Scanning Tenders

Details: Description Invitation To Bid For Procurement Of University Ict Modernization Development Program No. 24-06-167 1. The Cebu Normal University, Through The General Appropriations Act Of 2024 Intends To Apply The Sum Of One Billion Pesos (₽ 1,000,000,000.00) For The Procurement Of University Ict Modernization Development Program With Bid No. 24-06-167. Bids Received In Excess Of The Abc For Each Lot Shall Be Automatically Rejected At Bid Opening. 2. The Cebu Normal University Now Invites Bids For The Following Items Of The Above Rebidding For The Procurement Of University Ict Modernization Development Program Project. Unit Item Description Quantity Unit Cost Lot University Ict Modernization Development Program University Enterprise Resource Planning (erp) System 1 344,039,200.00 Human Resource Information System (hris) This Module Manages The Campus Staff Data, Including Recruitment, Payroll, And Billing. 1.1.1. Must Have The Following Modules: 1.1.1.1. Time Keeping Monitoring Modules 1.1.1.2. Automated Payroll System 1.1.1.3. Personnel Information System / Human Resource Information System. 1.1.1.4. Installation And Configuration Services 1.1.1.4.1. Application Installation 1.1.1.4.2. User Workflow Integration 1.1.1.4.3. Integration To Cnu Rdbms Database 1.1.1.4.4. Project Management Services 1.1.1.4.5. Capacity Building And Knowledge Transfer 1.1.1.4.5.1. The Winning Bidder Will Conduct User Training. 1.1.1.4.5.2. The Winning Bidder Will Perform A System Demo. 1.1.1.4.5.3. The Winning Bidder Will Perform System Flow Familiarity. Student Information System (sis) 1.2.1. System Features, Transactions, And Reports: 1.2.1.1. Must Have Tools To Enable Migration Of Existing Student Databases, Register New Students, Generate Adhoc Reports, Monitor And Manage Various Service Requests. 1.2.1.2. Must Contain Complete Student Information, Academic Data File, And Scanned Submitted Documents Of Students Converted Into Pdf. 1.2.1.3. Must Support Fast Generation Of Tor And Form 9 1.2.1.4. Must Be Capable Of Generating A List Of Candidates For Graduation, Scholarships, And Honors. 1.2.1.5. Must Be Able To Receive Approved Electronic Grades From Deans. 1.2.1.6. Must Be Able To Apply Tags To Documents Being Submitted By New Enrollees And Remind Students Of Missing Documents That Need To Be Submitted. 1.2.1.7. Must Have A Mobile Application That Will Enable Access To Online Services Relevant To The Students Such As Request For An Electronic Copy Of Grades, Request For Transcripts Of Records, Copies Of The Com, And Others To Be Determined By The University. 1.2.1.8. The Mobile Application Must Be Compatible With The Latest Versions Of Android And Ios Mobile Devices. 1.2.1.9. Must Have A Free Higher Education Application And Reports Generation System 1.2.1.10. Must Have A Reports Generation System (csc, Dbm, Ched And Other Government Reports) 1.2.1.11. Must Have An Online Verification System 1.2.1.12. Must Have An Electronic Issuance Of Transcript Of Records, Diploma, So, Certifications, Etc. 1.2.1.13. Must Have An Online Testing And Admission Scheduling System. 1.2.1.14. Must Have A Faculty Evaluation System. Financial Management System 1.3.1. Accounts Payable And Disbursements 1.3.1.1. Solution Must Allow Users To Set The Recognition Of Withholding Taxes Either Upon Recording Of Accounts Payable Or Upon Disbursement Depending On The Organization's Policy. 1.3.1.2. Solution Must Be Able To Record Payable Vouchers And Generate An Apv Form. The Payable Voucher Should Allow Users To Input The Supplier Invoice Number And Be Able To Retrieve And Automatically Populate The Details Of The Selected Receiving Report/s. 1.3.1.3. Solution Must Be Able To Record Payment Vouchers And Generate A Payment Voucher Form. The Payment Voucher Should Allow Users To Tag And Apply Payments To Specific Supplier Invoice/s Or Payable Voucher/s And Should Have Controls To Avoid Double Payment Of The Same Payable. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.1.4. Solution Must Be Able To Record Adjustments On Supplier Invoices And Accounts Payable Using A Debit Memo. The Debit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.1.5. Solution Must Allow Users To Monitor And Update The Status Of Checks Prepared Whether On-hand, Released, Cancelled, Or Stale. 1.3.1.6. Solution Must Be Able To Capture Details Of Receipts For Fund Replenishments, Reimbursements , And Liquidations. Users Should Also Be Able To Select The Appropriate Gl Account For The Receipt And Generate The Corresponding Accounting Entries. 1.3.2. Revenues And Collections 1.3.2.1. Solution Must Have Complete List Of Customer's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.2.2. Solution Must Be Able To Group Customers Up To Two Levels As Needed By The Organization. 1.3.2.3. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Sales Orders, Invoice, And Collection Transactions), System Reports, And Master Tables 1.3.2.4. Solution Must Be Able To Record Customer Orders And Generate An Order Form. The Customer Order Must Capture Essential Information Such As: Customer Details, Customer Po Number, Order Type (goods Or Services), Delivery Information, And Item Details 1.3.2.5. Solution Must Be Able To Record Invoice Or Billing Statement And Generate The Corresponding Forms. The Invoice Or Billing Statement Should Automatically Populate The Details From Approved Customer Order/s. Accounting Entries Should Automatically Be Generated Based On The Default Entry Setup. 1.3.2.6. Solution Must Be Able To Record Adjustments On Invoices And Accounts Receivable Using A Credit Memo. The Credit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.2.7. Solution Must Be Able To Record Receivable Collections And Generate An Official Receipt Or Ancai. The Collection Should Allow Users To Tag And Apply The Customer Payments To The Intended Sales Invoice/s Or Billing Statement/s With Controls To Avoid Double Tagging Of Collections. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.2.8. Solution Must Allow Users To Record Cash And Collection Deposits And Generate The Corresponding Accounting Entries To Recognize The Proper Cash In Bank Account. 1.3.2.9. Solution Must Be Able To Generate A Report That Shows Statement Of Account And Accounts Receivable Aging In A Given Period. The Aging Report Should Allow Users To Define Whether The Report Is Based On Transaction Date Or Due Date As Well As The Aging Parameters (weekly, Monthly, Custom Defined Aging). 1.3.2.10. Solution Must Be Able To Generate A Report That Shows The Receivable Ledger Per Customer Group Or Specific Customer In A Given Period. 1.3.2.11. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Collections In A Given Period. 1.3.2.12. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Cash And Check Deposits In A Given Period As Well As Undeposited Cash And Collections. 1.3.3. Inventory Module 1.3.3.1. Solution Must Allow The Setup Of Item Groups And Item Details For Goods, Fixed Assets And Consumables Including Safety Stock Levels And Reorder Point. 1.3.3.2. Solution Must Allow The Setup Of Unit Of Measure For Sales And Purchases. 1.3.3.3. Solution Must Allow The Creation Of Unit Of Measure (um) Conversion Table Where The User Can Define The Conversion Rate From One Um To Another. 1.3.3.4. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Receiving, Issuance And Transfer Transactions), System Reports, And Master Tables. 1.3.3.5. Solution Must Be Able To Create Delivery Receipts And Generate A Dr Form. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.6. Solution Must Allow Users To Record Items Returned To Suppliers. Purchase Return Should Automatically Populate Details From The Approved Purchase Order And Allow Users To Select The Items Returned. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.7. Solution Must Be Able To Record Stock Issuance And Generate A Material Issuance Form. The Material Issuance Can Be Issued To A Requesting Department And Should Capture Details On The Requestor And The Items Issued. 1.3.3.8. Solution Must Be Able To Record Incoming And Outgoing Transfer Of Items Between The Organization's Warehouse. 1.3.4. Property And Fixed Assets 1.3.4.1. Solution Must Have A Complete List Of Fixed Assets Details. Details Include The Asset Group, Technical Specifications, Useful Life, Serial Number, And Issuance Status. 1.3.4.2. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Asset Acquisition, Issuance, And Asset Disposal Transactions), System Reports, And Master Tables 1.3.4.3. Solution Must Allow Users To Record The Purchase Details Of Acquired Assets. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.4. Solution Must Allow The Issuance Of Fixed Assets To The Requesting Department And Authorized User Of The Asset. The Solution Should Be Able To Record The Details Of The Issuance As Well As Tag The Physical Location Of Assets Issued. 1.3.4.5. Solution Must Automatically Calculate The Monthly Depreciation And Net Book Value Of The Asset Using Straight-line Method Over The Asset's Remaining Useful Life. Accounting Entries For Depreciation Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.6. Solution Must Allow Users To Record The Repair Of Fixed Assets And Automatically Calculate The Depreciation For Capitalized Major Repairs. 1.3.4.7. Solution Must Allow Users To Record The Disposal Of Fixed Assets And Remove It From The List Of Active Assets Available For Issuance. Accounting Entries For The Disposal Of Fixed Assets Should Be Automatically Generated Based On The Default Entry Setup. 1.3.5. Government Budget 1.3.5.1. The Solution Must Be Able To Allow The Setup Of Responsible Signatories For Approval Of Budget. 1.3.5.2. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.3. Solution Must Be Able To Classify Budget Transactions To Personnel Services, Maintenance And Other Operating Expenses, Capital Outlay, And Financial Expenses 1.3.5.4. Solution Must Allow Setup Of Notice Of Cash Allocation As Transaction Limits. 1.3.5.5. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Budget Realignment, Budget Earmark, And Obligation Request Transactions), System Reports, And Master Tables 1.3.5.6. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.7. Solution Should Only Allow Transactions To Proceed Based On Approved Budget. Budget Review And Approval Should Apply To Earmarking For Purchase Requests, And Obligation Requests For Purchase Orders. 1.3.5.8. Solution Must Be Create A Request For Fund Appropriation By Requesting Department And Generate An Rfa Form. The Rfa Should Be Able To Capture Information On The Requestor, Department, Priority, And Purpose Of The Appropriation. 1.3.5.9. Solution Must Be Able To Reclassify Approved Budget From One Expense Item To Another Within The Same Budget Classification. 1.3.6. General Ledger And Accounting 1.3.6.1. Solution Must Be Able To Create Chart Of Accounts For Balance Sheet And Profit And Loss Statement. The Chart Of Accounts Can Be Grouped Up To Three Levels To Allow Drill Down Of Accounts When Reporting. 1.3.6.2. Solution Must Be Able Allow Creation Of Books Of Accounts Which Will Contain The Accounting Entries From Transactions. The Books Of Accounts Should Be Classified Into The General Ledger Book, Disbursement Book, Cash Receipts Book, Sales Book And Purchases Books. 1.3.6.3. Solution Must Allow Users To Format The Summarized And Detailed Reports For The Balance Sheet And Profit And Loss Statement 1.3.6.4. Solution Must Allow Users To Setup Multiple Dimensions For Income And Expense Accounts For More Detailed Reporting. Up To Four Dimensions Can Be Created Which Are: Profit Center Or Cost Center, Revenue Type, Principal Or Major Customer Type, And Location. 1.3.6.5. Solution Must Allow The Creation Of Multiple Currencies And Setup The Conversion Rate For Functional And Reporting Currency. 1.3.6.6. Solution Must Allow Creation Of Subsidiary Ledgers For Customers, Suppliers, Employees, And Others As Defined By The User. 1.3.6.7. Solution Must Allow Setup Of Various Tax Codes And Tax Rates For Vat, Creditable Withholding Taxes, And Expanded Withholding Taxes 1.3.6.8. Solution Must Allow Users To Enter The Amounts Which Will Be Set As The Beginning Balance For Each Account. 1.3.6.9. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Journal Entries), System Reports, And Master Tables 1.3.6.10. Solution Must Allow Users To Record Journal Entries To Record Transactions That Are Not From The Other Modules Such As Adjustments And Reclassification Entries. Journal Entries Should Allow The User To Select The Proper Books Of Account Where The Entry Is Recorded And Should Have Controls To Check The Balance Of Total Debit And Credit Accounts. 1.3.6.11. Solution Must Be Capable Of Month-end And Year-end Process To Close Transactions And Proceed To The Next Control Period. 1.3.7. Set-up And Application Manager 1.3.7.1. Solution Must Allow The Setup Of The Details Of The Organization Such As Tin, Address, Contact Details, Tax Settings, Transaction Currency. 1.3.7.2. Solution Should Allow The Creation Of Various Users Of The Accounting System. 1.3.7.3. Solution Must Allow Admin To Define And Control User Access So That Only Authorized Users Will Be Able To Access Specific Modules, Transact, Approve And Generate Reports. Users Can View, Add, Delete (if Not Yet Posted), Print, Or Approve Transactions. 1.3.7.4. Solution Must Allow Setting Up The Forms Used For Various Activities Including Transaction Number Or Document Series For The Forms Such As: Purchase Orders, Customer Orders, Invoice, Receipts, Payable Voucher, Etc. The System Can Automatically Generate The Succeeding Document Numbers During Transaction Entry. 1.3.7.5. Solution Must Allow Setting Up Forms To Be Used In The Various Transactions, Including The Preparers, Reviewers And Approvers Of Said Forms. 1.3.7.6. Solution Must Allow Setting Up Appropriate Department Of The Organization Which Will Be Used In Various Transactions. 1.3.7.7. Solution Must Allow The Setting Up Appropriate Fiscal Or Calendar Year Of The Organization. 1.3.7.8. Solution Must Have Control Checks To Allow Transactions To Proceed To The Next Activity Only When It Is Approved And Posted. Only Posted Transactions Will Appear In The System Reports. 1.3.7.9. Solution Must Allow Users To Perform Batch Approval Or Posting Of Transactions. 1.3.7.10. Solution Must Have Control Checks To Prevent Multiple Logins, And Failed Login Attempts From The Same Account. System Should Also Perform Automatic Logout For Idle Accounts. 1.3.7.11. Solution Must Be Able To Generate Reports That Shows User Access To The Various System Modules, Their Activities, And The Movement Of All Transactions. 1.3.8. Procurement Management System 1.3.8.1. The Solution Must Have A Complete Procurement Module That Can Capture Detailed Information From Purchase Requisition, Purchase Order, And Receiving 1.3.8.1.1. Module Setup - The Solution Must Have The Following Management And Setup Controls: 1.3.8.1.1.1. Solution Must Have Complete List Of Supplier's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.8.1.1.2. Solution Must Be Able To Group Suppliers Up To Two Levels As Needed By The Organization. 1.3.8.2. Transaction Activities - Solution Must Be Capable Of The Following Transactions: 1.3.8.2.1. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Purchase Request, Purchase Orders And Receiving Transactions), System Reports, And Master Tables 1.3.8.2.2. Solution Must Be Able To Record Purchase Requests And Generate A Pr Form. The Purchase Request Must Capture Essential Information Such As: Requestor, Purchase Type (goods, Services, Capital Expenses, Consumables), Date Needed, And The Item Details And Quantity. 1.3.8.2.3. Solution Must Allow Users To Create Requests For Quotation To Invite Suppliers Into A Bidding Process For The Requested Items. 