List Identifying The Contents And Quantities Of The Package Is To Be Placed On An Accessible Point Of The Outer Packaging If Practical. If Not Practical The Packaging List Is To Be Placed Inside The Outer Packaging But Outside The Secondary Packaging. Transportation – Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip, Or Ddp, Transport Of The Goods To The Port Of Destination Or Such Other Named Place Of Destination In The Philippines, As Shall Be Specified In This Contract, Shall Be Arranged And Paid For By The Supplier, And The Cost Thereof Shall Be Included In The Contract Price. Where The Supplier Is Required Under This Contract To Transport The Goods To A Specified Place Of Destination Within The Philippines, Defined As The Project Site, Transport To Such Place Of Destination In The Philippines, Including Insurance And Storage, As Shall Be Specified In This Contract, Shall Be Arranged By The Supplier, And Related Costs Shall Be Included In The Contract Price. Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip Or Ddp, Goods Are To Be Transported On Carriers Of Philippine Registry. In The Event That No Carrier Of Philippine Registry Is Available, Goods May Be Shipped By A Carrier Which Is Not Of Philippine Registry Provided That The Supplier Obtains And Presents To The Procuring Entity Certification To This Effect From The Nearest Philippine Consulate To The Port Of Dispatch. In The Event That Carriers Of Philippine Registry Are Available But Their Schedule Delays The Supplier In Its Performance Of This Contract The Period From When The Goods Were First Ready For Shipment And The Actual Date Of Shipment The Period Of Delay Will Be Considered Force Majeure. The Procuring Entity Accepts No Liability For The Damage Of Goods During Transit Other Than Those Prescribed By Incoterms For Ddp Deliveries. In The Case Of Goods Supplied From Within The Philippines Or Supplied By Domestic Suppliers Risk And Title Will Not Be Deemed To Have Passed To The Procuring Entity Until Their Receipt And Final Acceptance At The Final Destination. 2.2 Partial Payment Is Not Allowed. 4 The Inspections And Tests That Will Be Conducted Are Through Physical Inspection. 13 Section Vi. Schedule Of Requirements The Delivery Schedule Expressed As Weeks/months Stipulates Hereafter A Delivery Date Which Is The Date Of Delivery To The Project Site. ___________________________________ Signature Over Printed Name Item Number Description Quantity Total Delivered, Weeks/months 1 Scanner 3 3 14 Section Vii. Technical Specifications Bid No.: Jch-24-698-b Item Specification Statement Of Compliance [bidders Must State Here Either “comply” Or “not Comply” Against Each Of The Individual Parameters Of Each Specification Stating The Corresponding Performance Parameter Of The Equipment Offered. Statements Of “comply” Or “not Comply” Must Be Supported By Evidence In A Bidders Bid And Cross-referenced To That Evidence. Evidence Shall Be In The Form Of Manufacturer’s Un-amended Sales Literature, Unconditional Statements Of Specification And Compliance Issued By The Manufacturer, Samples, Independent Test Data Etc., As Appropriate. A Statement That Is Not Supported By Evidence Or Is Subsequently Found To Be Contradicted By The Evidence Presented Will Render The Bid Under Evaluation Liable For Rejection. A Statement Either In The Bidder's Statement Of Compliance Or The Supporting Evidence That Is Found To Be False Either During Bid Evaluation, Post-qualification Or The Execution Of The Contract May Be Regarded As Fraudulent And Render The Bidder Or Supplier Liable For Prosecution Subject To The Applicable Laws And Issuances.] 1 Scanner Scanner Type: Adf, Manual Feed, Duplex Scanning Speed (a4 Portrait): Simplex/duplex: 40ppm Image Sensor: Cis X 2 (front X 1, Back X 1) Light Source: 3 Color Led (red/green/blue) Optical Resolution: 600dpi Adf Capacity: 50 Sheets (a4, 80 G/m2 Or 20 Lb) Interface: Usb, Wifi Lcd: 4.3 In. Color Tft Touch Screen Terms And Conditions Delivery Period 30 Days Upon Receipt Of Approved Notice To Proceed Warranty: One Year Parts And Services W/ Free Preventive Maintenance During Warranty Period ___________________________________ Signature Over Printed Name 15 Section Viii. Checklist Of Technical And Financial Documents I. Technical Component Envelope Class “a” Documents Legal Documents (a) Valid Philgeps Registration Certificate (platinum Membership) (all Pages); Or (b) Registration Certificate From Securities And Exchange Commission (sec), Department Of Trade And Industry (dti) For Sole Proprietorship, Or Cooperative Development Authority (cda) For Cooperatives Or Its Equivalent Document, And (c) Mayor’s Or Business Permit Issued By The City Or Municipality Where The Principal Place Of Business Of The Prospective Bidder Is Located, Or The Equivalent Document For Exclusive Economic Zones Or Areas; And (d) Tax Clearance Per E.o. No. 398, S. 2005, As Finally Reviewed And Approved By The Bureau Of Internal Revenue (bir). Technical Documents (e) Statement Of The Prospective Bidder Of All Its Ongoing Government And Private Contracts, Including Contracts Awarded But Not Yet Started, If Any, Whether Similar Or Not Similar In Nature And Complexity To The Contract To Be Bid; And (f) Statement Of The Bidder’s Single Largest Completed Contract (slcc) Similar To The Contract To Be Bid, Except Under Conditions Provided For In Sections 23.4.1.3 And 23.4.2.4 Of The 2016 Revised Irr Of Ra No. 9184, Within The Relevant Period As Provided In The Bidding Documents; And (g) Original Copy Of Bid Security. If In The Form Of A Surety Bond, Submit Also A Certification Issued By The Insurance Commission; Or Original Copy Of Notarized Bid Securing Declaration; And (h) Conformity With The Technical Specifications, Which May Include Production/delivery Schedule, Manpower Requirements, And/or After-sales/parts, If Applicable; And (i) Original Duly Signed Omnibus Sworn Statement (oss); And If Applicable, Original Notarized Secretary’s Certificate In Case Of A Corporation, Partnership, Or Cooperative; Or Original Special Power Of Attorney Of All Members Of The Joint Venture Giving Full Power And Authority To Its Officer To Sign The Oss And Do Acts To Represent The Bidder. Financial Documents (j) The Supplier’s Audited Financial Statements, Showing, Among Others, The Supplier’s Total And Current Assets And Liabilities, Stamped “received” By The Bir Or Its Duly Accredited And Authorized Institutions, For The Preceding Calendar Year Which Should Not Be Earlier Than Two (2) Years From The Date Of Bid Submission; And (k) The Prospective Bidder’s Computation Of Net Financial Contracting Capacity (nfcc); Or A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation. Class “b” Documents (l) If Applicable, A Duly Signed Joint Venture Agreement (jva) In Case The Joint Venture Is Already In Existence; Or Duly Notarized Statements From All The Potential Joint Venture Partners Stating That They Will Enter Into And Abide By The Provisions Of The Jva In The Instance That The Bid Is Successful. Ii. Financial Component Envelope (m) Original Of Duly Signed And Accomplished Financial Bid Form; And (n) Original Of Duly Signed And Accomplished Price Schedule(s). Other Documentary Requirements Under Ra No. 9184 (as Applicable) (o) [for Foreign Bidders Claiming By Reason Of Their Country’s Extension Of Reciprocal Rights To Filipinos] Certification From The Relevant Government Office Of Their Country Stating That Filipinos Are Allowed To Participate In Government Procurement Activities For The Same Item Or Product. (p) Certification From The Dti If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity. 16

Details: Statement Of Work cepheid Genexpert Maintenance And Support general scope Of Services: the Purpose Of This Requirement Is To Provide Full-service Maintenance And Repair For Twelve (12) Cepheid Genexpert Laboratory Analyzer Systems Across The Veterans Integrated Service Network (visn) 5 Medical Centers. The Requirement Includes The Scheduled Maintenance And Corrective Maintenance According To The Manufacturer S Recommendations/procedures. The Contractor Shall Provide All Resources Necessary To Accomplish The Deliverables Described In This Statement Of Work (sow), Except As May Otherwise Be Specified. a Firm-fixed Price Contract Is Anticipated. locations: beckley Va Medical Center, 200 Veterans Ave, Beckley Wv 25801-6444 hershel "woody" Williams Va Medical Center, 1540 Spring Valley Drive, Huntington Wv 25704 louis A. Johnson Va Medical Center, 1 Medical Center Drive, Clarksburg Wv 26301 martinsburg Va Medical Center, 510 Butler Avenue, Martinsburg Wv 25405 va Maryland Healthcare System, 10 N Greene St, Baltimore, Md 21201 washington Dc Va Medical Center, 50 Irving Street, Nw, Washington Dc 20422 work Hours hours Of Operation: Normal Business Hours Are Monday Through Friday, 8:00 A.m. To 4:30 P.m., Excluding Holidays. Should The Contractor Require Work Afterhours, The Contractor Shall Arrange In Advance With The Contracting Officer S Representative (cor). delivery Hours: The Warehouse Is Open To Receive Deliveries Monday Through Friday, 8:00 A.m. To 4:00 P.m., Excluding Holidays. national Holidays: The Holidays Observed By The Federal Government Are: New Year S Day, Martin Luther King Day, President S Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Columbus Day, Veteran S Day, Thanksgiving Day, And Christmas Day And Any Other Day Specifically Declared By The President Of The United States To Be A National Holiday. Contractor May Work On Holidays With Prior Communication And Coordination. period Of Performance base Year march 23, 2024 March 22, 2025 1st Option Period march 23, 2025 March 22, 2026 2nd Option Period march 23, 2026 March 22, 2027 3rd Option Period march 23, 2027 March 22, 2028 4th Option Period march 23, 2028 March 22, 2029 equipment ee# serial # manufacturer model #/name location 544496 808373 cepheid genexpert Infinity-48s baltimore, Md 32749 110004114 cepheid genexpert Iv beckley, Wv 35406 120001412 cepheid genexpert Xvi beckley, Wv 36204 110019557 cepheid genexpert Xvi clarksburg, Wv 34528 110016198 cepheid genexpert Xvi clarksburg, Wv 62866 110019089 cepheid genexpert Xvi huntington, Wv 49996 803748 cepheid genexpert Xvi martinsburg, Wv 75393 110020210 cepheid genexpert Xvi martinsburg, Wv 1291876 802387 cepheid genexpert Xvi washington Dc 1327503 110001056 cepheid genexpert Iv washington Dc specifications preventative Maintenance this Contract Shall Include All Preventative Maintenance Of The Equipment According To Manufacturer S Recommendations/procedures In The Equipment Manual. all Tasks In The Manufacturer S Procedures Shall Be Completed At The Manufacturer S Listed Frequencies. calibration-- Contractor Will Guarantee Proper Calibration Specification (for All Included Equipment) Will Meet Standards For One Full Year Or Until Next Required Calibration. Contractor Shall Provide Certificate Of Calibration For The Equipment. corrective Maintenance the Contract Shall Include All Corrective (unplanned) Maintenance/repair Of The Equipment In Accordance With The Manufacturer S Manual. recalls & Alerts-- Contractor Shall Perform All Remediation Actions Needed For Product Alerts And Recalls Issued For The Equipment. parts/materials/tools/labor all Parts And Materials To Complete The Maintenance Shall Be Included As A Part Of This Contract. all Parts And Materials For Maintenance And Repair Shall Meet Current Manufacturer Standards. contractor Shall Provide Their Own Tools To Complete The Maintenance. all Labor (including Travel) To Complete The Maintenance Is Included In The Contract. updates/patching contractor Shall Complete Available Updates To The Software At The Discretion Of Biomedical Engineering. contractor Shall Complete All Patching According To Manufacturer S Specifications. response Time contractor Shall Respond To Trouble Phone Calls Within Thirty Minutes. contractor Shall Perform All Scheduled And Unscheduled Services (including Emergencies) On-site, During Normal Business Hours To Include Repair, Labor And Travel At No Additional Cost. contractor Shall Maintain An Uptime Guarantee Of 98% Or Better check In/out contractor Personnel Arriving On-site To Perform Work Shall Report To The Biomedical Engineering Department. contractor Personnel Shall Sign In Using The Department S Vendor Sign In Sheet, Filling Out All Required Information. contractor Personnel S Tool Bags Are Subject To Inspection By The Biomedical Engineering Department Upon Arrival And Upon Departure. contractor Personnel Shall Sign Out Upon Completion Of Visit. prior To Departure, Contractor Personnel Are Required To, At A Minimum, Verbally Report Any Issues With The Equipment To The Biomedical Engineering Department, Especially Noting If The System Is Still Down Or Not Fully Repaired. the Va Campus Is Non-smoking. Contractor Personnel Are Required To Comply With This Policy. parking. It Is The Responsibility Of The Contractor To Park In The Appropriate Desig Nated Park Ing Areas. reporting contractor Shall Provide A Copy Of The Service Report, Complete With Test Data, To The Contract Cor Within Five Working Days After Completion Of Any Services. service Reports Shall Include Identifying Information About The Equipment, All Services Provided During The Service Visit, Any Issues Found During The Visit, The Technician/engineer Names Of The Personnel Performing Work, And The Date Service Was Provided. remote Support the Contractor Shall Provide A Telephone Line Available 24/7 For Technical Support. Contractor Shall Also Provide A Phone Number For Va Staff To Call To Dispatch Contractor Field Service Engineers/technicians. if Remote Support Via Site-to-site Virtual Private Network (vpn) Is Required, Contractor Shall Work With The Cor And The Facility Information Security Officer (iso) To Meet The Requirements Prior To Connection. A National Site To Site Mou/isa Is The Preferred Way To Complete This Connection. patient Health Information the Contractor Shall Safeguard Patient Health Information. the Contractor Shall Report To The Biomedical Engineering Department Any Issues With Disclosed Or Unsecure Patient Health Information. contractor Shall Note Remove Any Hard Drives, Storage Devices, Or Anything Containing Patient Health Information From The Site. contractor Requirements all Contractor Personnel Performing Services On The Equipment Shall Have Factory Training And Experience In The Maintenance And Repair Of The Equipment. contractor Shall Provide Copies Of Training Certificates For The Contractor Personnel Performing Work On-site Upon The Request Of The Government. safety And Security contractor Shall Follow All Occupational Safety And Health Administration (osha) Laws And Regulations. The Contractor Is Responsible For Reporting Any Hazards They Come Across To Their Point Of Contact. contractor Shall Follow All Local Procedures Concerning Infection Control. Should The Contractor Be Unsure Of The Requirements, The Cor Can Provide The Specific Information And Procedures. contractor Personnel Shall Wear Visible Identification At All Times While On Va Property. Contract Personnel Are Required To Identify Themselves As Such To Avoid Creating An Impression In The Minds Of Members Of The Public That They Are Government Officials. property Damage the Contractor Shall Take All Necessary Precautions To Prevent Damage To Any Government Property. the Contractor Shall Report Any Damages Immediately And Shall Be Assessed Current Replacement Costs For Property Damaged By The Contractor, Unless Corrective Action Is Taken. any Damaged Material (i.e., Trees, Shrubs, Lawn/turf, Curbs, Gutters, Sidewalks, Etc.) Will Be Replaced In A Timely Manner Or Corrected By The Contractor With Like Materials, At No Extra Cost To The Government, Upon Approval Of The Contracting Officer. chemical Use prior To Performance Of Any Work, The Contractor Will Be Required To Furnish The Contracting Officer With The Trade Names (if Any) And Chemical Names Of All Chemicals To Be Used, Along With A Label Showing Contents, The Use Strength Of The Chemical As Applied, And The Antidote Thereto. contractor Shall Furnish The Same Information Each Time A Change Is Made To The Chemicals Or Products Used In The Performance Of This Contract. this Information Is Required For Emergency Treatment In The Event Of Ingestion Or And/or Contact With The Material By Humans. quality Assurance end-users, Biomedical Engineering, And/or The Contract Cor Shall Perform System Verification Tests To Ensure The System Is Fully Functional Following Service/repairs. issues With The Quality Of The Contractor S Work Will Be Communicated Through The Contracting Officer To The Contractor Point Of Contact For Resolution. documentation With Be Completed In The Government Systems. va Information And Information System Security/privacy Language 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a. A Contractor/subcontrator Shall Request Logical (technical) Or Physical Access To Va information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct On-site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. the Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. the Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. if A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. the Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. the Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. for Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cotr. information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. the Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. the Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. the Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. the Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. the Contractor/subcontractor Agrees To: comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: the Systems Of Records (sor); And the Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform; include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. the Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. the Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than Days. when The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days. all Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. information System Hosting, Operation, Maintenance, Or Use for Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. the Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. the Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor- Owned Equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va- Approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe. all Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: vendor Must Accept The System Without The Drive; va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then; the Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre- Approved And Described In The Purchase Order Or Contract. a Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. security Incident Investigation the Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. to The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. with Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. in Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. liquidated Damages For Data Breach consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. the Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: nature Of The Event (loss, Theft, Unauthorized Access); description Of The Event, Including: date Of Occurrence; data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code; number Of Individuals Affected Or Potentially Affected; names Of Individuals Or Groups Affected Or Potentially Affected; ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; amount Of Time The Data Has Been Out Of Va Control; the Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); known Misuses Of Data Containing Sensitive Personal Information, If Any; assessment Of The Potential Harm To The Affected Individuals; data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $ Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: notification; one Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; data Breach Analysis; fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; one Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems: sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems; successfully Complete The Va Cyber Security Awareness And Rules Of Behavior training And Annually Complete Required Security Training; successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete.

Details: Description Bids And Awards Committee Iloilo Provincial Government Procurement Of Scanner Bid No. Jch-24-698-b(rebid) Philippine Bidding Documents Sixth Edition July 2020 Table Of Contents Section I. Invitation To Bid……………………………………………………..3 Section Ii. Instructions To Bidders………………………………………..…...5 1. Scope Of Bid ………………………………………………………………………. 5 2. Funding Information………………………………………………………………. 5 3. Bidding Requirements ……………………………………………………………. 5 4. Corrupt, Fraudulent, Collusive, And Coercive Practices 5 5. Eligible Bidders…………………………………………………………………… 5 6. Origin Of Goods ………………………………………………………………….. 6 7. Subcontracts ……………………………………………………………………… 6 8. Pre-bid Conference ………………………………………………………………. 6 9. Clarification And Amendment Of Bidding Documents …………………………… 6 10. Documents Comprising The Bid: Eligibility And Technical Components …………. 6 11. Documents Comprising The Bid: Financial Component …………………………... 7 12. Bid Prices …………………………………………………………………………. 7 13. Bid And Payment Currencies ……………………………………………………… 7 14. Bid Security ………………………………………………………………………. 7 15. Sealing And Marking Of Bids ……………………………………………………… 7 16. Deadline For Submission Of Bids …………………………………………………. 8 17. Opening And Preliminary Examination Of Bids ………………………………….. 8 18. Domestic Preference ……………………………………………………………… 8 19. Detailed Evaluation And Comparison Of Bids ……………………………………. 8 20. Post-qualification ………………………………………………………………… 8 21. Signing Of The Contract …………………………………………………………… 8 Section Iii. Bid Data Sheet …………………………………………………..9 Section Iv. General Conditions Of Contract ……………………...………..10 1. Scope Of Contract ………………………………………………………………… 10 2. Advance Payment And Terms Of Payment ……………………………………….. 10 3. Performance Security ……………………………………………………………. 10 4. Inspection And Tests ……………………………………………………………… 10 5. Warranty …………………………………………………………………………. 10 6. Liability Of The Supplier ………………………………………………………….. 10 Section V. Special Conditions Of Contract ………………………………….11 Section Vi. Schedule Of Requirements ……………………………………....13 Section Vii. Technical Specifications …………………………………………14 Section Viii. Checklist Of Technical And Financial Documents …………..14 Section I. Invitation To Bid Purchase Of Scanner Bid No. Jch-24-698-b(rebid) 1. The Iloilo Provincial Government Through The Sb#4 2020 (co) Intends To Apply The Sum Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) Being The Abc To Payments Under The Contract For The Purchase Of Scanner. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Iloilo Provincial Government Now Invites Bids For The Above Procurement Project. Delivery Of The Goods Is Required By 30 Days Upon Receipt Of The Notice To Proceed (ntp). Bidders Should Have Completed, Within Three (3) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From The Bids And Awards Committee Secretariat Of The Iloilo Provincial Government And Inspect The Bidding Documents At The Address Given Below During 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 27 ,2024 From The Given Address And Website(s) Below And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Hundred Pesos (php500.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees In Person. 6. The Iloilo Provincial Government Will Hold A Pre-bid Conference On N/a At 9:00 A.m. At Bac Secretariat, Iloilo Provincial Capitol And/or Through Video Conferencing Or Webcasting, Upon Request At Least Three (3) Days Before The Pre-bid Conference, Via Zoom Or Other Videoconferencing Portals, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol, Bonifacio Drive, Iloilo City On Or Before July 4,2024 At 9:00 A.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On July 4,2024 At 9:01 A.m. At The 5th Floor, Bac Secretariat, Iloilo Provincial Capitol. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. A. The Participating Bidder/supplier Or Its Authorized Representative Must Indicate In Any Of The Eligibility Documents, An Email Address Or A Working Fax Number. The Absence Of Which Shall Be A Ground For Disqualification. Notice To The Bidder/supplier Through The Use Of Either Of These Means (email/fax) Is Considered Sufficient Notice. The Date Of Filing Of Reconsideration And All Communications With The Bac Shall Be Its (bac) Date Of Receipt. B. The Bidder(s)/awardee(s) Or Its Authorized Representative Must Conform To The Notice Of Award Within Three (3) Calendar Days From Receipt Of Such Notice And The Winning Bidder Shall Post The Required Performance Security And Enter Into Contract With The Procuring Entity Within Ten (10) Calendar Days From Receipt By The Winning Bidder Of The Notice Of Award In Accordance With Section 37.2.1 Of The Revised Irr Of R.a. No. 9184. C. The Bidder/supplier Must Have No Pending Unaccepted Notice To Proceed Three (3) Days From The Date Of Acceptance And Signing Of The Purchase Order. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. D. The Bidder/supplier Must Have No Notice Of Award Pending Its Conformity Three (3) Days From The Date Of Its Receipt Of The Notice Of Award. Otherwise, It Shall Be Aground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. E. The Bidder/supplier Shall Submit A List Of All Its Ongoing And Completed Projects With The Iloilo Provincial Government Indicating The Delivery Periods And Accomplishments Of Such Projects. F. The Bidder/supplier At The Time Of The Bidding Must Have No Pending Unposted Performance Or Warranty Security, As The Case May Be, Beyond The Period Allowed In The Notice Of Award. Otherwise, It Shall Be A Ground For Disqualification And The Bidder Will Be Rated "failed" During The Preliminary Examination Of Bids And/or Its Bid Shall Be Declared As "non-responsive" During Post-qualification. G. When An Occurrence Of A Tie Among Bidders Takes Place, I.e., Two Or More Of The Bidders Are Determined And Declared As The Lowest Calculated And Responsive Bidder (lcrb), The Winning Bidder Shall Be Determined By Draw Lots Upon Notice To The Bidders Concerned And/or Their Authorized Representatives In Accordance With The Relevant Circulars Issued By The Government Procurement Policy Board (gppb). 11. The Iloilo Provincial Government Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 12. For Further Information, Please Refer To: Atty. Raemman M. Lagrada Bac Secretariat Head 5th Floor, Bids And Awards Committee Iloilo Provincial Capitol Email Address: Ipg_bacs@yahoo.com/bac@iloilo.gov.ph Website: Iloilo.gov.ph Telephone Number: (033) 336-0736 13. You May Visit The Following Websites For Downloading Of Bidding Documents: Ipg.gov.ph And/or Philgeps.com June 25 ,2024 Atty. Dennis T. Ventilacion Chairman, Bids And Awards Committee Section Ii. Instructions To Bidders 1. Scope Of Bid The Procuring Entity, Iloilo Provincial Government Wishes To Receive Bids For The Purchase Of Scanner With Bid No. Jch-24-698-b(rebid). The Procurement Project (referred To Herein As “project”) Is Composed Of One (1) Item, The Details Of Which Are Described In Section Vii (technical Specifications). 2. Funding Information 2.1. The Gop Through The Source Of Funding As Indicated Below For 2020 In The Amount Of One Hundred Seventy-four Thousand Nine Hundred Sixty-nine Pesos (php174,969.00) 2.2. The Source Of Funding Is: Lgus, The Annual Or Supplemental Budget, As Approved By The Sanggunian. 3. Bidding Requirements The Bidding For The Project Shall Be Governed By All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including Its Generic Procurement Manuals And Associated Policies, Rules And Regulations As The Primary Source Thereof, While The Herein Clauses Shall Serve As The Secondary Source Thereof. Any Amendments Made To The Irr And Other Gppb Issuances Shall Be Applicable Only To The Ongoing Posting, Advertisement, Or Ib By The Bac Through The Issuance Of A Supplemental Or Bid Bulletin. The Bidder, By The Act Of Submitting Its Bid, Shall Be Deemed To Have Verified And Accepted The General Requirements Of This Project, Including Other Factors That May Affect The Cost, Duration And Execution Or Implementation Of The Contract, Project, Or Work And Examine All Instructions, Forms, Terms, And Project Requirements In The Bidding Documents. 4. Corrupt, Fraudulent, Collusive, And Coercive Practices The Procuring Entity, As Well As The Bidders And Suppliers, Shall Observe The Highest Standard Of Ethics During The Procurement And Execution Of The Contract. They Or Through An Agent Shall Not Engage In Corrupt, Fraudulent, Collusive, Coercive, And Obstructive Practices Defined Under Annex “i” Of The 2016 Revised Irr Of Ra No. 9184 Or Other Integrity Violations In Competing For The Project. 5. Eligible Bidders 5.1. Only Bids Of Bidders Found To Be Legally, Technically, And Financially Capable Will Be Evaluated. 5.2. A. Foreign Ownership Exceeding Those Allowed Under The Rules May Participate Pursuant To: I. When A Treaty Or International Or Executive Agreement As Provided In Section 4 Of The Ra No. 9184 And Its 2016 Revised Irr Allow Foreign Bidders To Participate; Ii. Citizens, Corporations, Or Associations Of A Country, Included In The List Issued By The Gppb, The Laws Or Regulations Of Which Grant Reciprocal Rights Or Privileges To Citizens, Corporations, Or Associations Of The Philippines; Iii. When The Goods Sought To Be Procured Are Not Available From Local Suppliers; Or Iv. When There Is A Need To Prevent Situations That Defeat Competition Or Restrain Trade. 5.3. Pursuant To Section 23.4.1.3 Of The 2016 Revised Irr Of Ra No.9184, The Bidder Shall Have An Slcc That Is At Least One (1) Contract Similar To The Project The Value Of Which, Adjusted To Current Prices Using The Psa’s Cpi, Must Be At Least Equivalent To: A. For The Procurement Of Non-expendable Supplies And Services: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Fifty Percent (50%) Of The Abc. B. For The Procurement Of Expendable Supplies: The Bidder Must Have Completed A Single Contract That Is Similar To This Project, Equivalent To At Least Twenty-five Percent (25%) Of The Abc. C. For Procurement Where The Procuring Entity Has Determined, After The Conduct Of Market Research, That Imposition Of Either (a) Or (b) Will Likely Result To Failure Of Bidding Or Monopoly That Will Defeat The Purpose Of Public Bidding: The Bidder Should Comply With The Following Requirements: [select Either Failure Or Monopoly Of Bidding Based On Market Research Conducted] I. Completed At Least Two (2) Similar Contracts, The Aggregate Amount Of Which Should Be Equivalent To At Least Fifty Percent (50%) In The Case Of Non-expendable Supplies And Services Or Twenty-five Percent (25%) In The Case Of Expendable Supplies] Of The Abc For This Project; And Ii. The Largest Of These Similar Contracts Must Be Equivalent To At Least Half Of The Percentage Of The Abc As Required Above. 5.4. The Bidders Shall Comply With The Eligibility Criteria Under Section 23.4.1 Of The 2016 Irr Of Ra No. 9184. 6. Origin Of Goods There Is No Restriction On The Origin Of Goods Other Than Those Prohibited By A Decision Of The Un Security Council Taken Under Chapter Vii Of The Charter Of The Un, Subject To Domestic Preference Requirements Under Itb Clause 18. 7. Subcontracts 7.1. The Bidder May Subcontract Portions Of The Project To The Extent Allowed By The Procuring Entity As Stated Herein, But In No Case More Than Twenty Percent (20%) Of The Project. The Procuring Entity Has Prescribed That: Subcontracting Is Not Allowed. 8. Pre-bid Conference The Procuring Entity Will Hold A Pre-bid Conference For This Project On The Specified Date And Time And Either At Its Physical Address As Indicated In Paragraph 6 Of The Ib. 9. Clarification And Amendment Of Bidding Documents Prospective Bidders May Request For Clarification On And/or Interpretation Of Any Part Of The Bidding Documents. Such Requests Must Be In Writing And Received By The Procuring Entity, Either At Its Given Address Or Through Electronic Mail Indicated In The Ib, At Least Ten (10) Calendar Days Before The Deadline Set For The Submission And Receipt Of Bids. 10. Documents Comprising The Bid: Eligibility And Technical Components 10.1. The First Envelope Shall Contain The Eligibility And Technical Documents Of The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 10.2. The Bidder’s Slcc As Indicated In Itb Clause 5.3 Should Have Been Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 10.3. If The Eligibility Requirements Or Statements, The Bids, And All Other Documents For Submission To The Bac Are In Foreign Language Other Than English, It Must Be Accompanied By A Translation In English, Which Shall Be Authenticated By The Appropriate Philippine Foreign Service Establishment, Post, Or The Equivalent Office Having Jurisdiction Over The Foreign Bidder’s Affairs In The Philippines. Similar To The Required Authentication Above, For Contracting Parties To The Apostille Convention, Only The Translated Documents Shall Be Authenticated Through An Apostille Pursuant To Gppb Resolution No. 13-2019 Dated 23 May 2019. The English Translation Shall Govern, For Purposes Of Interpretation Of The Bid. 11. Documents Comprising The Bid: Financial Component 11.1. The Second Bid Envelope Shall Contain The Financial Documents For The Bid As Specified In Section Viii (checklist Of Technical And Financial Documents). 11.2. If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity, A Certification Issued By Dti Shall Be Provided By The Bidder In Accordance With Section 43.1.3 Of The 2016 Revised Irr Of Ra No. 9184. 11.3. Any Bid Exceeding The Abc Indicated In Paragraph 1 Of The Ib Shall Not Be Accepted. 11.4. For Foreign-funded Procurement, A Ceiling May Be Applied To Bid Prices Provided The Conditions Are Met Under Section 31.2 Of The 2016 Revised Irr Of Ra No. 9184. 12. Bid Prices 12.1. Prices Indicated On The Price Schedule Shall Be Entered Separately In The Following Manner: A. For Goods Offered From Within The Procuring Entity’s Country: I. The Price Of The Goods Quoted Exw (ex-works, Ex-factory, Ex-warehouse, Ex-showroom, Or Off-the-shelf, As Applicable); Ii. The Cost Of All Customs Duties And Sales And Other Taxes Already Paid Or Payable; Iii. The Cost Of Transportation, Insurance, And Other Costs Incidental To Delivery Of The Goods To Their Final Destination; And Iv. The Price Of Other (incidental) Services, If Any, Listed In E. B. For Goods Offered From Abroad: I. Unless Otherwise Stated In The Bds, The Price Of The Goods Shall Be Quoted Delivered Duty Paid (ddp) With The Place Of Destination In The Philippines As Specified In The Bds. In Quoting The Price, The Bidder Shall Be Free To Use Transportation Through Carriers Registered In Any Eligible Country. Similarly, The Bidder May Obtain Insurance Services From Any Eligible Source Country. Ii. The Price Of Other (incidental) Services, If Any, As Listed In Section Vii (technical Specifications). 