1.3.8.2.4. Solution Must Be Able To Present Details Of Canvass To Aid In Decision Making For Purchases. 1.3.8.2.5. Solution Must Be Able To Record Purchase Orders And Generate A Po Form. The Purchase Order Should Be Able To Retrieve And Automatically Populate The Details Of Approved Purchase Requests And Capture Essential Information Such As: Supplier Details, Purchase Type, Chargeable Department, And Delivery Info. The Purchase Order Should Allow Users To Select The Vat Class Of Each Item (vatable/exempt) And Automatically Calculate The Vat For Each Item If Applicable. 1.3.8.2.6. Solution Must Have A Functionality To Adjust The Amount And Quantity Of The Purchase Order. 1.3.8.3. Generated Reports - The Solution Must Have The Following System Generated Reports: 1.3.8.3.1. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Request In A Given Period 1.3.8.3.2. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Order In A Given Period 1.3.8.3.3. The Solution Must Be Able To Generate A Report That Shows Purchase Requests That Are Unserved, Partially Served Or Fully Served 1.3.8.3.4. The Solution Must Be Able To Generate A Report That Shows Purchase Orders That Are Unserved, Partially Served Or Fully Served. Records Management System 1.4.1.1. Document Versioning: Able To Store Many Versions Of The Same Document, Download Or Revert To A Previous Version. 1.4.1.2. Digital Signatures: Check The Authenticity Of Documents By Verifying Their Embedded Cryptographic Signatures Or Upload Detached Signatures For Document Signed After They Were Stored. 1.4.1.3. Signature Captures: Capable Of Digital Recording Of Handwritten Signatures And Able To Be Used For Business Transactions And Remote Contract Signing. 1.4.1.4. Multiple Sources: Local File Or Server-side File Uploads, Multifunctional Copier, Or Even Via Email 1.4.1.5. Advanced Access Control: 1.4.1.5.1. Role Based Access Control. Able To Create An Unlimited Amount Of Different Roles Not Being Restricted To The Traditional Administrator, Operator, Guest Paradigm. 1.4.1.5.2. With Permission For Every Atomic Operation Performed By Users 1.4.1.6. Previews For Multiple File Formats: Provides Image Preview Generation For Many Popular File Formats. 1.4.1.7. Full Text Searching: Documents Can Be Searched By Its Text Content, Metadata Or Any Other File Attributes Such As Name, Extension, Etc. Multiple Search Engines Must Be Supported. 1.4.1.8. Configurable Document Grouping: Automatic Linking Of Documents Based On Metadata Values Or Document Properties. 1.4.1.9. Workflows: 1.4.1.9.1. Keep Track Of The State Of Documents, Along With The Log Of The Previous State Changes 1.4.1.9.2. Use The Workflow Engine To Automate Business Processes By Executing System Actions. 1.4.1.9.3. Trigger External Processes Using The Workflow. Execute Actions In Other Systems When A Document Hits A Specific State For Complete Business Automation. 1.4.1.9.4. Comply With Regulations Using Automatic State Expiration And Workflow Escalation. 1.4.1.10. Non-destructive Page Mapping: Change The Order Of The Pages Of The Files Uploaded To A Document Or Disable Them To Remove From View. Pages From Multiple Document Files Can Also Be Joined Or Appended To Create Multiple Document Versions From The Same Set Of Files. 1.4.1.11. Complete Event Tracking System: 1.4.1.11.1. Every Action Performed In The System Must Be Recorded For Audit Trail Purposes. 1.4.1.11.2. Users And Other Applications Can Subscribe To Events To Perform Actions Or Provide Notifications. 1.4.1.12. Deployable In Multiple Different Environments, Vendors, Hardware: 1.4.1.12.1. Able To Do A Direct Installation For Maximum Control And Performance 1.4.1.12.2. Use The Official Docker Image For Easier Installation And Scalability. 1.4.1.12.3. Deployable To A Virtual Machine, Direct Hardware, Public Cloud, Private Cloud, Or A Single Board Computer 1.4.2. 2 Units Document Scanner 1.4.2.1. Proposed Throughput Speed Must Have 50 Ppm / 100ppm. 1.4.2.2. Proposed Feeder Capacity Must Be Up To 80 Sheets Of 80 G/m Paper. 1.4.2.3. Proposed Maximum Document Size Must Be 216 Mm X 3,000 Mm. 1.4.2.4. Proposed Minimum Document Size Must Be 52 Mm X 52 Mm 1.4.2.5. Proposed Maximum Optical Resolution Must Have 600 Dpi. Asset Management System 1.5.1.1.1. Unique Asset Tag That Is Assigned To An Asset For The Purpose Of Tracking And Managing Throughout Its Lifecycle. It Must Consist Of A Barcode Or A Serial Number That Is Affixed To The Asset, And Allows Accurate Identification And Location Of The Asset, Track Its Maintenance And Repair History, Assign Ownership And Monitor Depreciation. 1.5.1.1.2. Search Engine For Locating Assets Within An Inventory Or Database. This Can Involve Searching For Assets Based On Various Criteria, Such As Location, Type, Condition, Or Other Attributes Such As Assignee, Barcode Or Serial Number. 1.5.1.1.3. Asset Check In/out Which Serves As A Check List Of Asset/s That Need To Be Accepted Or Released From Possession. It Should Be On Real Time Release And Acceptance With The Option To Attach Photos Or Videos. 1.5.1.1.4. Asset Status That Provides Information On Current Status Such As Accepted, Released, Current Location And Other Status Like Maintenance And Assigned Technician. 1.5.1.1.5. Sends Notifications Of The Status Of An Asset If Accepted, Released, Under Maintenance Or In Transit. 1.5.1.2. Administrator Settings That Provide The Following Functionalities: 1.5.1.2.1. Branding Functionality That Provides Distinctive Name, Logo, Symbol, Or Design To Differentiate Cnu’s Asset Management Services 1.5.1.2.2. Security Features That Provide User Authentication And Access Controls To Authorized Users To Access Sensitive Information Or Make Changes To Asset Records. Option Includes Two Factor Authentication 1.5.1.2.3. Groupings Functionality That Defines And Assigns Groups Within Cnu Such As Finance, Supply Office, Etc. That Will Help Define And Narrow Down Searches And Assignments Of Assets. 1.5.1.2.4. Localization That Defines And Assigns Personnel, Users, Administrator, Groups And Assets Within The Campus To Certain Areas Or Places. 1.5.1.2.5. Notification Feature For Automated Alerts Or Messages To Notify Users Of Events Or Activities Related To The Assets. This Must Include Alerts For Maintenance And Repairs, Asset Checkouts Or Returns, Or Changes To Asset Records. Notifications Can Be Sent Via Email, In-app Notification And Other Messaging Channels Such As Chatbots. 1.5.1.2.6. Qr Code Generation And Assignment To Assets. 1.5.1.2.7. Asset Labeling Feature That Generates Qr And Barcodes For Labelling Of Assets. 1.5.1.2.8. Grouping Of Assets Based On Common Characteristics Or Attributes. Asset Categories Shall Be Used To Organize Assets Into Logical Groupings To Simplify Asset Tracking And Management. 1.5.1.3. User Management Functionality That Provides The Following: 1.5.1.3.1. Rights And Permission For Assignment Of Rights, Permissions And Responsibilities Such As Administrators And Users 1.5.1.3.2. Manual Or Automatic Creation And Removal Of Users That Can Be Triggered By The Hr Application System Through Automatic Notification Of New, Resigned And/or Retired Employees. 1.5.1.4. Asset Management Sub-modules Capable Of The Following: 1.5.1.4.1. Dynamic Fields That Are Highly Customizable To Be Added Or Removed From An Asset Record Based On The Specific Needs Of Cnu, Type Or Category Of An Asset. These Fields Are To Be Used To Capture Additional Information Or Data Points That Are Not Included In The Standard Asset Record Or To Tailor The Asset Record To The Specific Requirements Of Cnu. 1.5.1.4.2. Generates A Checklist For Acceptance Or Release Of An Asset That Will Be Shown On The Dashboards Of The User And Assigner. 1.5.1.4.3. Provides The Users The Capability To Request For Equipment, Office Supplies Or Even Vehicle Service For Use On Certain Occasions. 1.5.1.4.4. Migration Of Assets From Flat File Or Excel File. 1.5.1.4.5. Inventory Status That Provides Stakeholders, Administrator, Users And Requester Of The Current Inventory Of Assets Such As But Not Limited To Office Supplies, Fuel, And Other Pertinent Assets Of Cnu. 1.5.1.4.6. Low Inventory Notification That Allows Cnu To Be Automatically Notified Of Low Inventory On A Threshold Previously Set. 1.5.1.4.7. Asset Assignment Feature That Assigns An Asset To A Specific User Or Location Within Cnu. This Is Done To Track The Person Responsible For The Asset, Asset Location, And How It Is Being Used Through The Use Of Qr Code And Or Barcode Labels. Once An Asset Is Assigned, The Asset Management Software Must Be Able To Track The Asset's Location, Usage History And Maintenance Records. It Should Be Able To Provide Alerts Or Notifications When The Asset Is Due For Maintenance, Repair, Or Replacement. 1.5.1.4.8. License Management Feature That Assigns, Tracks And Records The Number Of Sw Licenses And Its Usage Within Cnu. 1.5.1.4.9. In-app Notification With Secondary Notification Through Email Alerts. 1.5.1.4.10. Mobile Application Feature That Will Enable Access To The Asset Management System Anytime, Anywhere. 1.5.1.5. Single Sign-on 1.5.1.5.1. Must Be An Add-on To The Cms System So Sso And User Rights/roles Are Incorporated Within The Existing User Base. 1.5.1.5.2. Authentication Must Be Through The Sso Of The Cms 1.5.1.6. The Winning Bidder Must Provide Two (2) Units Of Barcode Printers, Two (2) Handheld Scanners And Consumables. 1.5.1.7. The Winning Bidder Shall Perform Pre-functional Testing And User Acceptance Testing Upon Completion Of Its Installation, To Be Witnessed By Cnu Nominated Personnel. Consolidated University & Student Portal 1.6.3.1. Design, Development And Customization Of Faculty And Student Portal 1.6.3.2. Consolidated University & Student Portal Technical Requirements 1.6.3.2.1. Portal Services 1.6.3.2.1.1. Must Support At Most Ten Thousand (10,000) User Identities. 1.6.3.2.1.2. Must Provide User Logins With Appropriate Authentication. 1.6.3.2.1.3. Must Provide ‘forgot Password’ Facility. 1.6.3.2.1.4. Must Provide ‘change Password’ Facility. 1.6.3.2.1.5. Must Have Administration Functionalities Such As: 1.6.3.2.1.5.1. User Management 1.6.3.2.1.5.2. Role Management 1.6.3.2.1.5.3. Announcements 1.6.3.2.2. Development Of Frequently Asked Questions (faqs) 1.6.3.2.2.1. Create Faqs 1.6.3.2.2.2. Read Faqs 1.6.3.2.2.3. Update Faqs 1.6.3.2.2.4. Delete Faqs 1.6.3.2.2.5. List Faqs 1.6.3.2.3. Route Configuration 1.6.3.2.3.1. Route Creation 1.6.3.2.3.1.1. Redirection Link 1.6.3.2.3.1.2. Redirection Logo 1.6.3.2.3.1.3. User Role Assignment 1.6.3.2.3.1.4. Active / Inactive Route 1.6.3.2.3.2. Update Route 1.6.3.2.3.3. Delete Route 1.6.3.2.3.4. List Route 1.6.4. Dashboard Development 1.6.4.1. The Dashboard Must Provide Route Display And Redirection For At Most Four (4) Applications. 1.6.4.2. From The User Dashboard, A Link Must Be Provided To Route The User To A Particular Application. The Requirement Is A Routing Link And So No Application Development Or Application Side Configuration Is Part Of The Portal Requirement. Unified Database Platform 1.7.1.1. It Shall Be Cloud Agnostic And Cloud-native And Can Support Deployments In Bare Metal, Vms, Or Kubernetes Both In On Premise Infrastructure As Well As Cloud For At Least The Following Options: 1.7.1.1.1. Baremetal 1.7.1.1.2. Vmware Vsphere 1.7.1.1.3. Aws 1.7.1.1.4. Google Cloud Platform 1.7.1.1.5. Microsoft Azure 1.7.1.2. It Shall Synchronize The Data Across Multiple Sites And Support Multiple Advanced Replication Architecture. 1.7.1.3. It Must Be Deployed In An Active-active Manner To Ensure Minimal Disruption To Services And Can Withstand The Following Failure Scenarios Depending On The Deployment Topology: Virtual Machine Failure, Container/kubernetes Node Failure, Availability Zone Failure, Region Failure. 1.7.1.4. It Shall Support Both The Sql And Nosql Apis’ Under A Common Storage Substrate To Address Current And Future Use Cases. 1.7.1.5. It Shall Enable Client Applications To Auto- Discover Cluster Nodes And Cluster Topology Using An Application- Friendly Library. 1.7.1.6. It Shall Support A Single Synchronous Cluster Stretched Across Multiple Az’s/regions/clouds, And Support Multiple Advanced Replication Architectures For The Resiliency Of The System. 1.7.1.7. Shall Horizontally Scale Out/in/up/down With Minimal To No Business Disruptions. 1.7.1.8. Shall Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.1.9. It Shall Support Distributed Acid And Transactions With Strong Data Consistency. 1.7.1.10. One (1) Year Of Enterprise Support For Production And Non-production. 1.7.1.11. It Shall Provide The Ability To Increase Computing Capacity Linearly By Adding New Nodes To The Existing Database System With No Downtime. 1.7.1.12. It Shall Support Data Replication Between Two Isolated Instances To Support Application-level Active-active Deployments. 1.7.1.13. The Proposed Solution Shall Enhance The Primary Cluster Capability With Additional Read-replica Nodes To Facilitate Reads Closer To The Customer Base. 1.7.1.14. The Proposed Solution Shall Support Data Affinity To Comply With Country/region-specific Regulatory/compliance Requirements. 1.7.1.15. The Proposed Solution Shall Support Encryption In Transit And Rest To Have A Strong Security Posture. 1.7.1.16. The Proposed Solution Shall Be Able To Provision And Manage In A Fully Air-gapped Environment. 1.7.1.17. The Proposed Solution Shall Support Region/zone/cloud Affinity To Define Different Data Serving Topologies To Keep The Data Serving Nodes Closer To The User Base. 1.7.2. Other Requirements: 1.7.2.1. The Proposed Solution Must Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.2.2. The Proposed Solution Must Have Cdc Capability To Generate Events On Data Change. 1.7.2.3. The Proposed Solution Must Have Api For Management Automation. 1.7.2.4. The Proposed Solution Must Support Advanced Sql Features Like Stored Procedures, Foreign Keys, Triggers, Json Support (filtering, Constraints, And Projections) To Support Current And Future Use Cases. 1.7.2.5. Must Have The Following Services: 1.7.2.5.1. Ssl/dns Configuration - Must Be Able To Install And Configure Ssl Certificates And Assist In The Configuration Of Dns. 1.7.2.5.2. Workflow Integration - Ability To Define Different Approval Process In The Workflow Engine. 1.7.2.5.3. Database Migration - Must Be Able To Migrate All Existing Electronic Data To The New Database. Ict Infrastructure Requirements 1 22,236,484.00 2.1. Supply And Installation Of 48-core Single Mode Os2 Fiber Optic Cable That Will Link Select Buildings To The Data Center. The Backbone Will Serve As The Network Gateway Throughout The Campus. 2.2. 1gbps Direct Internet Access 2.2.1. The Winning Bidder Must Provide A 1gbps Direct Internet Access 2.2.2. The Winning Vendor Must Initiate A Service Application (service Subscription) And Activation From An Internet Service Provider (isp) That Is Capable Of Delivering Internet Service Through A Fiber Optic Cable (foc) Backbone. The University Shall Be The Subscription Account Owner. Centralized Security Operations Center 1 246,115,477.00 The Solution Must Be A Cloud-native Security Operation Platform With Built-in And Fully Integrated (single Interface/management) Next-generation Ngsiem, Ueba, Ndr, Fim, Sanboxing, And Soar Capabilities, As Well As Open Integration To Existing Security Stacks And Future Security Tools, To Automate Cybersecurity Threat Detection, Investigation, And Response Across The Entire Attack Surface. 3.1. Xdr 3.1.1. The Solution Must Be Soc 2 Type 2 Certified 3.1.2. The Solution Must Have Ng-siem Natively To Provide A Centralized Location For Gathering And Organizing Data From Any Existing Security Control, It, And Productivity Tool Using Pre-built Integrations That Are Easy To Use And Do Not Incur Additional Costs For Integrating New Security Tools. 3.1.3. The Solution Must Have Ndr Natively Built-in To Provide Visibility Into Threats At The Network Layer To Stop Attacks Faster To Limit Potential Damage. 3.1.4. The Solution Must Include Ueba Natively To Analyze Traffic And Produce Security Status And Event Information On Individual Users, As Well As Monitor Network Assets And Analyze Their Behavior To Detect Threats. 3.1.5. The Solution Must Include File Integrity Monitoring To Track Changes To Specified Files And Directories, Such As File Changes, File Creations, And File Deletions. 3.1.6. The Solution Must Have Sandbox Built-in Capable Of Detecting Reassembled Files Over The Wire That, If Found To Be Malicious, Will Actively Detonate In A Malware Sandbox To Detect Novel Threats. 3.1.7. The Solution Must Be Able To Collect Data Without Limiting The Type And Number Of Devices To Collect From. 3.1.8. The Software Solution Must Be Scalable And Capable To Accommodate Minimum Of 100gb Data. 3.1.9. The Solution Must Have Native Sensors That Can Be Delivered On-premises As A Purpose-built Appliance, A Virtual Appliance (vmware, Microsoft Hyper-v, Or Kvm), Or In The Cloud, Such As Aws, Azure, Google Cloud Platform, Or Oracle Cloud Infrastructure. 3.1.10. The Solution's Native Sensor Must Be Prepackaged With Network Ids, Deep Packet Inspection, And Malware Sandbox Functionality. 3.1.11. The Solution Must Integrate Threat Intelligence And Telemetry Data From Multiple Sources With Security Analytics To Contextualize And Correlate Security Alerts. 3.1.12. The Solution Must Have Soar Built-in To Provide Both Manual And Automated Response To Cyber Threats Using Pre-defined Playbooks And Pre-built Integrations To Security, It, And Productivity Products, Ensuring Identified Threats Are Mitigated Appropriately And Consistently. 3.1.13. The Solution Must Be Able To Automatically Generate Novel Alerts Based On Input Data Sources Without Requiring The Manual Creation Of Rules, Such As Finding Anomalous Patterns Based On Parent-child Process Relationships, Unusual Application Connections Or Usage, Unusually High User Command Execution Rates, And Unusually High Numbers Of Connections To Non-standard Ports For An Application. 3.1.14. The Solution Must Automatically Integrate Its Own Threat Intelligence Platform (tip) Into Its Architecture For Data Enrichment In Order To Rapidly Identify Attack Paths And Previous Interactions With Known Bad Actors, Increasing Threat Detection Accuracy While Decreasing Response Time. 3.1.15. The Solution Must Be Capable Of Catching, Extracting, And Reassembling Malware That Travels Through The Network Via Http, Ftp, Smb, And Smtp. 3.1.16. The Solution Must Be Capable Of Forwarding Malicious Files To An External Https Server. 3.1.17. The Solution Must Be Able To Translate An Ip Address Into A Geographical Location Or Reputation. 3.1.18. The Solution Must Be Able To Override The Geolocation Gathered From Geolocation Databases By Manually Defining The Geolocation Associated With Specified Ip Addresses. 3.1.19. The Solution Must Have An Aggregator That Can Be Deployed As A Virtual Appliance And Act As A Proxy To Forward Traffic From Other Sensors To The Central Data Repository. 3.1.20. The Solution Must Support Geo Location Public Ip Look Up 3.1.21. The Solution Must Have Reputation-based Threat Intelligence That Automatically Enriches Network Data And Logs During Real-time Ingestion To Add Context To The Data, Thereby Improving The Analyst's Threat Detection, Investigation, And Hunting. 3.1.22. The Solution Must Be Able To Cut Through The Noise Of An Overwhelming Volume Of Alerts By Automating Both Threat Detection (via Ai And Machine Learning) And Response (via Automated Threat Hunting). 3.1.23. The Solution Must Have Integrated Threats, Incident And Compliance Management. 3.1.24. The Solution Must Be Capable Of Constructing A Meaningful Security Context By Utilizing Machine Learning To Determine The Strength Of The Link Between An Alert And A Potential Incident By Employing Multiple Security Artifacts Such As Shared Entities (assets Or Users), Properties (hashes Or Urls), And Time. 3.1.25. The Solution Must Automatically Monitor For Known Bad Events, And Use Sophisticated Correlation Via Search, To Find Known Risk Patterns Such Brute Force Attacks, Data Leakage And Even Application-level Fraud. 3.1.26. The Solution Must Be Able To Detect Compromised Hosts Associated With Advanced Threats And Malware Infections 3.1.27. The Solution Must Be Able To Find Activities And Events Associated With Successful Attacks And Malware Infections 3.1.28. The Solution Must Issue Alert Upon Detection Of Blacklisted External Ip 3.1.29. The Solution Must Be Fully Customizable When Creating Warning Or Alarms For High Risks Events 3.1.30. The Solution Must Support Authentication Authorization Accounting (aaa). 3.1.31. The Solution Must Use Machine Learning Based Detections. Please Provide Some Use Cases And Evidence That The App Is Using Machine Learning Based Algorithms 3.1.32. The Solution Should Include Unsupervised Machine Learning Detection Model That Predicts Current Behavior Based On The Historical Distribution Of A Given Detection Parameter (host, User, Source Ip Address, Etc). 3.1.33. The Solution Should Include An Unsupervised Machine Learning Detection Model That Learns Steady Population Statistics From The Past Peer Data And Looks For Irregularities That Deviate From Typical Behavior Over Time. 3.1.34. The Solution Should Include An Unsupervised Machine Learning Detection Model That Examines Whether The Presence Of A Given Detection Parameter Has Appeared In The Last Number Of Days Or Not. 3.1.35. The Solution Should Include A Supervised Classification Model That Uses A Set Of Indicators To Determine A Decision Boundary Between Normal And Suspicious Data Points. 3.1.36. The Solution Must Provide An Api With The Following Capabilities: 3.1.36.1. Retrieve Detailed Collector Information 3.1.36.2. Retrieve Detailed Incident Information 3.1.36.3. Update Incident Detail 3.1.36.4. Next-generation Siem 3.1.37. The Solution Must Ensure That Security Incidents Are Accessible And Searchable Within Twelve (12) Months. As Needed, Evidence From Security Incidents Is Made Available For Historical Analysis. 3.1.38. The Solution Must Be Capable To Collect Different Types Of Metadata (e.g., Logs, Security Events, Network Flows, Among Others) From Data Sources And Shall Include Log Compression And Industry Standard Encryption At Rest And In Transit To Ensure Security Of Captured Data From Disclosure To Disinterested Parties. 3.1.39. The Solution Must Automatically Normalize And Enrich Data From Any Source With Context Such As Threat Intelligence, User Details, Device Information, Geographical Location To Enable Detailed, Extensible Data Analytics. 3.1.40. The Solution Must Be Capable Of Collecting And Normalizing Server Logs, Network Packets, Server Process Data, File Data, And Threat Intelligence Data Into Json-formatted Records. 3.1.41. The Solution Must Include An Alert Statistics Dashboard That Allows Analysts To Quickly Examine Any Discovered Alerts At A Glance, Such As: 3.1.41.1. Graph Of Critical Vs. Total Alert Status 3.1.41.2. Show The Open Vs. Total Alert Graph. 3.1.41.3. Show The Alert Trend. 3.1.41.4. The Solution Must Be Capable Of Ingesting Tls Encrypted Syslog And Syslog-ng Logs. 3.1.42. The Solution Must Have A Sensor That Can Be Deployed As An Agent In Windows Servers (windows Server 2008 R2, 2012, 2016, And 2019) To Collect Event Data Related To The Following: 3.1.42.1. Hardware 3.1.42.2. Security 3.1.42.3. System 3.1.42.4. Windows Firewall 3.1.42.5. Windows Defender 3.1.42.6. Windows Powershell 3.1.43. The Solution Must Be Able To Integrate With Domain Controllers In Order To Enrich Data Collected With The Relationship Between Users And Ip Addresses. 3.1.44. The Solution Must Be Able To Integrate With A Dhcp Server To Determine The Relationship Between Hostnames And Ip Addresses And Track Devices When The Ip Address Changes. 3.1.45. The Solution Must Be Able To Ingest Windows Sysmon Events. 3.1.46. The Solution Must Be Able To Correlate Traffic, Processes, Users, And Commands In Order To Detect Security, Ddos, And Breach Attempts. 3.1.47. The Solution Must Have A Collector That Can Be Deployed As An Agent In Linux Servers (rhel, Centos, Debian, Ubuntu, Amazon Linux, Oracle Linux, Suse Linux) To Monitor And Capture The Following Information: 3.1.47.1. Process Info. 3.1.47.2. Command Execution. 3.1.47.3. Files. 3.1.47.4. File Events. 3.1.48. The Solution Must Include A Tool For Finding And Visualizing Correlations Between Events. 3.1.49. The Solution Must Have A Visual Tool For Focusing In On A Single Entity (host, Ip, Url, Or User) In A Security Event And Viewing Its Relationship To Other Entities. 3.1.50. The Solution Must Include Out-of-the-box Threat Hunting Templates That Can Be Edited, Copied, And Exported. 3.1.51. The Solution Must Be Capable Of Removing Duplicate Data Through Packet Deduplication. 3.1.52. The Solution Must Be Able To Reduce The Amount Of Metadata Gathered For Smb Commands. 3.1.53. The Solution Must Automatically Compress The Ingested Data. 3.1.54. The Solution Must Be Capable Of Sending Alerts To Relevant Personnel Regarding Security Issues Based On Correlated Events. 3.1.55. The Solution Must Be Capable Of Serving Any Number Of Logical Network Data Or Log Segregation Based On Specific Departments, Functionalities, Or Locations That The User Considers To Be Managed Separately. Not Only Should Security Information Be Kept Completely Separate, But Machine Learning-based Threat Detections Should Also Be Distinct For Each Department. 3.1.56. The Solution Must Include Data Collectors That Are Able To Send Data (log/event) In Real-time And Batch Mode. 3.1.57. The Solution Must Be Capable Of Performing Server And Network Infrastructure Monitoring Out Of The Box. 3.1.58. The Solution Must Be Capable Of Performing Application Monitoring Out Of The Box. 3.1.59. The Solution Must Be Able To Maintain The Original Timestamps For Each Event While Handling Timestamps From Different Time Zones 3.1.60. The Solution Shall Provide Advance Correlation Capabilities To Detect Security Incidents Such As: 3.1.60.1. Ddos Attacks 3.1.60.2. Worm Outbreak 3.1.60.3. Port Scan 3.1.60.4. Sql Injection 3.1.60.5. Brute Force Attack 3.1.61. The Solution Must Be Able To Correlate Asset Info With Threat And Vulnerability Data. 3.1.62. The Solution Provides Network Visibility From Wire Data That Contains Critical Insights About Payloads, Session Information, Errors, Dns, Etc. 3.1.63. The Proposed Solution Shall Be Able To Provide Search Function That Support Boolean-style Patterns Search. 3.1.64. Proposed Solution Shall Be Able To Allow Analysts To Build Queries Using Combined Search Methods. A Single Query May Contain Keywords And Field-based Conditions. 3.1.65. The Proposed Solution Must Be Able To Perform Sub Search In Regard To The Security On Top The Current Search. 3.1.66. The Solution Must Have A Customizable Widget On The Dashboard. 3.1.67. The Solution Must Support Email Notification With Content In Json Format. 3.1.68. The Solution Should Include An Investigative Tool That Allows Security Analysts To Quickly Examine Any Security Alerts By Displaying Enriched Alert Information That Includes Identified Mitre Att&ck Tactic And Techniques Used, Attack Kill Chain Category, Ml Based Score, Alert Status, Key Event Parameters That Contribute To Triggering The Alert, And Full Event Details. 3.1.69. The Solution Must Have The Ability To Threat Hunt And Automate The Threat Hunt And Apply To Soar. 3.2. User And Endpoint Behavior And Analytics (ueba) 3.2.1. The Solution Must Be Capable Of Inspecting Assets For Threat Data And Past Performance. 3.2.2. The Solution Must Be Capable Of Monitoring Every Server, Router, And Host System In The Private Network. 3.2.3. The Solution Should Provide A Host-centric View Of Alert Activity For Specific Hosts. 3.2.4. The Solution Must Come With User Behavior Analytics That Collect User Information From Active Directory 3.2.5. The Solution Must Come With Entity Behavior Analytics That Collect Ip Information From Network Traffic. 3.2.6. The Solution Must Track Changes And Secure Your Environment By Monitoring For Suspicious Activity, User Role Changes, Unauthorized Access And More. 3.2.7. The Solution, Based On Observed Security Events And Asset Risk Profile, Assigns A Risk Score. 3.2.8. The Solution Must Discover Assets Dynamically Across Networks, Endpoints, And Cloud Environments. 3.2.9. The Solution Must Use Either Host Names, Mac Addresses, Or Ip Addresses To Uniquely Identify Assets. 3.2.10. The Solution Must Collect And Fuse User-relevant Data From Multiple Data Sources Across The Security Infrastructure Automatically. 3.2.11. The Solution's Machine Learning Must Be Used To Enable Sophisticated Behavioral Analytics In The Solution. 3.2.12. The Solution Without Any Rules Or Signatures, Must Detect Bad Behavior. 3.2.13. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An Internal User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.14. The Solution Must Be Capable Of Detecting When An Internal User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.15. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An External User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.16. The Solution Must Be Capable Of Detecting When An External User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.17. The Solution Must Be Able To Detect A User Who Logs In To A New Asset Who Typically Uses A Small, Consistent Number Of Assets. 3.2.18. The Solution Must Be Capable Of Detecting A User Who Has Logged In From An Unusual Location. 3.2.19. The Solution For Each Detected And Identified For Asset, Must Provide A Kill Chain View Of Security Events. 3.2.20. The Solution Must Track Threats Based On The User Rather Than The Threat Type. 3.2.21. The Solution Must Assign A Risk Score To Each User In Order To Easily Identify Risky Users. 3.2.22. The Solution Must Be Capable Of Detecting A User Who Typically Executes A Small, Consistent Number Of Processes But Has Recently Executed A New Process. 3.2.23. The Solution Must Be Capable Of Detecting An Internal Http Connection Made By An Internal User Agent That Has Never Been Observed Or Has Only Been Seen On Rare Occasions. 3.2.24. The Solution Must Be Capable Of Detecting An External Http Connection Made By A Potentially Malicious User Agent. 3.2.25. The Solution Must Be Capable Of Detecting A User Who Has Logged In From Locations That Are Geographically Impossible To Travel Between Within The Time Frame. 3.2.26. The Solution Must Be Capable Of Detecting A User Who Logs In At An Unusual Time. 3.2.27. The Solution Must Be Able To Detect An Asset That Started A Previously Unknown Process, Which Could Indicate A Malware Attack. 3.2.28. The Solution Must Be Capable Of Detecting Processes That Typically Launch A Small, Consistent Number Of Child Processes. 3.2.29. The Solution Must Be Capable Of Detecting A File Or Files That Have Been Created An Unusually Large Number Of Times. 3.3. Network Detection And Response (ndr) 3.3.1. The Solution Must Be Capable Of Monitoring Suspicious Traffic In Both External (north/south) And Internal (east/west) Traffic, As Well As Traffic In All Physical And Virtual Environments. 3.3.2. The Solution Must Enable The User To Safely Inspect Suspicious Files In Order To Detect The Presence Of Zero-day Malware And Advanced Persistent Threats. 3.3.3. The Solution Must Be Capable Of Ingesting Rspan Session Flows. 3.3.4. The Solution Must Be Capable Of Ingesting Gre Traffic That Has Been Mirrored With Erspan. 3.3.5. The Solution Must Be Capable Of Compiling Identical Metadata From Talkative Applications Into A Single Record To Reduce Traffic Going To Central Data Repository. 3.3.6. The Solution Must Be Capable Of Correlating Processes Running On The Sensor And Host And The Ip Address/port Visible In Traffic. 