13. Bid And Payment Currencies 13.1. For Goods That The Bidder Will Supply From Outside The Philippines, The Bid Prices May Be Quoted In The Local Currency Or Tradeable Currency Accepted By The Bsp At The Discretion Of The Bidder. However, For Purposes Of Bid Evaluation, Bids Denominated In Foreign Currencies, Shall Be Converted To Philippine Currency Based On The Exchange Rate As Published In The Bsp Reference Rate Bulletin On The Day Of The Bid Opening. 13.2. Payment Of The Contract Price Shall Be Made In: Philippine Pesos. 14. Bid Security 14.1. The Bidder Shall Submit A Bid Securing Declaration Or Any Form Of Bid Security In The Amount Indicated In The Bds, Which Shall Be Not Less Than The Percentage Of The Abc In Accordance With The Schedule In The Bds. 14.2. The Bid And Bid Security Shall Be Valid Until One Hundred Twenty (120) Days. Any Bid Not Accompanied By An Acceptable Bid Security Shall Be Rejected By The Procuring Entity As Non-responsive. 15. Sealing And Marking Of Bids Each Bidder Shall Submit One Copy Of The First And Second Components Of Its Bid. The Procuring Entity May Request Additional Hard Copies And/or Electronic Copies Of The Bid. However, Failure Of The Bidders To Comply With The Said Request Shall Not Be A Ground For Disqualification. 16. Deadline For Submission Of Bids 16.1. The Bidders Shall Submit On The Specified Date And Time At Its Physical Address As Indicated In Paragraph 7 Of The Ib. 17. Opening And Preliminary Examination Of Bids 17.1. The Bac Shall Open The Bids In Public At The Time, On The Date, And At The Place Specified In Paragraph 9 Of The Ib. The Bidders’ Representatives Who Are Present Shall Sign A Register Evidencing Their Attendance. In Case Videoconferencing, Webcasting Or Other Similar Technologies Will Be Used, Attendance Of Participants Shall Likewise Be Recorded By The Bac Secretariat. In Case The Bids Cannot Be Opened As Scheduled Due To Justifiable Reasons, The Rescheduling Requirements Under Section 29 Of The 2016 Revised Irr Of Ra No. 9184 Shall Prevail. 17.2. The Preliminary Examination Of Bids Shall Be Governed By Section 30 Of The 2016 Revised Irr Of Ra No. 9184. 18. Domestic Preference 18.1. The Procuring Entity Will Grant A Margin Of Preference For The Purpose Of Comparison Of Bids In Accordance With Section 43.1.2 Of The 2016 Revised Irr Of Ra No. 9184. 19. Detailed Evaluation And Comparison Of Bids 19.1. The Procuring Bac Shall Immediately Conduct A Detailed Evaluation Of All Bids Rated “passed,” Using Non-discretionary Pass/fail Criteria. The Bac Shall Consider The Conditions In The Evaluation Of Bids Under Section 32.2 Of The 2016 Revised Irr Of Ra No. 9184. 19.2. If The Project Allows Partial Bids, Bidders May Submit A Proposal On Any Of The Lots Or Items, And Evaluation Will Be Undertaken On A Per Lot Or Item Basis, As The Case Maybe. In This Case, The Bid Security As Required By Itb Clause 15 Shall Be Submitted For Each Lot Or Item Separately. 19.3. The Descriptions Of The Lots Or Items Shall Be Indicated In Section Vii (technical Specifications), Although The Abcs Of These Lots Or Items Are Indicated In The Bds For Purposes Of The Nfcc Computation Pursuant To Section 23.4.2.6 Of The 2016 Revised Irr Of Ra No. 9184. The Nfcc Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 19.4. The Project Shall Be Awarded As Follows: Complete Bid - One Project Having Several Items That Shall Be Awarded As One Contract In Case Of Complete Bid. Line Bidding/partial Bidding - One Project Having Several Items, Which Shall Be Awarded As Separate Contracts Per Item 19.5. Except For Bidders Submitting A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation, All Bids Must Include The Nfcc Computation Pursuant To Section 23.4.1.4 Of The 2016 Revised Irr Of Ra No. 9184, Which Must Be Sufficient For The Total Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. For Bidders Submitting The Committed Line Of Credit, It Must Be At Least Equal To Ten Percent (10%) Of The Abcs For All The Lots Or Items Participated In By The Prospective Bidder. 20. Post-qualification Within A Non-extendible Period Of Five (5) Calendar Days From Receipt By The Bidder Of The Notice From The Bac That It Submitted The Lowest Calculated Bid, The Bidder Shall Submit Its Latest Income And Business Tax Returns Filed And Paid Through The Bir Electronic Filing And Payment System (efps) And Other Appropriate Licenses And Permits Required By Law And Stated In The Bds. 21. Signing Of The Contract 21.1. The Documents Required In Section 37.2 Of The 2016 Revised Irr Of Ra No. 9184 Shall Form Part Of The Contract. Additional Contract Documents Are Indicated In The Bds. Section Iii. Bid Data Sheet Itb Clause 5.3 For This Purpose, Contracts Similar To The Project Shall Be: A. Refers To The Contracts To Be Bid Or The Object Of The Contract; B. Completed Within Three (3) Years Prior To The Deadline For The Submission And Receipt Of Bids. 7.1 Subcontracting Is Not Allowed. 12 The Price Of The Goods Shall Be Quoted Ddp [jesus M. Colmenares District Hospital-balasan,iloilo] Or The Applicable International Commercial Terms (incoterms) For This Project. 14.1 The Bid Security Shall Be In The Form Of A Bid Securing Declaration, Or Any Of The Following Forms And Amounts: A. The Amount Of Not Less Than Two Percent (2%) Of Abc, If Bid Security Is In Cash, Cashier’s/manager’s Check, Bank Draft/guarantee Or Irrevocable Letter Of Credit; Or B. The Amount Of Not Less Than Five Percent (5%) Of Abc, If Bid Security Is In Surety Bond. 15 Bidders Shall Prepare An Original Of The First (eligibility And Technical) And Second (financial) Envelopes. In Addition, Bidders Shall Submit Separate Copies Of The First And Second Envelopes (copy 1, Copy 2) And Each Set Of Documents Must Clearly Indicate Whether The Same Is Original, Copy 1, Or Copy 2. In The Event Of Any Discrepancy Between The Original And The Copies, The Original Shall Prevail. 19.3 No Further Instructions. 20.2 For The Procurement Of Drugs And Medicines And Medical Equipment/supplies, The Bidder Shall Submit The Following: A. Certificate Of Product Registration From Food And Drug Administration (fda) For Easy Validation During The Post-qualification; B. Certificate If Good Manufacturing Practice From Fda, For Easy Validation During The Post-qualification; C. Batch Release Certificate From Fda, For Easy Validation During The Post-qualification; D. If The Supplier Is Not The Manufacturer, Certification From The Manufacturer That The Supplier Is An Authorized Distributor/ Dealer Of The Products / Items For Easy Validation During The Post-qualification; E. For The Procurement Of Regulated Drugs, The Applicable Type Of S-license: S-1, S-3 (retailer) S-4 (wholesaler) S-5c (manufacturer) S-5d (bulk Depot/storage) S-5e S-5i (importer); F. License To Operate (lto) Issued By Fda, If Applicable; G. After-sales Services/parts, If Applicable; H. Manpower Requirements, If Applicable. 21.2 No Further Instructions. Section Iv. General Conditions Of Contract 1. Scope Of Contract This Contract Shall Include All Such Items, Although Not Specifically Mentioned, That Can Be Reasonably Inferred As Being Required For Its Completion As If Such Items Were Expressly Mentioned Herein. All The Provisions Of Ra No. 9184 And Its 2016 Revised Irr, Including The Generic Procurement Manual, And Associated Issuances, Constitute The Primary Source For The Terms And Conditions Of The Contract, And Thus, Applicable In Contract Implementation. Herein Clauses Shall Serve As The Secondary Source For The Terms And Conditions Of The Contract. This Is Without Prejudice To Sections 74.1 And 74.2 Of The 2016 Revised Irr Of Ra No. 9184 Allowing The Gppb To Amend The Irr, Which Shall Be Applied To All Procurement Activities, The Advertisement, Posting, Or Invitation Of Which Were Issued After The Effectivity Of The Said Amendment. Additional Requirements For The Completion Of This Contract Shall Be Provided In The Special Conditions Of Contract (scc). 2. Advance Payment And Terms Of Payment 2.1. Advance Payment Of The Contract Amount Is Provided Under Annex “d” Of The Revised 2016 Irr Of Ra No. 9184. 2.2. The Procuring Entity Is Allowed To Determine The Terms Of Payment On The Partial Or Staggered Delivery Of The Goods Procured, Provided Such Partial Payment Shall Correspond To The Value Of The Goods Delivered And Accepted In Accordance With Prevailing Accounting And Auditing Rules And Regulations. The Terms Of Payment Are Indicated In The Scc. 3. Performance Security Within Ten (10) Calendar Days From Receipt Of The Notice Of Award By The Bidder From The Procuring Entity But In No Case Later Than Prior To The Signing Of The Contract By Both Parties, The Successful Bidder Shall Furnish The Performance Security In Any Of The Forms Prescribed In Section 39 Of The 2016 Revised Irr Of Ra No. 9184. 4. Inspection And Tests The Procuring Entity Or Its Representative Shall Have The Right To Inspect And/or To Test The Goods To Confirm Their Conformity To The Project Specifications At No Extra Cost To The Procuring Entity In Accordance With The Generic Procurement Manual. In Addition To Tests In The Scc, Section Iv (technical Specifications) Shall Specify What Inspections And/or Tests The Procuring Entity Requires, And Where They Are To Be Conducted. The Procuring Entity Shall Notify The Supplier In Writing, In A Timely Manner, Of The Identity Of Any Representatives Retained For These Purposes. All Reasonable Facilities And Assistance For The Inspection And Testing Of Goods, Including Access To Drawings And Production Data, Shall Be Provided By The Supplier To The Authorized Inspectors At No Charge To The Procuring Entity. 5. Warranty 6.1. In Order To Assure That Manufacturing Defects Shall Be Corrected By The Supplier, A Warranty Shall Be Required From The Supplier As Provided Under Section 62.1 Of The 2016 Revised Irr Of Ra No. 9184. 6.2. The Procuring Entity Shall Promptly Notify The Supplier In Writing Of Any Claims Arising Under This Warranty. Upon Receipt Of Such Notice, The Supplier Shall, Repair Or Replace The Defective Goods Or Parts Thereof Without Cost To The Procuring Entity, Pursuant To The Generic Procurement Manual. 6. Liability Of The Supplier The Supplier’s Liability Under This Contract Shall Be As Provided By The Laws Of The Republic Of The Philippines. If The Supplier Is A Joint Venture, All Partners To The Joint Venture Shall Be Jointly And Severally Liable To The Procuring Entity. Section V. Special Conditions Of Contract Gcc Clause 1 Delivery And Documents – For Purposes Of The Contract, “exw,” “fob,” “fca,” “cif,” “cip,” “ddp” And Other Trade Terms Used To Describe The Obligations Of The Parties Shall Have The Meanings Assigned To Them By The Current Edition Of Incoterms Published By The International Chamber Of Commerce, Paris. The Delivery Terms Of This Contract Shall Be As Follows: [for Goods Supplied From Within The Philippines, State:] “the Delivery Terms Applicable To This Contract Are Delivered To The Jesus M. Colmenares District Hospital-balasan,iloilo. Risk And Title Will Pass From The Supplier To The Procuring Entity Upon Receipt And Final Acceptance Of The Goods At Their Final Destination.” Delivery Of The Goods Shall Be Made By The Supplier In Accordance With The Terms Specified In Section Vi (schedule Of Requirements). For Purposes Of This Clause The Procuring Entity’s Representative At The Project Site Is The Authorized Employee/official Of The Iloilo Provincial Government. Incidental Services – The Supplier Is Required To Provide All Of The Following Services, Including Additional Services, If Any, Specified In Section Vi. Schedule Of Requirements: A. Performance Or Supervision Of On-site Assembly And/or Start-up Of The Supplied Goods; B. Furnishing Of Tools Required For Assembly And/or Maintenance Of The Supplied Goods; C. Furnishing Of A Detailed Operations And Maintenance Manual For Each Appropriate Unit Of The Supplied Goods; The Contract Price For The Goods Shall Include The Prices Charged By The Supplier For Incidental Services And Shall Not Exceed The Prevailing Rates Charged To Other Parties By The Supplier For Similar Services. Packaging – The Supplier Shall Provide Such Packaging Of The Goods As Is Required To Prevent Their Damage Or Deterioration During Transit To Their Final Destination, As Indicated In This Contract. The Packaging Shall Be Sufficient To Withstand, Without Limitation, Rough Handling During Transit And Exposure To Extreme Temperatures, Salt And Precipitation During Transit, And Open Storage. Packaging Case Size And Weights Shall Take Into Consideration, Where Appropriate, The Remoteness Of The Goods’ Final Destination And The Absence Of Heavy Handling Facilities At All Points In Transit. The Packaging, Marking, And Documentation Within And Outside The Packages Shall Comply Strictly With Such Special Requirements As Shall Be Expressly Provided For In The Contract, Including Additional Requirements, If Any, Specified Below, And In Any Subsequent Instructions Ordered By The Procuring Entity. The Outer Packaging Must Be Clearly Marked On At Least Four (4) Sides As Follows: Name Of The Procuring Entity Name Of The Supplier Contract Description Final Destination Gross Weight Any Special Lifting Instructions Any Special Handling Instructions A Packaging List Identifying The Contents And Quantities Of The Package Is To Be Placed On An Accessible Point Of The Outer Packaging If Practical. If Not Practical The Packaging List Is To Be Placed Inside The Outer Packaging But Outside The Secondary Packaging. Transportation – Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip, Or Ddp, Transport Of The Goods To The Port Of Destination Or Such Other Named Place Of Destination In The Philippines, As Shall Be Specified In This Contract, Shall Be Arranged And Paid For By The Supplier, And The Cost Thereof Shall Be Included In The Contract Price. Where The Supplier Is Required Under This Contract To Transport The Goods To A Specified Place Of Destination Within The Philippines, Defined As The Project Site, Transport To Such Place Of Destination In The Philippines, Including Insurance And Storage, As Shall Be Specified In This Contract, Shall Be Arranged By The Supplier, And Related Costs Shall Be Included In The Contract Price. Where The Supplier Is Required Under Contract To Deliver The Goods Cif, Cip Or Ddp, Goods Are To Be Transported On Carriers Of Philippine Registry. In The Event That No Carrier Of Philippine Registry Is Available, Goods May Be Shipped By A Carrier Which Is Not Of Philippine Registry Provided That The Supplier Obtains And Presents To The Procuring Entity Certification To This Effect From The Nearest Philippine Consulate To The Port Of Dispatch. In The Event That Carriers Of Philippine Registry Are Available But Their Schedule Delays The Supplier In Its Performance Of This Contract The Period From When The Goods Were First Ready For Shipment And The Actual Date Of Shipment The Period Of Delay Will Be Considered Force Majeure. The Procuring Entity Accepts No Liability For The Damage Of Goods During Transit Other Than Those Prescribed By Incoterms For Ddp Deliveries. In The Case Of Goods Supplied From Within The Philippines Or Supplied By Domestic Suppliers Risk And Title Will Not Be Deemed To Have Passed To The Procuring Entity Until Their Receipt And Final Acceptance At The Final Destination. 2.2 Partial Payment Is Not Allowed. 4 The Inspections And Tests That Will Be Conducted Are Through Physical Inspection. Item Number Description Quantity Total Delivered, Weeks/months 1 Scanner 3 3 Section Vi. Schedule Of Requirements The Delivery Schedule Expressed As Weeks/months Stipulates Hereafter A Delivery Date Which Is The Date Of Delivery To The Project Site. ___________________________________ Signature Over Printed Name Section Vii. Technical Specifications Bid No.: Jch-24-698-b(rebid) Item Specification Statement Of Compliance [bidders Must State Here Either “comply” Or “not Comply” Against Each Of The Individual Parameters Of Each Specification Stating The Corresponding Performance Parameter Of The Equipment Offered. Statements Of “comply” Or “not Comply” Must Be Supported By Evidence In A Bidders Bid And Cross-referenced To That Evidence. Evidence Shall Be In The Form Of Manufacturer’s Un-amended Sales Literature, Unconditional Statements Of Specification And Compliance Issued By The Manufacturer, Samples, Independent Test Data Etc., As Appropriate. A Statement That Is Not Supported By Evidence Or Is Subsequently Found To Be Contradicted By The Evidence Presented Will Render The Bid Under Evaluation Liable For Rejection. A Statement Either In The Bidder's Statement Of Compliance Or The Supporting Evidence That Is Found To Be False Either During Bid Evaluation, Post-qualification Or The Execution Of The Contract May Be Regarded As Fraudulent And Render The Bidder Or Supplier Liable For Prosecution Subject To The Applicable Laws And Issuances.] 1 Scanner Scanner Type: Adf, Manual Feed, Duplex Scanning Speed (a4 Portrait): Simplex/duplex: 40ppm, Minimum Image Sensor: Cis X 2 (front X 1, Back X 1), Or Better Light Source: 3 Color Led (red/green/blue) Optical Resolution: 600dpi, Or Better Adf Capacity: 50 Sheets (a4, 80 G/m2 Or 20 Lb) Interface: Usb, Wifi, Minimum Lcd: 4.3 In. Color Tft Touch Screen, Or Wider Terms And Conditions Delivery Period 30 Days Upon Receipt Of Approved Notice To Proceed Warranty: One Year Parts And Services W/ Free Preventive Maintenance During Warranty Period ___________________________________ Signature Over Printed Name Section Viii. Checklist Of Technical And Financial Documents I. Technical Component Envelope Class “a” Documents Legal Documents ⬜ (a) Valid Philgeps Registration Certificate (platinum Membership) (all Pages);or ⬜ (b) Registration Certificate From Securities And Exchange Commission (sec), Department Of Trade And Industry (dti) For Sole Proprietorship, Or Cooperative Development Authority (cda) For Cooperatives Or Its Equivalent Document, And ⬜ (c) Mayor’s Or Business Permit Issued By The City Or Municipality Where The Principal Place Of Business Of The Prospective Bidder Is Located, Or The Equivalent Document For Exclusive Economic Zones Or Areas; And ⬜ (d) Tax Clearance Per E.o. No. 398, S. 2005, As Finally Reviewed And Approved By The Bureau Of Internal Revenue (bir). Technical Documents ⬜ (e) Statement Of The Prospective Bidder Of All Its Ongoing Government And Private Contracts, Including Contracts Awarded But Not Yet Started, If Any, Whether Similar Or Not Similar In Nature And Complexity To The Contract To Be Bid; And ⬜ (f) Statement Of The Bidder’s Single Largest Completed Contract (slcc) Similar To The Contract To Be Bid, Except Under Conditions Provided For In Sections 23.4.1.3 And 23.4.2.4 Of The 2016 Revised Irr Of Ra No. 9184, Within The Relevant Period As Provided In The Bidding Documents; And ⬜ (g) Original Copy Of Bid Security. If In The Form Of A Surety Bond, Submit Also A Certification Issued By The Insurance Commission; Or Original Copy Of Notarized Bid Securing Declaration; And ⬜ (h) Conformity With The Technical Specifications, Which May Include Production/delivery Schedule, Manpower Requirements, And/or After-sales/parts, If Applicable; And ⬜ (i) Original Duly Signed Omnibus Sworn Statement (oss); And If Applicable, Original Notarized Secretary’s Certificate In Case Of A Corporation, Partnership, Or Cooperative; Or Original Special Power Of Attorney Of All Members Of The Joint Venture Giving Full Power And Authority To Its Officer To Sign The Oss And Do Acts To Represent The Bidder. Financial Documents ⬜ (j) The Supplier’s Audited Financial Statements, Showing, Among Others, The Supplier’s Total And Current Assets And Liabilities, Stamped “received” By The Bir Or Its Duly Accredited And Authorized Institutions, For The Preceding Calendar Year Which Should Not Be Earlier Than Two (2) Years From The Date Of Bid Submission; And ⬜ (k) The Prospective Bidder’s Computation Of Net Financial Contracting Capacity (nfcc); Or A Committed Line Of Credit From A Universal Or Commercial Bank In Lieu Of Its Nfcc Computation. Class “b” Documents ⬜ (l) If Applicable, A Duly Signed Joint Venture Agreement (jva) In Case The Joint Venture Is Already In Existence; Or Duly Notarized Statements From All The Potential Joint Venture Partners Stating That They Will Enter Into And Abide By The Provisions Of The Jva In The Instance That The Bid Is Successful. Ii. Financial Component Envelope (m) Original Of Duly Signed And Accomplished Financial Bid Form; And (n) Original Of Duly Signed And Accomplished Price Schedule(s). Other Documentary Requirements Under Ra No. 9184 (as Applicable) (o) [for Foreign Bidders Claiming By Reason Of Their Country’s Extension Of Reciprocal Rights To Filipinos] Certification From The Relevant Government Office Of Their Country Stating That Filipinos Are Allowed To Participate In Government Procurement Activities For The Same Item Or Product. (p) Certification From The Dti If The Bidder Claims Preference As A Domestic Bidder Or Domestic Entity.

Details: Statement Of Work newington Medical Gas Deficiencies va Connecticut Healthcare System (vachs) va Medical Center Newington 555 Willard Avenue newington, Ct 06111 background va Connecticut Healthcare System Newington Campus Requires The Replacement Of Medical Gas Conversion Area Alarms In Building 2e. justification an Annual Survey Was Conducted. Deficiencies Include Conversion Area Alarms And Failed/out Of Service Master Alarm Panels. place Of Performance the Place Of Performance For This Contract Is Va Connecticut Healthcare System, Newington Va Medical Center Located At 555 Willard Avenue, Newington, Ct 06111. period Of Performance the Contract Time Period Of Performance Will Be 60 Calendar Days From Notice To Proceed (ntp) And Includes Contractor Closeout. qualifications to Be Considered Eligible For Consideration, Potential Bidders Shall Have A Field Service Representative Located Within 200 Miles Of The West Haven Campuses Of The Va Connecticut Healthcare System And Have Been Trained By The Original Equipment Manufacturer (oem) On The Specific Model Of Equipment That He/she Is Being Asked To Provide Services For. licensed Medical Gas Installer Meeting Asse 6030 Medical Gas Systems Verifier Certification. bidders Must Provide Upon Request, Documentation Of Factory Certified Service/maintenance Training On The Specific Equipment Under The Terms Of This Contract. The Contracting Officer And/or Contracting Officer S Representative (cor) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided. scope Of Work the Scope Of This Work Includes The Replacement Of Master Alarm Panel In The Boiler Plant Area Alarm Conversion In Building 2e, All Required Power, Piping, Installation, Programming, And Certification Of The Medical Gas System. work Shall Occur Outside Of Regular Business Hours; Weekdays 4:30 P.m. Midnight And/or Weekend Days Saturday 7:00 A.m. 4:30 P.m. Or As Coordinated. objectives: the Project Will Include But Not Be Limited To The Following: contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Remove Existing Area Alarm And Replace With The Following: five (5) Amico Lcd Alert 3 Conversion Area Alarm For Allied Chemetron Digital Ii Panel 3 Gas Oav building 2 East: 1st Floor Urgent Care (beds 1-7) building 2 East: 1st Floor Exam Room 2e-1159 building 2 East: 2nd Floor Room 2e-244 building 2 East: 2nd Floor Cystoscopy building 2 East: 2nd Floor Specialty Clinic five (5) Amico Lcd Alert 3 Conversion Panel Filler Frame 4 Gang one (1) Amico Alert 4 Lcd Master Alarm Panel 20 Points Ethernet And Installation In Boiler Plant Command Center, Building 3. include Power And Wiring As Required. contractor Shall Perform All Installation And Testing Of New Master Alarm Panel With Existing Critical Medical Gas Components. contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Perform Installation Of Conversion Area Alarm Panels And Frames. the Manufacturer Procedures Take Precedence Over Other Recommended Installation And Operation Procedures. coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With The Va Cor/maintenance & Operations. protect All Equipment In Place During Replacement Activities. remove And Dispose Of Old Compressor And Other Debris As A Result Of This Work And Return Required Manifest. perform Post Installation Inspections, Testing, And Certification Of The Medical Gas System As Required By Nfpa 99. all Contractor Personnel, Sub-contractors And Representatives Visiting Va Sites Will Be Required To Sign In Upon Arrival At Building 3 And/or Retain A Temporary Va Badge. Each Visiting Individual Be Required To Enter Their Name, Their Company S Name, Va Project Title, Reason For Visit, And The Times Of Arrival And Departure. Arrangements For After Normal Hour Working Site Visits Must Be Made In Advance And During Normal Working Hours. general: The Contracting Officer Reserves The Right To Terminate Any Construction Period Services, Without Payment For Services Completed, If Such Services Are Not Needed Or Are Not Being Adequately Completed. approved Plans And Permits: Prior To The Start Of Construction, Submit To Va Copies Of All Required Permits. site Visits: Day To Day Construction Administration Will Be Performed By The Cor. Periodic Reviews, Tests, And Other Field Observation By The Government Are Not To Be Interpreted As Superintendence Nor As Resulting In Any Approval Of The Contractor S Apparent Progress Toward Meeting The Government S Objectives; But Are Intended To Discover Any Information That The Contracting Officer May Be Able To Call To The Contractor S Attention To Prevent Costly Misdirection Of Effort. the Contractor Shall Remain Responsible For Constructing, Operating, And Maintaining The Site In Full Accordance If The Requirements Of This Solicitation. the Contractor Shall Provide Va With A Copy Of All Inspection Reports For Inspections Conducted By Local, Regional, And State Code Authorities From The Start Of Construction Through Issuance Of The Certificate Of Occupancy Or Completion. the Contractor Shall Develop And Provide To The Va The Following: safety Plan: The Contractor Shall Produce Work In Accordance With The Latest Editions Of All Applicable Dva Guidelines (e.g. Construction Standards, Master Specifications, Standard Details, Special Design Criteria To Meet Hospital Joint Commission (jcaho) Requirements), Nfpa, Federal And State Codes Pertinent To The Project Scope. all Applicable Personnel On Site Are Required To Obtain An Occupational Safety And Health Administration (osha) 10 Hour Construction Certification, And The Site Competent Person For The Contractor Must Obtain An Osha 30 Hour Construction Certification. prior To The Start Of Work, The Specifications Shall Require The Contractor To Develop And submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To: job Hazard Analysis And Loto quality Control Plan: A Quality Control Plan Shall Be Implemented For Identifying And Specifying The Appropriate Standard Forms For Quality Control Inspections That Will Become Part Of The Overall Plan. per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees. no Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time. prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives. prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021. parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor. the Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others. billing: Provide Cor With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report. safety Codes / Certification / Licensing: environmental Abatement Work, If Necessary, Is To Be Performed By Contractor Under Supervision And monitoring For The Va By A Certified Industrial Hygienist. the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In va Construction Jobs Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses shall Be Included In The Reports. travel: contractor And/or Subcontractors Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System. appendix A infection Prevention Measures a. Implement The Requirements Of Va Medical Center S Infection Control Risk Assessment (icra) Team. Icra Group May Monitor Dust, In The Vicinity Of The Construction Work, And Require The Contractor To Take Corrective Action Immediately If The Safe Levels Are Exceeded. b. Establish And Maintain A Dust Control Program As Part Of The Contractor S Infection Preventive Measures In Accordance With The Guidelines Provided By Icra Group As Specified Here. Prior To Start Of Work, Prepare A Plan Detailing Project-specific Dust Protection Measures, Including Periodic Status Reports, And Submit To Project Manager And Facility Icra Team For Review For Compliance With Contract Requirements In Accordance With Section 01340, Samples And Shop Drawings. 1. All Personnel Involved In The Construction Or Renovation Activity Shall Be Educated And Trained In Infection Prevention Measures Established By The Medical Center. c. Medical Center Infection Control Personnel Shall Monitor For Airborne Disease (e.g. Aspergillosis) As Appropriate During Construction. A Baseline Of Conditions May Be Established By The Medical Center Prior To The Start Of Work And Periodically During The Construction Stage To Determine Impact Of Construction Activities On Indoor Air Quality. In Addition: 1. The Project Manager And Vamc Infection Control Personnel Shall Review Pressure Differential Monitoring Documentation To Verify That Pressure Differentials In The Construction Zone And In The Patient-care Rooms Are Appropriate For Their Settings. The Requirement For Negative Air Pressure In The Construction Zone Shall Depend On The Location And Type Of Activity. upon Notification, The Contractor Shall Implement Corrective Measures To Restore Proper Pressure Differentials As Needed. 2. In Case Of Any Problem, The Medical Center, Along With Assistance From The Contractor, Shall Conduct An Environmental Assessment To Find And Eliminate The Source. d. In General, Following Preventive Measures Shall Be Adopted During Construction To Keep Down Dust And Prevent Mold. 1. Dampen Debris To Keep Down Dust And Provide Temporary Construction Partitions In Existing Structures Where Directed By Resident Engineer. Blank Off Ducts And Diffusers To Prevent Circulation Of Dust Into Occupied Areas During Construction. 2. Analyze Each Site During Design To Determine The Effects Of Blocking Hvac Ducts And Their Impact On Existing Air Handling Systems That Must Remain Operational Before Initiating A Dust Control Program. The Method Of Capping Ducts Shall Be Dust Tight And Withstand Airflow. 3. Construct Anteroom To Maintain Negative Airflow From Clean Area Through Anteroom And Into Work Area Where Required. 4. High Risk Patient Care Areas May Require Additional Measures Like Air Locks, Special Signage, Smoke And Negative Pressure Alarms. 5. Identify These Areas Clearly On The Drawings And Work With Medical Center Personnel To Achieve Desired Level Of Isolation Suited To The Scope Of Risk Involved. 6. Do Not Perform Dust- Producing Tasks Within Occupied Areas Without The Approval Of The Project Manager. For Construction In Any Areas That Will Remain Jointly Occupied By The Medical Center And Contractor S Workers, The Contractor Shall: a. Provide Dust Proof Fire-rated Temporary Drywall Construction Barriers To Completely Separate Construction From The Operational Areas Of The Hospital In Order To Contain Dirt Debris And Dust. Barriers Shall Be Sealed And Made Presentable On Hospital Occupied Side. Install A Self-closing Rated Door In A Metal Frame, Commensurate With The Partition, To Allow Worker Access. Maintain Negative Air At All times. A Fire Retardant Polystyrene, 6-mil Thick Or Greater Plastic Barrier Meeting Local Fire Codes May Be Used Where Dust Control Is The Only Hazard, And An Agreement Is Reached With The Resident Engineer And Medical Center. b. Hepa Filtration Is Required Where The Exhaust Dust May Reenter The Breathing Zone. Contractor Shall Verify That Construction Exhaust To Exterior Is Not Reintroduced To The Medical Center Through Intake Vents, Or Building Openings. Install Hepa (high Efficiency Particulate Accumulator) Filter Vacuum System Rated At 95% Capture Of 0.3 Microns Including Pollen, Mold Spores And Dust Particles. Insure Continuous Negative Air Pressures Occurring Within The Work Area. Hepa Filters Should Have Ashrae 85 Or Other Pre-filter To Extend The Useful Life Of The Hepa. Provide Both Primary And Secondary Filtrations Units. Exhaust Hoses Shall Be Heavy Duty, Flexible Steel Reinforced And Exhausted So That Dust Is Not Reintroduced To The Medical Center. c. Adhesive Walk-off/carpet Walk-off Mats, Minimum 24 X 36 , Shall Be Used At All Interior Transitions From The Construction Area To Occupied Medical Center Area. these Mats Shall Be Changed As Often As Required To Maintain Clean Work Areas Directly Outside Construction Area At All Times. d. Vacuum And Wet Mop All Transition Areas From Construction To The Occupied Medical Center At The End Of Each Workday. Vacuum Shall Utilize Hepa Filtration. maintain Surrounding Area Frequently. Remove Debris As They Are Created. Transport These Outside The Construction Area In Containers With Tightly Fitting Lids. e. The Contractor Shall Not Haul Debris Through Patient-care Areas Without Prior Approval Of The Resident Engineer And The Medical Center. When, Approved, Debris Shall Be Hauled In Enclosed Dust Proof Containers Or Wrapped In Plastic And Sealed With Duct Tape. No Sharp Objects Should Be Allowed To Cut Through The Plastic. Wipe Down The Exterior Of The Containers With A Damp Rag To Remove Dust. All Equipment, Tools, Material, Etc. Transported Through Occupied Areas Shall Be Made Free From Dust and Moisture By Vacuuming And Wipe Down. f. Using A Hepa Vacuum, Clean Inside The Barrier And Vacuum Ceiling Tile Prior To Replacement. Any Ceiling Access Panels Opened For Investigation Beyond Sealed Areas Shall Be Sealed Immediately When Unattended. g. There Shall Be No Standing Water During Construction. This Includes Water In Equipment Drip Pans And Open Containers Within The Construction Areas. All Accidental Spills Must Be Cleaned Up And Dried Within 12 Hours. Remove And Dispose Of Porous Materials That Remain Damp For More Than 72 Hours. h. At Completion, Remove Construction Barriers And Ceiling Protection Carefully, Outside Of Normal Work Hours. Vacuum And Clean All Surfaces Free Of Dust After The Removal. e. Final Cleanup: 1. Upon Completion Of Project, Or As Work Progresses, Remove All Construction Debris From Above Ceiling, Vertical Shafts And Utility Chases That Have Been Part Of The Construction. 2. Perform Hepa Vacuum Cleaning Of All Surfaces In The Construction Area. This Includes Walls, Ceilings, Cabinets, Furniture (built-in Or Free Standing), Partitions, Flooring, Etc. 1. All New Air Ducts Shall Be Cleaned Prior To Final Inspection. Spec Writer Note: On Small Projects Developed At Medical Center, Engineering Officer May Tag Items To Be Removed And Stored, Instead Of Noting Such Items On Drawings Or In Specifications. end Of Appendix appendix B va Information And Information System Security/privacy Language For inclusion Into Contracts, As Appropriate 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks as Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va information And Va Information Systems For Their Employees, Subcontractors, And affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, agreement, Or Task Order. b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s> Defense Industry Contractor Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bid, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Secretary Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. 3. Va Information Custodial Language a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor S Rights To Use Data As Described In Rights In Data General, Far 52.227-14(d) (1). b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. if Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct Onsite Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. c. Prior To Terminator Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1 Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor. 4. Information System Design And Development a. Information Systems That Are Designed Or Developed For On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designation In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented in Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: a. The Systems Of Records (sor); And b. The Design, Development, Or Operation Work That The Contractor/subcontractor is To Perform; i. Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And Ii. Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. i. The A/e Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The A/e Anywhere In The Systems Including Operating Systems And Firmware. The A/e Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. j. The A/e Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than 7 Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The A/e Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The System Within 10 Working Days. When The A/e Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within 7 Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. 5. Information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cor And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. the Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cor. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Or Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclaved Based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The A/e At The end Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) A/e Must Accept The System Without The Drive; (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed in Place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market replacement Cost At Time Of Purchase (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain the Hard Drive, Then; (a) The Equipment A/e Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. 6. Security Incident Investigation a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosures Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. 7. Liquidated Damages For Data Breach a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages in The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term Data Breach Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed For, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access); (2) Description Of The Event, Including (a) Date Of Occurrence (b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code; (3) Number Of Individuals Affected Or Potentially Affected; (4) Names Of Individuals Or Groups Affected Or Potentially Affected; (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6) Amount Of Time The Data Has Been Out Of Va Control; (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Personal Information, If Any; (9) Assessment Of The Potential Harm To The Affected Individuals; (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: (1) Notification; (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At least 3 Relevant Credit Bureau Reports; (3) Data Breach Analysis; (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems: (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems; (2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training; (3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And (4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-1 6, Information Technology Security Training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete. end Of Appendix