3.3.7. The Solution Must Passively Collect Asset Information And Network Flow Information. 3.3.8. The Solution Must Be Capable Of Correlating And Identifying Application Performance Issues Due To Security Incident (e.g. Ddos Attacks, Unauthorized Access To The System That Causing Application Performance Issues.). 3.3.9. The Solution Should Have The Ability To Report When Data Theft Occurs. 3.3.10. The Solution's Architecture Has To Be Very Extensive In Network Traffic Analysis Using Both Supervised And Unsupervised Learning. 3.3.11. The Solution Must Be Capable Of Capturing Raw Network Packets And Reducing The Data To Produce Valid Security Events Without The Size Of A Full Packet Capture. 3.3.12. The Solution Must Be Capable Of Collecting And Correlating Firewall Traffic Logs, Ids Events, Netflow And Cloud Flow Logs. 3.3.13. The Solution Must Be Able To Track The Interaction Between Network Devices, Services, And Applications In Real Time And Over Time. 3.3.14. The Solution Shall Be Able To Address All Alert Types Tied To Phases Of Attack Life Cycle. 3.3.15. The Solution Should Support Integration To Firewall To Do Inline Blocking Mode (not Tcp Reset). 3.3.16. The Solution Must Be Capable Of Monitoring Dns Resolution Changes For Specified Domains, So That If One Of The Observed Domains Resolves To A Different Ip Address, The Solution Will Populate A Visual Record Indicating The Change. 3.3.17. The Solution Must Provide A Visual Representation Of The Entire Attack Landscape, Mapping Detected Threats To Their Corresponding Attack Kill Chain Stage. The Detected Threat Must Be Clearly Tagged With The Relevant Mitre Attack Framework For Detailed Analysis Of An Ongoing Attack's Progression. 3.3.18. The Solution Must Be Capable To Do Comprehensive Network Traffic Analysis Which Includes: 3.3.18.1. Network Performance Statistics 3.3.18.2. Server Performance 3.3.18.3. Application Detection And Performance Monitoring: 3.3.18.4. Top Sources & Top Destinations 3.3.18.5. Asset Application Performance 3.3.18.6. Application Processing Time 3.3.18.7. Network Interactions With Asset 3.3.18.8. Http Statistics 3.3.18.9. Dns Statistics 3.3.18.10. Asset Discovery And Statistics 3.3.18.11. Ip Address 3.3.18.12. Device Manufacturer 3.3.18.13. Application Services 3.3.18.14. Time Discovered And Last Seen 3.3.18.15. Asset Tag(s) And Description 3.3.18.16. Server Certificate Visibility 3.4. Soar (security Orchestration Automation And Response) 3.4.1. The Solution Must Automatically Recognize Alerts From Multiple Sources, Analyze Them For Similarities, And Automatically Add Any Identified Connected Alerts To A Case Or Cases, Preventing The Team From Duplicating Efforts And Hunting For Details In Multiple Places. 3.4.2. The Solution Must Have A Dynamic Case Management Tool That Automates The Continuous Correlation Of Existing Cases To New Alerts When They Are Discovered To Be Potentially Related. 3.4.3. The Solution Must Be Capable Of Storing Cases For A Year. 3.4.4. The Solution Must Be Capable Of Accelerating Security Incident Management Processes By Automating Case Generation With Key Details Such As The Ones Listed Below. 3.4.5. Incident Name And Ticket Id: These Must Be Generated Automatically. 3.4.6. Incident Score: A Score Based On How Serious The Incident Was. 3.4.7. Incident Severity: The Incident's Severity (critical, High, Medium, Or Low) 3.4.8. Incident Reported Time: The Time When The Incident Occurred. 3.4.9. Analyst Assigned To Incident: The Person Tasked With Handling The Incident. 3.4.10. Incident Status: The Incident's Associated State (new, Escalated, Ongoing, Solved, Cancelled). 3.4.11. Incident Closed Time: The Time When The Incident Was Resolved. 3.4.12. The Solution Must Have Out Of The Box Or Customizable Playbooks Of Best Practices To Scale Operations, Drive Consistency In Response And Meet Compliance Requirements. Playbooks Deployed Shall Include At Least: 3.4.12.1. Phishing Enrichment And Response 3.4.12.2. Malware Endpoint Response 3.4.12.3. Internal And External Login Anomalies (multiple Failed Logins, Unusual Activity Such As Login Attempts Outside Office Hours, Unusual Login Location, Login From Suspicious Device) 3.4.12.4. Unusual Browsing Activity 3.4.12.5. Web Attack Profiling And Blacklisting 3.4.12.6. File Activity Anomalies Such As Creation, Move, Delete, Or Change 3.4.12.7. Potential Data Exfiltration 3.4.12.8. C&c Connection 3.4.13. The Solution Must Automatically Trigger Playbooks With Predefined Workflows That To Perform A Variety Of Instructions That Could Include Executing Scripts Or Integrating With Other Tools In The Environment. 3.4.14. The Solution Must Have The Option To Create User-defined Playbooks With Customized Workflow. 3.5. 2 Units Next-generation Firewall For Perimeter 3.5.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.5.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.5.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.5.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.5.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.5.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.5.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.5.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Without Additional License Cost. 3.5.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.5.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.5.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.5.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance. 3.5.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.15. Must Have Zero-day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.5.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.5.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.5.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.5.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage. 3.5.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.5.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.5.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.5.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.5.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation. 3.5.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.5.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.5.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.5.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, And Asymmetric Routing. 3.5.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.5.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.5.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.5.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.5.32.1. Firewall Inspection Throughput – 42 Gbps; 3.5.32.2. Threat Prevention Throughput – 28 Gbps; 3.5.32.3. Application Inspection Throughput – 30 Gbps; 3.5.32.4. Ips Throughput – 28 Gbps; 3.5.32.5. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 10 Gbps; 3.5.32.6. Vpn Throughput – 22.5 Gbps; 3.5.33. The System Must Be Capable Of Handling: 3.5.33.1. Connections Per Second - 280,000/sec; 3.5.33.2. Maximum Connections (spi) – 15,000,000; 3.5.33.3. Max Dpi-ssl Connections – 1,500,000; 3.5.33.4. Maximum Connections (dpi) – 12,000,000 3.5.33.5. The System's Interface Must Include: 3.5.33.5.1. 2 X 100/40-gbe Qsfp28, 3.5.33.5.2. 8 X 25/10/5/2.5-gbe Sfp28, 3.5.33.5.3. 4 X 10/5/2.5/1-gbe Sfp+, 3.5.33.5.4. 4 X 10/5/2.5/1-gbe Cu, 3.5.33.5.5. 16 X 1-gbe Cu 3.5.33.5.6. 2 X Usb 3.0, 3.5.33.5.7. Management Interfaces - 1 Gbe, 1 Console" 3.5.33.5.8. Storage: 1.5tb 3.6. 2 Units Next-generation Firewall For Data Center 3.6.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.6.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.6.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.6.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.6.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.6.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.6.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.6.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Withought Additional License Cost. 3.6.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.6.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.6.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.6.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance 3.6.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.15. Must Have Zero Day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.6.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.6.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.6.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.6.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage 3.6.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.6.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.6.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.6.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.6.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation 3.6.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.6.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.6.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.6.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, Asymmetric Routing, And Common Access Card (cac) Support. 3.6.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.6.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.6.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.6.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.6.32.1. Firewall Inspection Throughput – 28 Gbps; 3.6.32.2. Threat Prevention Throughput – 15 Gbps; 3.6.32.3. Application Inspection Throughput – 18 Gbps; 3.6.32.4. Ips Throughput – 17 Gbps; 3.6.32.5. Anti-malware Inspection Throughput- 16 Gbps 3.6.32.6. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 7 Gbps; 3.6.32.7. Vpn Throughput – 15 Gbps;" 3.6.33. The System Must Be Capable Of Handling: 3.6.33.1. Connections Per Second - 228,000/sec; 3.6.33.2. Maximum Connections (spi) – 5,000,000; 3.6.33.3. Max Dpi-ssl Connections – 350,000; 3.6.33.4. Maximum Connections (dpi) – 3,500,000 " 3.6.34. The System's Interface Must Include: 3.6.34.1. 6 X 10/5/2.5/1-gbe Sfp+, 3.6.34.2. 2 X 10g/5g/2.5g/1g Cu, 3.6.34.3. 24 X 1-gbe Cu, 3.6.34.4. 2 X Usb 3.0, 3.6.34.5. Management Interfaces - 1 Gbe, 1 Console 3.6.34.6. Storage: 128gb M.2 (expandable Up To 256gb) 3.7. 2 Units Application Delivery Controller 3.7.1. System Must Of Be 19-inch Rack Mountable 1 U Form Factor. 3.7.2. System Must Have Dedicated Management Port. 3.7.3. System Must Have Rj-45 Console Port. 3.7.4. System Must Have 5x1g Copper Interface, 4x1g Sfp Or 4x10g Sfp+. 3.7.5. System Must Have Dual Power Supply. 3.7.6. System Must Support 20 Gbps Of L7 Throughput. 3.7.7. System Must Support 32 Million Concurrent Connection. 3.7.8. System Must Support 500k Layer4 Connection Per Second. 3.7.9. System Must Support 180 K 1:1 Layer7 Connection Per Second For Http. 3.7.10. System Must Support 9gbps Of Ssl Offloading Throughput With 28 K Ssl Cps On Ecdhe Cipher. 3.7.11. Application Delivery Partition/virtual Context. 3.7.12. System Must Support 32 Application Delivery Partition/virtual Context. 3.7.13. System Must Support Dedicated Configuration File For Each Virtual Context. 3.7.14. System Must Support Resource Allocation To Each Context Including Throughput, Cps, Concurrent Connection, Ssl Throughput. 3.7.15. System Must Be Able To Modify The Resource Allocation On The Fly Without Restarting/rebooting Any Context. 3.7.16. All The Virtual Context Must Be Available From Day-1. 3.7.17. System Must Support 7 Million Ddos Protection (syn Flood) Syn/sec 3.7.18. System Must Support Protection From Fragmented Packets. 3.7.19. System Must Support Protection From Ip Option. 3.7.20. System Must Support Protection From Land Attack. 3.7.21. System Must Support Protection From Packet Deformity Layer 3. 3.7.22. System Must Support Protection From Packet Deformity Layer 4. 3.7.23. System Must Support Protection From Ping Of Death. 3.7.24. System Must Support Protection From Tcp No Flag. 3.7.25. System Must Support Protection From Tcp Syn Fin. 3.7.26. System Must Support Protection From Tcp Syn Frag. 3.7.27. System Must Support Connection Limit Based On Source Ip. 3.7.28. System Must Support Connection Rate Limit Based On Source Ip. 3.7.29. System Must Support Request Rate Limit Based On Source Ip. 3.7.30. Server Load-balancing /proxy Features. 3.7.31. System Must Support Layer4-layer7 Load-balancing. 3.7.32. System Must Support Load-balancing Algorithims Including Round-robin, Least Connection, Service Least Connecttion, Fastest Reponse, Hash Etc. 3.7.33. System Must Support Active-active And Active-backup Server Configuration For Load-balancing. 3.7.34. System Must Support Reverse Proxy Functionality Of Hosting Multiple Http/https Service Behind Single Ip 3.7.35. System Must Support Source-nat For Slb Traffic 3.7.36. System Must Have Flexibility To Config Vip As Source Nat Ip 3.7.37. System Must Support X-forwarder Option. The Appliance Should Have Option To Enable X-forwarder Option Per Service To Log Actual Client Ip In Web Server Log. 3.7.38. System Must Support L7 Database Load-balancing 3.7.39. System Must Support Http Compression 3.7.40. System Must Support Global Server Load-balancing 3.7.41. System Must Support Tls 1.2 And Tls 1.3 3.7.42. System Should Integrate With Third Party Ssl Certificate Lifecycle Management Platform To Renew Certificates Automatically, Automate The Certificates Issuance, Automate Provisioning Of Renewed Certificates, Eliminate Outages With Continuous Key And Certificate Updates & Enable Devops Teams, Pki, And Security Teams To Acquire Full Visibility Of Certificate Usage Throughout Their Networks. 3.7.43. System Must Support Simple Certificate Enrollment Protocol. 3.7.44. System Must Support Dns Application Firewall. 3.7.45. System Should Stop Buffer Overflows, Malformed Requests And Head Off Dns Amplification-based Ddos Attacks, Also Able To Prevent Dns Cache-poisoning And Spoofing. 3.7.46. System Must Support Application Template A Wizard That Guide A User Through A Step-by-step Deployment Process For Quick And Easy App Deployment. 3.7.47. The Application Template Wizard Embeds Industry Best Practices Relevant To The Application And Enables To Deploy Applications In Minutes Instead Of Hours. Application Template Must Include Oracle, Microsoft Exchange, Skype, Sharepoint From Day One. 3.7.48. System Must Support Authentication Offloading From Back-end Servers Using Saml, Kerberos, Ntlm, Tds Sql Logon, Ldap, Radius, Basic, Ocsp Stapling, Html Form- Based From Day One. 3.7.49. System Must Support Graceful Activation And Disabling Of The Backend Server. 3.7.50. System Must Support Application Level Load-balancing Of Radius And Diameter Protocol. 3.7.51. System Must Support Application Level Load-balancing Of Dns Protocol. 3.7.52. System Must Support Application Level Load-balancing Of Spdy Protocol. 3.7.53. System Must Support Application Level Database Load-balancing. 3.7.54. System Must Support Application Level Imap,pop3 And Smtp Load-balancing. 3.7.55. System Must Support Application Level Load-balancing For Sip Protocol. 3.7.56. System Must Support Application Level Load-balancing For Fix Protocol. 3.7.57. System Must Support Dns Caching. 3.7.58. System Must Support Anycast Based Global Server Load-balancing. 3.7.59. System Must Support Connection Limit Per Server/link. 3.7.60. System Must Support Connection Rate Limit Per Server/link. 3.7.61. System Must Support Request Rate Limit Per Server/link. 3.7.62. System Must Support Single Sign-on (sso) Authentication Relay. 3.7.63. System Must Support Authentication For Microsoft Sharepoint, Outlook Web Access, And Other Packaged And Custom Applications. 3.7.64. System Must Support Perfect Forward Secrecy (pfs) With Elliptic Curve Diffiehellman Exchange (ecdhe) And Other Elliptic Curve Cryptography(ecc) Ciphers. 3.7.65. System Must Support Scriptable Health Check Support Using Tcl, Python, Perl, And Bash. 3.7.66. System Must Support Next Hop Load Distribution (nhld) For Load Balancing Multiple Links. 