Details: Statement Of Work medical Gas Deficiencies va Connecticut Healthcare System (vachs) va Medical Center West Haven 950 Campbell Avenue west Haven, Ct 06516 background va Connecticut Healthcare System Requires The Replacement Of A Master Alarm Medical Gas Panel And Installation Of Distribution Piping To Support The Building 2 Vacuum System. justification an Annual Survey Was Conducted. Deficiencies Include The Master Alarm Panel Located In Building 1 Operator Booth And Installation Of Distribution Piping To Support The Building 2 Vacuum System. place Of Performance the Place Of Performance For This Contract Is Va Connecticut Healthcare System, West Haven Va Medical Center Located At 950 Campbell Avenue, West Haven, Ct 06516. period Of Performance the Contract Time Period Of Performance Will Be 60 Calendar Days From Notice To Proceed (ntp) And Includes Contractor Closeout. qualifications to Be Considered Eligible For Consideration, Potential Bidders Shall Have A Field Service Representative Located Within 200 Miles Of The West Haven Campuses Of The Va Connecticut Healthcare System And Have Been Trained By The Original Equipment Manufacturer (oem) On The Specific Model Of Equipment That He/she Is Being Asked To Provide Services For. licensed Medical Gas Installer Meeting Asse 6030 Medical Gas Systems Verifier Certification. bidders Must Provide Upon Request, Documentation Of Factory Certified Service/maintenance Training On The Specific Equipment Under The Terms Of This Contract. The Contracting Officer And/or Contracting Officer S Representative (cor) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided. scope Of Work the Scope Of This Work Includes The Removal Of Existing Master Alarm Panel Located In The Building 1 Ground Floor Operator Booth, Installation And Testing Of New Master Alarm Panel; Installation Of New Vacuum Switch And Gauge Assembly; Installation Of Distribution Piping System, And Certification Of The Medical Gas System. work Shall Occur Outside Of Regular Business Hours; Weekdays 4:30 P.m. Midnight And/or Weekend Days Saturday And/or Sunday 7:00 A.m. 4:30 P.m. Or As Coordinated. objectives: the Project Will Include But Not Be Limited To The Following: contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Remove Existing Master Alarm Panel And Replace With Contractor Provided New Amico Alert 4 Lcd Master Alarm Panel In The Building 1 Operator Booth. contractor Shall Perform All Installation And Testing Of New Master Alarm Panel With Existing Critical Medical Gas Components. contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Provide And Install Amico Vacuum Switch And Gauge Assembly. contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Perform Installation Of Distribution Piping System In Building 2. brazing Materials silver Rod t Drilling ½ Connection the Manufacturer Procedures Take Precedence Over Other Recommended Installation And Operation Procedures. coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With The Va Cor/maintenance & Operations. protect All Equipment In Place During Replacement Activities. remove And Dispose Of Old Compressor And Other Debris As A Result Of This Work And Return Required Manifest. perform Post Installation Inspections, Testing, And Certification Of The Medical Gas System As Required By Nfpa 99. all Contractor Personnel, Sub-contractors And Representatives Visiting Va Sites Will Be Required To Sign In Upon Arrival At Building 15 And/or Retain A Temporary Va Badge. Each Visiting Individual Be Required To Enter Their Name, Their Company S Name, Va Project Title, Reason For Visit, And The Times Of Arrival And Departure. Arrangements For After Normal Hour Working Site Visits Must Be Made In Advance And During Normal Working Hours. general: The Contracting Officer Reserves The Right To Terminate Any Construction Period Services, Without Payment For Services Completed, If Such Services Are Not Needed Or Are Not Being Adequately Completed. approved Plans And Permits: Prior To The Start Of Construction, Submit To Va Copies Of All Required Permits. site Visits: Day To Day Construction Administration Will Be Performed By The Cor. Periodic Reviews, Tests, And Other Field Observation By The Government Are Not To Be Interpreted As Superintendence Nor As Resulting In Any Approval Of The Contractor S Apparent Progress Toward Meeting The Government S Objectives; But Are Intended To Discover Any Information That The Contracting Officer May Be Able To Call To The Contractor S Attention To Prevent Costly Misdirection Of Effort. the Contractor Shall Remain Responsible For Constructing, Operating, And Maintaining The Site In Full Accordance If The Requirements Of This Solicitation. the Contractor Shall Provide Va With A Copy Of All Inspection Reports For Inspections Conducted By Local, Regional, And State Code Authorities From The Start Of Construction Through Issuance Of The Certificate Of Occupancy Or Completion. the Contractor Shall Develop And Provide To The Va The Following: safety Plan: The Contractor Shall Produce Work In Accordance With The Latest Editions Of All Applicable Dva Guidelines (e.g. Construction Standards, Master Specifications, Standard Details, Special Design Criteria To Meet Hospital Joint Commission (jcaho) Requirements), Nfpa, Federal And State Codes Pertinent To The Project Scope. all Construction Personnel On Site Are Required To Obtain An Occupational Safety And Health administration (osha) 10 Hour Construction Certification, And The Site Competent Person For The contractor Must Obtain An Osha 30 Hour Construction Certification. prior To The Start Of Construction, The Specifications Shall Require The Contractor To Develop And submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To: job Hazard Analysis And Loto quality Control Plan: A Quality Control Plan Shall Be Implemented For Identifying And Specifying The Appropriate Standard Forms For Quality Control Inspections That Will Become Part Of The Overall Plan. per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees. no Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time. prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives. prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021. parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor. the Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others. billing: Provide Cor With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report. safety Codes / Certification / Licensing: environmental Abatement Work, If Necessary, Is To Be Performed By Contractor Under Supervision And monitoring For The Va By A Certified Industrial Hygienist. the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In va Construction Jobs Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses shall Be Included In The Reports. travel: contractor And/or Subcontractors Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System. appendix A infection Prevention Measures a. Implement The Requirements Of Va Medical Center S Infection Control Risk Assessment (icra) Team. Icra Group May Monitor Dust, In The Vicinity Of The Construction Work, And require The Contractor To Take Corrective Action Immediately If The Safe Levels Are Exceeded. b. Establish And Maintain A Dust Control Program As Part Of The Contractor S Infection preventive Measures In Accordance With The Guidelines Provided By Icra Group As Specified here. Prior To Start Of Work, Prepare A Plan Detailing Project-specific Dust Protection Measures, including Periodic Status Reports, And Submit To Project Manager And Facility Icra Team For review For Compliance With Contract Requirements In Accordance With Section 01340, Samples and Shop Drawings. 1. All Personnel Involved In The Construction Or Renovation Activity Shall Be Educated and Trained In Infection Prevention Measures Established By The Medical Center. c. Medical Center Infection Control Personnel Shall Monitor For Airborne Disease (e.g. aspergillosis) As Appropriate During Construction. A Baseline Of Conditions May Be Established by The Medical Center Prior To The Start Of Work And Periodically During The Construction Stage to Determine Impact Of Construction Activities On Indoor Air Quality. In Addition: 1. The Project Manager And Vamc Infection Control Personnel Shall Review Pressure differential Monitoring Documentation To Verify That Pressure Differentials In The Construction zone And In The Patient-care Rooms Are Appropriate For Their Settings. The Requirement For negative Air Pressure In The Construction Zone Shall Depend On The Location And Type Of Activity. upon Notification, The Contractor Shall Implement Corrective Measures To Restore Proper pressure Differentials As Needed. 2. In Case Of Any Problem, The Medical Center, Along With Assistance From The contractor, Shall Conduct An Environmental Assessment To Find And Eliminate The Source. d. In General, Following Preventive Measures Shall Be Adopted During Construction To Keep down Dust And Prevent Mold. 1. Dampen Debris To Keep Down Dust And Provide Temporary Construction Partitions In existing Structures Where Directed By Resident Engineer. Blank Off Ducts And Diffusers To prevent Circulation Of Dust Into Occupied Areas During Construction. 2. Analyze Each Site During Design To Determine The Effects Of Blocking Hvac Ducts And their Impact On Existing Air Handling Systems That Must Remain Operational Before Initiating A dust Control Program. The Method Of Capping Ducts Shall Be Dust Tight And Withstand Airflow. 3. Construct Anteroom To Maintain Negative Airflow From Clean Area Through Anteroom and Into Work Area Where Required. 4. High Risk Patient Care Areas May Require Additional Measures Like Air Locks, Special signage, Smoke And Negative Pressure Alarms. 5. Identify These Areas Clearly On The Drawings And Work With Medical Center Personnel to Achieve Desired Level Of Isolation Suited To The Scope Of Risk Involved. 6. Do Not Perform Dust- Producing Tasks Within Occupied Areas Without The Approval Of the Project Manager. For Construction In Any Areas That Will Remain Jointly Occupied By The medical Center And Contractor S Workers, The Contractor Shall: a. Provide Dust Proof Fire-rated Temporary Drywall Construction Barriers To completely Separate Construction From The Operational Areas Of The Hospital In Order to Contain Dirt Debris And Dust. Barriers Shall Be Sealed And Made Presentable On hospital Occupied Side. Install A Self-closing Rated Door In A Metal Frame, commensurate With The Partition, To Allow Worker Access. Maintain Negative Air At All times. A Fire Retardant Polystyrene, 6-mil Thick Or Greater Plastic Barrier Meeting Local fire Codes May Be Used Where Dust Control Is The Only Hazard, And An Agreement Is reached With The Resident Engineer And Medical Center. b. Hepa Filtration Is Required Where The Exhaust Dust May Reenter The Breathing zone. Contractor Shall Verify That Construction Exhaust To Exterior Is Not Reintroduced to The Medical Center Through Intake Vents, Or Building Openings. Install Hepa (high efficiency Particulate Accumulator) Filter Vacuum System Rated At 95% Capture Of 0.3 microns Including Pollen, Mold Spores And Dust Particles. Insure Continuous Negative air Pressures Occurring Within The Work Area. Hepa Filters Should Have Ashrae 85 Or other Pre-filter To Extend The Useful Life Of The Hepa. Provide Both Primary And secondary Filtrations Units. Exhaust Hoses Shall Be Heavy Duty, Flexible Steel reinforced And Exhausted So That Dust Is Not Reintroduced To The Medical Center. c. Adhesive Walk-off/carpet Walk-off Mats, Minimum 24 X 36 , Shall Be Used At All interior Transitions From The Construction Area To Occupied Medical Center Area. these Mats Shall Be Changed As Often As Required To Maintain Clean Work Areas directly Outside Construction Area At All Times. d. Vacuum And Wet Mop All Transition Areas From Construction To The Occupied medical Center At The End Of Each Workday. Vacuum Shall Utilize Hepa Filtration. maintain Surrounding Area Frequently. Remove Debris As They Are Created. Transport these Outside The Construction Area In Containers With Tightly Fitting Lids. e. The Contractor Shall Not Haul Debris Through Patient-care Areas Without Prior approval Of The Resident Engineer And The Medical Center. When, Approved, Debris shall Be Hauled In Enclosed Dust Proof Containers Or Wrapped In Plastic And Sealed with Duct Tape. No Sharp Objects Should Be Allowed To Cut Through The Plastic. Wipe down The Exterior Of The Containers With A Damp Rag To Remove Dust. All Equipment, tools, Material, Etc. Transported Through Occupied Areas Shall Be Made Free From Dust and Moisture By Vacuuming And Wipe Down. f. Using A Hepa Vacuum, Clean Inside The Barrier And Vacuum Ceiling Tile Prior To replacement. Any Ceiling Access Panels Opened For Investigation Beyond Sealed Areas shall Be Sealed Immediately When Unattended. g. There Shall Be No Standing Water During Construction. This Includes Water In equipment Drip Pans And Open Containers Within The Construction Areas. All accidental Spills Must Be Cleaned Up And Dried Within 12 Hours. Remove And Dispose of Porous Materials That Remain Damp For More Than 72 Hours. h. At Completion, Remove Construction Barriers And Ceiling Protection Carefully, outside Of Normal Work Hours. Vacuum And Clean All Surfaces Free Of Dust After The removal. e. Final Cleanup: 1. Upon Completion Of Project, Or As Work Progresses, Remove All Construction Debris from Above Ceiling, Vertical Shafts And Utility Chases That Have Been Part Of The Construction. 2. Perform Hepa Vacuum Cleaning Of All Surfaces In The Construction Area. This Includes walls, Ceilings, Cabinets, Furniture (built-in Or Free Standing), Partitions, Flooring, Etc. 1. All New Air Ducts Shall Be Cleaned Prior To Final Inspection. Spec Writer Note: on Small Projects Developed At Medical Center, Engineering Officer May Tag items To Be Removed And Stored, Instead Of Noting Such Items On Drawings Or In specifications. end Of Appendix appendix B va Information And Information System Security/privacy Language For inclusion Into Contracts, As Appropriate 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks as Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va information And Va Information Systems For Their Employees, Subcontractors, And affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, agreement, Or Task Order. b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va information Are Subject To The Same Investigative Requirements As Those Of Va appointees Or Employees Who Have Access To The Same Types Of Information. The Level and Process Of Background Security Investigations For Contractors Must Be In Accordance with Va Directive And Handbook 0710, Personnel Suitability And Security Program. The office For Operations, Security, And Preparedness Is Responsible For These Policies And procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid security Clearance. National Industrial Security Program (nisp) Was Established By executive Order 12829 To Ensure That Cleared U.s> Defense Industry Contractor personnel Safeguard The Classified Information In Their Possession While Performing work On Contracts, Programs, Bid, Or Research And Development Efforts. The department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With defense Secretary Service (dss). Verification Of A Security Clearance Must Be Processed through The Special Security Officer Located In The Planning And National Security service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. to The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad and Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed to Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be an Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly termination. 3. Va Information Custodial Language a. Information Made Available To The Contractor Or Subcontractor By Va For The performance Or Administration Of This Contract Or Information Developed By The contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor S Rights to Use Data As Described In Rights In Data General, Far 52.227-14(d) (1). b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The contractors/subcontractor S Information Systems Or Media Storage Systems In Order To ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. if Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct Onsite inspections Of Contractor And Subcontractor It Resources To Ensure Data Security controls, Separation Of Data And Job Duties, And Destruction/media Sanitization procedures Are In Compliance With Va Directive Requirements. c. Prior To Terminator Or Completion Of This Contract, Contractor/subcontractor Must Not destroy Information Received From Va, Or Gathered/created By The Contractor In The course Of Performing This Contract Without Prior Written Approval By The Va. Any Data destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In accordance With National Archives And Records Administration (nara) Requirements As outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And va Handbook 6500.1 Electronic Media Sanitization. Self-certification By The Contractor that The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va contracting Officer Within 30 Days Of Termination Of The Contract. d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, dispose Of Va Information Only In Compliance With The Terms Of The Contract And applicable Federal And Va Information Confidentiality And Security Laws, Regulations And policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And policies Become Applicable To The Va Information Or Information Systems After execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good faith To Implement The Information Confidentiality And Security Laws, Regulations And policies In This Contract. e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve electronic Information Stored On Contractor/subcontractor Electronic Storage Media For restoration In Case Any Electronic Equipment Or Data Used By The contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made for Restoration Purposes, After The Restoration Is Complete, The Copies Must Be appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated and Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business associate Agreements. Absent An Agreement To Use Or Disclose Protected Health information, There Is No Business Associate Relationship. h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A minimum, Fips 140-2 Validated. i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are available Upon Request. j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or inquiries About, Va Information And Information Systems To The Va Contracting Officer for Response. k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining to Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court order Or Other Requests For The Above Mentioned Information, That contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To the Va Contracting Officer For Response. l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va sensitive Information But Does Not Require C&a Or An Mou-isa For System interconnection, The Contractor/subcontractor Must Complete A Contractor Security control Assessment (csca) On A Yearly Basis And Provide It To The Cor. 4. Information System Design And Development a. Information Systems That Are Designed Or Developed For On Behalf Of Va At Non-va facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, nist, And Related Va Security And Privacy Control Requirements For Federal Information systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 c.f.r. Part 164, Subpart C, Information And System Security Categorization Level designation In Accordance With Fips 199 And Fips 200 With Implementation Of All baseline Security Controls Commensurate With The Fips 199 System Security categorization (reference Appendix D Of Va Handbook 6500, Va Information Security program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance with Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop core Configuration (fdcc), And The Common Security Configuration Guidelines Provided by Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. information Technology Staff Must Also Use The Windows Installer Service For Installation to The Default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented in Accordance With The Provisions Of Va Security System Development Life Cycle As outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management framework To Federal Information Systems, Va Handbook 6500, Information Security program And Va Handbook 6500.5, Incorporating Security And Privacy In System development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The imposition Of Criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations issued Under The Act In The Design, Development, Or Operation Of Any System Of records On Individuals To Accomplish An Agency Function When The Contract specifically Identifies: a. The Systems Of Records (sor); And b. The Design, Development, Or Operation Work That The Contractor/subcontractor is To Perform; i. Include The Privacy Act Notification Contained In This Contract In Every solicitation And Resulting Subcontract And In Every Subcontract Awarded without A Solicitation, When The Work Statement In The Proposed Subcontract requires The Redesign, Development, Or Operation Of A Sor On Individuals that Is Subject To The Privacy Act; And ii. Include This Privacy Act Clause, Including This Subparagraph (3), In All subcontracts Awarded Under This Contract Which Requires The Design, development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency involved When The Violation Concerns The Design, Development, Or Operation Of A sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns the Operation Of Sor On Individuals To Accomplish An Agency Function. For Purposes of The Act, When The Contract Is For The Operation Of A Sor On Individuals To accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An employee Of The Agency. (1) Operation Of A System Of Records Means Performance Of Any Of The Activities associated With Maintaining The Sor, Including The Collection, Use, maintenance, And Dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An individual That Is Maintained By An Agency, Including, But Not Limited To, education, Financial Transactions, Medical History, And Criminal Or Employment history And Contains The Person S Name, Or Identifying Number, Symbol, Or Any other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any agency From Which Information Is Retrieved By The Name Of The Individual Or By some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The individual. i. The A/e Shall Ensure The Security Of All Procured Or Developed Systems And technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The a/e Anywhere In The Systems Including Operating Systems And Firmware. The A/e shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. j. The A/e Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, but In No Event Longer Than 7 Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os patches Or Adobe Acrobat), The A/e Will Provide Written Notice To The Va That The patch Has Been Validated As Not Affecting The System Within 10 Working Days. When the A/e Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply the Security Fixes Within 7 Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To this Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval of The Contracting Officer And The Va Assistant Secretary For Office Of Information and Technology. 5. Information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable for Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security and Privacy Directives And Handbooks. This Includes Conducting Compliant Risk assessments, Routine Vulnerability Scanning, System Patching And Change Management procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used to Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided Ot The cor And Approved By Va Privacy Service Prior To Operational Approval. All External internet Connections To Va S Network Involving Va Information Must Be Reviewed And approved By Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are to Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be in Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted and Approved Prior To The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or network Operations, Telecommunications Services, Or Other Managed Services Requires certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va ocs Certification Program Office. Government-owned (government Facility Or government Equipment) Contractor-operated Systems, Third Party Or Business Partner networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The appropriate Level Of Security Controls For All Systems Connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist standards Related To The Annual Fisma Security Controls Assessment And Review And update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. the Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, and Practices, And The Completion Of Those Activities. Security Deficiencies Must Be corrected Within The Timeframes Approved By The Government. contractor/subcontractor Procedures Are Subject To Periodic, Unannounced assessments By Va Officials, Including The Va Office Of Inspector General. The Physical security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject to Such Assessments. If Major Changes To The System Occur That May Affect The Privacy or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The certification Program Office Can Provide Guidance On Whether A New C&a Would Be necessary. e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems and Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The assessment Must Be Provided To The Cor. The Government Reserves The Right To conduct Such An Assessment Using Government Personnel Or Another contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any weaknesses Discovered During Such Testing, Generally At No Additional Cost. f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, sow, Or Contract. All Of The Security Controls Required For Government Furnished equipment (gfe) Must Be Utilized In Approved Or Other Equipment (oe) And Must Be funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclaved based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The non-va Owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination of The Contract Or (ii) Disposal Or Return Of The It Equipment By The contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information must Be Returned To The Va For Sanitization Or Destruction Or The contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The A/e At The end Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) A/e Must Accept The System Without The Drive; (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed in Place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market replacement Cost At Time Of Purchase (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain the Hard Drive, Then; (a) The Equipment A/e Must Have An Existing Baa If The Device Being Traded In Has sensitive Information Stored On It And Hard Drive(s) From The System Are Being returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The greatest Extent Possible Without Negatively Impacting System Operation. selective Clearing Down To Patient Data Folder Level Is Recommended Using Va approved And Validated Overwriting Technologies/methods/tools. Applicable media Sanitization Specifications Need To Be Pre-approved And Described In The purchase Order Or Contract. 620-21-205 Montrose River Front Storm Damage Repairs va Medical Center Fdr Montrose, New York page 19 Of 21 (c) A Statement Needs To Be Signed By The Director (system Owner) That States That the Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place and Completed. The Iso Needs To Maintain The Documentation. 6. Security Incident Investigation a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An action That Breaches Va Security Procedures. The Contractor/subcontractor Shall immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer for The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any unauthorized Disclosures Of Sensitive Information, Including That Contained In System(s) to Which The Contractor/subcontractor Has Access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The incident (including To Whom, How, When, And Where The Va Information Or Assets Were placed At Risk Or Compromised), And Any Other Information That The contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In accordance With The Executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate with Va And Any Law Enforcement Authority Responsible For The Investigation And prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va information, Obtain Monetary Or Other Compensation From A Third Party For Damages arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, or Related To, The Incident. 7. Liquidated Damages For Data Breach a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages in The Event Of A Data Breach Or Privacy Incident Involving Any Spi The contractor/subcontractor Processes Or Maintains Under This Contract. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set forth In The Security Incident Investigation Section Above. Upon Such Notification, Va must Secure From A Non-department Entity Or The Va Office Of Inspector General An independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With the Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In the Data Breach. The Term Data Breach Means The Loss, Theft, Or Other Unauthorized access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data containing Sensitive Personal Information, In Electronic Or Printed For, That Results In The potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be deemed A Material Breach And Grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access); (2) Description Of The Event, Including (a) Date Of Occurrence (b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security number, Date Of Birth, Home Address, Account Number, Disability Code; (3) Number Of Individuals Affected Or Potentially Affected; (4) Names Of Individuals Or Groups Affected Or Potentially Affected; (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of the Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6) Amount Of Time The Data Has Been Out Of Va Control; (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Personal Information, If Any; (9) Assessment Of The Potential Harm To The Affected Individuals; (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security and Privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or mitigating The Results Of Identity Theft Based On The Sensitive Personal Information that May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 Per Affected individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals consisting Of The Following: (1) Notification; (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At least 3 Relevant Credit Bureau Reports; (3) Data Breach Analysis; (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, at The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A government-sponsored Security Controls Assessment At Each Location Wherein Va information Is Processed Or Stored, Or Information Systems Are Developed, Operated, maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector general. The Government May Conduct A Security Control Assessment On Shorter Notice (to include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va information And Va Information Systems Shall Complete The Following Before Being granted Access To Va Information And Its Systems: (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E relating To Access To Va Information And Information Systems; (2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior training And Annually Complete Required Security Training; (3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete required Privacy Training; And (4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required for Va Personnel With Equivalent Information System Access [to Be Defined By The Va program Official And Provided To The Contracting Officer For Inclusion In The solicitation Document E.g., Any Role-based Information Security Training Required In accordance With Nist Special Publication 800-1 6, Information Technology Security training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such time As The Training And Documents Are Complete. end Of Appendix

Details: This Is A Sources Sought Notice Only. This Is Not A Request For Quotes And No Contract Will Be awarded From This Announcement. The Government Will Not Provide Any Reimbursement for Responses Submitted In Response To This Source Sought Notice. Respondents Will Not Be notified Of The Results Of The Evaluation. the Purpose Of This Announcement Is To Perform Market Research To Gain Knowledge Of Potential qualified Sources And Their Size Classification Relative To Naics 541330, (engineering Services) with A Size Standard $25.5million. The Department Of Veterans Affairs (va), Network contracting Office 1 (nco 1) Is Seeking To Identify Any Vendor Capable Of providing A Boundary Survey Per The Requirements Below. Refer To The Statement Of work Below For The Requested Requirement Description. The Standard Shall Be Of Quality; Meeting or Exceeding Those Outlined In The Statement Of Work. this Sources Sought Notice Provides An Opportunity For Respondents To Submit Their Capability and Availability To Provide The Requirement Described Below. Vendors Are Being Invited To Submit information Relative To Their Potential To Fulfill This Requirement, In The Form Of A Capability response That Addresses The Specific Requirement Identified In This Sources Sought. Information received From This Sources Sought Shall Be Utilized To Facilitate The Contracting Officer S Review of The Market Base, For Acquisition Planning, Size Determination, And Procurement Strategy. submission Instructions: Interested Parties Who Consider Themselves Qualified To Perform boundary Surveys Are Invited To Submit A Response To This Sources Sought Notice By 7-17-2024. all Responses Under This Sources Sought Notice Must Be Emailed To Carissa.sarazin@va.gov. telephone Inquiries Will Not Be Accepted Or Acknowledged, And No Feedback Or Evaluations Will be Provided To Companies Regarding Their Submissions. interested Parties Should Complete The Attached Sources Sought Worksheet. Parties May Submit additional Information Related To Their Capabilities, Provided It Contains All The Requirements contained In The Sources Sought Worksheet. Responses To This Sources Sought Shall Not Exceed 8 pages. In Addition, All Submissions Should Be Provided Electronically In A Microsoft Word Or adobe Pdf Format. sam: Interested Parties Shall Be Register In The System For Award Management (sam) As prescribed In Far Clause 52.232-33. Sam Information Can Be Obtained By Accessing The Internet at Www.sam.gov Or By Calling 1-866-606-8220. Interested Parties Not Registered In Sam Will Be ineligible To Receive A Government Contract, Should A Solicitation Be Issued Resulting From This sources Sought. vista: The Va Utilizes Vista To Issue A Purchase Order And Liquidate Invoices. Failure To register In Vista May Result In Exclusion From The Issuance Of A Va Contract, Should A solicitation Be Issued Resulting From This Sources Sought. attachment 1 sources Sought Worksheet qualification Information: company / Institute Name: _______________________________________________________ address: ______________________________________________________________________ phone Number: ________________________________________________________________ point Of Contact: _______________________________________________________________ e-mail Address: ________________________________________________________________ unique Entity Identifier (uei) #: ___________________________________________________ cage Code: __________________________________________________________________ other Available Contract Vehicles (gsa/fss/nasa Sewp/etc): ________________________ _____________________________________________________________________________ _____________________________________________________________________________ socio-economic Status: vip Verified Sdvosb: (y / N) vip Verified Vosb: (y / N) 8(a): (y / N) hubzone: (y / N) economically Disadvantaged Women-owned Small Business: (y / N) women-owned Small Business: (y / N) small Business: (y / N) note: Respondent Claiming Sdvosb And Vosb Status Shall Be Registered And Center For veterans Enterprise (cve) Verified In Vetbiz Registry Www.vetbiz.gov. based On The Responses To This Sources Sought Notice/market research, This Requirement May Be Set-aside For Sdvosb, Vosb, Small businesses Or Procured Through Full And Open Competition. capability Statement: provide A Brief Capability And Interest In Providing The Supply Of Shower Repairs As Listed In attachment 2 Statement Of Work With Enough Information To Determine If Your Company Can meet The Requirement. The Capabilities Statement For This Sources Sought Is Not A Request For quotation, Request For Proposal Or Invitation For Bid, Nor Does It Restrict The Government To An ultimate Acquisition Approach, But Rather The Government Is Requesting A Short Statement regarding The Company S Ability To Provide The Services Outlined In The Sow. Any Commercial brochures Or Currently Existing Marketing Material May Also Be Submitted With The Capabilities statement. This Synopsis Is For Information And Planning Purposes Only And Is Not To Be Construed as A Commitment By The Government. The Government Will Not Pay For Information Solicited. respondents Will Not Be Notified Of The Results Of The Evaluation. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ attachment 2 performance Work Statement department Of Veterans Affairs (va) medical Center, Leeds Ma boundary Survey Of The Edward P. Boland Campus 1. General the Va Central Western Mass. Edward P Boland Campus In Leeds, Ma Requires Survey Confirmation Of The Property Owned By The Va. The Original Tract Was Approximately 280 Acres And Is Now Approximately 105. The Va Has Records Of Agreements/conveyances That May Or May Not Have Occurred/been Recorded Over The And Is looking For Confirmation Of The Property Owned By The Va Through A Alta/nsps Land Title Survey. the Edward P. Boland Campus Also Has A Lot Of Construction Going On And Needs A Survey Control Network Installed To Standardized And Coordinate Construction And Records Throughout The Campus. A Traverse Through The Control Points Installed Is Required And Shall Be Submitted With The Control Point Coordinates. The Control Network Shall Use The Massachusetts State Plane Coordinate System. place Of Performance: 421 N. Main St, Leeds Ma 2. Project Scope Of Work item 1 Conduct An Alta/nsps Land Title Survey 1 Lump Sum see Attachment 1 Alta/nsps Land Title Survey Table A alta Deliverables: plat Hard Copy (min 24 X36 ) plat Digital Copy plat Does Not Have To Be Recorded. provide Copies Of All Recorded Conveyances, Plats And Deeds For 1922 To Present. item 2 Install Survey Control Monument 15 Each furnish And Install Precast Concrete Monument 6 X6 X36 With 2.5 Minimum Bronze Marker. markers Will Be Placed At Locations Agreed To With The Cor. include Costs To Traverse And Balance The Control Point Network. see Attachment 2 - Example Marker. item 3 Install Survey Control Disk 10 Each furnish And Install A 2.5 Minimum Bronze Marker On Either A Rebar Base Or In Existing Concrete. rebar Shall Be A Minimum Of 2 Long #5 Bar. concrete Install Will Be Drilled And Grouted Into Existing Concrete. include Costs To Traverse And Balance The Control Point Network. see Attachment 2 - Example Marker. item 4 Topographic Survey Of Property 1 Lump Sum this Item Is An Add Alternate For Items 5 And 15 Of Alta/nsps Land Title Survey Table A. Perform A topographic Survey Of The Property, Survey Drones Would Be Permitted For This Task. 1/24/2024 3. The Performance Period For This Work Is 120 Days From Time Of Award, Unless Other Time Frames are Approved In Writing By The Contracting Office With No Options To Renew. a) Services Will Be Performed During Business Hours 7:00am 4:30 Pm. If Work Needs To Be Done off Hours, It Must Be Coordinated With The Cor. b) There Will Be No Unscheduled Work During Federal Holidays. vha Supplemental Contract Requirements For Combatting Covid-19 1. Contractor Employees Who Work In Or Travel To Vha Locations Must Comply With The Following: a. Documentation Requirements: 1) If Fully Vaccinated, Contractors Shall Show Proof Of Vaccination. i. Note: Acceptable Proof Of Vaccination Includes A Signed Record Of Immunization From A Health care Provider Or Pharmacy, A Copy Of The Covid-19 Vaccination Record Card (cdc Form Mls- 319813_r, Published On September 3, 2020), Or A Copy Of Medical Records Documenting The vaccination. 2) If Unvaccinated, Contractors Shall Show Negative Covid-19 Test Results Dated Within Three Calendar days Prior To Desired Entry Date. Test Must Be Approved By The Food And Drug Administration (fda) for Emergency Use Or Full Approval. This Includes Tests Available By A Doctor S Order Or An Fda approved Over-the-counter Test That Includes An Affiliated Telehealth Service. 3) Documentation Cited In This Section Shall Be Digitally Or Physically Maintained On Each Contractor employee While In A Va Facility And Is Subject To Inspection Prior To Entry To Va Facilities And After entry For Spot Inspections By Contracting Officer Representatives (cors) Or Other Hospital Personnel. 4) Documentation Will Not Be Collected By The Va; Contractors Shall, At All Times, Adhere To And Ensure compliance With Federal Laws Designed To Protect Contractor Employee Health Information And personally Identifiable Information. 2. Contractor Employees Are Subject To Daily Screening For Covid-19 And May Be Denied Entry To Va Facilities if They Fail To Pass Screening Protocols. As Part Of The Screening Process Contractors May Be Asked screening Questions Found On The Covid-19 Screening Tool. Check Regularly For Updates. a. Contractor Employees Who Work Away From Va Locations, But Who Will Have Direct Contact With Va patients Shall Self-screen Utilizing The Covid-19 Screening Tool, In Advance, Each Day That They Will Have direct Patient Contact And In Accordance With Their Person Or Persons Who Coordinate Covid-19 workplace Safety Efforts At Covered Contractor Workplaces. Contractors Shall, At All Times, Adhere To And ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And personally Identifiable Information. 3. Contractor Must Immediately Notify Their Cor Or Contracting Officer If Contract Performance Is jeopardized Due To Contractor Employees Being Denied Entry Into Va Facilities. 1/24/2024 4. For Indefinite Delivery Contracts: Contractor Agrees To Comply With Vha Supplemental Contract requirements For Any Task Or Delivery Orders Issued Prior To This Modification When Performance Has already Commenced. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 1 Of 10 american Land Title Association And national Society Of Professional Surveyors minimum Standard Detail Requirements For alta/nsps Land Title Surveys (effective February 23, 2021) 1. Purpose - Members Of The American Land Title Association⮠(alta) Have Specific Needs, unique To Title Insurance Matters, When Asked To Insure Title To Land Without Exception As To The many Matters Which Might Be Discoverable From Survey And Inspection, And Which Are Not evidenced By The Public Records. for A Survey Of Real Property, And The Plat, Map Or Record Of Such Survey, To Be Acceptable To A Title insurance Company For The Purpose Of Insuring Title To Said Real Property Free And Clear Of Survey Matters (except Those Matters Disclosed By The Survey And Indicated On The Plat Or Map), Certain Specific And pertinent Information Must Be Presented For The Distinct And Clear Understanding Between The Insured, The client (if Different From The Insured), The Title Insurance Company (insurer), The Lender, And The Surveyor professionally Responsible For The Survey. in Order To Meet Such Needs, Clients, Insurers, Insureds, And Lenders Are Entitled To Rely On Surveyors To conduct Surveys And Prepare Associated Plats Or Maps That Are Of A Professional Quality And Appropriately uniform, Complete, And Accurate. To That End, And In The Interests Of The General Public, The Surveying profession, Title Insurers, And Abstracters, The Alta And The Nsps Jointly Promulgate The Within Details and Criteria Setting Forth A Minimum Standard Of Performance For Alta/nsps Land Title Surveys. A complete 2021 Alta/nsps Land Title Survey Includes: (i) The On-site Fieldwork Required Pursuant To Section 5, (ii) The Preparation Of A Plat Or Map Pursuant To Section 6 Showing The Results Of The Fieldwork and Its Relationship To Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4, (iii) Any Information From Table A Items Requested By The Client, And (iv) The Certification Outlined In Section 7. 2. Request For Survey - The Client Shall Request The Survey, Or Arrange For The Survey To Be requested, And Shall Provide A Written Authorization To Proceed From The Person Or Entity Responsible For paying For The Survey. Unless Specifically Authorized In Writing By The Insurer, The Insurer Shall Not Be responsible For Any Costs Associated With The Preparation Of The Survey. The Request Must Specify That An "alta/nsps Land Title Survey" Is Required And Which Of The Optional Items Listed In Table A, If Any, are To Be Incorporated. Certain Properties Or Interests In Real Properties May Present Issues Outside Those normally Encountered On An Alta/nsps Land Title Survey (e.g., Marinas, Campgrounds, Mobile Home parks, Easements, Leases, Mineral Interests, Other Non-fee Simple Interests). The Scope Of Work Related To surveys Of Such Properties Or Interests In Real Properties Should Be Discussed With The Client, Lender, And insurer, And Agreed Upon In Writing Prior To Commencing Work On The Survey. When Required, The Client shall Secure Permission For The Surveyor To Enter Upon The Property To Be Surveyed, Adjoining Properties, or Offsite Easements. 3. Surveying Standards And Standards Of Care a. Effective Date - The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title surveys Are Effective February 23, 2021. As Of That Date, All Previous Versions Of The Minimum standard Detail Requirements For Alta/acsm Or Alta/nsps Land Title Surveys Are superseded By These Standards. b. Other Requirements And Standards Of Practice - Many States And Some Local Jurisdictions have Adopted Statutes, Administrative Rules, And/or Ordinances That Set Out Standards Regulating the Practice Of Surveying Within Their Jurisdictions. In Addition To The Standards Set Forth Herein, surveyors Must Also Conduct Their Surveys In Accordance With Applicable Jurisdictional Survey requirements And Standards Of Practice. Where Conflicts Between The Standards Set Forth Herein american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 2 Of 10 american Land Title Association And national Society Of Professional Surveyors and Any Such Jurisdictional Requirements And Standards Of Practice Occur, The More Stringent Must apply. c. The Normal Standard Of Care - Surveyors Should Recognize That There May Be Unwritten Local, state, And/or Regional Standards Of Care Defined By The Practice Of The Prudent Surveyor In Those locales. d. Boundary - The Boundary Lines And Corners Of Any Property Or Interest In Real Property Being surveyed (hereafter, The Surveyed Property Or Property To Be Surveyed ) As Part Of An alta/nsps Land Title Survey Must Be Established And/or Retraced In Accordance With appropriate Boundary Law Principles Governed By The Set Of Facts And Evidence Found In The course Of Performing The Research And Fieldwork. e. Measurement Standards - The Following Measurement Standards Address Relative Positional precision For The Monuments Or Witnesses Marking The Corners Of The Surveyed Property. i. Relative Positional Precision Means The Length Of The Semi-major Axis, Expressed In Meters or Feet, Of The Error Ellipse Representing The Uncertainty In The Position Of The Monument Or witness Marking Any Boundary Corner Of The Surveyed Property Relative To The Position Of The monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The Surveyed property Resulting From Random Errors In The Measurements Made In Determining Those positions At The 95 Percent Confidence Level. Relative Positional Precision Can Be Estimated by The Results Of A Correctly Weighted Least Squares Adjustment Of The Survey. Alternatively, relative Positional Precision Can Be Estimated By The Standard Deviation Of The Distance between The Monument Or Witness Marking Any Boundary Corner Of The Surveyed Property and The Monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The surveyed Property (called Local Accuracy) That Can Be Computed Using The Full Covariance matrix Of The Coordinate Inverse Between Any Given Pair Of Points, Understanding That Relative positional Precision Is Based On The 95 Percent Confidence Level, Or Approximately 2 Standard deviations. ii. Any Boundary Lines And Corners Established Or Retraced May Have Uncertainties In Location resulting From (1) The Availability, Condition, History And Integrity Of Reference Or Controlling monuments, (2) Ambiguities In The Record Descriptions Or Plats Of The Surveyed Property Or Its adjoiners, (3) Occupation Or Possession Lines As They May Differ From The Written Title Lines, Or (4) Relative Positional Precision. Of These Four Sources Of Uncertainty, Only Relative positional Precision Is Controllable, Although, Due To The Inherent Errors In Any Measurement, it Cannot Be Eliminated. The Magnitude Of The First Three Uncertainties Can Be Projected Based on Evidence; Relative Positional Precision Is Estimated Using Statistical Means (see Section 3.e.i. Above And Section 3.e.v. Below). iii. The First Three Of These Sources Of Uncertainty Must Be Weighed As Part Of The Evidence In The determination Of Where, In The Surveyor S Opinion, The Boundary Lines And Corners Of The surveyed Property Should Be Located (see Section 3.d. Above). Relative Positional Precision is A Measure Of How Precisely The Surveyor Is Able To Monument And Report Those Positions; It is Not A Substitute For The Application Of Proper Boundary Law Principles. A Boundary Corner Or line May Have A Small Relative Positional Precision Because The Survey Measurements Were precise, Yet Still Be In The Wrong Position (i.e., Inaccurate) If It Was Established Or Retraced using Faulty Or Improper Application Of Boundary Law Principles. iv. For Any Measurement Technology Or Procedure Used On An Alta/nsps Land Title Survey, the Surveyor Must (1) Use Appropriately Trained Personnel, (2) Compensate For Systematic errors, Including Those Associated With Instrument Calibration, And (3) Use Appropriate Error propagation And Measurement Design Theory (selecting The Proper Instruments, Geometric layouts, And Field And Computational Procedures) To Control Random Errors Such That The maximum Allowable Relative Positional Precision Outlined In Section 3.e.v. Below Is Not exceeded. v. The Maximum Allowable Relative Positional Precision For An Alta/nsps Land Title Survey Is 2 Cm (0.07 Feet) Plus 50 Parts Per Million (based On The Direct Distance Between The Two american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 3 Of 10 american Land Title Association And national Society Of Professional Surveyors corners Being Tested). It Is Recognized That In Certain Circumstances, The Size Or Configuration of The Surveyed Property, Or The Relief, Vegetation, Or Improvements On The Surveyed Property, will Result In Survey Measurements For Which The Maximum Allowable Relative Positional precision May Be Exceeded In Which Case The Reason Shall Be Noted Pursuant To Section 6.b.x. Below. 4. Records Research - It Is Recognized That For The Performance Of An Alta/nsps Land Title survey, The Surveyor Will Be Provided With Appropriate And, When Possible, Legible Data That Can be Relied Upon In The Preparation Of The Survey. In Order To Complete An Alta/nsps Land Title survey, The Surveyor Must Be Provided With The Following: a. The Current Record Description Of The Real Property To Be Surveyed Or, In The Case Of An original Survey Prepared For Purposes Of Locating And Describing Real Property That Has Not been Previously Separately Described In Documents Conveying An Interest In The Real Property, the Current Record Description Of The Parent Parcel That Contains The Property To Be Surveyed; b. Complete Copies Of The Most Recent Title Commitment Or, If A Title Commitment Is Not Available, other Title Evidence Satisfactory To The Title Insurer; c. The Following Documents From Records Established Under State Statutes For The Purpose Of imparting Constructive Notice Of Matters Relating To Real Property (public Records): i. The Current Record Descriptions Of Any Adjoiners To The Property To Be Surveyed, Except where Such Adjoiners Are Lots In Platted, Recorded Subdivisions; ii. Any Recorded Easements Benefitting The Property To Be Surveyed; And iii. Any Recorded Easements, Servitudes, Or Covenants Burdening The Property To Be surveyed; And d. If Desired By The Client, Any Unrecorded Documents Affecting The Property To Be Surveyed And containing Information To Which The Survey Shall Make Reference. except, However, If The Documents Outlined In This Section Are Not Provided To The Surveyor Or If Non-public or Quasi-public Documents Are Otherwise Required To Complete The Survey, The Surveyor Must Conduct That research Which Is Required Pursuant To The Statutory Or Administrative Requirements Of The Jurisdiction where The Surveyed Property Is Located And That Research (if Any) Which Is Negotiated And Outlined In The terms Of The Contract Between The Surveyor And The Client. 5. Fieldwork - The Survey Must Be Performed On The Ground (except As May Be Otherwise negotiated Pursuant To Table A, Item 15 Below). Except As Related To The Precision Of The Boundary, Which is Addressed In Section 3.e. Above, Features Located During The Fieldwork Shall Be Located To What Is, In The surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) The Existing use, If The Planned Use Is Not So Reported. The Fieldwork Shall Include The Following: a. Monuments i. The Location, Size, Character, And Type Of Any Monuments Found During The Fieldwork. ii. The Location, Size, Character, And Type Of Any Monuments Set During The Fieldwork, If Item 1 Of table A Was Selected Or If Otherwise Required By Applicable Jurisdictional Requirements And/or standards Of Practice. iii. The Location, Description, And Character Of Any Lines That Control The Boundaries Of The surveyed Property. b. Rights Of Way And Access i. The Distance From The Appropriate Corner Or Corners Of The Surveyed Property To The Nearest right Of Way Line, If The Surveyed Property Does Not Abut A Right Of Way. ii. The Name Of Any Street, Highway, Or Other Public Or Private Way Abutting The Surveyed property, Together With The Width Of The Travelled Way And The Location Of Each Edge Of The travelled Way Including On Divided Streets And Highways. If The Documents Provided To Or obtained By The Surveyor Pursuant To Section 4 Indicate No Access From The Surveyed property To The Abutting Street Or Highway, The Width And Location Of The Travelled Way Need not Be Located. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 4 Of 10 american Land Title Association And national Society Of Professional Surveyors iii. Visible Evidence Of Physical Access (e.g., Curb Cuts, Driveways) To Any Abutting Streets, highways, Or Other Public Or Private Ways. iv. The Location And Character Of Vehicular, Pedestrian, Or Other Forms Of Access By Other Than the Apparent Occupants Of The Surveyed Property To Or Across The Surveyed Property Observed in The Process Of Conducting The Fieldwork (e.g., Driveways, Alleys, Private Roads, Railroads, railroad Sidings And Spurs, Sidewalks, Footpaths). v. Without Expressing A Legal Opinion As To Ownership Or Nature, The Location And Extent Of Any potentially Encroaching Driveways, Alleys, And Other Ways Of Access From Adjoining Properties onto The Surveyed Property Observed In The Process Of Conducting The Fieldwork. vi. Where Documentation Of The Location Of Any Street, Road, Or Highway Right Of Way Abutting, On, or Crossing The Surveyed Property Was Not Disclosed In Documents Provided To Or Obtained By the Surveyor, Or Was Not Otherwise Available From The Controlling Jurisdiction (see Section 6.c.iv. Below), The Evidence And Location Of Parcel Corners On The Same Side Of The Street As the Surveyed Property Recovered In The Process Of Conducting The Fieldwork Which May indicate The Location Of Such Right Of Way Lines (e.g., Lines Of Occupation, Survey Monuments). vii. Evidence Of Access To And From Waters Adjoining The Surveyed Property Observed In The process Of Conducting The Fieldwork (e.g., Paths, Boat Slips, Launches, Piers, Docks). c. Lines Of Possession And Improvements Along The Boundaries i. The Character And Location Of Evidence Of Possession Or Occupation Along The Perimeter Of the Surveyed Property, Both By The Occupants Of The Surveyed Property And By Adjoiners, observed In The Process Of Conducting The Fieldwork. ii. Unless Physical Access Is Restricted, The Character And Location Of All Walls, Buildings, Fences, and Other Improvements Within Five Feet Of Each Side Of The Boundary Lines Observed In The process Of Conducting The Fieldwork (see Section 5.e.iv. Regarding Utility Poles). Trees, bushes, Shrubs, And Other Vegetation Need Not Be Located Other Than As Specified In The contract, Unless They Are Deemed By The Surveyor To Be Evidence Of Possession Or Occupation pursuant To Section 5.c.i. iii. Without Expressing A Legal Opinion As To The Ownership Or Nature Of The Potential encroachment, The Evidence, Location, And Extent Of Potentially Encroaching Structural appurtenances And Projections Observed In The Process Of Conducting The Fieldwork (e.g., Fire escapes, Bay Windows, Windows And Doors That Open Out, Flue Pipes, Stoops, Eaves, Cornices, areaways, Steps, Trim) By Or Onto Adjoining Property, Or Onto Rights Of Way, Easements, Or setback Lines Disclosed In Documents Provided To Or Obtained By The Surveyor. d. Buildings the Location Of Buildings On The Surveyed Property Observed In The Process Of Conducting The fieldwork. e. Easements And Servitudes i. Evidence Of Any Easements Or Servitudes Burdening The Surveyed Property As Disclosed In the Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 And Observed In the Process Of Conducting The Fieldwork. ii. Evidence Of Easements, Servitudes, Or Other Uses By Other Than The Apparent Occupants Of the Surveyed Property Not Disclosed In The Documents Provided To Or Obtained By The Surveyor pursuant To Section 4, But Observed In The Process Of Conducting The Fieldwork If They Are On or Across The Surveyed Property (e.g., Roads, Drives, Sidewalks, Paths And Other Ways Of access, Utility Service Lines, Utility Locate Markings (including The Source Of The Markings, With a Note If Unknown), Water Courses, Ditches, Drains, Telephone Lines, Fiber Optic Lines, Electric lines, Water Lines, Sewer Lines, Oil Pipelines, Gas Pipelines). iii. Surface Indications Of Underground Easements Or Servitudes On Or Across The Surveyed property Observed In The Process Of Conducting The Fieldwork (e.g., Utility Cuts, Vent Pipes, filler Pipes, Utility Locate Markings (including The Source Of The Markings, With A Note If unknown)). iv. Evidence On Or Above The Surface Of The Surveyed Property Observed In The Process Of american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 5 Of 10 american Land Title Association And national Society Of Professional Surveyors conducting The Fieldwork, Which Evidence May Indicate Utilities Located On, Over, Or Beneath the Surveyed Property. Examples Of Such Evidence Include Pipeline Markers, Utility Locate markings (including The Source Of The Markings, With A Note If Unknown), Manholes, Valves, meters, Transformers, Pedestals, Clean-outs, Overhead Lines, Guy Wires, And Utility Poles On Or within Ten Feet Of The Surveyed Property. Without Expressing A Legal Opinion As To The ownership Or Nature Of The Potential Encroachment, The Extent Of All Encroaching Utility Pole crossmembers Or Overhangs. f. Cemeteries as Accurately As The Evidence Permits, The Perimeter Of Cemeteries And Burial Grounds, And The location Of Isolated Gravesites Not Within A Cemetery Or Burial Ground, (i) Disclosed In The documents Provided To Or Obtained By The Surveyor, Or (ii) Observed In The Process Of Conducting the Fieldwork. g. Water Features i. The Location Of Springs, Ponds, Lakes, Streams, Rivers, Canals, Ditches, Marshes, And Swamps on, Running Through, Or Outside, But Within Five Feet Of, The Perimeter Boundary Of The Surveyed property And Observed During The Process Of Conducting The Fieldwork. ii. The Location Of Any Water Feature Forming A Boundary Of The Surveyed Property. The attribute(s) Of The Water Feature Located (e.g., Top Of Bank, Edge Of Water, High Water Mark) should Be Congruent With The Boundary As Described In The Record Description Or, In The Case of An Original Survey, In The New Description (see Section 6.b.vi. Below). 