3.7.67. System Must Support Internet Content Adaptation Protocol (icap) 3.7.68. System Must Support Ipv4 To Ipv6 And Ipv6 To Ipv4 Slb-pt 3.7.69. System Should Support Ip Anomaly Detection. 3.7.70. System Must Have A Provision To Dynamically Add Ips To Black Lists When Ddos Attack Targeted Towards A Specific Ip Address Is Detected 3.7.71. System Must Have A Capabilities To Dynamically Updated Threat Intelligence Feed 3.7.72. System Must Support Starttls Offload For Secure Email And Ldap 3.7.73. System Must Support Vrrp Based Redundancy. 3.7.74. System Must Support Active-active And Active-backup Configuration. 3.7.75. System Must Support Automatic And Manual Configuration Sync. 3.7.76. System Must Support Dynamic Vrrp Priority By Traffic Interface, Server, Nexthop And Routes. 3.7.77. System Must Support Scale-out Configuration Upto 8 Devices To Support Higher Throughput. 3.7.78. System Must Support Dedicated Vrrp Setting Per Virtual Context. 3.7.79. System Must Have Web-based Graphical User Interface (gui) 3.7.80. System Must Have Industry-standard Command Line Interface (cli) 3.7.81. System Must Support Granular Role-based\object-based Access Control 3.7.82. System Must Support Snmp, Syslog, Email Alerts, Netflow V9 And V10 (ipfix), Sflow 3.7.83. System Must Support Rest-style Xml Api For All Functions. 3.7.84. System Must Support External Authentication Including Ldap, Tacacs+, Radius 3.7.85. System Must Have A Seperate Centralize Management For Easily Configure And Manage Policies Across Applications Deployed In Data Centers, Private And Public Clouds. 3.7.86. Centralize Management Should Provide Visibility And Actionable Insights Into The Application Traffic. Simplify Troubleshooting Via Access To Contextualized Data And Logs. Analyze Collected Data To Detect Anomalous Trends. Get Alerts Based On Various Metrics And Customizable Fields. Alerts Delivered Via Email Or Web-hook Url For Automated And Rapid Action. 3.7.87. Centralize Management Should Provide Multi-tenancy Function And Helps Application Team And Services Owners As Tenant And Allow Them To Manage Their Own Infrastructure And Application Policies. 3.7.88. Centralize Management Should Provide Api Driven Automation To Integrate With Devops Tool Like Ansible, Chef, Jenkins, And Orchestration Systems Like Vmware Vro/vra, Cisco Cloud Center, Microsoft Azure, Google Cloud Platform, Amazon Web Services And More. 3.7.89. Centralize Management Analytics Capabilities Must Include End-to-end Response Time Monitoring & Details, Per-request Analysis & Application Access Logs, Security Insight And Analytics, Granular Traffic Insight & Analytics, End-to-end Latency, Response Time Details, Request Rate & Request Method, Response Code, Locations, Os, Device & Browser Information, Top Clients, Worst-behaving Urls, Services And Domains And Many More. 3.7.90. Centralize Management Analytics Function Must Provide Per Transaction Logs With Visual Representation Of Time Spent In Various Phases Of Request And Response. 3.7.91. Adc Vendor Must Support Multi-cloud Function For Upcoming Applications Which Will Be Hosted On Cloud As A Future Requirement. Multi-cloud Function Must Support And Include Amazon Aws, Microsoft Azure, Oracle Cloud, & Also To Be Hosted On Container & Bare Metal. Byol Bandwidth License Will Be Purchased Separately As And When Required As A Future Requirement. 3.7.92. System Must Support Integrate With Third-party Such As Sdn Platforms (e.g., Cisco Aci And Vmware) And Cloud Orchestration Systems (e.g., Openstack And Microsoft Scvmm) From Day One. 3.7.93. System Must Support Network Equipment Building System (nebs) Compliance From Day One. 3.7.94. Should Be A Common Criteria Eal 2+ Certification Or Higher 3.7.95. Adc Vendor Should Have Iso 27001 – Information Security Certifications 3.7.96. Vendor Should Be Registered Under A Government E-market Place Website (https://gem.gov.in/) 3.7.97. Appliance Must Support Dnssec Pass-through. 3.7.98. Support Dnssec To Prevent Threats Like Dns Cache Poisoning And Spoofing. 3.7.99. System Must Support Redirection Of Dns Request On Udp To Tcp 3.7.100. System Must Support Dns Over Https (doh) 3.7.101. System Must Support Dns-udp And Dns-tcp 3.7.102. System Must Support Dns Caching And Recursive Lookup. 3.7.103. System Must Support Dns Load Balancing. 3.7.104. System Must Support Integration With 3rd Party Hardware Security Module (hsm) 3.8. Primary Network Infrastructure 3.8.1. 2 Units Core Network Switches 3.8.1.1. Must Have High Performance 1.92tbps With 1,190mpps Specification. 3.8.1.2. Must Have High Availability Setup/configuration And Hot-swap Redundant Power Supplies. 3.8.1.3. Must Have Intelligent Monitoring, Visibility, And Remediation. 3.8.1.4. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.1.5. Must Be A Compact 1u Switch With 1/10 Gbe And 40/100 Gbe Connectivity Form Factor. 3.8.1.6. Should Allow Individual Software Modules To Be Upgraded For Higher Availability. 3.8.1.7. Must Have Support For Congestion Actions, Such As Strict Priority (sp) Queuing And Weighted Fair Queuing. 3.8.1.8. Must Have An Enabled Distributed And Redundant Architecture By Deploying Two Switches, With Each Switch Maintaining Independent Control Yet Staying Synchronized During Upgrades Or Failover. 3.8.1.9. Must Be Able To Allow Groups Of Two Routers To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.1.10. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stp-based Networks. 3.8.1.11. Must Support Aggregation Groups (lags), Each With Eight Links Per Group With A User-selectable Hashing Algorithm. 3.8.1.12. Must Have Redundant And Load-sharing Fans, And Power Supplies. 3.8.1.13. Must Have Hot-swappable Power Supply And Fan Modules. 3.8.1.14. Must Have Separate Data And Control Paths. 3.8.1.15. Must Supports At Least 24 Ports Of 1/10g For Use With Sfp And Sfp+ Transceivers, And 4 Ports Of 40g/100g 3.8.1.16. Must Support 1 Expansion Module For Additional Interfaces Such As; 3.8.1.16.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.1.16.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.1.16.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.1.16.4. 4 X 40g Qsfp+ Ports Module 3.8.1.16.5. 1 X 100g Qsfp28 Port Module 3.8.1.17. Must Have Sfp+ Transceivers [optional 1gbase-t And 10gbase-t Transceivers And 4x10g Breakout Cables. 3.8.1.18. Must Support High-performance Backups And Disaster Recovery Systems; Provides A Maximum Frame Size Of 9 K Bytes. 3.8.1.19. Must Support Internal Loopback Testing For Maintenance Purposes. 3.8.1.20. Must Be Able To Protect Against Unknown Broadcast, Unknown Multicast, Or Unicast Storms With User-defined Thresholds. 3.8.1.21. Must Have Management Interface Control. 3.8.1.22. Must Have The Following Management Security. A. Restricts Access To Critical Configuration Commands. B. Offers Multiple Privilege Levels With Password Protection. C. Acls Provide Snmp Access. D. Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.1.23. Must Have Snmp V2c/v3 Which Provides Snmp Read And Trap Support Of The Industry Standard Management Information Base (mib) And Private Extensions. 3.8.1.24. Must Be Able To Monitor The Network For Degradation Of Various Services, Including Monitoring Voice. 3.8.1.25. Must Have Remote Monitoring (rmon) Which Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups, As Well As A Private Alarm Extension Group. 3.8.1.26. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.1.27. Must Have A Debug And Sampler Utility That Supports Ping And Traceroute For Ipv4 And Ipv6. 3.8.1.28. Must Have Network Time Protocol (ntp) Which Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network. Can Serve As The Ntp Server In A Customer Network. 3.8.1.29. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Which Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.1.30. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.1.31. Must Be Able To Support Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.1.32. Must Have Bridge Protocol Data Unit (bpdu) Tunneling - Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans 3.8.1.33. Must Be Able To Support Port Mirroring. 3.8.1.34. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp). 3.8.1.35. Must Be Able To Controls And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.1.36. Must Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.1.37. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.1.38. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.1.39. Must Have A Builtin Radius Server Function. 3.8.1.40. Must Support Aaa. 3.8.1.41. Must Have Domain Name System (dns) 3.8.1.42. Must Have Policy Based Routing (pbr) 3.8.1.43. Must Have Static Ipv4 Routing. 3.8.1.44. Must Be Able To Support Basic Layer3 Dynamic Routing Protocol Using Rip. 3.8.1.45. Must Be Able To Deliver Faster Convergence; Uses Link-state Routing Interior Gateway Protocol (igp), Using Standard Protocol Ospf. 3.8.1.46. Must Have Border Gateway Protocol 4 (bgp-4) 3.8.1.47. Must Be Able To Provide A Set Of Tools To Improve The Performance Of Ipv4 Networks; Including Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.1.48. Must Have Static Ipv6 Routing. 3.8.1.49. Must Have Dual Ip Stack, This Maintains Separate Stacks For Ipv4 And Ipv6 To Ease The Transition From An Ipv4-only Network To An Ipv6-only Network Design. 3.8.1.50. Must Be Able To Provide Ospf Support For Ipv6. 3.8.1.51. Must Have Generic Routing Encapsulation (gre) — Enables Tunneling Traffic From Site To Site Over A Layer 3 Path. 3.8.1.52. Must Be Able To Support Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Such As Ip Addresses. For Instance, It Management Devices Could Be Grouped In This Way. Acls Can Also Protect Control Plane Services, Such As Ssh, Snmp, Ntp, Or Web Servers. 3.8.1.53. Must Be Able To Ease Security Access Administration By Using A Password Authentication Server. 3.8.1.54. Must Be Able To Provide For Both On-box As Well As Off-box Authentication For Administrative Access. 3.8.1.55. Must Be Able To Use External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception. 3.8.1.56. Must Be Able To Enable Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.1.57. Must Support One-to-many And Many-tomany Media Casting Use Cases, Such As Iptv Over Ipv4 And Ipv6 Networks; Support For Pim Spare Mode (pim-sm, Ipv4, And Ipv6). 3.8.1.58. Must Have A Built-in Network Management System Feature. 3.8.1.59. Must Have A Built-in Wireless Access Controller Function. 3.8.2. 4 Units Distribution Switches (2 Units Aggregation; 2 Units Top Of Rack; 1 Unit 8 Port Poe Switch (for Cctv And Other Security Devices And Ip Telephony) 3.8.2.1. Must Have High-performance 1.92tbps With 1,190mpps Specification. 3.8.2.2. Must Have Intelligent Monitoring And Visibility. 3.8.2.3. Must Have High Availability With Industry Leading Stacking, And Hot-swap Redundant Power Supplies. 3.8.2.4. Must Be Able To Support Long Distance Virtual Stacking Feature. 3.8.2.5. Must Be Designed For Core/aggregation In The Campus Or Top Of Ra 3.8.2.6. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.2.7. Must Enable Congestion Avoidance. 3.8.2.8. Must Support Lossless Ethernet Networking Standards To Eliminate Packet Loss Due To Queue Overflow. 3.8.2.9. Must Have Separate Data And Control Paths Which Separates Control From Services And Keeps Service Processing Isolated; Increases Security And Performance. 3.8.2.10. Must Be Able To Allow A Group Of Switches To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.2.11. Must Have Ieee 802.3ad Lacp-supports With Up To 8 Members Per Lag With A User-selectable. 3.8.2.12. Must Have Scalable System Design-provides Investment Protection To Support Future Technologies And Higher-speed Connectivity. 3.8.2.13. Must Have High-speed Fully Distributed Architecture-provides Up To 1.92tbps For Bidirectional Switching And 1,190 Mpps For Forwarding To Meet The Demands Of Bandwidthintensive Applications Today And In The Future. 3.8.2.14. For Aggregation Switch Configuration, Bidder Must Propose 2 Units 48 Ports Of 1gbe/10gbe (sfp/sfp+) 4 Ports Of 40gbe/100gbe (qsfp+/qsfp28) 3.8.2.15. For Miscellaneous Function Switch Configuration, Bidder Must Propose 8 X 1/10gbe Rj45 Ports With 2 X 10gbe Ports As Uplink. 3.8.2.16. For Top Of Rack Switch Configuration, Bidder Must Propose 2 Units 24 X 1/10gbe Rj45 Ports With 4 X 40g/100gbe (qsfp+/qsfp28) Ports And 1 X Expansion Bay For Top Of Rack Switch. 3.8.2.16.1. Top Of Rack Switch Must Support 1 Expansion Module For Additional Interfaces Such As: 3.8.2.16.1.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.2.16.1.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.2.16.1.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.2.16.1.4. 4 X 40g Qsfp+ Ports Module 3.8.2.16.1.5. 1 X 100g Qsfp28 Port Module 3.8.2.17. Must Allow High-performance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.2.18. Must Be Able To Support Internal Loopback Testing For Maintenance Purposes And Increased Availability; Loopback Detection Protects Against Incorrect Cabling Or Network Configurations And Can Be Enabled On A Per-port Or Per-vlan Basis For Added Flexibility. 3.8.2.19. Must Be Able To Protect Against Unknown Broadcast, Multicast, Or Unicast Storms With Userdefined Thresholds. 3.8.2.20. Must Have Industry Standard Cli With A Hierarchical Structure. 3.8.2.21. Must Be Able To Restrict Access To Critical Configuration Commands; Offer Multiple Privilege Levels With Password Protection; Acls Provide Snmp Access; Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.2.22. Must Have An Ip Sla Which Monitors The Network For Degradation Of Various Services, Including Voice. 3.8.2.23. Must Have An Snmp V2c/v3-provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib) And Private Extensions. 3.8.2.24. Must Have Remote Monitoring (rmon) That Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group. 3.8.2.25. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.2.26. Must Have A Debug And Sampler Utility-supports Ping And Traceroute For Ipv4 And Ipv6 3.8.2.27. Must Have Network Time Protocol (ntp) That Synchronizes Timekeeping Among Distributed Time Servers And Clients And Keeps Timekeeping Consistent Among All Clock- Dependent Devices Within The Network And Can Serve As The Ntp Server In A Customer Network. 3.8.2.28. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) That Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.2.29. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.2.30. Must Have Vlan Which Supports Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.2.31. Must Be Able To Transmit Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.2.32. Must Be Able To Duplicate Port Traffic (ingress And Egress) To A Local Or Remote Monitoring Port; Supports 4 Mirroring Groups, With An Unlimited Number Of Ports Per Group. 3.8.2.33. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp)\ 3.8.2.34. Must Be Able To Control And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.2.35. Must Be Able To Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.2.36. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.2.37. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.2.38. Must Have A Built-in Radius Server Function. 3.8.2.39. Must Support Aaa. 3.8.2.40. Must Have Domain Name System (dns) Capability. 3.8.2.41. Must Enable The Use Of A Classifier To Select Traffic That Can Be Forwarded Based On Policy Set By The Network Administrator. 3.8.2.42. Must Have Static Ipv6 Routing. 3.8.2.43. Must Have Basic Layer3 Function Such As Rip 3.8.2.44. Must Have Open Shortest Path First (ospf) Capability. 3.8.2.45. Must Have Border Gateway Protocol 4 (bgp-4) Which Delivers An Implementation Of The Exterior Gateway Protocol (egp) Utilizing Path Vectors; Uses Tcp For Enhanced Reliability For The Route Discovery Process; Reduces Bandwidth Consumption By Advertising Only Incremental Updates; Supports Extensive Policies For Increased Flexibility; Scales To Very Large Networks. 