6. Plat Or Map - A Plat Or Map Of An Alta/nsps Land Title Survey Shall Show The Following information. Where Dimensioning Is Appropriate, Dimensions Shall Be Annotated To What Is, In The surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) Existing Use, if The Planned Use Is Not So Reported. a. Field Locations. The Evidence And Locations Gathered, And The Monuments And Lines Located during The Fieldwork Pursuant To Section 5 Above, With Accompanying Notes If Deemed Necessary by The Surveyor Or As Otherwise Required As Specified Below. b. Boundary, Descriptions, Dimensions, And Closures i. (a) The Current Record Description Of The Surveyed Property, Or (b) In The Case Of An Original Survey, The Current Record Document Number Of The Parent Tract that Contains The Surveyed Property. ii. Any New Description Of The Surveyed Property That Was Prepared In Conjunction With The survey, Including A Statement Explaining Why The New Description Was Prepared. Except In The case Of An Original Survey, Preparation Of A New Description Should Be Avoided Unless deemed Necessary Or Appropriate By The Surveyor And Insurer. Preparation Of A New description Should Also Generally Be Avoided When The Record Description Is A Lot Or Block In A platted, Recorded Subdivision. Except In The Case Of An Original Survey, If A New Description Is prepared, A Note Must Be Provided Stating (a) That The New Description Describes The Same real Estate As The Record Description Or, (b) If It Does Not, How The New Description Differs From the Record Description. iii. The Point Of Beginning, The Remote Point Of Beginning Or Point Of Commencement (if applicable) And All Distances And Directions Identified In The Record Description Of The surveyed Property (and In The New Description, If One Was Prepared). Where A Measured Or calculated Dimension Differs From The Record By An Amount Deemed Significant By The surveyor, Such Dimension Must Be Shown In Addition To, And Differentiated From, The corresponding Record Dimension. All Dimensions Shown On The Survey And Contained In Any new Description Must Be Horizontal Ground Dimensions Unless Otherwise Noted. iv. The Direction, Distance, And Curve Data Necessary To Compute A Mathematical Closure Of The surveyed Boundary. A Note If The Record Description Does Not Mathematically Close. The Basis of Bearings And, Where It Differs From The Record Basis, The Difference. v. The Remainder Of Any Recorded Lot Or Existing Parcel, When The Surveyed Property Is american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 6 Of 10 american Land Title Association And national Society Of Professional Surveyors composed Of Only A Portion Of Such Lot Or Parcel, Shall Be Graphically Depicted. Such remainder Need Not Be Included As Part Of The Actual Survey, Except To The Extent Necessary to Locate The Lines And Corners Of The Surveyed Property, And It Need Not Be Fully Dimensioned or Drawn At The Same Scale As The Surveyed Property. vi. When The Surveyed Property Includes A Title Line Defined By A Water Boundary, A Note On The face Of The Plat Or Map Noting The Date The Boundary Was Measured, Which Attribute(s) Of The water Feature Was/were Located, And The Caveat That The Boundary Is Subject To Change Due To natural Causes And That It May Or May Not Represent The Actual Location Of The Limit Of Title. when The Surveyor Is Aware Of Natural Or Artificial Realignments Or Changes In Such boundaries, The Extent Of Those Changes And Facts Shall Be Shown Or Explained. vii. The Relationship Of The Boundaries Of The Surveyed Property To Its Adjoiners (e.g., Contiguity, gaps, Overlaps) Where Ascertainable From Documents Provided To Or Obtained By The Surveyor pursuant To Section 4 And/or From Field Evidence Gathered During The Process Of Conducting the Fieldwork. If The Surveyed Property Is Composed Of Multiple Parcels, The Extent Of Any Gaps or Overlaps Between Those Parcels Must Be Identified. Where Gaps Or Overlaps Are Identified, the Surveyor Must, Prior To Or Upon Delivery Of The Final Plat Or Map, Disclose This To The Insurer and Client. viii. When, In The Opinion Of The Surveyor, The Results Of The Survey Differ Significantly From The record, Or If A Fundamental Decision Related To The Boundary Resolution Is Not Clearly Reflected on The Plat Or Map, The Surveyor Must Explain This Information With Notes On The Face Of The plat Or Map. ix. The Location Of Buildings On The Surveyed Property Dimensioned Perpendicular To Those perimeter Boundary Lines That The Surveyor Deems Appropriate (i.e., Where Potentially impacted By A Setback Line) And/or As Requested By The Client, Lender Or Insurer. x. A Note On The Face Of The Plat Or Map Explaining The Site Conditions That Resulted In A Relative positional Precision That Exceeds The Maximum Allowed Pursuant To Section 3.e.v. xi. A Note On The Face Of The Plat Or Map Identifying Areas, If Any, On The Boundaries Of The surveyed Property, To Which Physical Access Within Five Feet Was Restricted (see Section 5.c.ii.). xii. A Note On The Face Of The Plat Or Map Identifying The Source Of The Title Commitment Or Other title Evidence Provided Pursuant To Section 4, And The Effective Date And The Name Of The insurer Of Same. c. Easements, Servitudes, Rights Of Way, Access, And Documents i. The Location, Width, And Recording Information Of All Plottable Rights Of Way, Easements, And servitudes Burdening And Benefitting The Surveyed Property, As Evidenced By Documents provided To Or Obtained By The Surveyor Pursuant To Section 4. ii. A Summary Of All Rights Of Way, Easements, And Other Survey-related Matters Burdening The surveyed Property And Identified In The Title Evidence Provided To Or Obtained By The Surveyor pursuant To Section 4. Such Summary Must Include The Record Information Of Each Such Right of Way, Easement, Or Other Survey-related Matter, A Statement Indicating Whether It Lies Within or Crosses The Surveyed Property, And A Related Note If: (a) Its Location Is Shown; (b) Its Location Cannot Be Determined From The Record Document; (c) There Was No Observed Evidence At The Time Of The Fieldwork; (d) It Is A Blanket Easement; (e) It Is Not On, Does Not Touch, And/or Based On The Description Contained In The Record document Does Not Affect, The Surveyed Property; (f) It Limits Access To An Otherwise Abutting Right Of Way; (g) The Documents Are Illegible; Or (h) The Surveyor Has Information Indicating That It May Have Been Released Or Otherwise terminated. in Cases Where The Surveyed Property Is Composed Of Multiple Parcels, Indicate Which Of Such american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 7 Of 10 american Land Title Association And national Society Of Professional Surveyors parcels The Various Rights Of Way, Easements, And Other Survey-related Matters Cross Or touch. iii. A Note If No Physical Access To An Abutting Street, Highway, Or Other Public Or Private Way Was observed In The Process Of Conducting The Fieldwork. iv. The Locations And Widths Of Rights Of Way Abutting Or Crossing The Surveyed Property And The source Of Such Information (a) Where Available From The Controlling Jurisdiction, Or (b) Where disclosed In Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4. v. The Identifying Titles Of All Recorded Plats, Filed Maps, Right Of Way Maps, Or Similar Documents that The Survey Represents, Wholly Or In Part, With Their Recording Or Filing Data. vi. For Non-platted Adjoining Land, Recording Data And, Where Available, Tax Parcel Number, identifying Adjoining Tracts According To Current Public Records. For Platted Adjoining Land, The recording Data Of The Subdivision Plat. vii. Platted Setback Or Building Restriction Lines That Appear On Recorded Subdivision Plats Or That were Disclosed In Documents Provided To, Or Obtained By, The Surveyor. viii. If In The Process Of Preparing The Survey The Surveyor Becomes Aware Of A Recorded easement Not Otherwise Listed In The Title Evidence Provided, The Surveyor Must Advise The insurer Prior To Delivery Of The Plat Or Map And, Unless The Insurer Provides Evidence Of A release Of That Easement, Show Or Otherwise Explain It On The Face Of The Plat Or Map, With A note That The Insurer Has Been Advised. d. Presentation i. The Plat Or Map Must Be Drawn On A Sheet Of Not Less Than 8 ½ By 11 Inches In Size At A legible, Standard Engineering Scale, With That Scale Clearly Indicated In Words Or Numbers And with A Graphic Scale. ii. The Plat Or Map Must Include: (a) The Boundary Of The Surveyed Property Drawn In A Manner That Distinguishes It From Other lines On The Plat Or Map. (b) If No Buildings Were Observed On The Surveyed Property In The Process Of Conducting The fieldwork, A Note Stating No Buildings Observed. (c) A North Arrow (with North To The Top Of The Drawing When Practicable). (d) A Legend Of Symbols And Abbreviations. (e) A Vicinity Map Showing The Surveyed Property In Reference To Nearby Highway(s) Or Major street Intersection(s). (f) Supplementary Or Detail Diagrams When Necessary. (g) Notes Explaining Any Modifications To Table A Items And The Nature Of Any Additional table A Items (e.g., 20(a), 20(b), 20(c)) That Were Negotiated Between The Surveyor And client. (h) The Surveyor S Project Number (if Any), And The Name, Registration Or License Number, signature, Seal, Street Address, Telephone Number, Company Website, And Email Address (if Any) Of The Surveyor Who Performed The Survey. (i) The Date(s) Of Any Revisions Made By The Surveyor Who Performed The Survey. (j) Sheet Numbers Where The Plat Or Map Is Composed Of More Than One Sheet. (k) The Caption Alta/nsps Land Title Survey. iii. When Recordation Or Filing Of A Plat Or Map Is Required By State Statutes Or Local Ordinances, such Plat Or Map Shall Be Produced In The Required Form. 7. Certification - The Plat Or Map Of An Alta/nsps Land Title Survey Must Bear Only The Following unaltered Certification Except As May Be Required Pursuant To Section 3.b. Above: to (name Of Insured, If Known), (name Of Lender, If Known), (name Of Insurer, If Known), (names Of others As Negotiated With The Client): this Is To Certify That This Map Or Plat And The Survey On Which It Is Based Were Made In accordance With The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 8 Of 10 american Land Title Association And national Society Of Professional Surveyors surveys, Jointly Established And Adopted By Alta And Nsps, And Includes Items ___________ of Table A Thereof. The Fieldwork Was Completed On ___________ [date]. date Of Plat Or Map: ___________ (surveyor S Signature, Printed Name And Seal With registration/license Number) 8. Deliverables - The Surveyor Shall Furnish Copies Of The Plat Or Map Of Survey To The Insurer And client And As Otherwise Negotiated With The Client. Hard Copies Shall Be On Durable And Dimensionally stable Material Of A Quality Standard Acceptable To The Insurer. A Digital Image Of The Plat Or Map May Be provided In Addition To, Or In Lieu Of, Hard Copies Pursuant To The Terms Of The Contract. If The Surveyor Is required To Record Or File A Plat Or Map Pursuant To State Statute Or Local Ordinance It Shall Be So Recorded or Filed. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 9 Of 10 american Land Title Association And national Society Of Professional Surveyors table A optional Survey Responsibilities And Specifications note: Whether Any Of The Nineteen (19) Items Of Table A Are To Be Selected, And The Exact Wording Of and Fee For Any Selected Item, May Be Negotiated Between The Surveyor And Client. Any Additional Items negotiated Between The Surveyor And Client Must Be Identified As 20(a), 20(b), Etc. Any Additional Items negotiated Between The Surveyor And Client, And Any Negotiated Changes To The Wording Of A Table A item, Must Be Explained Pursuant To Section 6.d.ii.(g). Notwithstanding Table A Items 5 And 11, If An engineering Design Survey Is Desired As Part Of An Alta/nsps Land Title Survey, Such Services Should be Negotiated Under Table A, Item 20. if Checked, The Following Optional Items Are To Be Included In The Alta/nsps Land Title Survey, except As Otherwise Qualified (see Note Above): 1. ___x__ Monuments Placed (or A Reference Monument Or Witness To The Corner) At All Major corners Of The Boundary Of The Surveyed Property, Unless Already Marked Or Referenced By Existing monuments Or Witnesses In Close Proximity To The Corner. 2. _____ Address(es) Of The Surveyed Property If Disclosed In Documents Provided To Or Obtained by The Surveyor, Or Observed While Conducting The Fieldwork. 3. _____ Flood Zone Classification (with Proper Annotation Based On Federal Flood Insurance Rate maps Or The State Or Local Equivalent) Depicted By Scaled Map Location And Graphic Plotting Only. 4. __ X __ Gross Land Area (and Other Areas If Specified By The Client). 5. __#5__ Vertical Relief With The Source Of Information (e.g., Ground Survey, Aerial Map), Contour interval, Datum, With Originating Benchmark, When Appropriate. 6. _____ (a) If The Current Zoning Classification, Setback Requirements, The Height And Floor Space area Restrictions, And Parking Requirements Specific To The Surveyed Property Are Set Forth In A Zoning report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, List The above Items On The Plat Or Map And Identify The Date And Source Of The Report Or Letter. _____ (b) If The Zoning Setback Requirements Specific To The Surveyed Property Are Set Forth In A zoning Report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, and If Those Requirements Do Not Require An Interpretation By The Surveyor, Graphically Depict Those requirements On The Plat Or Map And Identify The Date And Source Of The Report Or Letter. 7. __ X __ (a) Exterior Dimensions Of All Buildings At Ground Level. (b) Square Footage Of: __ X __ (1) Exterior Footprint Of All Buildings At Ground Level. _____ (2) Other Areas As Specified By The Client. _____ (c) Measured Height Of All Buildings Above Grade At A Location Specified By The Client. If No location Is Specified, The Point Of Measurement Shall Be Identified. 8. _____ Substantial Features Observed In The Process Of Conducting The Fieldwork (in Addition To the Improvements And Features Required Pursuant To Section 5 Above) (e.g., Parking Lots, Billboards, signs, Swimming Pools, Landscaped Areas, Substantial Areas Of Refuse). 9. _____ Number And Type (e.g., Disabled, Motorcycle, Regular, And Other Marked Specialized types) Of Clearly Identifiable Parking Spaces On Surface Parking Areas, Lots, And In Parking Structures. striping Of Clearly Identifiable Parking Spaces On Surface Parking Areas And Lots. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 10 Of 10 american Land Title Association And national Society Of Professional Surveyors 10. _____ As Designated By The Client, A Determination Of The Relationship And Location Of Certain division Or Party Walls With Respect To Adjoining Properties. 11. Evidence Of Underground Utilities Existing On Or Serving The Surveyed Property (in Addition To The observed Evidence Of Utilities Required Pursuant To Section 5.e.iv.) As Determined By: _____ (a) Plans And/or Reports Provided By Client (with Reference As To The Sources Of Information) _____ (b) Markings Coordinated By The Surveyor Pursuant To A Private Utility Locate Request. note To The Client, Insurer, And Lender With Regard To Table A, Item 11, Information From The Sources checked Above Will Be Combined With Observed Evidence Of Utilities Pursuant To Section 5.e.iv. To develop A View Of The Underground Utilities. However, Lacking Excavation, The Exact Location Of underground Features Cannot Be Accurately, Completely, And Reliably Depicted. In Addition, In Some jurisdictions, 811 Or Other Similar Utility Locate Requests From Surveyors May Be Ignored Or Result In An incomplete Response, In Which Case The Surveyor Shall Note On The Plat Or Map How This Affected The surveyor S Assessment Of The Location Of The Utilities. Where Additional Or More Detailed Information Is required, The Client Is Advised That Excavation May Be Necessary. 12. __ X __ As Specified By The Client, Governmental Agency Survey-related Requirements (e.g., Hud surveys, Surveys For Leases On Bureau Of Land Management Managed Lands). The Relevant Survey requirements Are To Be Provided By The Client Or Client S Designated Representative. 13. _____ Names Of Adjoining Owners According To Current Tax Records. If More Than One Owner, identify The First Owner S Name Listed In The Tax Records Followed By Et Al. 14. _____ As Specified By The Client, Distance To The Nearest Intersecting Street. 15. _#5__ Rectified Orthophotography, Photogrammetric Mapping, Remote Sensing, Airborne/mobile laser Scanning And Other Similar Products, Tools Or Technologies As The Basis For Showing The Location Of certain Features (excluding Boundaries) Where Ground Measurements Are Not Otherwise Necessary To locate Those Features To An Appropriate And Acceptable Accuracy Relative To A Nearby Boundary. The surveyor Must (a) Discuss The Ramifications Of Such Methodologies (e.g., The Potential Precision And completeness Of The Data Gathered Thereby) With The Insurer, Lender, And Client Prior To The Performance of The Survey, And (b) Place A Note On The Face Of The Survey Explaining The Source, Date, Precision, And other Relevant Qualifications Of Any Such Data. 16. _____ Evidence Of Recent Earth Moving Work, Building Construction, Or Building Additions observed In The Process Of Conducting The Fieldwork. 17. _____ Proposed Changes In Street Right Of Way Lines, If Such Information Is Made Available To The surveyor By The Controlling Jurisdiction. Evidence Of Recent Street Or Sidewalk Construction Or Repairs observed In The Process Of Conducting The Fieldwork. 18. __x__ Pursuant To Sections 5 And 6 (and Applicable Selected Table A Items, Excluding Table A item 1), Include As Part Of The Survey Any Plottable Offsite (i.e., Appurtenant) Easements Disclosed In documents Provided To Or Obtained By The Surveyor. 19. _____ Professional Liability Insurance Policy Obtained By The Surveyor In The Minimum Amount Of $____________ To Be In Effect Throughout The Contract Term. Certificate Of Insurance To Be Furnished upon Request, But This Item Shall Not Be Addressed On The Face Of The Plat Or Map. 20. _____ ___________________________________________________________________ adopted By The American Land Title Association On October 1, 2020. More At: Www.alta.org. adopted By The National Society Of Professional Surveyors On October 30, 2020. More At: Www.nsps.us.com. 11/16/2023 attachment 2 - Example Survey Marker 2.5 Minimum Diameter bronze mountable On New Precast Monument, Existing Concrete Or Rebar Pin

Details: Description Invitation To Bid For Procurement Of University Ict Modernization Development Program No. 24-06-167 1. The Cebu Normal University, Through The General Appropriations Act Of 2024 Intends To Apply The Sum Of One Billion Pesos (₽ 1,000,000,000.00) For The Procurement Of University Ict Modernization Development Program With Bid No. 24-06-167. Bids Received In Excess Of The Abc For Each Lot Shall Be Automatically Rejected At Bid Opening. 2. The Cebu Normal University Now Invites Bids For The Following Items Of The Above Rebidding For The Procurement Of University Ict Modernization Development Program Project. Unit Item Description Quantity Unit Cost Lot University Ict Modernization Development Program University Enterprise Resource Planning (erp) System 1 344,039,200.00 Human Resource Information System (hris) This Module Manages The Campus Staff Data, Including Recruitment, Payroll, And Billing. 1.1.1. Must Have The Following Modules: 1.1.1.1. Time Keeping Monitoring Modules 1.1.1.2. Automated Payroll System 1.1.1.3. Personnel Information System / Human Resource Information System. 1.1.1.4. Installation And Configuration Services 1.1.1.4.1. Application Installation 1.1.1.4.2. User Workflow Integration 1.1.1.4.3. Integration To Cnu Rdbms Database 1.1.1.4.4. Project Management Services 1.1.1.4.5. Capacity Building And Knowledge Transfer 1.1.1.4.5.1. The Winning Bidder Will Conduct User Training. 1.1.1.4.5.2. The Winning Bidder Will Perform A System Demo. 1.1.1.4.5.3. The Winning Bidder Will Perform System Flow Familiarity. Student Information System (sis) 1.2.1. System Features, Transactions, And Reports: 1.2.1.1. Must Have Tools To Enable Migration Of Existing Student Databases, Register New Students, Generate Adhoc Reports, Monitor And Manage Various Service Requests. 1.2.1.2. Must Contain Complete Student Information, Academic Data File, And Scanned Submitted Documents Of Students Converted Into Pdf. 1.2.1.3. Must Support Fast Generation Of Tor And Form 9 1.2.1.4. Must Be Capable Of Generating A List Of Candidates For Graduation, Scholarships, And Honors. 1.2.1.5. Must Be Able To Receive Approved Electronic Grades From Deans. 1.2.1.6. Must Be Able To Apply Tags To Documents Being Submitted By New Enrollees And Remind Students Of Missing Documents That Need To Be Submitted. 1.2.1.7. Must Have A Mobile Application That Will Enable Access To Online Services Relevant To The Students Such As Request For An Electronic Copy Of Grades, Request For Transcripts Of Records, Copies Of The Com, And Others To Be Determined By The University. 1.2.1.8. The Mobile Application Must Be Compatible With The Latest Versions Of Android And Ios Mobile Devices. 1.2.1.9. Must Have A Free Higher Education Application And Reports Generation System 1.2.1.10. Must Have A Reports Generation System (csc, Dbm, Ched And Other Government Reports) 1.2.1.11. Must Have An Online Verification System 1.2.1.12. Must Have An Electronic Issuance Of Transcript Of Records, Diploma, So, Certifications, Etc. 1.2.1.13. Must Have An Online Testing And Admission Scheduling System. 1.2.1.14. Must Have A Faculty Evaluation System. Financial Management System 1.3.1. Accounts Payable And Disbursements 1.3.1.1. Solution Must Allow Users To Set The Recognition Of Withholding Taxes Either Upon Recording Of Accounts Payable Or Upon Disbursement Depending On The Organization's Policy. 1.3.1.2. Solution Must Be Able To Record Payable Vouchers And Generate An Apv Form. The Payable Voucher Should Allow Users To Input The Supplier Invoice Number And Be Able To Retrieve And Automatically Populate The Details Of The Selected Receiving Report/s. 1.3.1.3. Solution Must Be Able To Record Payment Vouchers And Generate A Payment Voucher Form. The Payment Voucher Should Allow Users To Tag And Apply Payments To Specific Supplier Invoice/s Or Payable Voucher/s And Should Have Controls To Avoid Double Payment Of The Same Payable. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.1.4. Solution Must Be Able To Record Adjustments On Supplier Invoices And Accounts Payable Using A Debit Memo. The Debit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.1.5. Solution Must Allow Users To Monitor And Update The Status Of Checks Prepared Whether On-hand, Released, Cancelled, Or Stale. 1.3.1.6. Solution Must Be Able To Capture Details Of Receipts For Fund Replenishments, Reimbursements , And Liquidations. Users Should Also Be Able To Select The Appropriate Gl Account For The Receipt And Generate The Corresponding Accounting Entries. 1.3.2. Revenues And Collections 1.3.2.1. Solution Must Have Complete List Of Customer's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.2.2. Solution Must Be Able To Group Customers Up To Two Levels As Needed By The Organization. 1.3.2.3. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Sales Orders, Invoice, And Collection Transactions), System Reports, And Master Tables 1.3.2.4. Solution Must Be Able To Record Customer Orders And Generate An Order Form. The Customer Order Must Capture Essential Information Such As: Customer Details, Customer Po Number, Order Type (goods Or Services), Delivery Information, And Item Details 1.3.2.5. Solution Must Be Able To Record Invoice Or Billing Statement And Generate The Corresponding Forms. The Invoice Or Billing Statement Should Automatically Populate The Details From Approved Customer Order/s. Accounting Entries Should Automatically Be Generated Based On The Default Entry Setup. 1.3.2.6. Solution Must Be Able To Record Adjustments On Invoices And Accounts Receivable Using A Credit Memo. The Credit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.2.7. Solution Must Be Able To Record Receivable Collections And Generate An Official Receipt Or Ancai. The Collection Should Allow Users To Tag And Apply The Customer Payments To The Intended Sales Invoice/s Or Billing Statement/s With Controls To Avoid Double Tagging Of Collections. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.2.8. Solution Must Allow Users To Record Cash And Collection Deposits And Generate The Corresponding Accounting Entries To Recognize The Proper Cash In Bank Account. 1.3.2.9. Solution Must Be Able To Generate A Report That Shows Statement Of Account And Accounts Receivable Aging In A Given Period. The Aging Report Should Allow Users To Define Whether The Report Is Based On Transaction Date Or Due Date As Well As The Aging Parameters (weekly, Monthly, Custom Defined Aging). 1.3.2.10. Solution Must Be Able To Generate A Report That Shows The Receivable Ledger Per Customer Group Or Specific Customer In A Given Period. 1.3.2.11. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Collections In A Given Period. 1.3.2.12. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Cash And Check Deposits In A Given Period As Well As Undeposited Cash And Collections. 1.3.3. Inventory Module 1.3.3.1. Solution Must Allow The Setup Of Item Groups And Item Details For Goods, Fixed Assets And Consumables Including Safety Stock Levels And Reorder Point. 1.3.3.2. Solution Must Allow The Setup Of Unit Of Measure For Sales And Purchases. 1.3.3.3. Solution Must Allow The Creation Of Unit Of Measure (um) Conversion Table Where The User Can Define The Conversion Rate From One Um To Another. 1.3.3.4. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Receiving, Issuance And Transfer Transactions), System Reports, And Master Tables. 1.3.3.5. Solution Must Be Able To Create Delivery Receipts And Generate A Dr Form. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.6. Solution Must Allow Users To Record Items Returned To Suppliers. Purchase Return Should Automatically Populate Details From The Approved Purchase Order And Allow Users To Select The Items Returned. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.7. Solution Must Be Able To Record Stock Issuance And Generate A Material Issuance Form. The Material Issuance Can Be Issued To A Requesting Department And Should Capture Details On The Requestor And The Items Issued. 1.3.3.8. Solution Must Be Able To Record Incoming And Outgoing Transfer Of Items Between The Organization's Warehouse. 1.3.4. Property And Fixed Assets 1.3.4.1. Solution Must Have A Complete List Of Fixed Assets Details. Details Include The Asset Group, Technical Specifications, Useful Life, Serial Number, And Issuance Status. 1.3.4.2. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Asset Acquisition, Issuance, And Asset Disposal Transactions), System Reports, And Master Tables 1.3.4.3. Solution Must Allow Users To Record The Purchase Details Of Acquired Assets. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.4. Solution Must Allow The Issuance Of Fixed Assets To The Requesting Department And Authorized User Of The Asset. The Solution Should Be Able To Record The Details Of The Issuance As Well As Tag The Physical Location Of Assets Issued. 1.3.4.5. Solution Must Automatically Calculate The Monthly Depreciation And Net Book Value Of The Asset Using Straight-line Method Over The Asset's Remaining Useful Life. Accounting Entries For Depreciation Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.6. Solution Must Allow Users To Record The Repair Of Fixed Assets And Automatically Calculate The Depreciation For Capitalized Major Repairs. 1.3.4.7. Solution Must Allow Users To Record The Disposal Of Fixed Assets And Remove It From The List Of Active Assets Available For Issuance. Accounting Entries For The Disposal Of Fixed Assets Should Be Automatically Generated Based On The Default Entry Setup. 1.3.5. Government Budget 1.3.5.1. The Solution Must Be Able To Allow The Setup Of Responsible Signatories For Approval Of Budget. 1.3.5.2. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.3. Solution Must Be Able To Classify Budget Transactions To Personnel Services, Maintenance And Other Operating Expenses, Capital Outlay, And Financial Expenses 1.3.5.4. Solution Must Allow Setup Of Notice Of Cash Allocation As Transaction Limits. 1.3.5.5. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Budget Realignment, Budget Earmark, And Obligation Request Transactions), System Reports, And Master Tables 1.3.5.6. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.7. Solution Should Only Allow Transactions To Proceed Based On Approved Budget. Budget Review And Approval Should Apply To Earmarking For Purchase Requests, And Obligation Requests For Purchase Orders. 1.3.5.8. Solution Must Be Create A Request For Fund Appropriation By Requesting Department And Generate An Rfa Form. The Rfa Should Be Able To Capture Information On The Requestor, Department, Priority, And Purpose Of The Appropriation. 1.3.5.9. Solution Must Be Able To Reclassify Approved Budget From One Expense Item To Another Within The Same Budget Classification. 1.3.6. General Ledger And Accounting 1.3.6.1. Solution Must Be Able To Create Chart Of Accounts For Balance Sheet And Profit And Loss Statement. The Chart Of Accounts Can Be Grouped Up To Three Levels To Allow Drill Down Of Accounts When Reporting. 1.3.6.2. Solution Must Be Able Allow Creation Of Books Of Accounts Which Will Contain The Accounting Entries From Transactions. The Books Of Accounts Should Be Classified Into The General Ledger Book, Disbursement Book, Cash Receipts Book, Sales Book And Purchases Books. 1.3.6.3. Solution Must Allow Users To Format The Summarized And Detailed Reports For The Balance Sheet And Profit And Loss Statement 1.3.6.4. Solution Must Allow Users To Setup Multiple Dimensions For Income And Expense Accounts For More Detailed Reporting. Up To Four Dimensions Can Be Created Which Are: Profit Center Or Cost Center, Revenue Type, Principal Or Major Customer Type, And Location. 1.3.6.5. Solution Must Allow The Creation Of Multiple Currencies And Setup The Conversion Rate For Functional And Reporting Currency. 1.3.6.6. Solution Must Allow Creation Of Subsidiary Ledgers For Customers, Suppliers, Employees, And Others As Defined By The User. 1.3.6.7. Solution Must Allow Setup Of Various Tax Codes And Tax Rates For Vat, Creditable Withholding Taxes, And Expanded Withholding Taxes 1.3.6.8. Solution Must Allow Users To Enter The Amounts Which Will Be Set As The Beginning Balance For Each Account. 1.3.6.9. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Journal Entries), System Reports, And Master Tables 1.3.6.10. Solution Must Allow Users To Record Journal Entries To Record Transactions That Are Not From The Other Modules Such As Adjustments And Reclassification Entries. Journal Entries Should Allow The User To Select The Proper Books Of Account Where The Entry Is Recorded And Should Have Controls To Check The Balance Of Total Debit And Credit Accounts. 1.3.6.11. Solution Must Be Capable Of Month-end And Year-end Process To Close Transactions And Proceed To The Next Control Period. 1.3.7. Set-up And Application Manager 1.3.7.1. Solution Must Allow The Setup Of The Details Of The Organization Such As Tin, Address, Contact Details, Tax Settings, Transaction Currency. 1.3.7.2. Solution Should Allow The Creation Of Various Users Of The Accounting System. 1.3.7.3. Solution Must Allow Admin To Define And Control User Access So That Only Authorized Users Will Be Able To Access Specific Modules, Transact, Approve And Generate Reports. Users Can View, Add, Delete (if Not Yet Posted), Print, Or Approve Transactions. 1.3.7.4. Solution Must Allow Setting Up The Forms Used For Various Activities Including Transaction Number Or Document Series For The Forms Such As: Purchase Orders, Customer Orders, Invoice, Receipts, Payable Voucher, Etc. The System Can Automatically Generate The Succeeding Document Numbers During Transaction Entry. 1.3.7.5. Solution Must Allow Setting Up Forms To Be Used In The Various Transactions, Including The Preparers, Reviewers And Approvers Of Said Forms. 1.3.7.6. Solution Must Allow Setting Up Appropriate Department Of The Organization Which Will Be Used In Various Transactions. 1.3.7.7. Solution Must Allow The Setting Up Appropriate Fiscal Or Calendar Year Of The Organization. 1.3.7.8. Solution Must Have Control Checks To Allow Transactions To Proceed To The Next Activity Only When It Is Approved And Posted. Only Posted Transactions Will Appear In The System Reports. 1.3.7.9. Solution Must Allow Users To Perform Batch Approval Or Posting Of Transactions. 1.3.7.10. Solution Must Have Control Checks To Prevent Multiple Logins, And Failed Login Attempts From The Same Account. System Should Also Perform Automatic Logout For Idle Accounts. 1.3.7.11. Solution Must Be Able To Generate Reports That Shows User Access To The Various System Modules, Their Activities, And The Movement Of All Transactions. 1.3.8. Procurement Management System 1.3.8.1. The Solution Must Have A Complete Procurement Module That Can Capture Detailed Information From Purchase Requisition, Purchase Order, And Receiving 1.3.8.1.1. Module Setup - The Solution Must Have The Following Management And Setup Controls: 1.3.8.1.1.1. Solution Must Have Complete List Of Supplier's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.8.1.1.2. Solution Must Be Able To Group Suppliers Up To Two Levels As Needed By The Organization. 1.3.8.2. Transaction Activities - Solution Must Be Capable Of The Following Transactions: 1.3.8.2.1. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Purchase Request, Purchase Orders And Receiving Transactions), System Reports, And Master Tables 1.3.8.2.2. Solution Must Be Able To Record Purchase Requests And Generate A Pr Form. The Purchase Request Must Capture Essential Information Such As: Requestor, Purchase Type (goods, Services, Capital Expenses, Consumables), Date Needed, And The Item Details And Quantity. 1.3.8.2.3. Solution Must Allow Users To Create Requests For Quotation To Invite Suppliers Into A Bidding Process For The Requested Items. 1.3.8.2.4. Solution Must Be Able To Present Details Of Canvass To Aid In Decision Making For Purchases. 1.3.8.2.5. Solution Must Be Able To Record Purchase Orders And Generate A Po Form. The Purchase Order Should Be Able To Retrieve And Automatically Populate The Details Of Approved Purchase Requests And Capture Essential Information Such As: Supplier Details, Purchase Type, Chargeable Department, And Delivery Info. The Purchase Order Should Allow Users To Select The Vat Class Of Each Item (vatable/exempt) And Automatically Calculate The Vat For Each Item If Applicable. 1.3.8.2.6. Solution Must Have A Functionality To Adjust The Amount And Quantity Of The Purchase Order. 1.3.8.3. Generated Reports - The Solution Must Have The Following System Generated Reports: 1.3.8.3.1. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Request In A Given Period 1.3.8.3.2. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Order In A Given Period 1.3.8.3.3. The Solution Must Be Able To Generate A Report That Shows Purchase Requests That Are Unserved, Partially Served Or Fully Served 1.3.8.3.4. The Solution Must Be Able To Generate A Report That Shows Purchase Orders That Are Unserved, Partially Served Or Fully Served. Records Management System 1.4.1.1. Document Versioning: Able To Store Many Versions Of The Same Document, Download Or Revert To A Previous Version. 1.4.1.2. Digital Signatures: Check The Authenticity Of Documents By Verifying Their Embedded Cryptographic Signatures Or Upload Detached Signatures For Document Signed After They Were Stored. 1.4.1.3. Signature Captures: Capable Of Digital Recording Of Handwritten Signatures And Able To Be Used For Business Transactions And Remote Contract Signing. 1.4.1.4. Multiple Sources: Local File Or Server-side File Uploads, Multifunctional Copier, Or Even Via Email 1.4.1.5. Advanced Access Control: 1.4.1.5.1. Role Based Access Control. Able To Create An Unlimited Amount Of Different Roles Not Being Restricted To The Traditional Administrator, Operator, Guest Paradigm. 1.4.1.5.2. With Permission For Every Atomic Operation Performed By Users 1.4.1.6. Previews For Multiple File Formats: Provides Image Preview Generation For Many Popular File Formats. 1.4.1.7. Full Text Searching: Documents Can Be Searched By Its Text Content, Metadata Or Any Other File Attributes Such As Name, Extension, Etc. Multiple Search Engines Must Be Supported. 1.4.1.8. Configurable Document Grouping: Automatic Linking Of Documents Based On Metadata Values Or Document Properties. 1.4.1.9. Workflows: 1.4.1.9.1. Keep Track Of The State Of Documents, Along With The Log Of The Previous State Changes 1.4.1.9.2. Use The Workflow Engine To Automate Business Processes By Executing System Actions. 1.4.1.9.3. Trigger External Processes Using The Workflow. Execute Actions In Other Systems When A Document Hits A Specific State For Complete Business Automation. 1.4.1.9.4. Comply With Regulations Using Automatic State Expiration And Workflow Escalation. 1.4.1.10. Non-destructive Page Mapping: Change The Order Of The Pages Of The Files Uploaded To A Document Or Disable Them To Remove From View. Pages From Multiple Document Files Can Also Be Joined Or Appended To Create Multiple Document Versions From The Same Set Of Files. 1.4.1.11. Complete Event Tracking System: 1.4.1.11.1. Every Action Performed In The System Must Be Recorded For Audit Trail Purposes. 1.4.1.11.2. Users And Other Applications Can Subscribe To Events To Perform Actions Or Provide Notifications. 1.4.1.12. Deployable In Multiple Different Environments, Vendors, Hardware: 1.4.1.12.1. Able To Do A Direct Installation For Maximum Control And Performance 1.4.1.12.2. Use The Official Docker Image For Easier Installation And Scalability. 1.4.1.12.3. Deployable To A Virtual Machine, Direct Hardware, Public Cloud, Private Cloud, Or A Single Board Computer 1.4.2. 2 Units Document Scanner 1.4.2.1. Proposed Throughput Speed Must Have 50 Ppm / 100ppm. 1.4.2.2. Proposed Feeder Capacity Must Be Up To 80 Sheets Of 80 G/m Paper. 1.4.2.3. Proposed Maximum Document Size Must Be 216 Mm X 3,000 Mm. 1.4.2.4. Proposed Minimum Document Size Must Be 52 Mm X 52 Mm 1.4.2.5. Proposed Maximum Optical Resolution Must Have 600 Dpi. Asset Management System 1.5.1.1.1. Unique Asset Tag That Is Assigned To An Asset For The Purpose Of Tracking And Managing Throughout Its Lifecycle. It Must Consist Of A Barcode Or A Serial Number That Is Affixed To The Asset, And Allows Accurate Identification And Location Of The Asset, Track Its Maintenance And Repair History, Assign Ownership And Monitor Depreciation. 1.5.1.1.2. Search Engine For Locating Assets Within An Inventory Or Database. This Can Involve Searching For Assets Based On Various Criteria, Such As Location, Type, Condition, Or Other Attributes Such As Assignee, Barcode Or Serial Number. 1.5.1.1.3. Asset Check In/out Which Serves As A Check List Of Asset/s That Need To Be Accepted Or Released From Possession. It Should Be On Real Time Release And Acceptance With The Option To Attach Photos Or Videos. 1.5.1.1.4. Asset Status That Provides Information On Current Status Such As Accepted, Released, Current Location And Other Status Like Maintenance And Assigned Technician. 1.5.1.1.5. Sends Notifications Of The Status Of An Asset If Accepted, Released, Under Maintenance Or In Transit. 1.5.1.2. Administrator Settings That Provide The Following Functionalities: 1.5.1.2.1. Branding Functionality That Provides Distinctive Name, Logo, Symbol, Or Design To Differentiate Cnu’s Asset Management Services 1.5.1.2.2. Security Features That Provide User Authentication And Access Controls To Authorized Users To Access Sensitive Information Or Make Changes To Asset Records. Option Includes Two Factor Authentication 1.5.1.2.3. Groupings Functionality That Defines And Assigns Groups Within Cnu Such As Finance, Supply Office, Etc. That Will Help Define And Narrow Down Searches And Assignments Of Assets. 1.5.1.2.4. Localization That Defines And Assigns Personnel, Users, Administrator, Groups And Assets Within The Campus To Certain Areas Or Places. 