3.8.2.46. Must Have Ip Performance Optimization, This Provides A Set Of Tools To Improve The Performance Of Ipv4 Networks; Includes Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.2.47. Must Have Static Ipv6 Routing. 3.8.2.48. Must Have Ospfv3 That Provides Ospf Support For Ipv6. 3.8.2.49. Must Have Access Control List (acl) Which Supports Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Like Ip Addresses. 3.8.2.50. Must Have Remote Authentication Dial-in User Service (radius) 3.8.2.51. Must Have Management Access Security. 3.8.2.52. Must Have Secure Shell (sshv2) Which Uses External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception; Increases The Security Of Secure Ftp (sftp) Transfers. Must Have Multicast Internet Group Management Protocol (igmp) Which Enables Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.2.53. Must Have Protocol Independent Multicast (pim) For Ipv4 And Ipv6 Supports One-to-many And Many-to-many Media Casting Use Cases Such As Iptv Over Ipv4 And Ipv6 Networks. Support For Pim Sparse Mode (pim-sm, Ipv4 And Ipv6) 3.8.3. 9 Units X 24 Port Access Poe Switches 3.8.3.1. Must Be A High Performance 160 Gbps System Switching Capacity, 119 Mpps Of System Throughput. 3.8.3.2. Must Be A Compact 1u Switch With 4 X 1/2.5/5g Rj45 Ports (multi-gigabit) And 20 X 10/100/1000mbps Rj45 Ports, And 4 X 1/10g Sfp+ Ports. 3.8.3.3. Must Be Able To Support 24 X Poe And 12 X Poe+ 3.8.3.4. Must Have A License Upgrade To Support Continuous Poe 3.8.3.5. Must Have A License Upgrade To Support Udld (uni-directional Link Detection) 3.8.3.6. Must Have Built-in High Speed 1/10gbe Uplinks. 3.8.3.7. Must Have Intelligent Monitoring, Visibility, And Remediation Via Single Pane Of Glass Across Wired, Wireless, And Wan. 3.8.3.8. Must Have Support For Automated Configuration And Verification. 3.8.3.9. Must Enables Secure And Simple Access For Users And Iot 3.8.3.10. Must Have Traffic Prioritization (ieee 802.1p) For Real-time Classification. 3.8.3.11. Must Be A High Performance Front Plane Stacking For Up To 4 Switches. 3.8.3.12. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stpbased Networks. 3.8.3.13. Must Have Ieee 802.3ad Lacp, Each With Eight Links Per Group. 3.8.3.14. Must Have Ethernet Ring Protection Switching (erps) Supports Rapid Protection And Recovery In A Ring Topology. 3.8.3.15. Must Have Ieee 802.1s Multiple Spanning Tree Provides High Link Availability In Vlan Environments Where Multiple Spanning Trees Are Required; And Legacy Support For Ieee 802.1d And Ieee 802.1w. 3.8.3.16. Must Have Support For 24x Ports 10/100/1000 Baset Poe+ Ports Supporting Up To 30w Per Port And 4x 1g/10g Sfp+ Ports. Should Have The Following Ports: A. 1x Console Port B. 1x Usb Port 3.8.3.17. Must Have Jumbo Frames Allow For Highperformance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.3.18. Must Have Packet Storm Protection Against Broadcast And Multicast Storms With Userdefined Thresholds Smart Link Enables Simple, Fast Converging Link Redundancy And Load Balancing With Dual Uplinks Avoiding Spanning Tree Complexities. 3.8.3.19. Must Have Management Interface Control Enables Or Disables Each Of The Following Depending On Security Preferences, Console Port, Or Reset Button. 3.8.3.20. Must Have Industry-standard Cli With A Hierarchical Structure For Reduced Training Time And Expense. 3.8.3.21. Management Security Restricts Access To Critical Configuration Commands, Provides Multiple Privilege Levels With Password Protection And Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.3.22. Must Have Snmp V2c/v3 Provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib), And Private Extensions. 3.8.3.23. Must Have Remote Monitoring (rmon) With Standard Snmp To Monitor Essential Network Functions. Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group; Rmon, And Sflow Provide Advanced Monitoring And Reporting Capabilities For Statistics, History, Alarms And Events. 3.8.3.24. Must Have Tftp And Sftp Support Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.3.25. Must Have Network Time Protocol (ntp) Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network So The Devices Can Provide Diverse Applications Based On The Consistent Time. 3.8.3.26. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.3.27. Must Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.3.28. Must Be Able To Assign Descriptive Names To Ports For Easy Identification. 3.8.3.29. Must Have Multiple Configuration Files Can Be Stored To A Flash Image. 3.8.3.30. Must Have Unidirectional Link Detection (udld) Which Monitors The Link Between Two Switches And Blocks The Ports On Both Ends Of The Link If The Link Goes Down At Any Point Between The Two Devices. 3.8.3.31. Must Have Vlan Support And Tagging For Ieee 802.1q (4k Vlan Ids). 3.8.3.32. Must Have Jumbo Packet Support Improves The Performance Of Large Data Transfers; Supports Frame Size Of Up To 9000 Bytes. 3.8.3.33. Must Have Bridge Protocol Data Unit (bpdu) Tunnelling That Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.3.34. Must Have Port Mirroring Which Duplicates Port Traffic (ingress And Egress) To A Monitoring Port; Supports 4 Mirroring Groups. 3.8.3.35. Must Have Stp That Supports Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp) 3.8.3.36. Internet Group Management Protocol (igmp) Controls And Manages The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.3.37. Must Have Domain Name System (dns) Capability. 3.8.3.38. Must Have Acls That Also Provides Filtering Based On The Ip Field, Source/ Destination Ip Address/subnet, And Source/ Destination Tcp/udp Port Number On A Per-vlan Or Per-port Basis. 3.8.3.39. Must Have Management Access Security For Both On And Off Box Authentication For Administrative Access. 3.8.3.40. Must Be Able To Support Multiple User Authentication Methods. Uses An Ieee 802.1x Supplicant On The Client In Conjunction With A Radius Server To Authenticate In Accordance With Industry Standards. 3.8.3.41. Must Support Mac-based Client Authentication. 3.8.3.42. Must Have Secure Management Access That Delivers Secure Encryption Of All Access Methods (cli, Gui, Or Mib) Through Sshv2, Ssl, And/or Snmpv3. 3.8.3.43. Must Have Icmp Throttling That Defeats Icmp Denial-of-service Attacks By Enabling Any Switch Port To Automatically Throttle Icmp Traffic. 3.8.3.44. Must Have Port Security Which Allows Access Only To Specified Mac Addresses. 3.8.3.45. Must Have Mac Address Lockout That Prevents Particular Configured Mac Addresses From Connecting To The Network. 3.8.3.46. Must Have Secure Sockets Layer (ssl) That Encrypts All Http Traffic, Allowing Secure Access To The Browser-based Management Gui In The Switch. 3.8.3.47. Must Have Igmp Snooping That Allows Multiple Vlans To Receive The Same Ipv4 Multicast Traffic, Lessening Network Bandwidth Demand By Reducing Multiple Streams To Each Vlan. 3.8.3.48. Must Have Multicast Listener Discovery (mld) That Enables Discovery Of Ipv6 Multicast Listeners; Support Mld V1 And V2. 3.8.3.49. Must Have Internet Group Management Protocol (igmp) That Utilizes Any-source Multicast (asm) To Manage Ipv4 Multicast Networks; Supports Igmpv1, V2, And V3. 3.9. Campus Network Expansion 3.9.1. 50 Units Indoor Access Points 3.9.1.1. Must Have 3.55 Gbps Raw Capacity Specification. 3.9.1.2. Must Have Wpa3 And Enhanced Open Security. 3.9.1.3. Must Have A Built-in Technology That Resolves Sticky Client Issues For Wi-fi 6 And Wi-fi 5 Devices. 3.9.1.4. Must Have Ofdma And Mu-mimo For Enhanced Multi-user Efficiency. 3.9.1.5. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo) Specification. 3.9.1.6. Must Be Able To Support Data Rates Of Up To 2.4 Gbps For Ieee802.11ax. 3.9.1.7. Must Have Multi-user Transmission With Downlink And Uplink Ofdma. 3.9.1.8. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.1.9. Must Have Dual Radio 802.11ax Access Point With Ofdma And Multi-user Mimo (mumimo): 3.9.1.10. Must Have Multi-gig Uplink Ethernet Port With The Following Specifications: A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.1.11. Must Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.1.12. Must Support The Following Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835ghz B. 5.150 To 5.250ghz C. 5.250 To 5.350ghz D. 5.470 To 5.725ghz E. 5.725 To 5.850ghz F. 5.850 To 5.895ghz 3.9.1.13. Must Have Dynamic Frequency Selection (dfs) Which Optimizes The Use Of Available Rf Spectrum. 3.9.1.14. Must Support Radio Technologies: A. 802.11b: Direct-sequence Spreadspectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequencydivision Multiple Access (ofdma) With Up To 16 Resource Units (for An 80mhz Channel)" 3.9.1.15. Must Support The Following Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024-qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024- Qam802.11n High-throughput (ht) Support: Ht20/40 3.9.1.16. Must Have 802.11ac And 802.11ax 3.9.1.17. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.1.18. Must Support Multi-channel Implementation. 3.9.1.19. Must Support Hybrid Implementation. 3.9.1.20. Must Support Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mvc31, Ht20 To Ht40) E. 802.11ac: 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4, Vht20 To Vht160) F. 802.11ax (2.4ghz): 3.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 3.6 To 4,803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: Ampdu, A-msdu 3.9.1.21. Must Have Four Integrated Dual-band Down Tilt Omni-directional Antennas For 4x4 Mimo With Peak Antenna Gain Of 4.2dbi In 2.4ghz And 7.5dbi In 5ghz. Built-in Antennas Are Optimized For Horizontal Ceiling Mounted Orientation Of The Ap. The Down Tilt Angle For Maximum Gain Should Be Roughly 30 Degrees. 3.9.1.22. Must Have Combining The Patterns Of Each Of The Antennas Of The Mimo Radios, The Peak Gain Of The Effective Per-antenna Pattern Is 3.8dbi In 2.4ghz And 4.6dbi In 5ghz. 3.9.1.23. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3af/at/bt (class 3 Or Higher) D. E1: 10/100/1000base-t Ethernet Network Interface (rj-45) E. Auto-sensing Link Speed And Mdi/mdx 3.9.1.24. Must Have Dc Power Interface: 48vdc (nominal, +/- 5%), Accepts 1.35mm/3.5mm Center-positive Circular Plug With 9.5mm Length. 3.9.1.25. Must Have Visual Indictors (two Multi-color Leds): For System And Radio Status. 3.9.1.26. Must Have A Reset Button: Factory Reset, Led Mode Control (normal/off). 3.9.2. 30 Units Outdoor Access Points 3.9.2.1. Must Have 8x8 Mu-mimo Capability. 3.9.2.2. Must Be Delivering A Raw Capacity Of 4.8 Gbps. 3.9.2.3. Must Have An Uplink And Downlink Orthogonal Frequency Division Multiple Access (ofdma), Downlink Multi-user Mimo (mu-mimo) And Cellular Colocation. 3.9.2.4. Must Have Ai Powered Technology Ensures That All Clients Are Attached To Their Best Serving Access Point. 3.9.2.5. Must Have Session Metrics, Network Metrics, Applications And Client Type Are Used To Identify And Maintain The Best Connection. 3.9.2.6. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo). 3.9.2.7. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.2.8. Must Have Multi-gig Uplink Ethernet Port A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.2.9. Must Have An Ap Type: Outdoor Hardened, Wi-fi 6 Dual Radio, 5 Ghz 8x8 Mimo And 2.4 Ghz 4x4 Mimo Software And Configurable Dual Radio Supports 5 Ghz And 2.4 Ghz 5 Ghz: 3.9.2.10. Must Be Able To Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.2.11. Must Have The Following Supported Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835 Ghz B. 5.150 To 5.250 Ghz C. 5.250 To 5.350 Ghz D. 5.470 To 5.725 Ghz E. 5.725 To 5.850 Ghz F. 5.825 To 5.875 Ghz 3.9.2.12. Must Have The Following Available Channels: Dependent On Configured Regulatory Domain. 3.9.2.13. Must Have Dynamic Frequency Selection (dfs) Optimizes The Use Of Available Rf Spectrum. 3.9.2.14. Must Support The Following Radio Technologies: A. 802.11b: Direct-sequence Spread-spectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequency-division Multiple Access (ofdma) With Up To 16 Resource Units (ru) 3.9.2.15. Must Have The Following Supported Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam E. 802.11n High-throughput (ht) Support: Ht 20/40 F. 802.11ac Very High Throughput (vht) Support: Vht 20/40/80/160 G. 802.11ax High Efficiency (he) Support: He20/40/80/160 3.9.2.16. Must Have The Following Supported Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54 C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mcs31, Ht20 To Ht40) E. 802.11ac: (5 Ghz): 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4 For Vht20 To Vht160) F. 802.11ax (2.4ghz): 8.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 8.6 To 4803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: A-mpdu, A-msdu 3.9.2.17. Must Have The Maximum (conducted) Transmit Power (limited By Local Regulatory Requirements): A. 2.4 Ghz Band: +22 Dbm Per Chain, +25dbm Aggregate (2x2) B. 5 Ghz Band: +22 Dbm Per Chain, +28dbm Aggregate (4x4) 3.9.2.18. Must Have Multi-gig Port (rj-45) A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) - 802.3az Energy Efficient Ethernet (eee) 3.9.2.19. Must Have 100/1000base-t (rj-45) A. Auto-sensing Link Speed And Mdi/mdx - 802.3az Energy Efficient Ethernet (eee) B. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) 3.9.2.20. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. 3.9.2.21. Must Have Visual Indicator (multi-color Led): For System And Radio Status. 3.9.2.22. Must Have A Reset Button: Factory Reset (during Device Power Up). 3.9.2.23. Must Have 802.11ac And 802.11ax 3.9.2.24. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.2.25. Must Support Multi-channel Implementation. 3.9.2.26. Must Support Hybrid Implementation. 3.9.3. Wireless Lan Controller 3.9.3.1. Bidder Must Supply Licenses For The Number Of Access Points Proposed In This Bid For 3 Years Maintenance. 3.9.3.2. Must Be Software Solution For Wi-fi Performance At The Edge That Support Up To 3,000 Aps. 3.9.3.3. The Network Controller Could Be A Software Solution Or A Network Appliance. 3.9.3.4. The Network Controller Can Be A Function/feature Within The Whole Network Management System Or Platform. 3.9.3.5. Must Be Able To Deliver 24x7 Reliability, Live Upgrades, And Always-on Connectivity. 3.9.3.6. Must Support Zero Touch Provisioning. 3.9.3.7. Must Support Plug-n-play Ap Replacement. 3.9.3.8. Wireless Network Can Still Function Normally When The Network Controller Fails. 3.9.3.9. If The Wireless Lan Controller Is Software Solution Only, Bidder Must Include An Operating System License. 3.10. Network Management System (nms) 3.10.1. Solution Should Support Zero-touch Deployment Of Switches And Wireless Controllers And Even Ngfw To Eliminate Human Intervention. 3.10.2. Solution Should Support Physical Branch Provisioning By Automating Onboarding, Initial Configuration, And Customer-supplied Configurations For The Complete Branch Network For Single Or Multiple Branches. 3.10.3. Proposed Solution Should Automatically Discover And Maps Network Devices. Should Have An Ability To Display Real-time Graphical Representation. 3.10.4. The Proposed Solution Should Classify Devices In The Topology Map Based On Different Network Layers And Filter Based On Vlan. 3.10.5. The Proposed Solution Should Have 2d And 3d Wireless Coverage Planning Tool Provide Real Time Rf Heat Maps That Show Accurate Information On The Overall Signal Quality Delivered To Locations On A Map. 3.10.6. The Proposed Solution Should Have Capability Of Visualize The Wi-fi 6 Insight Aps Over Legacy Aps, Airtime Efficiency, And Wireless Latency 3.10.7. The Solution Shall Have The Ability To Compare Configuration Versions Using A Side-by-side, Split-screen Display To Highlight Differences Between Current And Captured Configuration. 3.10.8. The Proposed Solution Must Be Able To Define Baseline Software Image Per Location For Specific Platform And Provide Pre- And Post-upgrade Checks For Software Image Management. 3.10.9. The Proposed Solution Must Have An Ai-driven Analytics Engine With Machine-learning Based Workflows To Provide Root Cause Analyses And Solve Complex Issues. 3.10.10. The Proposed Solution Shall Provide At-a-glance Fault Summary Dashboards To View Top Unhealthy Network Elements With Status Kpis And Drill Down To View The Detailed Information. 3.10.11. The Proposed Solution Shall Provide Actionable Insights Into Network, Client, And Application-related Issues Eliminating White Noise And False Positives Based On Recent And Historical Data; And Provide Guided Remediation To Troubleshoot The Issues. 3.10.12. The Proposed Solution Shall Support Vector-based Area Detection Technology For Wireless Network. 3.10.13. The Proposed Solution Should Have The Following Options Of Deployment; 3.10.13.1. Mini Version For Small Network And Can Run Built-in On Core Switches And Ngfw. 3.10.13.2. Full Featured Appliance-based Solution For An Average Network Size 3.10.13.3. Full Featured Software-based Solution For Extremely Large Network Size 3.10.14. Network Management System Solution Can Also Be Utilize To Implement Network Layer Security Based On Self-defending Network. 3.10.15. Must Include Operating System License If Bidder Will Propose Software Solution Only. Servers And Storage Appliances 1 86,140,314.00 4.1. Vm Servers Six (6) Units Vm Servers With Minimum Specifications As Follows: 4.1.1. Processor: Dual Processor With At Least 2.0ghz, 2 X 28c 4.1.2. Memory: 1tb Ram 4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 2tb Ssd Sas 4.1.4. Disk Controller: Raid 0, 1, 10, 5 4.1.5. Sas Raid Controller 4.1.6. Network Ports: At Least 2 X Dual Ports 10gbe 4.1.7. Hba Card (fc Card): 2 X Dp Fc16 4.1.8. Must Have N+1 Fan Redundancy 4.1.9. Must Have Dual Redundant Power Supply 4.1.10. Must Include Enterprise Linux Based Operating System Per Server That Can Accommodate Virtual Machines Without Additional License Cost 4.2. Storage Area Network Switches 4.2.1. 2 Units X 24 Ports 16gb Fc San Switch 4.2.2. 48 Pcs 16gb Fc Lc To Lc Cables 4.2.3. Redundant Power Supply 4.3. Block Storage System 4.3.1. Enterprise Block Storage System Specifications: 4.3.1.1. Must Have 50tb Nvme Ssd Usable Capacity. 4.3.1.2. Minimum Of 4 X 16gb Fc Ports 4.3.1.3. Designed For Six Nines Of Availability 4.3.1.4. Must Support Active-active, End-to-end Nvme Controllers 4.3.1.5. Must Support Nvme Ssd 4.3.1.6. Must Have The Capability To Natively Connect To And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.3.1.7. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.4. Back-up System Requirements For Enterprise On-premise Back-up System: 4.4.1. Back-up Server Must Have The Following Minimum Specifications: 4.4.1.1. Dual Processor With At Least 2.0ghz, 2 X 12c 4.4.1.2. Memory: 256gb Ram 4.4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 4tb Ssd Sas 4.4.1.4. Sas Raid Controller 4.4.1.5. At Least 4 X 10gbe 4.4.1.6. Hba Card (fc Card): 2x Dp Fc16 4.4.1.7. Must Have N+1 Fan Redundancy. 4.4.1.8. Windows Server Operating System 4.4.1.9. Must Have Dual Redundant Power Supply. 4.4.1.10. The Solution Must Include Tools For Effective Management. 4.4.1.11. The Solution Must Provide Software Licenses For Protection Of Either 20 Vm’s Or 50tb Capacity. 4.4.1.12. The Solution Must Support Native Tiering To Public And/or Private Clouds For Long-term Retention. 4.4.1.13. The Solution Must Support Data Deduplication. 4.4.1.14. The Solution Must Support Reporting Capabilities For Physical Capacity Utilization. 4.4.1.15. Must Include Operating System License For Back-up Software 4.5. Block Storage System For Back-up 4.5.1. Enterprise Block Storage System Specifications: 4.5.1.1. Must Have 300tb Nlsas Usable Capacity. 4.5.1.2. Minimum Of 4 X 16gb Fc Ports 4.5.1.3. Equipment Must Be Designed For A Minimum Of Six Nines Of Availability Or Higher. 4.5.1.4. Must Support Active-active Controllers. 4.5.1.5. Must Also Have The Capability To Natively Connect And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.5.1.6. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.6. Virtualization Software 4.6.1. Must Support Api And Policy Driven Storage Capabilities 4.6.2. Must Support Persistent Memory 4.6.3. Must Support Single Reboot 4.6.4. Must Support Quick Boot. 4.6.5. Must Support Live Migration Of Workloads 4.6.6. Support For Msft Vbs 4.6.7. Must Support Endpoint Security 4.6.8. Must Support Fault Tolerance 4.6.9. Must Support Per-vm Enhanced Vm Migration Compatibility. 4.6.10. Must Support Proactive High Availability 4.6.11. Must Support Vm-level Encryption. 4.6.12. Must Support Centralized Network Management 4.6.13. Must Support Load Balancing 4.6.14. Must Support Prioritize Resources To Virtual Machines Data Center Facility 1 92,008,302.00 5.1.1. The Winning Vendor Shall Supply, Install And Commission A Modular Data Center That Will Support The Network, Servers And Storage Deployments. This Data Center Must Be Scalable In Nature With Its Capacities, Including Additional Racks, Easily Upgraded Without Disruption To Normal Operations. 5.1.1.1. Server Racks 5.1.1.2. Uninterruptible Power Supply (ups) 5.1.1.3. Precision Air Conditioning Unit (pacu) 5.1.1.4. Cctv System 5.1.1.5. Environmental Monitoring System (ems) 5.1.1.6. Fire Suppression System 5.1.2. Cold Aisle Containment System 5.1.2.1. Equipped With Automatic Sliding Door, Magnetic Locking Roofs, Intelligent Lighting System, Cable Management, Touchscreen Display Controller, Sms Modem And Data Center Facility Equipment Status (ups And Pacu). 5.1.2.2. Must Have Access Controller With Management Of Users, Logs And Access Authorization (2-door Type) 5.1.2.3. Equipped With Access Control Reader (rfid Card, And Pin/badge Code) 5.1.2.4. Able To Communicate With The Following Sensors: Temperature & Humidity, Smoke, Leak Detection, Door Status And Data Center Equipment (pacu, Ups And Power Meters) 5.1.2.5. Includes A Monitoring Tool / System With Analytics. 5.1.2.6. Temperature & Humidity Sensor Included For All Entire Racks. 5.1.2.7. Includes Smoke Sensor (dry Contact Type With Alarm Light) For The Entire Racks. 5.1.2.8. Equipped With Door Status Sensor For The Entire Racks. 5.1.2.9. Equipped With Water Leak Sensor For The Entire Racks. 5.1.2.10. Able To Monitor Rack Space. 5.1.2.11. Able To Display Virtual Rack Diagram / Layout. 5.1.2.12. Equipped With Smart Meter. 5.1.3. Closed Bay Server Racks 5.1.3.1. Dimension: 600mm (width) *1100mm (depth) *2000mm (height) 5.1.3.2. Static Weight Loading Capacity Of At Least 1,400kg 5.1.3.3. Ip Rating – 20 5.1.3.4. Door Perforations – 70% Minimum 5.1.3.5. Adjustable Leveling Feet For Stability And Security 5.1.3.6. Front And Rear Doors Open Up To 130º 5.1.3.7. Front And Rear Doors Must Be Grounded To The Rack. 5.1.3.8. With Electronic Lockable Front & Rear Doors Integrated To Dcim Software 5.1.3.9. With Front And Rear U-position Numbers 5.1.3.10. With Removable Power Trough On The Roof For Power, Network And Optic Cables Management 5.1.3.11. With Heavy Duty Castor 5.1.4. Must Propose 1 Unit Out Of Band Switch With The Following Specifications: 5.1.4.1. 48 Ports X Rj45 Rs-232 Serial Ports 5.1.5. Managed Pdu 5.1.5.1. Metered Type. 5.1.5.2. Ac Input Voltage: 400v 3ph 5wire 60hz Wye. 5.1.5.3. Nominal Voltage Input: 350v – 415vac 3 Phase Wye. 5.1.5.4. Output Voltage: 200v-240vac 1phase. 5.1.5.5. 36 X Ec320-c13 Output Receptacles. 5.1.5.6. 3 X Iec320-c19 Output Receptacles. 5.1.5.7. With Branch/group Circuit Breaker Protection. 5.1.5.8. Equipped With Led Current (rms Value) Display And Overload Warning Indicator. 5.1.5.9. Must Be Monitored Through Dcim Software. 5.1.5.10. Tool-less Installation Standard Rack Cabinets. 5.1.5.11. Must Include Brackets For Mounting In Other Brand Rack Cabinets. 5.1.5.12. Zero-u Installation To Save Rack Space. 5.1.5.13. Operating Range: 0 To 45 Degrees Celsius. 5.1.6. Iot Smart Cctv Cameras 5.1.6.1. With Live Caption And Monitoring 5.1.6.2. Smart Features 5.1.6.3. Must Cover The Entire Sever Room And Server In An Aisle 5.1.6.4. At Least 5mp Resolution 5.1.6.5. With Storage Capable To Retain Videos For 30 Days 5.1.7. Precision Cooling 5.1.7.1. Must Provide 4 Units Of Precision Row Cooling With At Least 30kw Total Cooling And 30kw Sensible Cooling Capacity 5.1.7.2. Must Be Ce Certified Or Equivalent International Standard. 5.1.7.3. The Indoor Unit Fan Type Must Be Ec Fan With Automatic Adjustment Through A Controller To Match The Heat Load From 20%-100%. 5.1.7.4. The Outdoor Unit Fan Must Have Variable Speed Control Which Adjusts According To Different Weather Conditions. 5.1.7.5. The Indoor Fans Must Be Hot Swappable Which Should Not Require Shutting Down Of The Entire Pacu Unit When Replacing The Defective Fan/s. 5.1.7.6. The Pacu Unit Must Be Equipped With Electronic Expansion Valve (eev) To Provide Accurate Control Of The Refrigerant To Run Optimized On Various Conditions. 5.1.7.7. Filter Shall Be High Efficient Eu4/f4/merv8 Standard. 5.1.7.8. At Least Ten-inch Lcd Colored Touch Screen Display Externally Mounted And Viewed From The Front Of The Unit 5.1.7.9. The Touch Panel Must Contain The Settings And Programs Of All The Stored Operating Parameters That Can Be Used, Viewed, And Set On The User Display Interface. 5.1.7.10. Must Be Equipped With Automatic Restart Feature That Will Automatically Restart The System After A Power Failure. 5.1.7.11. High Pressure And Low Pressure Of Refrigerant System Shall Be Recorded In The Controller And Be Viewed Through The Display. 5.1.7.12. Shall Have Reheater With Positive Temperature Coefficient (ptc) Selfregulating Reheating Element At 3kw Rating. 5.1.7.13. Must Have Electrode Humidifier With 3kg/hr Capacity. 5.1.7.14. The Controller Is Able To Work In Teamwork Mode. 5.1.7.15. Capable To Accept 2 Power Source With Automatic Switching From Feed A To Feed B And Vice Versa To Support High Availability. 5.1.7.16. The Pacu Shall Be A 3 Phase (380/400/415v, 60hz) 5.1.7.17. 5.1.7.18. Must Have Built-in Or Has Available Slot For Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.7.19. Supports Communications Protocols Such As Rs-485, Snmp And Must Be Monitored Centrally On The Data Center Infrastructure Management Software (dcim). 5.1.7.20. Unit Dimension Shall Not Be Greater Than 300mm W X 2000mm H X 1090mm D. 5.1.7.21. All Pacu Units Must Have At Least One External Temperature And Humidity Sensors Installed On The Back Door Of The Rack Next To It. 5.1.7.22. Unit Must Be Compatible With R-410a Refrigerant Or Other Environmental Friendly Refrigerant 5.1.7.23. Must Have Dry Contact Device For Alarm System. 5.1.7.24. All Pacu Units Must Be Integrated To Door Access Control And Fire Suppression System 5.1.8. Ups Systems With Independent Battery System: 5.1.8.1. Supply 2 Units Modular Ups With 80kw Frame In 2n Configuration 5.1.8.2. 40kva Initial Modular Capacity 5.1.8.3. Can Cater 5kw Per Rack @ 8 Racks 5.1.8.4. At Least 15 Mins Back Up Time 5.1.8.5. The Ups Must Be Based On Igbt Technology Architecture That Provides High Quality, Low Noise, Pure And Uninterrupted Power Supply, Three Phase, Four Wire + Ground, Hot Swappable Modular Type Ups 5.1.8.6. Must Be Ce Certified, Iec/en62040-1, Iec/en62040-2 Or Equivalent. 5.1.8.7. The Ups Shall Have Built-in Protection Circuit Breakers For Input, Manual Bypass, Bypass And Output Connections. 5.1.8.8. The Ups Must Be A 3 Phase (380/400/415v, 60hz) Input Type And 3 Phase (380/400/415v, 60hz) Output Type. 5.1.8.9. The Ups Status Must Have User Friendly Interface With Big Graphic Lcd Screen For All Communication And Command Options To Show Operational And Functional Status, Measurements, Event Log, Etc. 5.1.8.10. Must Have Built-in Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.8.11. In Each Of The Ups, It Include Controller Module, Static Transfer Switch (sts Module) And Power Modules. Modules Must Be Hotswappable Without Bypass Mode Or Without System Shutdown Required In Order To Minimize Down Time. 5.1.8.12. Has Automatic Restart Function To Normal Mode Right After The Ac Input Resumes Following A Low Battery Shutdown And Returns Automatically To Normal Mode From Bypass Mode After An Overload Condition Or Short Circuit Condition Is Cleared. 5.1.8.13. Enclosure Ip Rating – Ip20 As A Minimum 5.1.8.14. Ambient Operating Temperature Between 0 To 40 Degrees C 5.1.8.15. Audible Noise <62db At 1 Meter 5.1.8.16. Winning Bidder Must Provide Calculation Of Mtbf (mean Time Between Failures) Which Must Not Be Lower Than 125,000 Hours Based On Online Mode (battery At Float & Battery Charge), Onbattery (inverter Mode) Back Up Mode And Bypass Mode. 5.1.8.17. Ups Input Specification 5.1.8.17.1. Voltage: 380v ± 20 % Or Better. 5.1.8.17.2. Frequency: 60 Hz ± 5 % Or Better. 5.1.8.17.3. Power Factor: 0.99 Or Better. 5.1.8.17.4. Harmonic Distortion (thdi): 5% Or Better 5.1.8.18. Ups Output Specification 5.1.8.18.1. Voltage: 380v/400v/415v ±1 % Or Better. 5.1.8.18.2. Frequency: 60 Hz ± 0.1 % Or Better. 5.1.8.18.3. Power Factor: Unity (1) 5.1.8.18.4. Harmonic Distortion: < 2%(at Linear Load) Or Better. 5.1.8.18.5. Overload: ≤125% ; 10 Min , ≤150% ; 1 Min Or Better. 5.1.8.18.6. Overall Efficiency: 96% (online Mode) And 99% (eco Mode) 5.1.8.19. Battery Specification 5.1.8.19.1. The Battery System Must Be Lithium Ion (lfp Type) Or Equivalent Complete With Battery Module, Battery Cabinet And Battery Management System. 5.1.8.19.2. Each Ups Must Have 15min Battery Runtime At 40kw Load. 5.1.8.19.3. The Battery System Must Be Designed To Support Each Ups Independently. A Common Battery Scheme For 2 Ups Is Not Allowed In Order To Prevent Single Point Of Failure. 5.1.8.19.4. The Lithium Ion Battery Cabinet Of Each Ups Shall Have Visual Display System For Real Time Display System Status 5.1.8.19.5. With Four Level Safety Protection To Ensure System Safety And Reliability (cell Level, Module Level, And System Level) 5.1.8.19.6. With Three Levels Of Battery Management System From Cell Level (basic), Rack Level And System Level 5.1.8.19.7. The Battery Must Be Manufactured By A Factory Which Has Been Certified For Iso 9001 And Iso14001. 5.1.9. Monitoring System 5.1.9.1. Able To Visualize The Overall Layout Of The Data Center 5.1.9.2. With Overall Environment Mapping Or Profile Of The Data Center 5.1.9.3. With Electrical, Mechanical, Fire And Safety Systems And Sub Systems Status Monitoring 5.1.9.4. Monitoring Of Precision Cooling Status And Profile 5.1.9.5. Power Diagrams 5.1.9.6. Alarm Notification And Reporting 5.1.9.7. The System Must Be Able To Monitor The Following: 5.1.9.7.1. Access Control And Surveillance (cctv) 5.1.9.7.2. Asset Management 5.1.9.7.3. Rack Utilization, Rack U-space, Weight, Power Load And Network Port For Each Rack 5.1.9.7.4. Multiple Site Management 5.1.9.7.5. Alarm Notification, Reporting And Schedule 5.1.9.8. Equipped With Intelligent Platform Management Interface (ipmi) 5.1.9.9. System Can Be Integrated To End User Active Directory (ldap) Management For: 5.1.9.9.1. Real Time And Historical Pue 5.1.9.9.2. Electricity Cost And Billing 5.1.9.9.3. Overall Capacity Utilization 5.1.9.9.4. Work Order Progress And Approval Process. 5.1.9.9.5. Alarm Notification And Reporting 5.1.10. Environmental Management System (ems) 5.1.10.1. Input Voltage: 100- 230vac 5.1.10.2. Input Frequency: 50hz 5.1.10.3. Digital Inputs: 4 5.1.10.4. Analogue Inputs: 2 5.1.10.5. Water Leak X 1: Detect Voltage < 1v ((alarm Signal With S-1fp Leak Sensor) 5.1.10.6. 8 X Sensor Hub Outputs For Smoke, Fire, Door Connections 5.1.10.7. Relay Outputs: 2 5.1.10.8. Led Warning Lights 5.1.10.9. 1 Ru 5.1.10.10. Ems Protocols 5.1.10.10.1. Ipv4/ Ipv6 Ftp/ Sftp/ Tftp 5.1.10.10.2. Dhcp Smtp 5.1.10.10.3. Http/ Https Sntp 5.1.10.10.4. Snmp V1/v3 Syslog 5.1.10.10.5. Telnet/ Ssh Radius 5.1.10.11. Rack Temp/humidity Sensor Specification 5.1.10.11.1. Input Power: Via Pdu Or Ups Snmp Or Ems Appliance 5.1.10.11.2. Temp Accuracy: 15ºc - 35ºc : ± 1ºc 5.1.10.11.3. Temp Accuracy: 0ºc - 15ºc & 35ºc - 45ºc: ± 2ºc 5.1.10.11.4. Humidity Operation: 20 - 90% Rh None Condensing. 