1.5.1.2.5. Notification Feature For Automated Alerts Or Messages To Notify Users Of Events Or Activities Related To The Assets. This Must Include Alerts For Maintenance And Repairs, Asset Checkouts Or Returns, Or Changes To Asset Records. Notifications Can Be Sent Via Email, In-app Notification And Other Messaging Channels Such As Chatbots. 1.5.1.2.6. Qr Code Generation And Assignment To Assets. 1.5.1.2.7. Asset Labeling Feature That Generates Qr And Barcodes For Labelling Of Assets. 1.5.1.2.8. Grouping Of Assets Based On Common Characteristics Or Attributes. Asset Categories Shall Be Used To Organize Assets Into Logical Groupings To Simplify Asset Tracking And Management. 1.5.1.3. User Management Functionality That Provides The Following: 1.5.1.3.1. Rights And Permission For Assignment Of Rights, Permissions And Responsibilities Such As Administrators And Users 1.5.1.3.2. Manual Or Automatic Creation And Removal Of Users That Can Be Triggered By The Hr Application System Through Automatic Notification Of New, Resigned And/or Retired Employees. 1.5.1.4. Asset Management Sub-modules Capable Of The Following: 1.5.1.4.1. Dynamic Fields That Are Highly Customizable To Be Added Or Removed From An Asset Record Based On The Specific Needs Of Cnu, Type Or Category Of An Asset. These Fields Are To Be Used To Capture Additional Information Or Data Points That Are Not Included In The Standard Asset Record Or To Tailor The Asset Record To The Specific Requirements Of Cnu. 1.5.1.4.2. Generates A Checklist For Acceptance Or Release Of An Asset That Will Be Shown On The Dashboards Of The User And Assigner. 1.5.1.4.3. Provides The Users The Capability To Request For Equipment, Office Supplies Or Even Vehicle Service For Use On Certain Occasions. 1.5.1.4.4. Migration Of Assets From Flat File Or Excel File. 1.5.1.4.5. Inventory Status That Provides Stakeholders, Administrator, Users And Requester Of The Current Inventory Of Assets Such As But Not Limited To Office Supplies, Fuel, And Other Pertinent Assets Of Cnu. 1.5.1.4.6. Low Inventory Notification That Allows Cnu To Be Automatically Notified Of Low Inventory On A Threshold Previously Set. 1.5.1.4.7. Asset Assignment Feature That Assigns An Asset To A Specific User Or Location Within Cnu. This Is Done To Track The Person Responsible For The Asset, Asset Location, And How It Is Being Used Through The Use Of Qr Code And Or Barcode Labels. Once An Asset Is Assigned, The Asset Management Software Must Be Able To Track The Asset's Location, Usage History And Maintenance Records. It Should Be Able To Provide Alerts Or Notifications When The Asset Is Due For Maintenance, Repair, Or Replacement. 1.5.1.4.8. License Management Feature That Assigns, Tracks And Records The Number Of Sw Licenses And Its Usage Within Cnu. 1.5.1.4.9. In-app Notification With Secondary Notification Through Email Alerts. 1.5.1.4.10. Mobile Application Feature That Will Enable Access To The Asset Management System Anytime, Anywhere. 1.5.1.5. Single Sign-on 1.5.1.5.1. Must Be An Add-on To The Cms System So Sso And User Rights/roles Are Incorporated Within The Existing User Base. 1.5.1.5.2. Authentication Must Be Through The Sso Of The Cms 1.5.1.6. The Winning Bidder Must Provide Two (2) Units Of Barcode Printers, Two (2) Handheld Scanners And Consumables. 1.5.1.7. The Winning Bidder Shall Perform Pre-functional Testing And User Acceptance Testing Upon Completion Of Its Installation, To Be Witnessed By Cnu Nominated Personnel. Consolidated University & Student Portal 1.6.3.1. Design, Development And Customization Of Faculty And Student Portal 1.6.3.2. Consolidated University & Student Portal Technical Requirements 1.6.3.2.1. Portal Services 1.6.3.2.1.1. Must Support At Most Ten Thousand (10,000) User Identities. 1.6.3.2.1.2. Must Provide User Logins With Appropriate Authentication. 1.6.3.2.1.3. Must Provide ‘forgot Password’ Facility. 1.6.3.2.1.4. Must Provide ‘change Password’ Facility. 1.6.3.2.1.5. Must Have Administration Functionalities Such As: 1.6.3.2.1.5.1. User Management 1.6.3.2.1.5.2. Role Management 1.6.3.2.1.5.3. Announcements 1.6.3.2.2. Development Of Frequently Asked Questions (faqs) 1.6.3.2.2.1. Create Faqs 1.6.3.2.2.2. Read Faqs 1.6.3.2.2.3. Update Faqs 1.6.3.2.2.4. Delete Faqs 1.6.3.2.2.5. List Faqs 1.6.3.2.3. Route Configuration 1.6.3.2.3.1. Route Creation 1.6.3.2.3.1.1. Redirection Link 1.6.3.2.3.1.2. Redirection Logo 1.6.3.2.3.1.3. User Role Assignment 1.6.3.2.3.1.4. Active / Inactive Route 1.6.3.2.3.2. Update Route 1.6.3.2.3.3. Delete Route 1.6.3.2.3.4. List Route 1.6.4. Dashboard Development 1.6.4.1. The Dashboard Must Provide Route Display And Redirection For At Most Four (4) Applications. 1.6.4.2. From The User Dashboard, A Link Must Be Provided To Route The User To A Particular Application. The Requirement Is A Routing Link And So No Application Development Or Application Side Configuration Is Part Of The Portal Requirement. Unified Database Platform 1.7.1.1. It Shall Be Cloud Agnostic And Cloud-native And Can Support Deployments In Bare Metal, Vms, Or Kubernetes Both In On Premise Infrastructure As Well As Cloud For At Least The Following Options: 1.7.1.1.1. Baremetal 1.7.1.1.2. Vmware Vsphere 1.7.1.1.3. Aws 1.7.1.1.4. Google Cloud Platform 1.7.1.1.5. Microsoft Azure 1.7.1.2. It Shall Synchronize The Data Across Multiple Sites And Support Multiple Advanced Replication Architecture. 1.7.1.3. It Must Be Deployed In An Active-active Manner To Ensure Minimal Disruption To Services And Can Withstand The Following Failure Scenarios Depending On The Deployment Topology: Virtual Machine Failure, Container/kubernetes Node Failure, Availability Zone Failure, Region Failure. 1.7.1.4. It Shall Support Both The Sql And Nosql Apis’ Under A Common Storage Substrate To Address Current And Future Use Cases. 1.7.1.5. It Shall Enable Client Applications To Auto- Discover Cluster Nodes And Cluster Topology Using An Application- Friendly Library. 1.7.1.6. It Shall Support A Single Synchronous Cluster Stretched Across Multiple Az’s/regions/clouds, And Support Multiple Advanced Replication Architectures For The Resiliency Of The System. 1.7.1.7. Shall Horizontally Scale Out/in/up/down With Minimal To No Business Disruptions. 1.7.1.8. Shall Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.1.9. It Shall Support Distributed Acid And Transactions With Strong Data Consistency. 1.7.1.10. One (1) Year Of Enterprise Support For Production And Non-production. 1.7.1.11. It Shall Provide The Ability To Increase Computing Capacity Linearly By Adding New Nodes To The Existing Database System With No Downtime. 1.7.1.12. It Shall Support Data Replication Between Two Isolated Instances To Support Application-level Active-active Deployments. 1.7.1.13. The Proposed Solution Shall Enhance The Primary Cluster Capability With Additional Read-replica Nodes To Facilitate Reads Closer To The Customer Base. 1.7.1.14. The Proposed Solution Shall Support Data Affinity To Comply With Country/region-specific Regulatory/compliance Requirements. 1.7.1.15. The Proposed Solution Shall Support Encryption In Transit And Rest To Have A Strong Security Posture. 1.7.1.16. The Proposed Solution Shall Be Able To Provision And Manage In A Fully Air-gapped Environment. 1.7.1.17. The Proposed Solution Shall Support Region/zone/cloud Affinity To Define Different Data Serving Topologies To Keep The Data Serving Nodes Closer To The User Base. 1.7.2. Other Requirements: 1.7.2.1. The Proposed Solution Must Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.2.2. The Proposed Solution Must Have Cdc Capability To Generate Events On Data Change. 1.7.2.3. The Proposed Solution Must Have Api For Management Automation. 1.7.2.4. The Proposed Solution Must Support Advanced Sql Features Like Stored Procedures, Foreign Keys, Triggers, Json Support (filtering, Constraints, And Projections) To Support Current And Future Use Cases. 1.7.2.5. Must Have The Following Services: 1.7.2.5.1. Ssl/dns Configuration - Must Be Able To Install And Configure Ssl Certificates And Assist In The Configuration Of Dns. 1.7.2.5.2. Workflow Integration - Ability To Define Different Approval Process In The Workflow Engine. 1.7.2.5.3. Database Migration - Must Be Able To Migrate All Existing Electronic Data To The New Database. Ict Infrastructure Requirements 1 22,236,484.00 2.1. Supply And Installation Of 48-core Single Mode Os2 Fiber Optic Cable That Will Link Select Buildings To The Data Center. The Backbone Will Serve As The Network Gateway Throughout The Campus. 2.2. 1gbps Direct Internet Access 2.2.1. The Winning Bidder Must Provide A 1gbps Direct Internet Access 2.2.2. The Winning Vendor Must Initiate A Service Application (service Subscription) And Activation From An Internet Service Provider (isp) That Is Capable Of Delivering Internet Service Through A Fiber Optic Cable (foc) Backbone. The University Shall Be The Subscription Account Owner. Centralized Security Operations Center 1 246,115,477.00 The Solution Must Be A Cloud-native Security Operation Platform With Built-in And Fully Integrated (single Interface/management) Next-generation Ngsiem, Ueba, Ndr, Fim, Sanboxing, And Soar Capabilities, As Well As Open Integration To Existing Security Stacks And Future Security Tools, To Automate Cybersecurity Threat Detection, Investigation, And Response Across The Entire Attack Surface. 3.1. Xdr 3.1.1. The Solution Must Be Soc 2 Type 2 Certified 3.1.2. The Solution Must Have Ng-siem Natively To Provide A Centralized Location For Gathering And Organizing Data From Any Existing Security Control, It, And Productivity Tool Using Pre-built Integrations That Are Easy To Use And Do Not Incur Additional Costs For Integrating New Security Tools. 3.1.3. The Solution Must Have Ndr Natively Built-in To Provide Visibility Into Threats At The Network Layer To Stop Attacks Faster To Limit Potential Damage. 3.1.4. The Solution Must Include Ueba Natively To Analyze Traffic And Produce Security Status And Event Information On Individual Users, As Well As Monitor Network Assets And Analyze Their Behavior To Detect Threats. 3.1.5. The Solution Must Include File Integrity Monitoring To Track Changes To Specified Files And Directories, Such As File Changes, File Creations, And File Deletions. 3.1.6. The Solution Must Have Sandbox Built-in Capable Of Detecting Reassembled Files Over The Wire That, If Found To Be Malicious, Will Actively Detonate In A Malware Sandbox To Detect Novel Threats. 3.1.7. The Solution Must Be Able To Collect Data Without Limiting The Type And Number Of Devices To Collect From. 3.1.8. The Software Solution Must Be Scalable And Capable To Accommodate Minimum Of 100gb Data. 3.1.9. The Solution Must Have Native Sensors That Can Be Delivered On-premises As A Purpose-built Appliance, A Virtual Appliance (vmware, Microsoft Hyper-v, Or Kvm), Or In The Cloud, Such As Aws, Azure, Google Cloud Platform, Or Oracle Cloud Infrastructure. 3.1.10. The Solution's Native Sensor Must Be Prepackaged With Network Ids, Deep Packet Inspection, And Malware Sandbox Functionality. 3.1.11. The Solution Must Integrate Threat Intelligence And Telemetry Data From Multiple Sources With Security Analytics To Contextualize And Correlate Security Alerts. 3.1.12. The Solution Must Have Soar Built-in To Provide Both Manual And Automated Response To Cyber Threats Using Pre-defined Playbooks And Pre-built Integrations To Security, It, And Productivity Products, Ensuring Identified Threats Are Mitigated Appropriately And Consistently. 3.1.13. The Solution Must Be Able To Automatically Generate Novel Alerts Based On Input Data Sources Without Requiring The Manual Creation Of Rules, Such As Finding Anomalous Patterns Based On Parent-child Process Relationships, Unusual Application Connections Or Usage, Unusually High User Command Execution Rates, And Unusually High Numbers Of Connections To Non-standard Ports For An Application. 3.1.14. The Solution Must Automatically Integrate Its Own Threat Intelligence Platform (tip) Into Its Architecture For Data Enrichment In Order To Rapidly Identify Attack Paths And Previous Interactions With Known Bad Actors, Increasing Threat Detection Accuracy While Decreasing Response Time. 3.1.15. The Solution Must Be Capable Of Catching, Extracting, And Reassembling Malware That Travels Through The Network Via Http, Ftp, Smb, And Smtp. 3.1.16. The Solution Must Be Capable Of Forwarding Malicious Files To An External Https Server. 3.1.17. The Solution Must Be Able To Translate An Ip Address Into A Geographical Location Or Reputation. 3.1.18. The Solution Must Be Able To Override The Geolocation Gathered From Geolocation Databases By Manually Defining The Geolocation Associated With Specified Ip Addresses. 3.1.19. The Solution Must Have An Aggregator That Can Be Deployed As A Virtual Appliance And Act As A Proxy To Forward Traffic From Other Sensors To The Central Data Repository. 3.1.20. The Solution Must Support Geo Location Public Ip Look Up 3.1.21. The Solution Must Have Reputation-based Threat Intelligence That Automatically Enriches Network Data And Logs During Real-time Ingestion To Add Context To The Data, Thereby Improving The Analyst's Threat Detection, Investigation, And Hunting. 3.1.22. The Solution Must Be Able To Cut Through The Noise Of An Overwhelming Volume Of Alerts By Automating Both Threat Detection (via Ai And Machine Learning) And Response (via Automated Threat Hunting). 3.1.23. The Solution Must Have Integrated Threats, Incident And Compliance Management. 3.1.24. The Solution Must Be Capable Of Constructing A Meaningful Security Context By Utilizing Machine Learning To Determine The Strength Of The Link Between An Alert And A Potential Incident By Employing Multiple Security Artifacts Such As Shared Entities (assets Or Users), Properties (hashes Or Urls), And Time. 3.1.25. The Solution Must Automatically Monitor For Known Bad Events, And Use Sophisticated Correlation Via Search, To Find Known Risk Patterns Such Brute Force Attacks, Data Leakage And Even Application-level Fraud. 3.1.26. The Solution Must Be Able To Detect Compromised Hosts Associated With Advanced Threats And Malware Infections 3.1.27. The Solution Must Be Able To Find Activities And Events Associated With Successful Attacks And Malware Infections 3.1.28. The Solution Must Issue Alert Upon Detection Of Blacklisted External Ip 3.1.29. The Solution Must Be Fully Customizable When Creating Warning Or Alarms For High Risks Events 3.1.30. The Solution Must Support Authentication Authorization Accounting (aaa). 3.1.31. The Solution Must Use Machine Learning Based Detections. Please Provide Some Use Cases And Evidence That The App Is Using Machine Learning Based Algorithms 3.1.32. The Solution Should Include Unsupervised Machine Learning Detection Model That Predicts Current Behavior Based On The Historical Distribution Of A Given Detection Parameter (host, User, Source Ip Address, Etc). 3.1.33. The Solution Should Include An Unsupervised Machine Learning Detection Model That Learns Steady Population Statistics From The Past Peer Data And Looks For Irregularities That Deviate From Typical Behavior Over Time. 3.1.34. The Solution Should Include An Unsupervised Machine Learning Detection Model That Examines Whether The Presence Of A Given Detection Parameter Has Appeared In The Last Number Of Days Or Not. 3.1.35. The Solution Should Include A Supervised Classification Model That Uses A Set Of Indicators To Determine A Decision Boundary Between Normal And Suspicious Data Points. 3.1.36. The Solution Must Provide An Api With The Following Capabilities: 3.1.36.1. Retrieve Detailed Collector Information 3.1.36.2. Retrieve Detailed Incident Information 3.1.36.3. Update Incident Detail 3.1.36.4. Next-generation Siem 3.1.37. The Solution Must Ensure That Security Incidents Are Accessible And Searchable Within Twelve (12) Months. As Needed, Evidence From Security Incidents Is Made Available For Historical Analysis. 3.1.38. The Solution Must Be Capable To Collect Different Types Of Metadata (e.g., Logs, Security Events, Network Flows, Among Others) From Data Sources And Shall Include Log Compression And Industry Standard Encryption At Rest And In Transit To Ensure Security Of Captured Data From Disclosure To Disinterested Parties. 3.1.39. The Solution Must Automatically Normalize And Enrich Data From Any Source With Context Such As Threat Intelligence, User Details, Device Information, Geographical Location To Enable Detailed, Extensible Data Analytics. 3.1.40. The Solution Must Be Capable Of Collecting And Normalizing Server Logs, Network Packets, Server Process Data, File Data, And Threat Intelligence Data Into Json-formatted Records. 3.1.41. The Solution Must Include An Alert Statistics Dashboard That Allows Analysts To Quickly Examine Any Discovered Alerts At A Glance, Such As: 3.1.41.1. Graph Of Critical Vs. Total Alert Status 3.1.41.2. Show The Open Vs. Total Alert Graph. 3.1.41.3. Show The Alert Trend. 3.1.41.4. The Solution Must Be Capable Of Ingesting Tls Encrypted Syslog And Syslog-ng Logs. 3.1.42. The Solution Must Have A Sensor That Can Be Deployed As An Agent In Windows Servers (windows Server 2008 R2, 2012, 2016, And 2019) To Collect Event Data Related To The Following: 3.1.42.1. Hardware 3.1.42.2. Security 3.1.42.3. System 3.1.42.4. Windows Firewall 3.1.42.5. Windows Defender 3.1.42.6. Windows Powershell 3.1.43. The Solution Must Be Able To Integrate With Domain Controllers In Order To Enrich Data Collected With The Relationship Between Users And Ip Addresses. 3.1.44. The Solution Must Be Able To Integrate With A Dhcp Server To Determine The Relationship Between Hostnames And Ip Addresses And Track Devices When The Ip Address Changes. 3.1.45. The Solution Must Be Able To Ingest Windows Sysmon Events. 3.1.46. The Solution Must Be Able To Correlate Traffic, Processes, Users, And Commands In Order To Detect Security, Ddos, And Breach Attempts. 3.1.47. The Solution Must Have A Collector That Can Be Deployed As An Agent In Linux Servers (rhel, Centos, Debian, Ubuntu, Amazon Linux, Oracle Linux, Suse Linux) To Monitor And Capture The Following Information: 3.1.47.1. Process Info. 3.1.47.2. Command Execution. 3.1.47.3. Files. 3.1.47.4. File Events. 3.1.48. The Solution Must Include A Tool For Finding And Visualizing Correlations Between Events. 3.1.49. The Solution Must Have A Visual Tool For Focusing In On A Single Entity (host, Ip, Url, Or User) In A Security Event And Viewing Its Relationship To Other Entities. 3.1.50. The Solution Must Include Out-of-the-box Threat Hunting Templates That Can Be Edited, Copied, And Exported. 3.1.51. The Solution Must Be Capable Of Removing Duplicate Data Through Packet Deduplication. 3.1.52. The Solution Must Be Able To Reduce The Amount Of Metadata Gathered For Smb Commands. 3.1.53. The Solution Must Automatically Compress The Ingested Data. 3.1.54. The Solution Must Be Capable Of Sending Alerts To Relevant Personnel Regarding Security Issues Based On Correlated Events. 3.1.55. The Solution Must Be Capable Of Serving Any Number Of Logical Network Data Or Log Segregation Based On Specific Departments, Functionalities, Or Locations That The User Considers To Be Managed Separately. Not Only Should Security Information Be Kept Completely Separate, But Machine Learning-based Threat Detections Should Also Be Distinct For Each Department. 3.1.56. The Solution Must Include Data Collectors That Are Able To Send Data (log/event) In Real-time And Batch Mode. 3.1.57. The Solution Must Be Capable Of Performing Server And Network Infrastructure Monitoring Out Of The Box. 3.1.58. The Solution Must Be Capable Of Performing Application Monitoring Out Of The Box. 3.1.59. The Solution Must Be Able To Maintain The Original Timestamps For Each Event While Handling Timestamps From Different Time Zones 3.1.60. The Solution Shall Provide Advance Correlation Capabilities To Detect Security Incidents Such As: 3.1.60.1. Ddos Attacks 3.1.60.2. Worm Outbreak 3.1.60.3. Port Scan 3.1.60.4. Sql Injection 3.1.60.5. Brute Force Attack 3.1.61. The Solution Must Be Able To Correlate Asset Info With Threat And Vulnerability Data. 3.1.62. The Solution Provides Network Visibility From Wire Data That Contains Critical Insights About Payloads, Session Information, Errors, Dns, Etc. 3.1.63. The Proposed Solution Shall Be Able To Provide Search Function That Support Boolean-style Patterns Search. 3.1.64. Proposed Solution Shall Be Able To Allow Analysts To Build Queries Using Combined Search Methods. A Single Query May Contain Keywords And Field-based Conditions. 3.1.65. The Proposed Solution Must Be Able To Perform Sub Search In Regard To The Security On Top The Current Search. 3.1.66. The Solution Must Have A Customizable Widget On The Dashboard. 3.1.67. The Solution Must Support Email Notification With Content In Json Format. 3.1.68. The Solution Should Include An Investigative Tool That Allows Security Analysts To Quickly Examine Any Security Alerts By Displaying Enriched Alert Information That Includes Identified Mitre Att&ck Tactic And Techniques Used, Attack Kill Chain Category, Ml Based Score, Alert Status, Key Event Parameters That Contribute To Triggering The Alert, And Full Event Details. 3.1.69. The Solution Must Have The Ability To Threat Hunt And Automate The Threat Hunt And Apply To Soar. 3.2. User And Endpoint Behavior And Analytics (ueba) 3.2.1. The Solution Must Be Capable Of Inspecting Assets For Threat Data And Past Performance. 3.2.2. The Solution Must Be Capable Of Monitoring Every Server, Router, And Host System In The Private Network. 3.2.3. The Solution Should Provide A Host-centric View Of Alert Activity For Specific Hosts. 3.2.4. The Solution Must Come With User Behavior Analytics That Collect User Information From Active Directory 3.2.5. The Solution Must Come With Entity Behavior Analytics That Collect Ip Information From Network Traffic. 3.2.6. The Solution Must Track Changes And Secure Your Environment By Monitoring For Suspicious Activity, User Role Changes, Unauthorized Access And More. 3.2.7. The Solution, Based On Observed Security Events And Asset Risk Profile, Assigns A Risk Score. 3.2.8. The Solution Must Discover Assets Dynamically Across Networks, Endpoints, And Cloud Environments. 3.2.9. The Solution Must Use Either Host Names, Mac Addresses, Or Ip Addresses To Uniquely Identify Assets. 3.2.10. The Solution Must Collect And Fuse User-relevant Data From Multiple Data Sources Across The Security Infrastructure Automatically. 3.2.11. The Solution's Machine Learning Must Be Used To Enable Sophisticated Behavioral Analytics In The Solution. 3.2.12. The Solution Without Any Rules Or Signatures, Must Detect Bad Behavior. 3.2.13. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An Internal User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.14. The Solution Must Be Capable Of Detecting When An Internal User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.15. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An External User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.16. The Solution Must Be Capable Of Detecting When An External User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.17. The Solution Must Be Able To Detect A User Who Logs In To A New Asset Who Typically Uses A Small, Consistent Number Of Assets. 3.2.18. The Solution Must Be Capable Of Detecting A User Who Has Logged In From An Unusual Location. 3.2.19. The Solution For Each Detected And Identified For Asset, Must Provide A Kill Chain View Of Security Events. 3.2.20. The Solution Must Track Threats Based On The User Rather Than The Threat Type. 3.2.21. The Solution Must Assign A Risk Score To Each User In Order To Easily Identify Risky Users. 3.2.22. The Solution Must Be Capable Of Detecting A User Who Typically Executes A Small, Consistent Number Of Processes But Has Recently Executed A New Process. 3.2.23. The Solution Must Be Capable Of Detecting An Internal Http Connection Made By An Internal User Agent That Has Never Been Observed Or Has Only Been Seen On Rare Occasions. 3.2.24. The Solution Must Be Capable Of Detecting An External Http Connection Made By A Potentially Malicious User Agent. 3.2.25. The Solution Must Be Capable Of Detecting A User Who Has Logged In From Locations That Are Geographically Impossible To Travel Between Within The Time Frame. 3.2.26. The Solution Must Be Capable Of Detecting A User Who Logs In At An Unusual Time. 3.2.27. The Solution Must Be Able To Detect An Asset That Started A Previously Unknown Process, Which Could Indicate A Malware Attack. 3.2.28. The Solution Must Be Capable Of Detecting Processes That Typically Launch A Small, Consistent Number Of Child Processes. 3.2.29. The Solution Must Be Capable Of Detecting A File Or Files That Have Been Created An Unusually Large Number Of Times. 3.3. Network Detection And Response (ndr) 3.3.1. The Solution Must Be Capable Of Monitoring Suspicious Traffic In Both External (north/south) And Internal (east/west) Traffic, As Well As Traffic In All Physical And Virtual Environments. 3.3.2. The Solution Must Enable The User To Safely Inspect Suspicious Files In Order To Detect The Presence Of Zero-day Malware And Advanced Persistent Threats. 3.3.3. The Solution Must Be Capable Of Ingesting Rspan Session Flows. 3.3.4. The Solution Must Be Capable Of Ingesting Gre Traffic That Has Been Mirrored With Erspan. 3.3.5. The Solution Must Be Capable Of Compiling Identical Metadata From Talkative Applications Into A Single Record To Reduce Traffic Going To Central Data Repository. 3.3.6. The Solution Must Be Capable Of Correlating Processes Running On The Sensor And Host And The Ip Address/port Visible In Traffic. 3.3.7. The Solution Must Passively Collect Asset Information And Network Flow Information. 3.3.8. The Solution Must Be Capable Of Correlating And Identifying Application Performance Issues Due To Security Incident (e.g. Ddos Attacks, Unauthorized Access To The System That Causing Application Performance Issues.). 3.3.9. The Solution Should Have The Ability To Report When Data Theft Occurs. 3.3.10. The Solution's Architecture Has To Be Very Extensive In Network Traffic Analysis Using Both Supervised And Unsupervised Learning. 3.3.11. The Solution Must Be Capable Of Capturing Raw Network Packets And Reducing The Data To Produce Valid Security Events Without The Size Of A Full Packet Capture. 3.3.12. The Solution Must Be Capable Of Collecting And Correlating Firewall Traffic Logs, Ids Events, Netflow And Cloud Flow Logs. 3.3.13. The Solution Must Be Able To Track The Interaction Between Network Devices, Services, And Applications In Real Time And Over Time. 3.3.14. The Solution Shall Be Able To Address All Alert Types Tied To Phases Of Attack Life Cycle. 3.3.15. The Solution Should Support Integration To Firewall To Do Inline Blocking Mode (not Tcp Reset). 3.3.16. The Solution Must Be Capable Of Monitoring Dns Resolution Changes For Specified Domains, So That If One Of The Observed Domains Resolves To A Different Ip Address, The Solution Will Populate A Visual Record Indicating The Change. 3.3.17. The Solution Must Provide A Visual Representation Of The Entire Attack Landscape, Mapping Detected Threats To Their Corresponding Attack Kill Chain Stage. The Detected Threat Must Be Clearly Tagged With The Relevant Mitre Attack Framework For Detailed Analysis Of An Ongoing Attack's Progression. 3.3.18. The Solution Must Be Capable To Do Comprehensive Network Traffic Analysis Which Includes: 3.3.18.1. Network Performance Statistics 3.3.18.2. Server Performance 3.3.18.3. Application Detection And Performance Monitoring: 3.3.18.4. Top Sources & Top Destinations 3.3.18.5. Asset Application Performance 3.3.18.6. Application Processing Time 3.3.18.7. Network Interactions With Asset 3.3.18.8. Http Statistics 3.3.18.9. Dns Statistics 3.3.18.10. Asset Discovery And Statistics 3.3.18.11. Ip Address 3.3.18.12. Device Manufacturer 3.3.18.13. Application Services 3.3.18.14. Time Discovered And Last Seen 3.3.18.15. Asset Tag(s) And Description 3.3.18.16. Server Certificate Visibility 3.4. Soar (security Orchestration Automation And Response) 3.4.1. The Solution Must Automatically Recognize Alerts From Multiple Sources, Analyze Them For Similarities, And Automatically Add Any Identified Connected Alerts To A Case Or Cases, Preventing The Team From Duplicating Efforts And Hunting For Details In Multiple Places. 3.4.2. The Solution Must Have A Dynamic Case Management Tool That Automates The Continuous Correlation Of Existing Cases To New Alerts When They Are Discovered To Be Potentially Related. 3.4.3. The Solution Must Be Capable Of Storing Cases For A Year. 3.4.4. The Solution Must Be Capable Of Accelerating Security Incident Management Processes By Automating Case Generation With Key Details Such As The Ones Listed Below. 3.4.5. Incident Name And Ticket Id: These Must Be Generated Automatically. 3.4.6. Incident Score: A Score Based On How Serious The Incident Was. 3.4.7. Incident Severity: The Incident's Severity (critical, High, Medium, Or Low) 3.4.8. Incident Reported Time: The Time When The Incident Occurred. 3.4.9. Analyst Assigned To Incident: The Person Tasked With Handling The Incident. 3.4.10. Incident Status: The Incident's Associated State (new, Escalated, Ongoing, Solved, Cancelled). 3.4.11. Incident Closed Time: The Time When The Incident Was Resolved. 3.4.12. The Solution Must Have Out Of The Box Or Customizable Playbooks Of Best Practices To Scale Operations, Drive Consistency In Response And Meet Compliance Requirements. Playbooks Deployed Shall Include At Least: 3.4.12.1. Phishing Enrichment And Response 3.4.12.2. Malware Endpoint Response 3.4.12.3. Internal And External Login Anomalies (multiple Failed Logins, Unusual Activity Such As Login Attempts Outside Office Hours, Unusual Login Location, Login From Suspicious Device) 3.4.12.4. Unusual Browsing Activity 3.4.12.5. Web Attack Profiling And Blacklisting 3.4.12.6. File Activity Anomalies Such As Creation, Move, Delete, Or Change 3.4.12.7. Potential Data Exfiltration 3.4.12.8. C&c Connection 3.4.13. The Solution Must Automatically Trigger Playbooks With Predefined Workflows That To Perform A Variety Of Instructions That Could Include Executing Scripts Or Integrating With Other Tools In The Environment. 3.4.14. The Solution Must Have The Option To Create User-defined Playbooks With Customized Workflow. 3.5. 2 Units Next-generation Firewall For Perimeter 3.5.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.5.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.5.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.5.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.5.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.5.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.5.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.5.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Without Additional License Cost. 3.5.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.5.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.5.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.5.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance. 3.5.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.15. Must Have Zero-day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.5.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.5.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.5.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.5.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage. 3.5.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.5.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.5.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.5.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.5.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation. 3.5.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.5.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.5.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.5.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, And Asymmetric Routing. 3.5.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.5.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.5.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.5.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.5.32.1. Firewall Inspection Throughput – 42 Gbps; 3.5.32.2. Threat Prevention Throughput – 28 Gbps; 3.5.32.3. Application Inspection Throughput – 30 Gbps; 3.5.32.4. Ips Throughput – 28 Gbps; 3.5.32.5. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 10 Gbps; 3.5.32.6. Vpn Throughput – 22.5 Gbps; 3.5.33. The System Must Be Capable Of Handling: 3.5.33.1. Connections Per Second - 280,000/sec; 3.5.33.2. Maximum Connections (spi) – 15,000,000; 3.5.33.3. Max Dpi-ssl Connections – 1,500,000; 3.5.33.4. Maximum Connections (dpi) – 12,000,000 3.5.33.5. The System's Interface Must Include: 3.5.33.5.1. 2 X 100/40-gbe Qsfp28, 3.5.33.5.2. 8 X 25/10/5/2.5-gbe Sfp28, 3.5.33.5.3. 4 X 10/5/2.5/1-gbe Sfp+, 3.5.33.5.4. 4 X 10/5/2.5/1-gbe Cu, 3.5.33.5.5. 16 X 1-gbe Cu 3.5.33.5.6. 2 X Usb 3.0, 3.5.33.5.7. Management Interfaces - 1 Gbe, 1 Console" 3.5.33.5.8. Storage: 1.5tb 3.6. 2 Units Next-generation Firewall For Data Center 3.6.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.6.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.6.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.6.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.6.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.6.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.6.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.6.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Withought Additional License Cost. 3.6.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.6.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.6.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.6.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance 3.6.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.15. Must Have Zero Day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.6.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.6.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.6.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.6.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage 3.6.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.6.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.6.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.6.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.6.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation 3.6.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.6.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.6.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.6.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, Asymmetric Routing, And Common Access Card (cac) Support. 3.6.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.6.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.6.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.6.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.6.32.1. Firewall Inspection Throughput – 28 Gbps; 3.6.32.2. Threat Prevention Throughput – 15 Gbps; 3.6.32.3. Application Inspection Throughput – 18 Gbps; 3.6.32.4. Ips Throughput – 17 Gbps; 3.6.32.5. Anti-malware Inspection Throughput- 16 Gbps 3.6.32.6. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 7 Gbps; 3.6.32.7. Vpn Throughput – 15 Gbps;" 3.6.33. The System Must Be Capable Of Handling: 3.6.33.1. Connections Per Second - 228,000/sec; 3.6.33.2. Maximum Connections (spi) – 5,000,000; 3.6.33.3. Max Dpi-ssl Connections – 350,000; 3.6.33.4. Maximum Connections (dpi) – 3,500,000 " 3.6.34. The System's Interface Must Include: 3.6.34.1. 6 X 10/5/2.5/1-gbe Sfp+, 3.6.34.2. 2 X 10g/5g/2.5g/1g Cu, 3.6.34.3. 24 X 1-gbe Cu, 3.6.34.4. 2 X Usb 3.0, 3.6.34.5. Management Interfaces - 1 Gbe, 1 Console 3.6.34.6. Storage: 128gb M.2 (expandable Up To 256gb) 3.7. 2 Units Application Delivery Controller 3.7.1. System Must Of Be 19-inch Rack Mountable 1 U Form Factor. 3.7.2. System Must Have Dedicated Management Port. 3.7.3. System Must Have Rj-45 Console Port. 3.7.4. System Must Have 5x1g Copper Interface, 4x1g Sfp Or 4x10g Sfp+. 3.7.5. System Must Have Dual Power Supply. 3.7.6. System Must Support 20 Gbps Of L7 Throughput. 3.7.7. System Must Support 32 Million Concurrent Connection. 3.7.8. System Must Support 500k Layer4 Connection Per Second. 3.7.9. System Must Support 180 K 1:1 Layer7 Connection Per Second For Http. 3.7.10. System Must Support 9gbps Of Ssl Offloading Throughput With 28 K Ssl Cps On Ecdhe Cipher. 3.7.11. Application Delivery Partition/virtual Context. 3.7.12. System Must Support 32 Application Delivery Partition/virtual Context. 3.7.13. System Must Support Dedicated Configuration File For Each Virtual Context. 3.7.14. System Must Support Resource Allocation To Each Context Including Throughput, Cps, Concurrent Connection, Ssl Throughput. 3.7.15. System Must Be Able To Modify The Resource Allocation On The Fly Without Restarting/rebooting Any Context. 3.7.16. All The Virtual Context Must Be Available From Day-1. 3.7.17. System Must Support 7 Million Ddos Protection (syn Flood) Syn/sec 3.7.18. System Must Support Protection From Fragmented Packets. 3.7.19. System Must Support Protection From Ip Option. 3.7.20. System Must Support Protection From Land Attack. 3.7.21. System Must Support Protection From Packet Deformity Layer 3. 3.7.22. System Must Support Protection From Packet Deformity Layer 4. 3.7.23. System Must Support Protection From Ping Of Death. 3.7.24. System Must Support Protection From Tcp No Flag. 3.7.25. System Must Support Protection From Tcp Syn Fin. 3.7.26. System Must Support Protection From Tcp Syn Frag. 3.7.27. System Must Support Connection Limit Based On Source Ip. 3.7.28. System Must Support Connection Rate Limit Based On Source Ip. 3.7.29. System Must Support Request Rate Limit Based On Source Ip. 3.7.30. Server Load-balancing /proxy Features. 3.7.31. System Must Support Layer4-layer7 Load-balancing. 3.7.32. System Must Support Load-balancing Algorithims Including Round-robin, Least Connection, Service Least Connecttion, Fastest Reponse, Hash Etc. 3.7.33. System Must Support Active-active And Active-backup Server Configuration For Load-balancing. 3.7.34. System Must Support Reverse Proxy Functionality Of Hosting Multiple Http/https Service Behind Single Ip 3.7.35. System Must Support Source-nat For Slb Traffic 3.7.36. System Must Have Flexibility To Config Vip As Source Nat Ip 3.7.37. System Must Support X-forwarder Option. The Appliance Should Have Option To Enable X-forwarder Option Per Service To Log Actual Client Ip In Web Server Log. 3.7.38. System Must Support L7 Database Load-balancing 3.7.39. System Must Support Http Compression 3.7.40. System Must Support Global Server Load-balancing 3.7.41. System Must Support Tls 1.2 And Tls 1.3 3.7.42. System Should Integrate With Third Party Ssl Certificate Lifecycle Management Platform To Renew Certificates Automatically, Automate The Certificates Issuance, Automate Provisioning Of Renewed Certificates, Eliminate Outages With Continuous Key And Certificate Updates & Enable Devops Teams, Pki, And Security Teams To Acquire Full Visibility Of Certificate Usage Throughout Their Networks. 3.7.43. System Must Support Simple Certificate Enrollment Protocol. 3.7.44. System Must Support Dns Application Firewall. 3.7.45. System Should Stop Buffer Overflows, Malformed Requests And Head Off Dns Amplification-based Ddos Attacks, Also Able To Prevent Dns Cache-poisoning And Spoofing. 3.7.46. System Must Support Application Template A Wizard That Guide A User Through A Step-by-step Deployment Process For Quick And Easy App Deployment. 3.7.47. The Application Template Wizard Embeds Industry Best Practices Relevant To The Application And Enables To Deploy Applications In Minutes Instead Of Hours. Application Template Must Include Oracle, Microsoft Exchange, Skype, Sharepoint From Day One. 3.7.48. System Must Support Authentication Offloading From Back-end Servers Using Saml, Kerberos, Ntlm, Tds Sql Logon, Ldap, Radius, Basic, Ocsp Stapling, Html Form- Based From Day One. 3.7.49. System Must Support Graceful Activation And Disabling Of The Backend Server. 3.7.50. System Must Support Application Level Load-balancing Of Radius And Diameter Protocol. 3.7.51. System Must Support Application Level Load-balancing Of Dns Protocol. 3.7.52. System Must Support Application Level Load-balancing Of Spdy Protocol. 3.7.53. System Must Support Application Level Database Load-balancing. 3.7.54. System Must Support Application Level Imap,pop3 And Smtp Load-balancing. 3.7.55. System Must Support Application Level Load-balancing For Sip Protocol. 3.7.56. System Must Support Application Level Load-balancing For Fix Protocol. 3.7.57. System Must Support Dns Caching. 3.7.58. System Must Support Anycast Based Global Server Load-balancing. 3.7.59. System Must Support Connection Limit Per Server/link. 3.7.60. System Must Support Connection Rate Limit Per Server/link. 3.7.61. System Must Support Request Rate Limit Per Server/link. 3.7.62. System Must Support Single Sign-on (sso) Authentication Relay. 3.7.63. System Must Support Authentication For Microsoft Sharepoint, Outlook Web Access, And Other Packaged And Custom Applications. 3.7.64. System Must Support Perfect Forward Secrecy (pfs) With Elliptic Curve Diffiehellman Exchange (ecdhe) And Other Elliptic Curve Cryptography(ecc) Ciphers. 3.7.65. System Must Support Scriptable Health Check Support Using Tcl, Python, Perl, And Bash. 3.7.66. System Must Support Next Hop Load Distribution (nhld) For Load Balancing Multiple Links. 3.7.67. System Must Support Internet Content Adaptation Protocol (icap) 3.7.68. System Must Support Ipv4 To Ipv6 And Ipv6 To Ipv4 Slb-pt 3.7.69. System Should Support Ip Anomaly Detection. 3.7.70. System Must Have A Provision To Dynamically Add Ips To Black Lists When Ddos Attack Targeted Towards A Specific Ip Address Is Detected 3.7.71. System Must Have A Capabilities To Dynamically Updated Threat Intelligence Feed 3.7.72. System Must Support Starttls Offload For Secure Email And Ldap 3.7.73. System Must Support Vrrp Based Redundancy. 3.7.74. System Must Support Active-active And Active-backup Configuration. 3.7.75. System Must Support Automatic And Manual Configuration Sync. 3.7.76. System Must Support Dynamic Vrrp Priority By Traffic Interface, Server, Nexthop And Routes. 3.7.77. System Must Support Scale-out Configuration Upto 8 Devices To Support Higher Throughput. 3.7.78. System Must Support Dedicated Vrrp Setting Per Virtual Context. 3.7.79. System Must Have Web-based Graphical User Interface (gui) 3.7.80. System Must Have Industry-standard Command Line Interface (cli) 3.7.81. System Must Support Granular Role-based\object-based Access Control 3.7.82. System Must Support Snmp, Syslog, Email Alerts, Netflow V9 And V10 (ipfix), Sflow 3.7.83. System Must Support Rest-style Xml Api For All Functions. 3.7.84. System Must Support External Authentication Including Ldap, Tacacs+, Radius 3.7.85. System Must Have A Seperate Centralize Management For Easily Configure And Manage Policies Across Applications Deployed In Data Centers, Private And Public Clouds. 3.7.86. Centralize Management Should Provide Visibility And Actionable Insights Into The Application Traffic. Simplify Troubleshooting Via Access To Contextualized Data And Logs. Analyze Collected Data To Detect Anomalous Trends. Get Alerts Based On Various Metrics And Customizable Fields. Alerts Delivered Via Email Or Web-hook Url For Automated And Rapid Action. 3.7.87. Centralize Management Should Provide Multi-tenancy Function And Helps Application Team And Services Owners As Tenant And Allow Them To Manage Their Own Infrastructure And Application Policies. 3.7.88. Centralize Management Should Provide Api Driven Automation To Integrate With Devops Tool Like Ansible, Chef, Jenkins, And Orchestration Systems Like Vmware Vro/vra, Cisco Cloud Center, Microsoft Azure, Google Cloud Platform, Amazon Web Services And More. 3.7.89. Centralize Management Analytics Capabilities Must Include End-to-end Response Time Monitoring & Details, Per-request Analysis & Application Access Logs, Security Insight And Analytics, Granular Traffic Insight & Analytics, End-to-end Latency, Response Time Details, Request Rate & Request Method, Response Code, Locations, Os, Device & Browser Information, Top Clients, Worst-behaving Urls, Services And Domains And Many More. 3.7.90. Centralize Management Analytics Function Must Provide Per Transaction Logs With Visual Representation Of Time Spent In Various Phases Of Request And Response. 3.7.91. Adc Vendor Must Support Multi-cloud Function For Upcoming Applications Which Will Be Hosted On Cloud As A Future Requirement. Multi-cloud Function Must Support And Include Amazon Aws, Microsoft Azure, Oracle Cloud, & Also To Be Hosted On Container & Bare Metal. Byol Bandwidth License Will Be Purchased Separately As And When Required As A Future Requirement. 3.7.92. System Must Support Integrate With Third-party Such As Sdn Platforms (e.g., Cisco Aci And Vmware) And Cloud Orchestration Systems (e.g., Openstack And Microsoft Scvmm) From Day One. 3.7.93. System Must Support Network Equipment Building System (nebs) Compliance From Day One. 3.7.94. Should Be A Common Criteria Eal 2+ Certification Or Higher 3.7.95. Adc Vendor Should Have Iso 27001 – Information Security Certifications 3.7.96. Vendor Should Be Registered Under A Government E-market Place Website (https://gem.gov.in/) 3.7.97. Appliance Must Support Dnssec Pass-through. 3.7.98. Support Dnssec To Prevent Threats Like Dns Cache Poisoning And Spoofing. 3.7.99. System Must Support Redirection Of Dns Request On Udp To Tcp 3.7.100. System Must Support Dns Over Https (doh) 3.7.101. System Must Support Dns-udp And Dns-tcp 3.7.102. System Must Support Dns Caching And Recursive Lookup. 3.7.103. System Must Support Dns Load Balancing. 3.7.104. System Must Support Integration With 3rd Party Hardware Security Module (hsm) 3.8. Primary Network Infrastructure 3.8.1. 2 Units Core Network Switches 3.8.1.1. Must Have High Performance 1.92tbps With 1,190mpps Specification. 3.8.1.2. Must Have High Availability Setup/configuration And Hot-swap Redundant Power Supplies. 3.8.1.3. Must Have Intelligent Monitoring, Visibility, And Remediation. 3.8.1.4. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.1.5. Must Be A Compact 1u Switch With 1/10 Gbe And 40/100 Gbe Connectivity Form Factor. 3.8.1.6. Should Allow Individual Software Modules To Be Upgraded For Higher Availability. 3.8.1.7. Must Have Support For Congestion Actions, Such As Strict Priority (sp) Queuing And Weighted Fair Queuing. 3.8.1.8. Must Have An Enabled Distributed And Redundant Architecture By Deploying Two Switches, With Each Switch Maintaining Independent Control Yet Staying Synchronized During Upgrades Or Failover. 3.8.1.9. Must Be Able To Allow Groups Of Two Routers To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.1.10. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stp-based Networks. 3.8.1.11. Must Support Aggregation Groups (lags), Each With Eight Links Per Group With A User-selectable Hashing Algorithm. 3.8.1.12. Must Have Redundant And Load-sharing Fans, And Power Supplies. 3.8.1.13. Must Have Hot-swappable Power Supply And Fan Modules. 3.8.1.14. Must Have Separate Data And Control Paths. 3.8.1.15. Must Supports At Least 24 Ports Of 1/10g For Use With Sfp And Sfp+ Transceivers, And 4 Ports Of 40g/100g 3.8.1.16. Must Support 1 Expansion Module For Additional Interfaces Such As; 3.8.1.16.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.1.16.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.1.16.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.1.16.4. 4 X 40g Qsfp+ Ports Module 3.8.1.16.5. 1 X 100g Qsfp28 Port Module 3.8.1.17. Must Have Sfp+ Transceivers [optional 1gbase-t And 10gbase-t Transceivers And 4x10g Breakout Cables. 3.8.1.18. Must Support High-performance Backups And Disaster Recovery Systems; Provides A Maximum Frame Size Of 9 K Bytes. 3.8.1.19. Must Support Internal Loopback Testing For Maintenance Purposes. 3.8.1.20. Must Be Able To Protect Against Unknown Broadcast, Unknown Multicast, Or Unicast Storms With User-defined Thresholds. 3.8.1.21. Must Have Management Interface Control. 3.8.1.22. Must Have The Following Management Security. A. Restricts Access To Critical Configuration Commands. B. Offers Multiple Privilege Levels With Password Protection. C. Acls Provide Snmp Access. D. Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.1.23. Must Have Snmp V2c/v3 Which Provides Snmp Read And Trap Support Of The Industry Standard Management Information Base (mib) And Private Extensions. 3.8.1.24. Must Be Able To Monitor The Network For Degradation Of Various Services, Including Monitoring Voice. 3.8.1.25. Must Have Remote Monitoring (rmon) Which Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups, As Well As A Private Alarm Extension Group. 3.8.1.26. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.1.27. Must Have A Debug And Sampler Utility That Supports Ping And Traceroute For Ipv4 And Ipv6. 3.8.1.28. Must Have Network Time Protocol (ntp) Which Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network. Can Serve As The Ntp Server In A Customer Network. 3.8.1.29. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Which Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.1.30. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.1.31. Must Be Able To Support Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.1.32. Must Have Bridge Protocol Data Unit (bpdu) Tunneling - Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans 3.8.1.33. Must Be Able To Support Port Mirroring. 3.8.1.34. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp). 3.8.1.35. Must Be Able To Controls And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.1.36. Must Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.1.37. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.1.38. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.1.39. Must Have A Builtin Radius Server Function. 3.8.1.40. Must Support Aaa. 3.8.1.41. Must Have Domain Name System (dns) 3.8.1.42. Must Have Policy Based Routing (pbr) 3.8.1.43. Must Have Static Ipv4 Routing. 3.8.1.44. Must Be Able To Support Basic Layer3 Dynamic Routing Protocol Using Rip. 3.8.1.45. Must Be Able To Deliver Faster Convergence; Uses Link-state Routing Interior Gateway Protocol (igp), Using Standard Protocol Ospf. 3.8.1.46. Must Have Border Gateway Protocol 4 (bgp-4) 3.8.1.47. Must Be Able To Provide A Set Of Tools To Improve The Performance Of Ipv4 Networks; Including Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.1.48. Must Have Static Ipv6 Routing. 3.8.1.49. Must Have Dual Ip Stack, This Maintains Separate Stacks For Ipv4 And Ipv6 To Ease The Transition From An Ipv4-only Network To An Ipv6-only Network Design. 3.8.1.50. Must Be Able To Provide Ospf Support For Ipv6. 3.8.1.51. Must Have Generic Routing Encapsulation (gre) — Enables Tunneling Traffic From Site To Site Over A Layer 3 Path. 3.8.1.52. Must Be Able To Support Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Such As Ip Addresses. For Instance, It Management Devices Could Be Grouped In This Way. Acls Can Also Protect Control Plane Services, Such As Ssh, Snmp, Ntp, Or Web Servers. 3.8.1.53. Must Be Able To Ease Security Access Administration By Using A Password Authentication Server. 3.8.1.54. Must Be Able To Provide For Both On-box As Well As Off-box Authentication For Administrative Access. 3.8.1.55. Must Be Able To Use External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception. 3.8.1.56. Must Be Able To Enable Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.1.57. Must Support One-to-many And Many-tomany Media Casting Use Cases, Such As Iptv Over Ipv4 And Ipv6 Networks; Support For Pim Spare Mode (pim-sm, Ipv4, And Ipv6). 3.8.1.58. Must Have A Built-in Network Management System Feature. 3.8.1.59. Must Have A Built-in Wireless Access Controller Function. 3.8.2. 4 Units Distribution Switches (2 Units Aggregation; 2 Units Top Of Rack; 1 Unit 8 Port Poe Switch (for Cctv And Other Security Devices And Ip Telephony) 3.8.2.1. Must Have High-performance 1.92tbps With 1,190mpps Specification. 3.8.2.2. Must Have Intelligent Monitoring And Visibility. 3.8.2.3. Must Have High Availability With Industry Leading Stacking, And Hot-swap Redundant Power Supplies. 3.8.2.4. Must Be Able To Support Long Distance Virtual Stacking Feature. 3.8.2.5. Must Be Designed For Core/aggregation In The Campus Or Top Of Ra 3.8.2.6. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.2.7. Must Enable Congestion Avoidance. 3.8.2.8. Must Support Lossless Ethernet Networking Standards To Eliminate Packet Loss Due To Queue Overflow. 3.8.2.9. Must Have Separate Data And Control Paths Which Separates Control From Services And Keeps Service Processing Isolated; Increases Security And Performance. 3.8.2.10. Must Be Able To Allow A Group Of Switches To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.2.11. Must Have Ieee 802.3ad Lacp-supports With Up To 8 Members Per Lag With A User-selectable. 3.8.2.12. Must Have Scalable System Design-provides Investment Protection To Support Future Technologies And Higher-speed Connectivity. 3.8.2.13. Must Have High-speed Fully Distributed Architecture-provides Up To 1.92tbps For Bidirectional Switching And 1,190 Mpps For Forwarding To Meet The Demands Of Bandwidthintensive Applications Today And In The Future. 3.8.2.14. For Aggregation Switch Configuration, Bidder Must Propose 2 Units 48 Ports Of 1gbe/10gbe (sfp/sfp+) 4 Ports Of 40gbe/100gbe (qsfp+/qsfp28) 3.8.2.15. For Miscellaneous Function Switch Configuration, Bidder Must Propose 8 X 1/10gbe Rj45 Ports With 2 X 10gbe Ports As Uplink. 3.8.2.16. For Top Of Rack Switch Configuration, Bidder Must Propose 2 Units 24 X 1/10gbe Rj45 Ports With 4 X 40g/100gbe (qsfp+/qsfp28) Ports And 1 X Expansion Bay For Top Of Rack Switch. 3.8.2.16.1. Top Of Rack Switch Must Support 1 Expansion Module For Additional Interfaces Such As: 3.8.2.16.1.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.2.16.1.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.2.16.1.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.2.16.1.4. 4 X 40g Qsfp+ Ports Module 3.8.2.16.1.5. 1 X 100g Qsfp28 Port Module 3.8.2.17. Must Allow High-performance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.2.18. Must Be Able To Support Internal Loopback Testing For Maintenance Purposes And Increased Availability; Loopback Detection Protects Against Incorrect Cabling Or Network Configurations And Can Be Enabled On A Per-port Or Per-vlan Basis For Added Flexibility. 3.8.2.19. Must Be Able To Protect Against Unknown Broadcast, Multicast, Or Unicast Storms With Userdefined Thresholds. 3.8.2.20. Must Have Industry Standard Cli With A Hierarchical Structure. 3.8.2.21. Must Be Able To Restrict Access To Critical Configuration Commands; Offer Multiple Privilege Levels With Password Protection; Acls Provide Snmp Access; Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.2.22. Must Have An Ip Sla Which Monitors The Network For Degradation Of Various Services, Including Voice. 3.8.2.23. Must Have An Snmp V2c/v3-provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib) And Private Extensions. 3.8.2.24. Must Have Remote Monitoring (rmon) That Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group. 3.8.2.25. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.2.26. Must Have A Debug And Sampler Utility-supports Ping And Traceroute For Ipv4 And Ipv6 3.8.2.27. Must Have Network Time Protocol (ntp) That Synchronizes Timekeeping Among Distributed Time Servers And Clients And Keeps Timekeeping Consistent Among All Clock- Dependent Devices Within The Network And Can Serve As The Ntp Server In A Customer Network. 3.8.2.28. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) That Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.2.29. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.2.30. Must Have Vlan Which Supports Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.2.31. Must Be Able To Transmit Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.2.32. Must Be Able To Duplicate Port Traffic (ingress And Egress) To A Local Or Remote Monitoring Port; Supports 4 Mirroring Groups, With An Unlimited Number Of Ports Per Group. 3.8.2.33. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp)\ 3.8.2.34. Must Be Able To Control And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.2.35. Must Be Able To Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.2.36. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.2.37. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.2.38. Must Have A Built-in Radius Server Function. 3.8.2.39. Must Support Aaa. 3.8.2.40. Must Have Domain Name System (dns) Capability. 3.8.2.41. Must Enable The Use Of A Classifier To Select Traffic That Can Be Forwarded Based On Policy Set By The Network Administrator. 3.8.2.42. Must Have Static Ipv6 Routing. 3.8.2.43. Must Have Basic Layer3 Function Such As Rip 3.8.2.44. Must Have Open Shortest Path First (ospf) Capability. 3.8.2.45. Must Have Border Gateway Protocol 4 (bgp-4) Which Delivers An Implementation Of The Exterior Gateway Protocol (egp) Utilizing Path Vectors; Uses Tcp For Enhanced Reliability For The Route Discovery Process; Reduces Bandwidth Consumption By Advertising Only Incremental Updates; Supports Extensive Policies For Increased Flexibility; Scales To Very Large Networks. 3.8.2.46. Must Have Ip Performance Optimization, This Provides A Set Of Tools To Improve The Performance Of Ipv4 Networks; Includes Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.2.47. Must Have Static Ipv6 Routing. 3.8.2.48. Must Have Ospfv3 That Provides Ospf Support For Ipv6. 3.8.2.49. Must Have Access Control List (acl) Which Supports Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Like Ip Addresses. 3.8.2.50. Must Have Remote Authentication Dial-in User Service (radius) 3.8.2.51. Must Have Management Access Security. 3.8.2.52. Must Have Secure Shell (sshv2) Which Uses External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception; Increases The Security Of Secure Ftp (sftp) Transfers. Must Have Multicast Internet Group Management Protocol (igmp) Which Enables Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.2.53. Must Have Protocol Independent Multicast (pim) For Ipv4 And Ipv6 Supports One-to-many And Many-to-many Media Casting Use Cases Such As Iptv Over Ipv4 And Ipv6 Networks. Support For Pim Sparse Mode (pim-sm, Ipv4 And Ipv6) 3.8.3. 9 Units X 24 Port Access Poe Switches 3.8.3.1. Must Be A High Performance 160 Gbps System Switching Capacity, 119 Mpps Of System Throughput. 3.8.3.2. Must Be A Compact 1u Switch With 4 X 1/2.5/5g Rj45 Ports (multi-gigabit) And 20 X 10/100/1000mbps Rj45 Ports, And 4 X 1/10g Sfp+ Ports. 3.8.3.3. Must Be Able To Support 24 X Poe And 12 X Poe+ 3.8.3.4. Must Have A License Upgrade To Support Continuous Poe 3.8.3.5. Must Have A License Upgrade To Support Udld (uni-directional Link Detection) 3.8.3.6. Must Have Built-in High Speed 1/10gbe Uplinks. 3.8.3.7. Must Have Intelligent Monitoring, Visibility, And Remediation Via Single Pane Of Glass Across Wired, Wireless, And Wan. 3.8.3.8. Must Have Support For Automated Configuration And Verification. 3.8.3.9. Must Enables Secure And Simple Access For Users And Iot 3.8.3.10. Must Have Traffic Prioritization (ieee 802.1p) For Real-time Classification. 3.8.3.11. Must Be A High Performance Front Plane Stacking For Up To 4 Switches. 3.8.3.12. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stpbased Networks. 3.8.3.13. Must Have Ieee 802.3ad Lacp, Each With Eight Links Per Group. 3.8.3.14. Must Have Ethernet Ring Protection Switching (erps) Supports Rapid Protection And Recovery In A Ring Topology. 3.8.3.15. Must Have Ieee 802.1s Multiple Spanning Tree Provides High Link Availability In Vlan Environments Where Multiple Spanning Trees Are Required; And Legacy Support For Ieee 802.1d And Ieee 802.1w. 3.8.3.16. Must Have Support For 24x Ports 10/100/1000 Baset Poe+ Ports Supporting Up To 30w Per Port And 4x 1g/10g Sfp+ Ports. Should Have The Following Ports: A. 1x Console Port B. 1x Usb Port 3.8.3.17. Must Have Jumbo Frames Allow For Highperformance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.3.18. Must Have Packet Storm Protection Against Broadcast And Multicast Storms With Userdefined Thresholds Smart Link Enables Simple, Fast Converging Link Redundancy And Load Balancing With Dual Uplinks Avoiding Spanning Tree Complexities. 3.8.3.19. Must Have Management Interface Control Enables Or Disables Each Of The Following Depending On Security Preferences, Console Port, Or Reset Button. 3.8.3.20. Must Have Industry-standard Cli With A Hierarchical Structure For Reduced Training Time And Expense. 3.8.3.21. Management Security Restricts Access To Critical Configuration Commands, Provides Multiple Privilege Levels With Password Protection And Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.3.22. Must Have Snmp V2c/v3 Provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib), And Private Extensions. 3.8.3.23. Must Have Remote Monitoring (rmon) With Standard Snmp To Monitor Essential Network Functions. Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group; Rmon, And Sflow Provide Advanced Monitoring And Reporting Capabilities For Statistics, History, Alarms And Events. 3.8.3.24. Must Have Tftp And Sftp Support Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.3.25. Must Have Network Time Protocol (ntp) Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network So The Devices Can Provide Diverse Applications Based On The Consistent Time. 3.8.3.26. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.3.27. Must Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.3.28. Must Be Able To Assign Descriptive Names To Ports For Easy Identification. 3.8.3.29. Must Have Multiple Configuration Files Can Be Stored To A Flash Image. 3.8.3.30. Must Have Unidirectional Link Detection (udld) Which Monitors The Link Between Two Switches And Blocks The Ports On Both Ends Of The Link If The Link Goes Down At Any Point Between The Two Devices. 3.8.3.31. Must Have Vlan Support And Tagging For Ieee 802.1q (4k Vlan Ids). 3.8.3.32. Must Have Jumbo Packet Support Improves The Performance Of Large Data Transfers; Supports Frame Size Of Up To 9000 Bytes. 3.8.3.33. Must Have Bridge Protocol Data Unit (bpdu) Tunnelling That Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.3.34. Must Have Port Mirroring Which Duplicates Port Traffic (ingress And Egress) To A Monitoring Port; Supports 4 Mirroring Groups. 3.8.3.35. Must Have Stp That Supports Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp) 3.8.3.36. Internet Group Management Protocol (igmp) Controls And Manages The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.3.37. Must Have Domain Name System (dns) Capability. 3.8.3.38. Must Have Acls That Also Provides Filtering Based On The Ip Field, Source/ Destination Ip Address/subnet, And Source/ Destination Tcp/udp Port Number On A Per-vlan Or Per-port Basis. 3.8.3.39. Must Have Management Access Security For Both On And Off Box Authentication For Administrative Access. 3.8.3.40. Must Be Able To Support Multiple User Authentication Methods. Uses An Ieee 802.1x Supplicant On The Client In Conjunction With A Radius Server To Authenticate In Accordance With Industry Standards. 3.8.3.41. Must Support Mac-based Client Authentication. 3.8.3.42. Must Have Secure Management Access That Delivers Secure Encryption Of All Access Methods (cli, Gui, Or Mib) Through Sshv2, Ssl, And/or Snmpv3. 3.8.3.43. Must Have Icmp Throttling That Defeats Icmp Denial-of-service Attacks By Enabling Any Switch Port To Automatically Throttle Icmp Traffic. 3.8.3.44. Must Have Port Security Which Allows Access Only To Specified Mac Addresses. 3.8.3.45. Must Have Mac Address Lockout That Prevents Particular Configured Mac Addresses From Connecting To The Network. 3.8.3.46. Must Have Secure Sockets Layer (ssl) That Encrypts All Http Traffic, Allowing Secure Access To The Browser-based Management Gui In The Switch. 3.8.3.47. Must Have Igmp Snooping That Allows Multiple Vlans To Receive The Same Ipv4 Multicast Traffic, Lessening Network Bandwidth Demand By Reducing Multiple Streams To Each Vlan. 3.8.3.48. Must Have Multicast Listener Discovery (mld) That Enables Discovery Of Ipv6 Multicast Listeners; Support Mld V1 And V2. 3.8.3.49. Must Have Internet Group Management Protocol (igmp) That Utilizes Any-source Multicast (asm) To Manage Ipv4 Multicast Networks; Supports Igmpv1, V2, And V3. 3.9. Campus Network Expansion 3.9.1. 50 Units Indoor Access Points 3.9.1.1. Must Have 3.55 Gbps Raw Capacity Specification. 3.9.1.2. Must Have Wpa3 And Enhanced Open Security. 3.9.1.3. Must Have A Built-in Technology That Resolves Sticky Client Issues For Wi-fi 6 And Wi-fi 5 Devices. 3.9.1.4. Must Have Ofdma And Mu-mimo For Enhanced Multi-user Efficiency. 3.9.1.5. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo) Specification. 3.9.1.6. Must Be Able To Support Data Rates Of Up To 2.4 Gbps For Ieee802.11ax. 3.9.1.7. Must Have Multi-user Transmission With Downlink And Uplink Ofdma. 3.9.1.8. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.1.9. Must Have Dual Radio 802.11ax Access Point With Ofdma And Multi-user Mimo (mumimo): 3.9.1.10. Must Have Multi-gig Uplink Ethernet Port With The Following Specifications: A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.1.11. Must Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.1.12. Must Support The Following Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835ghz B. 5.150 To 5.250ghz C. 5.250 To 5.350ghz D. 5.470 To 5.725ghz E. 5.725 To 5.850ghz F. 5.850 To 5.895ghz 3.9.1.13. Must Have Dynamic Frequency Selection (dfs) Which Optimizes The Use Of Available Rf Spectrum. 3.9.1.14. Must Support Radio Technologies: A. 802.11b: Direct-sequence Spreadspectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequencydivision Multiple Access (ofdma) With Up To 16 Resource Units (for An 80mhz Channel)" 3.9.1.15. Must Support The Following Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024-qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024- Qam802.11n High-throughput (ht) Support: Ht20/40 3.9.1.16. Must Have 802.11ac And 802.11ax 3.9.1.17. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.1.18. Must Support Multi-channel Implementation. 3.9.1.19. Must Support Hybrid Implementation. 3.9.1.20. Must Support Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mvc31, Ht20 To Ht40) E. 802.11ac: 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4, Vht20 To Vht160) F. 802.11ax (2.4ghz): 3.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 3.6 To 4,803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: Ampdu, A-msdu 3.9.1.21. Must Have Four Integrated Dual-band Down Tilt Omni-directional Antennas For 4x4 Mimo With Peak Antenna Gain Of 4.2dbi In 2.4ghz And 7.5dbi In 5ghz. Built-in Antennas Are Optimized For Horizontal Ceiling Mounted Orientation Of The Ap. The Down Tilt Angle For Maximum Gain Should Be Roughly 30 Degrees. 3.9.1.22. Must Have Combining The Patterns Of Each Of The Antennas Of The Mimo Radios, The Peak Gain Of The Effective Per-antenna Pattern Is 3.8dbi In 2.4ghz And 4.6dbi In 5ghz. 3.9.1.23. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3af/at/bt (class 3 Or Higher) D. E1: 10/100/1000base-t Ethernet Network Interface (rj-45) E. Auto-sensing Link Speed And Mdi/mdx 3.9.1.24. Must Have Dc Power Interface: 48vdc (nominal, +/- 5%), Accepts 1.35mm/3.5mm Center-positive Circular Plug With 9.5mm Length. 3.9.1.25. Must Have Visual Indictors (two Multi-color Leds): For System And Radio Status. 3.9.1.26. Must Have A Reset Button: Factory Reset, Led Mode Control (normal/off). 3.9.2. 30 Units Outdoor Access Points 3.9.2.1. Must Have 8x8 Mu-mimo Capability. 3.9.2.2. Must Be Delivering A Raw Capacity Of 4.8 Gbps. 3.9.2.3. Must Have An Uplink And Downlink Orthogonal Frequency Division Multiple Access (ofdma), Downlink Multi-user Mimo (mu-mimo) And Cellular Colocation. 3.9.2.4. Must Have Ai Powered Technology Ensures That All Clients Are Attached To Their Best Serving Access Point. 3.9.2.5. Must Have Session Metrics, Network Metrics, Applications And Client Type Are Used To Identify And Maintain The Best Connection. 3.9.2.6. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo). 3.9.2.7. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.2.8. Must Have Multi-gig Uplink Ethernet Port A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.2.9. Must Have An Ap Type: Outdoor Hardened, Wi-fi 6 Dual Radio, 5 Ghz 8x8 Mimo And 2.4 Ghz 4x4 Mimo Software And Configurable Dual Radio Supports 5 Ghz And 2.4 Ghz 5 Ghz: 3.9.2.10. Must Be Able To Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.2.11. Must Have The Following Supported Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835 Ghz B. 5.150 To 5.250 Ghz C. 5.250 To 5.350 Ghz D. 5.470 To 5.725 Ghz E. 5.725 To 5.850 Ghz F. 5.825 To 5.875 Ghz 3.9.2.12. Must Have The Following Available Channels: Dependent On Configured Regulatory Domain. 3.9.2.13. Must Have Dynamic Frequency Selection (dfs) Optimizes The Use Of Available Rf Spectrum. 3.9.2.14. Must Support The Following Radio Technologies: A. 802.11b: Direct-sequence Spread-spectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequency-division Multiple Access (ofdma) With Up To 16 Resource Units (ru) 3.9.2.15. Must Have The Following Supported Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam E. 802.11n High-throughput (ht) Support: Ht 20/40 F. 802.11ac Very High Throughput (vht) Support: Vht 20/40/80/160 G. 802.11ax High Efficiency (he) Support: He20/40/80/160 3.9.2.16. Must Have The Following Supported Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54 C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mcs31, Ht20 To Ht40) E. 802.11ac: (5 Ghz): 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4 For Vht20 To Vht160) F. 802.11ax (2.4ghz): 8.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 8.6 To 4803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: A-mpdu, A-msdu 3.9.2.17. Must Have The Maximum (conducted) Transmit Power (limited By Local Regulatory Requirements): A. 2.4 Ghz Band: +22 Dbm Per Chain, +25dbm Aggregate (2x2) B. 5 Ghz Band: +22 Dbm Per Chain, +28dbm Aggregate (4x4) 3.9.2.18. Must Have Multi-gig Port (rj-45) A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) - 802.3az Energy Efficient Ethernet (eee) 3.9.2.19. Must Have 100/1000base-t (rj-45) A. Auto-sensing Link Speed And Mdi/mdx - 802.3az Energy Efficient Ethernet (eee) B. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) 3.9.2.20. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. 3.9.2.21. Must Have Visual Indicator (multi-color Led): For System And Radio Status. 3.9.2.22. Must Have A Reset Button: Factory Reset (during Device Power Up). 3.9.2.23. Must Have 802.11ac And 802.11ax 3.9.2.24. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.2.25. Must Support Multi-channel Implementation. 3.9.2.26. Must Support Hybrid Implementation. 3.9.3. Wireless Lan Controller 3.9.3.1. Bidder Must Supply Licenses For The Number Of Access Points Proposed In This Bid For 3 Years Maintenance. 3.9.3.2. Must Be Software Solution For Wi-fi Performance At The Edge That Support Up To 3,000 Aps. 3.9.3.3. The Network Controller Could Be A Software Solution Or A Network Appliance. 3.9.3.4. The Network Controller Can Be A Function/feature Within The Whole Network Management System Or Platform. 3.9.3.5. Must Be Able To Deliver 24x7 Reliability, Live Upgrades, And Always-on Connectivity. 3.9.3.6. Must Support Zero Touch Provisioning. 3.9.3.7. Must Support Plug-n-play Ap Replacement. 3.9.3.8. Wireless Network Can Still Function Normally When The Network Controller Fails. 3.9.3.9. If The Wireless Lan Controller Is Software Solution Only, Bidder Must Include An Operating System License. 3.10. Network Management System (nms) 3.10.1. Solution Should Support Zero-touch Deployment Of Switches And Wireless Controllers And Even Ngfw To Eliminate Human Intervention. 3.10.2. Solution Should Support Physical Branch Provisioning By Automating Onboarding, Initial Configuration, And Customer-supplied Configurations For The Complete Branch Network For Single Or Multiple Branches. 3.10.3. Proposed Solution Should Automatically Discover And Maps Network Devices. Should Have An Ability To Display Real-time Graphical Representation. 3.10.4. The Proposed Solution Should Classify Devices In The Topology Map Based On Different Network Layers And Filter Based On Vlan. 3.10.5. The Proposed Solution Should Have 2d And 3d Wireless Coverage Planning Tool Provide Real Time Rf Heat Maps That Show Accurate Information On The Overall Signal Quality Delivered To Locations On A Map. 3.10.6. The Proposed Solution Should Have Capability Of Visualize The Wi-fi 6 Insight Aps Over Legacy Aps, Airtime Efficiency, And Wireless Latency 3.10.7. The Solution Shall Have The Ability To Compare Configuration Versions Using A Side-by-side, Split-screen Display To Highlight Differences Between Current And Captured Configuration. 3.10.8. The Proposed Solution Must Be Able To Define Baseline Software Image Per Location For Specific Platform And Provide Pre- And Post-upgrade Checks For Software Image Management. 3.10.9. The Proposed Solution Must Have An Ai-driven Analytics Engine With Machine-learning Based Workflows To Provide Root Cause Analyses And Solve Complex Issues. 3.10.10. The Proposed Solution Shall Provide At-a-glance Fault Summary Dashboards To View Top Unhealthy Network Elements With Status Kpis And Drill Down To View The Detailed Information. 3.10.11. The Proposed Solution Shall Provide Actionable Insights Into Network, Client, And Application-related Issues Eliminating White Noise And False Positives Based On Recent And Historical Data; And Provide Guided Remediation To Troubleshoot The Issues. 3.10.12. The Proposed Solution Shall Support Vector-based Area Detection Technology For Wireless Network. 3.10.13. The Proposed Solution Should Have The Following Options Of Deployment; 3.10.13.1. Mini Version For Small Network And Can Run Built-in On Core Switches And Ngfw. 3.10.13.2. Full Featured Appliance-based Solution For An Average Network Size 3.10.13.3. Full Featured Software-based Solution For Extremely Large Network Size 3.10.14. Network Management System Solution Can Also Be Utilize To Implement Network Layer Security Based On Self-defending Network. 3.10.15. Must Include Operating System License If Bidder Will Propose Software Solution Only. Servers And Storage Appliances 1 86,140,314.00 4.1. Vm Servers Six (6) Units Vm Servers With Minimum Specifications As Follows: 4.1.1. Processor: Dual Processor With At Least 2.0ghz, 2 X 28c 4.1.2. Memory: 1tb Ram 4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 2tb Ssd Sas 4.1.4. Disk Controller: Raid 0, 1, 10, 5 4.1.5. Sas Raid Controller 4.1.6. Network Ports: At Least 2 X Dual Ports 10gbe 4.1.7. Hba Card (fc Card): 2 X Dp Fc16 4.1.8. Must Have N+1 Fan Redundancy 4.1.9. Must Have Dual Redundant Power Supply 4.1.10. Must Include Enterprise Linux Based Operating System Per Server That Can Accommodate Virtual Machines Without Additional License Cost 4.2. Storage Area Network Switches 4.2.1. 2 Units X 24 Ports 16gb Fc San Switch 4.2.2. 48 Pcs 16gb Fc Lc To Lc Cables 4.2.3. Redundant Power Supply 4.3. Block Storage System 4.3.1. Enterprise Block Storage System Specifications: 4.3.1.1. Must Have 50tb Nvme Ssd Usable Capacity. 4.3.1.2. Minimum Of 4 X 16gb Fc Ports 4.3.1.3. Designed For Six Nines Of Availability 4.3.1.4. Must Support Active-active, End-to-end Nvme Controllers 4.3.1.5. Must Support Nvme Ssd 4.3.1.6. Must Have The Capability To Natively Connect To And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.3.1.7. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.4. Back-up System Requirements For Enterprise On-premise Back-up System: 4.4.1. Back-up Server Must Have The Following Minimum Specifications: 4.4.1.1. Dual Processor With At Least 2.0ghz, 2 X 12c 4.4.1.2. Memory: 256gb Ram 4.4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 4tb Ssd Sas 4.4.1.4. Sas Raid Controller 4.4.1.5. At Least 4 X 10gbe 4.4.1.6. Hba Card (fc Card): 2x Dp Fc16 4.4.1.7. Must Have N+1 Fan Redundancy. 4.4.1.8. Windows Server Operating System 4.4.1.9. Must Have Dual Redundant Power Supply. 4.4.1.10. The Solution Must Include Tools For Effective Management. 4.4.1.11. The Solution Must Provide Software Licenses For Protection Of Either 20 Vm’s Or 50tb Capacity. 4.4.1.12. The Solution Must Support Native Tiering To Public And/or Private Clouds For Long-term Retention. 4.4.1.13. The Solution Must Support Data Deduplication. 4.4.1.14. The Solution Must Support Reporting Capabilities For Physical Capacity Utilization. 4.4.1.15. Must Include Operating System License For Back-up Software 4.5. Block Storage System For Back-up 4.5.1. Enterprise Block Storage System Specifications: 4.5.1.1. Must Have 300tb Nlsas Usable Capacity. 4.5.1.2. Minimum Of 4 X 16gb Fc Ports 4.5.1.3. Equipment Must Be Designed For A Minimum Of Six Nines Of Availability Or Higher. 4.5.1.4. Must Support Active-active Controllers. 4.5.1.5. Must Also Have The Capability To Natively Connect And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.5.1.6. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.6. Virtualization Software 4.6.1. Must Support Api And Policy Driven Storage Capabilities 4.6.2. Must Support Persistent Memory 4.6.3. Must Support Single Reboot 4.6.4. Must Support Quick Boot. 4.6.5. Must Support Live Migration Of Workloads 4.6.6. Support For Msft Vbs 4.6.7. Must Support Endpoint Security 4.6.8. Must Support Fault Tolerance 4.6.9. Must Support Per-vm Enhanced Vm Migration Compatibility. 4.6.10. Must Support Proactive High Availability 4.6.11. Must Support Vm-level Encryption. 4.6.12. Must Support Centralized Network Management 4.6.13. Must Support Load Balancing 4.6.14. Must Support Prioritize Resources To Virtual Machines Data Center Facility 1 92,008,302.00 5.1.1. The Winning Vendor Shall Supply, Install And Commission A Modular Data Center That Will Support The Network, Servers And Storage Deployments. This Data Center Must Be Scalable In Nature With Its Capacities, Including Additional Racks, Easily Upgraded Without Disruption To Normal Operations. 5.1.1.1. Server Racks 5.1.1.2. Uninterruptible Power Supply (ups) 5.1.1.3. Precision Air Conditioning Unit (pacu) 5.1.1.4. Cctv System 5.1.1.5. Environmental Monitoring System (ems) 5.1.1.6. Fire Suppression System 5.1.2. Cold Aisle Containment System 5.1.2.1. Equipped With Automatic Sliding Door, Magnetic Locking Roofs, Intelligent Lighting System, Cable Management, Touchscreen Display Controller, Sms Modem And Data Center Facility Equipment Status (ups And Pacu). 5.1.2.2. Must Have Access Controller With Management Of Users, Logs And Access Authorization (2-door Type) 5.1.2.3. Equipped With Access Control Reader (rfid Card, And Pin/badge Code) 5.1.2.4. Able To Communicate With The Following Sensors: Temperature & Humidity, Smoke, Leak Detection, Door Status And Data Center Equipment (pacu, Ups And Power Meters) 5.1.2.5. Includes A Monitoring Tool / System With Analytics. 5.1.2.6. Temperature & Humidity Sensor Included For All Entire Racks. 5.1.2.7. Includes Smoke Sensor (dry Contact Type With Alarm Light) For The Entire Racks. 5.1.2.8. Equipped With Door Status Sensor For The Entire Racks. 5.1.2.9. Equipped With Water Leak Sensor For The Entire Racks. 5.1.2.10. Able To Monitor Rack Space. 5.1.2.11. Able To Display Virtual Rack Diagram / Layout. 5.1.2.12. Equipped With Smart Meter. 5.1.3. Closed Bay Server Racks 5.1.3.1. Dimension: 600mm (width) *1100mm (depth) *2000mm (height) 5.1.3.2. Static Weight Loading Capacity Of At Least 1,400kg 5.1.3.3. Ip Rating – 20 5.1.3.4. Door Perforations – 70% Minimum 5.1.3.5. Adjustable Leveling Feet For Stability And Security 5.1.3.6. Front And Rear Doors Open Up To 130º 5.1.3.7. Front And Rear Doors Must Be Grounded To The Rack. 5.1.3.8. With Electronic Lockable Front & Rear Doors Integrated To Dcim Software 5.1.3.9. With Front And Rear U-position Numbers 5.1.3.10. With Removable Power Trough On The Roof For Power, Network And Optic Cables Management 5.1.3.11. With Heavy Duty Castor 5.1.4. Must Propose 1 Unit Out Of Band Switch With The Following Specifications: 5.1.4.1. 48 Ports X Rj45 Rs-232 Serial Ports 5.1.5. Managed Pdu 5.1.5.1. Metered Type. 5.1.5.2. Ac Input Voltage: 400v 3ph 5wire 60hz Wye. 5.1.5.3. Nominal Voltage Input: 350v – 415vac 3 Phase Wye. 5.1.5.4. Output Voltage: 200v-240vac 1phase. 5.1.5.5. 36 X Ec320-c13 Output Receptacles. 5.1.5.6. 3 X Iec320-c19 Output Receptacles. 5.1.5.7. With Branch/group Circuit Breaker Protection. 5.1.5.8. Equipped With Led Current (rms Value) Display And Overload Warning Indicator. 5.1.5.9. Must Be Monitored Through Dcim Software. 5.1.5.10. Tool-less Installation Standard Rack Cabinets. 5.1.5.11. Must Include Brackets For Mounting In Other Brand Rack Cabinets. 5.1.5.12. Zero-u Installation To Save Rack Space. 5.1.5.13. Operating Range: 0 To 45 Degrees Celsius. 5.1.6. Iot Smart Cctv Cameras 5.1.6.1. With Live Caption And Monitoring 5.1.6.2. Smart Features 5.1.6.3. Must Cover The Entire Sever Room And Server In An Aisle 5.1.6.4. At Least 5mp Resolution 5.1.6.5. With Storage Capable To Retain Videos For 30 Days 5.1.7. Precision Cooling 5.1.7.1. Must Provide 4 Units Of Precision Row Cooling With At Least 30kw Total Cooling And 30kw Sensible Cooling Capacity 5.1.7.2. Must Be Ce Certified Or Equivalent International Standard. 5.1.7.3. The Indoor Unit Fan Type Must Be Ec Fan With Automatic Adjustment Through A Controller To Match The Heat Load From 20%-100%. 5.1.7.4. The Outdoor Unit Fan Must Have Variable Speed Control Which Adjusts According To Different Weather Conditions. 5.1.7.5. The Indoor Fans Must Be Hot Swappable Which Should Not Require Shutting Down Of The Entire Pacu Unit When Replacing The Defective Fan/s. 5.1.7.6. The Pacu Unit Must Be Equipped With Electronic Expansion Valve (eev) To Provide Accurate Control Of The Refrigerant To Run Optimized On Various Conditions. 5.1.7.7. Filter Shall Be High Efficient Eu4/f4/merv8 Standard. 5.1.7.8. At Least Ten-inch Lcd Colored Touch Screen Display Externally Mounted And Viewed From The Front Of The Unit 5.1.7.9. The Touch Panel Must Contain The Settings And Programs Of All The Stored Operating Parameters That Can Be Used, Viewed, And Set On The User Display Interface. 5.1.7.10. Must Be Equipped With Automatic Restart Feature That Will Automatically Restart The System After A Power Failure. 5.1.7.11. High Pressure And Low Pressure Of Refrigerant System Shall Be Recorded In The Controller And Be Viewed Through The Display. 5.1.7.12. Shall Have Reheater With Positive Temperature Coefficient (ptc) Selfregulating Reheating Element At 3kw Rating. 5.1.7.13. Must Have Electrode Humidifier With 3kg/hr Capacity. 5.1.7.14. The Controller Is Able To Work In Teamwork Mode. 5.1.7.15. Capable To Accept 2 Power Source With Automatic Switching From Feed A To Feed B And Vice Versa To Support High Availability. 5.1.7.16. The Pacu Shall Be A 3 Phase (380/400/415v, 60hz) 5.1.7.17. 5.1.7.18. Must Have Built-in Or Has Available Slot For Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.7.19. Supports Communications Protocols Such As Rs-485, Snmp And Must Be Monitored Centrally On The Data Center Infrastructure Management Software (dcim). 5.1.7.20. Unit Dimension Shall Not Be Greater Than 300mm W X 2000mm H X 1090mm D. 5.1.7.21. All Pacu Units Must Have At Least One External Temperature And Humidity Sensors Installed On The Back Door Of The Rack Next To It. 5.1.7.22. Unit Must Be Compatible With R-410a Refrigerant Or Other Environmental Friendly Refrigerant 5.1.7.23. Must Have Dry Contact Device For Alarm System. 5.1.7.24. All Pacu Units Must Be Integrated To Door Access Control And Fire Suppression System 5.1.8. Ups Systems With Independent Battery System: 5.1.8.1. Supply 2 Units Modular Ups With 80kw Frame In 2n Configuration 5.1.8.2. 40kva Initial Modular Capacity 5.1.8.3. Can Cater 5kw Per Rack @ 8 Racks 5.1.8.4. At Least 15 Mins Back Up Time 5.1.8.5. The Ups Must Be Based On Igbt Technology Architecture That Provides High Quality, Low Noise, Pure And Uninterrupted Power Supply, Three Phase, Four Wire + Ground, Hot Swappable Modular Type Ups 5.1.8.6. Must Be Ce Certified, Iec/en62040-1, Iec/en62040-2 Or Equivalent. 5.1.8.7. The Ups Shall Have Built-in Protection Circuit Breakers For Input, Manual Bypass, Bypass And Output Connections. 5.1.8.8. The Ups Must Be A 3 Phase (380/400/415v, 60hz) Input Type And 3 Phase (380/400/415v, 60hz) Output Type. 5.1.8.9. The Ups Status Must Have User Friendly Interface With Big Graphic Lcd Screen For All Communication And Command Options To Show Operational And Functional Status, Measurements, Event Log, Etc. 5.1.8.10. Must Have Built-in Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.8.11. In Each Of The Ups, It Include Controller Module, Static Transfer Switch (sts Module) And Power Modules. Modules Must Be Hotswappable Without Bypass Mode Or Without System Shutdown Required In Order To Minimize Down Time. 5.1.8.12. Has Automatic Restart Function To Normal Mode Right After The Ac Input Resumes Following A Low Battery Shutdown And Returns Automatically To Normal Mode From Bypass Mode After An Overload Condition Or Short Circuit Condition Is Cleared. 5.1.8.13. Enclosure Ip Rating – Ip20 As A Minimum 5.1.8.14. Ambient Operating Temperature Between 0 To 40 Degrees C 5.1.8.15. Audible Noise <62db At 1 Meter 5.1.8.16. Winning Bidder Must Provide Calculation Of Mtbf (mean Time Between Failures) Which Must Not Be Lower Than 125,000 Hours Based On Online Mode (battery At Float & Battery Charge), Onbattery (inverter Mode) Back Up Mode And Bypass Mode. 5.1.8.17. Ups Input Specification 5.1.8.17.1. Voltage: 380v ± 20 % Or Better. 5.1.8.17.2. Frequency: 60 Hz ± 5 % Or Better. 5.1.8.17.3. Power Factor: 0.99 Or Better. 5.1.8.17.4. Harmonic Distortion (thdi): 5% Or Better 5.1.8.18. Ups Output Specification 5.1.8.18.1. Voltage: 380v/400v/415v ±1 % Or Better. 5.1.8.18.2. Frequency: 60 Hz ± 0.1 % Or Better. 5.1.8.18.3. Power Factor: Unity (1) 5.1.8.18.4. Harmonic Distortion: < 2%(at Linear Load) Or Better. 5.1.8.18.5. Overload: ≤125% ; 10 Min , ≤150% ; 1 Min Or Better. 5.1.8.18.6. Overall Efficiency: 96% (online Mode) And 99% (eco Mode) 5.1.8.19. Battery Specification 5.1.8.19.1. The Battery System Must Be Lithium Ion (lfp Type) Or Equivalent Complete With Battery Module, Battery Cabinet And Battery Management System. 5.1.8.19.2. Each Ups Must Have 15min Battery Runtime At 40kw Load. 5.1.8.19.3. The Battery System Must Be Designed To Support Each Ups Independently. A Common Battery Scheme For 2 Ups Is Not Allowed In Order To Prevent Single Point Of Failure. 5.1.8.19.4. The Lithium Ion Battery Cabinet Of Each Ups Shall Have Visual Display System For Real Time Display System Status 5.1.8.19.5. With Four Level Safety Protection To Ensure System Safety And Reliability (cell Level, Module Level, And System Level) 5.1.8.19.6. With Three Levels Of Battery Management System From Cell Level (basic), Rack Level And System Level 5.1.8.19.7. The Battery Must Be Manufactured By A Factory Which Has Been Certified For Iso 9001 And Iso14001. 5.1.9. Monitoring System 5.1.9.1. Able To Visualize The Overall Layout Of The Data Center 5.1.9.2. With Overall Environment Mapping Or Profile Of The Data Center 5.1.9.3. With Electrical, Mechanical, Fire And Safety Systems And Sub Systems Status Monitoring 5.1.9.4. Monitoring Of Precision Cooling Status And Profile 5.1.9.5. Power Diagrams 5.1.9.6. Alarm Notification And Reporting 5.1.9.7. The System Must Be Able To Monitor The Following: 5.1.9.7.1. Access Control And Surveillance (cctv) 5.1.9.7.2. Asset Management 5.1.9.7.3. Rack Utilization, Rack U-space, Weight, Power Load And Network Port For Each Rack 5.1.9.7.4. Multiple Site Management 5.1.9.7.5. Alarm Notification, Reporting And Schedule 5.1.9.8. Equipped With Intelligent Platform Management Interface (ipmi) 5.1.9.9. System Can Be Integrated To End User Active Directory (ldap) Management For: 5.1.9.9.1. Real Time And Historical Pue 5.1.9.9.2. Electricity Cost And Billing 5.1.9.9.3. Overall Capacity Utilization 5.1.9.9.4. Work Order Progress And Approval Process. 5.1.9.9.5. Alarm Notification And Reporting 5.1.10. Environmental Management System (ems) 5.1.10.1. Input Voltage: 100- 230vac 5.1.10.2. Input Frequency: 50hz 5.1.10.3. Digital Inputs: 4 5.1.10.4. Analogue Inputs: 2 5.1.10.5. Water Leak X 1: Detect Voltage < 1v ((alarm Signal With S-1fp Leak Sensor) 5.1.10.6. 8 X Sensor Hub Outputs For Smoke, Fire, Door Connections 5.1.10.7. Relay Outputs: 2 5.1.10.8. Led Warning Lights 5.1.10.9. 1 Ru 5.1.10.10. Ems Protocols 5.1.10.10.1. Ipv4/ Ipv6 Ftp/ Sftp/ Tftp 5.1.10.10.2. Dhcp Smtp 5.1.10.10.3. Http/ Https Sntp 5.1.10.10.4. Snmp V1/v3 Syslog 5.1.10.10.5. Telnet/ Ssh Radius 5.1.10.11. Rack Temp/humidity Sensor Specification 5.1.10.11.1. Input Power: Via Pdu Or Ups Snmp Or Ems Appliance 5.1.10.11.2. Temp Accuracy: 15ºc - 35ºc : ± 1ºc 5.1.10.11.3. Temp Accuracy: 0ºc - 15ºc & 35ºc - 45ºc: ± 2ºc 5.1.10.11.4. Humidity Operation: 20 - 90% Rh None Condensing. 5.1.11. Other Requirements 5.1.11.1. The Winning Bidder Shall Assess The Floor Loading Capacity Of The Cnu Nominated Area Where The Data Center Shall Be Installed. The Winning Bidder Must Perform Floor Loading Augmentation Works To Ensure That The Floor Loading Capacity Is Sufficient To Support The Data Center Equipment. 5.1.11.2. The Winning Bidder Shall Be Responsible In All Essential Installation Works. 5.2. Consolidated Command And Control Center 5.2.1. 6 Units Led Wall Monitors 5.2.1.1. Must Provision 6 Units 55 Inch Led Wall Monitors 5.2.2. 6 Units Desktop Computers 5.2.2.1. Must Have The Following Minimum Specifications: 5.2.2.2. Must Have A Minimum Of Intel I5 Cpu. 5.2.2.3. Must Have The Latest Windows Os 5.2.2.4. Must Have 16gb Memory. 5.2.2.5. Must Have A Minimum Of 512gb Ssd 5.2.2.6. Must Have An Integrated Video Card 5.2.2.7. Must Have A Minimum Of 1 X Hdmi Port 5.2.2.8. Must Have 2 X Usb 3.2 Gen Port 5.2.2.9. Must Have 1 X Rj45 Ethernet Port 5.2.2.10. Must Include Keyboard And Mouse 5.2.2.11. Must Include 23 Inch Monitor 5.2.2.12. Must Include Office Productivity Software 5.2.2.13. Must Include Endpoint Security (refer To 4.6 For Specifications) 5.2.3. Consolidation Of Various Monitoring System 5.2.3.1. The Winning Bidder Must Ensure Network, Security, Servers And Application Monitoring Systems Are Viewed And Controlled From The Command Center 5.2.3.2. Data Center Monitoring System (dcim) Must Be Viewed And Controlled From The Command Center 5.2.3.3. Cctv Monitoring Is To Be Done At The Command Center 5.2.4. Other Requirements 5.2.5. Provision Of Essential Furnishing 5.2.6. Provision Of Power Supply 5.2.7. Provision Of Network Nodes Including Required Data Cabling 5.2.8. Provision Of Services Essential To Prepare The Cnu Nominated Area Conducive For A Command Center Smart Security System 1 108,560,223.00 6.1. Smart Cctv Cameras (90 Units) 6.1.1. Cctv System Must Consist Of The Following: 6.1.1.1. Dome Camera, 4mp Or Higher Mp 6.1.1.2. Bullet Camera, 4mp Or Higher Mp 6.1.1.3. Ptz Camera, 4mp Or Higher Mp 6.1.1.4. Network Video Recorded (nvr) With Rightsized Storage Equipment 6.1.1.5. Cctv Software And Analytics 6.1.1.6. Video Retention Policy Of A Minimum Of 90 Days 6.1.2. Tcp/ip Based Cameras 6.1.2.1. The Camera Must Be Tcp/ip Based 6.1.2.2. Should Support 12-24 Vdc Or 24 Vac. 6.1.2.3. Should Support 1920 X 1080 Resolution. 6.1.2.4. Should Support 25/30 Fps. 6.1.2.5. Should Support Night Vision For At Least 40m For Dome, 60m For Bullet, 200m For Ptz. 6.1.2.6. Should Be At Least Ip67 Ingress Protection For Dome And Bullet, Ip66 For Ptz 6.2. Facial Recognition System The Facial Recognition System Shall Function, Among Others, As The Primary Data Capture Device For The Daily Time Record Of University Employees, Which Shall Be Integrated With The Hris Dtr Module. It Will Also Function As An Identification Tracker Of Students Coming In And Out Of The Campus. It Will Be Deployed Initially At The Main Entry And Exit Points Of The Campus. At A Minimum, The System Must Be Equipped With The Following: 6.2.1. Touch-less Access Control Reader Equipped With Facial Recognition Capable Of Four (4) Factor Authentication, Such As: 6.2.1.1. Face 6.2.1.2. Finger 6.2.1.3. Card 6.2.1.4. Pin 6.2.2. Equipped With At Least 2mp Camera And Able To Perform Thermal Screening That Will Manage Student And Personnel Credentials And Isolate Those With High Temperature To Keep The Campus Premises Safe And Secure. 6.2.3. Must Be Equipped With Ups. 6.2.4. Rfid Card Options Must Include, At A Minimum, Em Prox, Mifare, Desfire. 6.3. Video Analytics & Video Management System A Video Management System Collects Video From Cameras And Other Sources, Stores That Footage On A Storage Device, Provides An Interface To Both View The Live Video And Access Recorded Footage, And Integrates With Surveillance Systems Of Different Stakeholders Thereby Providing A Holistic And Integrated Solution For The Campus. The Following Capabilities Are Required (note: No Osm): 6.3.1. Analyze Video/camera Events 6.3.1.1. Video Signal Lost 6.3.1.2. Video Signal Restored 6.3.1.3. Camera Sabotage Features 6.3.2. Counting Events 6.3.2.1. A Person Counted As Entering. 6.3.2.2. A Person Counted As Exiting. 6.3.2.3. Car Counted In Lane. 6.3.2.4. Car Exited Carpark. 6.3.2.5. Car Entered Carpark. 6.3.3. Protect Areas Of Interest 6.3.3.1. Intrusion Detection 6.3.3.2. Loitering Detection 6.3.3.3. Possible Theft 6.3.3.4. Object Removed. 6.3.3.5. Object Left Unattended. 6.4. Automated Turnstile Through Rfid Access Supply And Installation Of Automated Gates, Turnstiles And Door Access Retrofitting Servers At The Main Entrance And Exit Area Of The University. 6.4.1.1. Accessed Using A Single Card And Programmable Control System. It Must Include Rfid Card Printers, Readers, And Stocks Of Consumables (rfid Cards And Printer Ribbons) To Meet The Initial Requirements Of All Students, Employees, And Guests Who Will Use The Facilities; 6.4.1.2. Passing Turnstile That Integrates Modules Such As Access Control, Turnstile Control, And Alarm; 6.4.1.3. The Access Control Management System Is Equipped With An Ic Card Reader; 6.4.1.4. Barriers Will Be Closed Automatically If No One Enters The Turnstile After Identity Is Verified. The Lock And Unlock Of Barriers Can Be Controlled By A Remote Controller. When Receiving A Fire Alarm Signal, The Turnstile Will Automatically Open; 6.4.1.5. Support Mechanical Anti-pinch And Ir Anti Pinch, Anti-collision. Support Sound And Light Alarms. Passing Modes. Pass With Identity Verified, Not Allowed To Pass, And Pass Without Restrictions, And Able To Use The Three Modes In Any Combination. Unlock And Lock Speed, Pass Duration, And Lock Delay Duration Must Be Adjustable. Support Intrusion Alarm (entering And Exiting), Trailing Alarm, Stay Overtime Alarm, Climbing Turnstile Alarm, Unlock Anomaly Alarm, Barrier Anomaly Alarm, Ir Anomaly Alarm, Communication Anomaly Alarm, And More. Support Integration Of Face, Fingerprint, Qr Code, Cpu Card Reader/id Card Reader Module, And More To Achieve A Combination Of Multiple Authentication Methods. 6.5. Vms Server Vms Server Consisting Of One (1) General Purpose Server, With Minimum Specifications As Follows: 6.5.1. Memory: 16 Gb Ddr4 Dimm 6.5.2. Storage: 1 Tb 7.2k Sata × 2 6.5.3. Network Ports: 2 × 1gbe Lom Network Interface Controller (nic) Ports. 6.5.4. Operating System: Windows Server Os (licensed Copy Auxiliary Communications 1 100,900,000.00 The Winning Bidder Shall Provide Below Listed Equipment, Appliances And/or Devices To Supplement The Overall Workability Of This Project As Well As Provide Additional Productivity Equipment To The University: 7.1. 9’ X 12’ Led Display 1 Unit Change 1 Unit Indoor 7.1.1. 2 Units Outdoor Led Wall Display To Be Used As Electronic Billboard, With A Minimum Size Of 9ft X 12ft 7.2. 85” Indoor Led Display For Video Conference 7.2.1. 6 Units 85” Indoor Led Display 7.2.2. Provision Of 10x Optical Zoom Video Conferencing Kit Camera 7.3. Ipbx System With Ip Phones The Winning Bidder Must Supply A Complete Working Ip Pbx System For At Least 100 Users. The Proposed System Must Be Compliant With The Following Specifications, At A Minimum: 7.3.1.1.1. Must Extend Voice And Video Features To Network Devices Such As Ip Phones, Telepresence Endpoints, Media-processing Devices, Gateways, And Multimedia Applications. 7.3.1.1.2. Must Be Able To Perform Multimedia Conferencing, Collaborative Contact Centers, And Interactive Multimedia Response Systems Through Open Telephony Apis. 7.3.1.1.3. Must Be Able To Provide Call Attendant With Tools That Quickly Accepts And Effectively Dispatch Incoming Calls To Individuals Across The Organization. 7.3.1.1.4. Must Be Able To Perform Calling, Meeting And Messaging. 7.3.1.1.5. Must Be Equipped With Instant Messaging Features. 7.3.1.1.6. Must Be Equipped With Convergence-based Communication Services To Listen To Messages In Hands-free Mode. 7.3.1.1.7. Must Be Able To Support Maximum Of 1000 Users. 7.3.1.1.8. Must Have 1000 Mailboxes And At Least 24 Voicemail Ports. 7.3.1.1.9. Must Support Up To 1200 Devices. 7.3.1.2. Ip Telephones (300 Units) 7.3.1.2.1. Equipped With Programmable Line Keys. 7.3.1.2.2. Must Have Fixed Function Keys That Allow One-touch Access To Service, Messaging, Directory, Hold/resume, Transfer, And Conference Features. 7.3.1.2.3. Must Have High-resolution Display. 7.3.1.2.4. Must Support Power-over- Ethernet (poe) Class 1 And Is Energy Star Certified 7.3.1.2.5. Equipped With Power Saving Option To Enable Power Consumption Reduction During Off-hours. 7.3.1.2.6. Equipped With Standard Wideband-capable Audio Handset And Connects Through An Rj-9 Port. 7.3.1.2.7. Equipped With Analog Headset Jack And Is Wideband-capable Rj- 9 Audio Port. 7.3.1.2.8. Must Support Backlit Indicators For Audio Path Keys (handset, Headset And Speakerphone), Select Key, Line Keys, And Message Waiting. 7.3.1.2.9. Must Be Equipped With A Fullduplex Speakerphone To Allow Flexibility In Placing And Receiving Calls. 7.3.1.2.10. Must Be Able To Mask The Audible Dual Tone Multifrequency (dtmf) Tones When The Speakerphone Mode Is Used. 7.3.1.3. Solution Should Include A Voice Gateway Solution. 7.4. Public Address And Voice Alarm System 1 Unit 7.4.1 Should Have A Distributed Control Device (dcs) That Is Integrated With Many Functions And Supports The Connection Via Ethernet. 7.4.2 Built-in 1g Memory To Store The Audio Such As Digital Voice Messages And The Alarm Tone Of The Emergency Broadcast Integrated Into The Fire Alarm System And Building Management. 7.8.3 Should Have A Fault Detection Function For The Broadcasting System That Can Automatically Examine The Host System, Power Amplifier, Power Source, And Communication, And Detect The Open Circuit, Short Circuit, And Grounding Fault To Generate The Fault Alarm And Log. 7.8.4 Should Have A Paging Microphone That Allows Users To Make Paging And Broadcast Search Notices By Zone. 7.8.5 Should Have A Broadcasting System That Has Its Own 1 Ppt Emergency Microphone, Which Could Be Used To Play Emergency Broadcasts And Evacuate The Crowds In Specific Zones. 7.8.6 Should Have System Standby Amplifiers. When The Main Amplifier Fails To Function, The Standby Amplifier Replaces It Automatically. After The Main Amplifier Recovers, The System Will Use It Instead Of The Standby Amplifier In An Automatic Way. 7.5. Warranties 7.5.1. Whenever Applicable, All Equipment, Devices, Software And Systems Must Have At Least 1 Year Warranty And Support Services.\ 7.6. Services Requirements 7.6.1. Testing And Commissioning 7.6.1.1. The Winning Bidder Shall Perform Testing And Commissioning Services Upon Completion Of All Required Installations As Defined In This Terms Of Reference. 7.6.1.2. All Testing To Be Performed Must Be Witnessed By Cnu Assigned Personnel To Ensure Transparency Of The Testing Results. 7.6.1.3. The Testing And Commissioning Shall Ensure The Workability Of The Systems On A Stand-alone And Integrated Perspectives. 7.6.1.4. The Winning Bidder Must Submit For Approval Testing Mops (method Of Procedures) Prior To Actual Testing. 7.6.1.5. The Testing And Commissioning Services Shall Serve As The Uat (user Acceptance Testing) Provided It Is Witnessed By Cnu’s Nominated Personnel. 7.6.1.6. In The Event Of Testing Failure, The Winning Bidder Is Required To Perform Rectification Works Not More Than 72 Hours From The Time The Failed Testing Is Witnessed Or Reported. In The Event That Parts, Units And/or Entire Device/s Are To Be Replaced Which May Take Longer Than 72 Hours, The Winning Bidder Is Required To Submit A Written Request Justifying The Extension Of The Prescribed Rectification Duration. 7.6.1.7. All Testing To Be Performed Must Be Within The Manufacturer Prescribed Testing Procedures Or Methods. 7.6.1.8. The Winning Bidder Must Submit A Testing Report. 7.6.2. Knowledge Transfer And Training 7.6.2.1. The Winning Bidder Must Conduct Appropriate Knowledge Transfer Or Training To All Supplied And Installed Equipment, Devices, Software, Systems And Platforms Prior To Handover. 7.6.2.2. Training Must Include Basic Operation Of The Equipment, Devices And/or Systems, Allowable Troubleshooting That Will Not Void The Warranties And Orientation On Support Requests. 7.6.2.3. The Training Sessions Can Be Face To Face Through Classroom Type Or Online/virtual Provided A Walk-through Of The Systems Are Made Possible (if Applicable). 7.6.3. As-built Plans 7.6.3.1. The Winning Bidder Is Required, As Part Of The Post Project Documentation, To Submit As-built Plans Which Will Reflect The Actual Design And Implementation Of Various Ict Infrastructure And Systems In A Form Of Diagrams And/or Layouts. 7.6.3.2. Whenever Applicable, The As-built Plans Must Be Signed By Licensed Engineer Of A Particular Trade. 7.7. Implementation Duration 7.7.1. From The Date Of Notice To Proceed (ntp), The Winning Bidder Has Three Hundred Sixty (360) Calendar Days To Deliver And Complete The Project. Completion Includes Formal Handover And Acceptance By Cnu. 7.7.2. Participating Bidders Must Include In Its Bid Submission A High-level Gantt Chart That Illustrates The Project Implementation Schedule Per Wbs. 7.8. Bidder Competency And Qualification Requirements 7.8.1. The Bid Submission Shall Be In Sufficient Detail To Show Compliance With The Specification And Shall Include The Following: 7.8.1.1. Statement Of Compliance, Or Otherwise, Against The Specification For The System Offered. 7.8.1.2. A Scaled Drawing Showing The Proposed Layout Of All The Equipment In The Proposed System. 7.8.1.3. A Detailed Technical Description Of The Proposed System, Including All The Equipment And Software Offered. 7.8.1.4. A Working Timeline Including The Periods Of Design And Manufacture, Delivery, Installation, Training, Site Acceptance Testing, And Commissioning. 7.8.1.5. A Description Of The Architectural, Mechanical, Electrical, And Other Data Center Facility-related Works. 7.8.1.6. Colored Brochures Of All Equipment Supplied Including Racks And Consoles. 7.8.2. The Participating Bidder Must Include The Following Certifications In Its Bid Submission: 7.8.2.1. Manufacturer’s / Distributor’s Certificate Or Manufacturer’s / Distributor’s Authorization From The Manufacturer Of The Data Center, Desktop, Laptop, Network, And Server That The Bidder Is An Authorized Dealer/reseller To Join The Bid And It Has Validated The Full Solution Of The Project. 7.8.2.2. The Certification Must State That The Manufacturer / Distributor Of The Server And Network, Through Its Local Office, Is Capable Of Providing Support For The Offered Solution Which Will Be Implemented In This Project. 7.8.2.3. The Certification Or Manufacturer’s / Distributor’s Authorization Must Be Issued By The Manufacturer’s Incountry (philippines) Office. In Cases Where The Manufacturer Has No Representative Office In The Philippines, The Bidder May Secure The Certification Or Manufacturer’s Authorization From The Manufacturer’s Regional Office Exercising Supervision Over All Activities In The Philippines. 7.8.3. Manufacturer’s / Distributor Certification For The Servers, Storage, Networking, And Desktop Computers: 7.8.3.1. Must Have In-country Spare Parts Warehouse. 7.8.3.2. Must Be An International Enterprise And Should Have More Than 10 Years Of Business Experience In The Philippines. 7.8.3.3. The Manufacturer / Distributor Must Have Certified Engineers. 7.8.4. Manufacturer’s / Distributor Certificate Stating That The Equipment Supplied Is Not Obsolete Or Shortly To Be Phased Out Of Production. 7.8.5. Warranty Certificates Of All Supplied Equipment And Devices, Stating The Warranty Coverage 7.8.6. The Bidder Should Have Iso 9001:2015 Quality Management Systems. In The Case Of A Joint Venture (jv), Each Of The Parties Forming The Jv Must Possess The Iso Certifications As Stated Herein. Total Php 1,000,000,000.00 Delivery Of The Goods Is Required Within Three (3) Calendar Day After Receipt Of Notice To Proceed. Bidders Should Have Completed, Within Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Cebu Normal University And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 30, 2024 To July 22, 2024 From The Given Address And Website(s) And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Seventy-five Thousand Pesos (₱ 75,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees If It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. 6. The Cebu Normal University Will Hold A Pre-bid Conference On July 8, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City On Or Before July 22, 2024 @ 1:00 P.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On July 22, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Cebu Normal University Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Ma. Jodelle C. Badilla Bac Secretariat Office Cebu Normal University Osmeña Boulevard, Cebu City 6000 Philippines Cnubacsec@gmail.com (+63 32) 254 1452 Local 141 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.philgeps.gov.ph Www.cnu.edu.ph June 28, 2024 Dr. Joseph Elvir C. Tubilan Bac Chairperson