5.1.11. Other Requirements 5.1.11.1. The Winning Bidder Shall Assess The Floor Loading Capacity Of The Cnu Nominated Area Where The Data Center Shall Be Installed. The Winning Bidder Must Perform Floor Loading Augmentation Works To Ensure That The Floor Loading Capacity Is Sufficient To Support The Data Center Equipment. 5.1.11.2. The Winning Bidder Shall Be Responsible In All Essential Installation Works. 5.2. Consolidated Command And Control Center 5.2.1. 6 Units Led Wall Monitors 5.2.1.1. Must Provision 6 Units 55 Inch Led Wall Monitors 5.2.2. 6 Units Desktop Computers 5.2.2.1. Must Have The Following Minimum Specifications: 5.2.2.2. Must Have A Minimum Of Intel I5 Cpu. 5.2.2.3. Must Have The Latest Windows Os 5.2.2.4. Must Have 16gb Memory. 5.2.2.5. Must Have A Minimum Of 512gb Ssd 5.2.2.6. Must Have An Integrated Video Card 5.2.2.7. Must Have A Minimum Of 1 X Hdmi Port 5.2.2.8. Must Have 2 X Usb 3.2 Gen Port 5.2.2.9. Must Have 1 X Rj45 Ethernet Port 5.2.2.10. Must Include Keyboard And Mouse 5.2.2.11. Must Include 23 Inch Monitor 5.2.2.12. Must Include Office Productivity Software 5.2.2.13. Must Include Endpoint Security (refer To 4.6 For Specifications) 5.2.3. Consolidation Of Various Monitoring System 5.2.3.1. The Winning Bidder Must Ensure Network, Security, Servers And Application Monitoring Systems Are Viewed And Controlled From The Command Center 5.2.3.2. Data Center Monitoring System (dcim) Must Be Viewed And Controlled From The Command Center 5.2.3.3. Cctv Monitoring Is To Be Done At The Command Center 5.2.4. Other Requirements 5.2.5. Provision Of Essential Furnishing 5.2.6. Provision Of Power Supply 5.2.7. Provision Of Network Nodes Including Required Data Cabling 5.2.8. Provision Of Services Essential To Prepare The Cnu Nominated Area Conducive For A Command Center Smart Security System 1 108,560,223.00 6.1. Smart Cctv Cameras (90 Units) 6.1.1. Cctv System Must Consist Of The Following: 6.1.1.1. Dome Camera, 4mp Or Higher Mp 6.1.1.2. Bullet Camera, 4mp Or Higher Mp 6.1.1.3. Ptz Camera, 4mp Or Higher Mp 6.1.1.4. Network Video Recorded (nvr) With Rightsized Storage Equipment 6.1.1.5. Cctv Software And Analytics 6.1.1.6. Video Retention Policy Of A Minimum Of 90 Days 6.1.2. Tcp/ip Based Cameras 6.1.2.1. The Camera Must Be Tcp/ip Based 6.1.2.2. Should Support 12-24 Vdc Or 24 Vac. 6.1.2.3. Should Support 1920 X 1080 Resolution. 6.1.2.4. Should Support 25/30 Fps. 6.1.2.5. Should Support Night Vision For At Least 40m For Dome, 60m For Bullet, 200m For Ptz. 6.1.2.6. Should Be At Least Ip67 Ingress Protection For Dome And Bullet, Ip66 For Ptz 6.2. Facial Recognition System The Facial Recognition System Shall Function, Among Others, As The Primary Data Capture Device For The Daily Time Record Of University Employees, Which Shall Be Integrated With The Hris Dtr Module. It Will Also Function As An Identification Tracker Of Students Coming In And Out Of The Campus. It Will Be Deployed Initially At The Main Entry And Exit Points Of The Campus. At A Minimum, The System Must Be Equipped With The Following: 6.2.1. Touch-less Access Control Reader Equipped With Facial Recognition Capable Of Four (4) Factor Authentication, Such As: 6.2.1.1. Face 6.2.1.2. Finger 6.2.1.3. Card 6.2.1.4. Pin 6.2.2. Equipped With At Least 2mp Camera And Able To Perform Thermal Screening That Will Manage Student And Personnel Credentials And Isolate Those With High Temperature To Keep The Campus Premises Safe And Secure. 6.2.3. Must Be Equipped With Ups. 6.2.4. Rfid Card Options Must Include, At A Minimum, Em Prox, Mifare, Desfire. 6.3. Video Analytics & Video Management System A Video Management System Collects Video From Cameras And Other Sources, Stores That Footage On A Storage Device, Provides An Interface To Both View The Live Video And Access Recorded Footage, And Integrates With Surveillance Systems Of Different Stakeholders Thereby Providing A Holistic And Integrated Solution For The Campus. The Following Capabilities Are Required (note: No Osm): 6.3.1. Analyze Video/camera Events 6.3.1.1. Video Signal Lost 6.3.1.2. Video Signal Restored 6.3.1.3. Camera Sabotage Features 6.3.2. Counting Events 6.3.2.1. A Person Counted As Entering. 6.3.2.2. A Person Counted As Exiting. 6.3.2.3. Car Counted In Lane. 6.3.2.4. Car Exited Carpark. 6.3.2.5. Car Entered Carpark. 6.3.3. Protect Areas Of Interest 6.3.3.1. Intrusion Detection 6.3.3.2. Loitering Detection 6.3.3.3. Possible Theft 6.3.3.4. Object Removed. 6.3.3.5. Object Left Unattended. 6.4. Automated Turnstile Through Rfid Access Supply And Installation Of Automated Gates, Turnstiles And Door Access Retrofitting Servers At The Main Entrance And Exit Area Of The University. 6.4.1.1. Accessed Using A Single Card And Programmable Control System. It Must Include Rfid Card Printers, Readers, And Stocks Of Consumables (rfid Cards And Printer Ribbons) To Meet The Initial Requirements Of All Students, Employees, And Guests Who Will Use The Facilities; 6.4.1.2. Passing Turnstile That Integrates Modules Such As Access Control, Turnstile Control, And Alarm; 6.4.1.3. The Access Control Management System Is Equipped With An Ic Card Reader; 6.4.1.4. Barriers Will Be Closed Automatically If No One Enters The Turnstile After Identity Is Verified. The Lock And Unlock Of Barriers Can Be Controlled By A Remote Controller. When Receiving A Fire Alarm Signal, The Turnstile Will Automatically Open; 6.4.1.5. Support Mechanical Anti-pinch And Ir Anti Pinch, Anti-collision. Support Sound And Light Alarms. Passing Modes. Pass With Identity Verified, Not Allowed To Pass, And Pass Without Restrictions, And Able To Use The Three Modes In Any Combination. Unlock And Lock Speed, Pass Duration, And Lock Delay Duration Must Be Adjustable. Support Intrusion Alarm (entering And Exiting), Trailing Alarm, Stay Overtime Alarm, Climbing Turnstile Alarm, Unlock Anomaly Alarm, Barrier Anomaly Alarm, Ir Anomaly Alarm, Communication Anomaly Alarm, And More. Support Integration Of Face, Fingerprint, Qr Code, Cpu Card Reader/id Card Reader Module, And More To Achieve A Combination Of Multiple Authentication Methods. 6.5. Vms Server Vms Server Consisting Of One (1) General Purpose Server, With Minimum Specifications As Follows: 6.5.1. Memory: 16 Gb Ddr4 Dimm 6.5.2. Storage: 1 Tb 7.2k Sata × 2 6.5.3. Network Ports: 2 × 1gbe Lom Network Interface Controller (nic) Ports. 6.5.4. Operating System: Windows Server Os (licensed Copy Auxiliary Communications 1 100,900,000.00 The Winning Bidder Shall Provide Below Listed Equipment, Appliances And/or Devices To Supplement The Overall Workability Of This Project As Well As Provide Additional Productivity Equipment To The University: 7.1. 9’ X 12’ Led Display 1 Unit Change 1 Unit Indoor 7.1.1. 2 Units Outdoor Led Wall Display To Be Used As Electronic Billboard, With A Minimum Size Of 9ft X 12ft 7.2. 85” Indoor Led Display For Video Conference 7.2.1. 6 Units 85” Indoor Led Display 7.2.2. Provision Of 10x Optical Zoom Video Conferencing Kit Camera 7.3. Ipbx System With Ip Phones The Winning Bidder Must Supply A Complete Working Ip Pbx System For At Least 100 Users. The Proposed System Must Be Compliant With The Following Specifications, At A Minimum: 7.3.1.1.1. Must Extend Voice And Video Features To Network Devices Such As Ip Phones, Telepresence Endpoints, Media-processing Devices, Gateways, And Multimedia Applications. 7.3.1.1.2. Must Be Able To Perform Multimedia Conferencing, Collaborative Contact Centers, And Interactive Multimedia Response Systems Through Open Telephony Apis. 7.3.1.1.3. Must Be Able To Provide Call Attendant With Tools That Quickly Accepts And Effectively Dispatch Incoming Calls To Individuals Across The Organization. 7.3.1.1.4. Must Be Able To Perform Calling, Meeting And Messaging. 7.3.1.1.5. Must Be Equipped With Instant Messaging Features. 7.3.1.1.6. Must Be Equipped With Convergence-based Communication Services To Listen To Messages In Hands-free Mode. 7.3.1.1.7. Must Be Able To Support Maximum Of 1000 Users. 7.3.1.1.8. Must Have 1000 Mailboxes And At Least 24 Voicemail Ports. 7.3.1.1.9. Must Support Up To 1200 Devices. 7.3.1.2. Ip Telephones (300 Units) 7.3.1.2.1. Equipped With Programmable Line Keys. 7.3.1.2.2. Must Have Fixed Function Keys That Allow One-touch Access To Service, Messaging, Directory, Hold/resume, Transfer, And Conference Features. 7.3.1.2.3. Must Have High-resolution Display. 7.3.1.2.4. Must Support Power-over- Ethernet (poe) Class 1 And Is Energy Star Certified 7.3.1.2.5. Equipped With Power Saving Option To Enable Power Consumption Reduction During Off-hours. 7.3.1.2.6. Equipped With Standard Wideband-capable Audio Handset And Connects Through An Rj-9 Port. 7.3.1.2.7. Equipped With Analog Headset Jack And Is Wideband-capable Rj- 9 Audio Port. 7.3.1.2.8. Must Support Backlit Indicators For Audio Path Keys (handset, Headset And Speakerphone), Select Key, Line Keys, And Message Waiting. 7.3.1.2.9. Must Be Equipped With A Fullduplex Speakerphone To Allow Flexibility In Placing And Receiving Calls. 7.3.1.2.10. Must Be Able To Mask The Audible Dual Tone Multifrequency (dtmf) Tones When The Speakerphone Mode Is Used. 7.3.1.3. Solution Should Include A Voice Gateway Solution. 7.4. Public Address And Voice Alarm System 1 Unit 7.4.1 Should Have A Distributed Control Device (dcs) That Is Integrated With Many Functions And Supports The Connection Via Ethernet. 7.4.2 Built-in 1g Memory To Store The Audio Such As Digital Voice Messages And The Alarm Tone Of The Emergency Broadcast Integrated Into The Fire Alarm System And Building Management. 7.8.3 Should Have A Fault Detection Function For The Broadcasting System That Can Automatically Examine The Host System, Power Amplifier, Power Source, And Communication, And Detect The Open Circuit, Short Circuit, And Grounding Fault To Generate The Fault Alarm And Log. 7.8.4 Should Have A Paging Microphone That Allows Users To Make Paging And Broadcast Search Notices By Zone. 7.8.5 Should Have A Broadcasting System That Has Its Own 1 Ppt Emergency Microphone, Which Could Be Used To Play Emergency Broadcasts And Evacuate The Crowds In Specific Zones. 7.8.6 Should Have System Standby Amplifiers. When The Main Amplifier Fails To Function, The Standby Amplifier Replaces It Automatically. After The Main Amplifier Recovers, The System Will Use It Instead Of The Standby Amplifier In An Automatic Way. 7.5. Warranties 7.5.1. Whenever Applicable, All Equipment, Devices, Software And Systems Must Have At Least 1 Year Warranty And Support Services.\ 7.6. Services Requirements 7.6.1. Testing And Commissioning 7.6.1.1. The Winning Bidder Shall Perform Testing And Commissioning Services Upon Completion Of All Required Installations As Defined In This Terms Of Reference. 7.6.1.2. All Testing To Be Performed Must Be Witnessed By Cnu Assigned Personnel To Ensure Transparency Of The Testing Results. 7.6.1.3. The Testing And Commissioning Shall Ensure The Workability Of The Systems On A Stand-alone And Integrated Perspectives. 7.6.1.4. The Winning Bidder Must Submit For Approval Testing Mops (method Of Procedures) Prior To Actual Testing. 7.6.1.5. The Testing And Commissioning Services Shall Serve As The Uat (user Acceptance Testing) Provided It Is Witnessed By Cnu’s Nominated Personnel. 7.6.1.6. In The Event Of Testing Failure, The Winning Bidder Is Required To Perform Rectification Works Not More Than 72 Hours From The Time The Failed Testing Is Witnessed Or Reported. In The Event That Parts, Units And/or Entire Device/s Are To Be Replaced Which May Take Longer Than 72 Hours, The Winning Bidder Is Required To Submit A Written Request Justifying The Extension Of The Prescribed Rectification Duration. 7.6.1.7. All Testing To Be Performed Must Be Within The Manufacturer Prescribed Testing Procedures Or Methods. 7.6.1.8. The Winning Bidder Must Submit A Testing Report. 7.6.2. Knowledge Transfer And Training 7.6.2.1. The Winning Bidder Must Conduct Appropriate Knowledge Transfer Or Training To All Supplied And Installed Equipment, Devices, Software, Systems And Platforms Prior To Handover. 7.6.2.2. Training Must Include Basic Operation Of The Equipment, Devices And/or Systems, Allowable Troubleshooting That Will Not Void The Warranties And Orientation On Support Requests. 7.6.2.3. The Training Sessions Can Be Face To Face Through Classroom Type Or Online/virtual Provided A Walk-through Of The Systems Are Made Possible (if Applicable). 7.6.3. As-built Plans 7.6.3.1. The Winning Bidder Is Required, As Part Of The Post Project Documentation, To Submit As-built Plans Which Will Reflect The Actual Design And Implementation Of Various Ict Infrastructure And Systems In A Form Of Diagrams And/or Layouts. 7.6.3.2. Whenever Applicable, The As-built Plans Must Be Signed By Licensed Engineer Of A Particular Trade. 7.7. Implementation Duration 7.7.1. From The Date Of Notice To Proceed (ntp), The Winning Bidder Has Three Hundred Sixty (360) Calendar Days To Deliver And Complete The Project. Completion Includes Formal Handover And Acceptance By Cnu. 7.7.2. Participating Bidders Must Include In Its Bid Submission A High-level Gantt Chart That Illustrates The Project Implementation Schedule Per Wbs. 7.8. Bidder Competency And Qualification Requirements 7.8.1. The Bid Submission Shall Be In Sufficient Detail To Show Compliance With The Specification And Shall Include The Following: 7.8.1.1. Statement Of Compliance, Or Otherwise, Against The Specification For The System Offered. 7.8.1.2. A Scaled Drawing Showing The Proposed Layout Of All The Equipment In The Proposed System. 7.8.1.3. A Detailed Technical Description Of The Proposed System, Including All The Equipment And Software Offered. 7.8.1.4. A Working Timeline Including The Periods Of Design And Manufacture, Delivery, Installation, Training, Site Acceptance Testing, And Commissioning. 7.8.1.5. A Description Of The Architectural, Mechanical, Electrical, And Other Data Center Facility-related Works. 7.8.1.6. Colored Brochures Of All Equipment Supplied Including Racks And Consoles. 7.8.2. The Participating Bidder Must Include The Following Certifications In Its Bid Submission: 7.8.2.1. Manufacturer’s / Distributor’s Certificate Or Manufacturer’s / Distributor’s Authorization From The Manufacturer Of The Data Center, Desktop, Laptop, Network, And Server That The Bidder Is An Authorized Dealer/reseller To Join The Bid And It Has Validated The Full Solution Of The Project. 7.8.2.2. The Certification Must State That The Manufacturer / Distributor Of The Server And Network, Through Its Local Office, Is Capable Of Providing Support For The Offered Solution Which Will Be Implemented In This Project. 7.8.2.3. The Certification Or Manufacturer’s / Distributor’s Authorization Must Be Issued By The Manufacturer’s Incountry (philippines) Office. In Cases Where The Manufacturer Has No Representative Office In The Philippines, The Bidder May Secure The Certification Or Manufacturer’s Authorization From The Manufacturer’s Regional Office Exercising Supervision Over All Activities In The Philippines. 7.8.3. Manufacturer’s / Distributor Certification For The Servers, Storage, Networking, And Desktop Computers: 7.8.3.1. Must Have In-country Spare Parts Warehouse. 7.8.3.2. Must Be An International Enterprise And Should Have More Than 10 Years Of Business Experience In The Philippines. 7.8.3.3. The Manufacturer / Distributor Must Have Certified Engineers. 7.8.4. Manufacturer’s / Distributor Certificate Stating That The Equipment Supplied Is Not Obsolete Or Shortly To Be Phased Out Of Production. 7.8.5. Warranty Certificates Of All Supplied Equipment And Devices, Stating The Warranty Coverage 7.8.6. The Bidder Should Have Iso 9001:2015 Quality Management Systems. In The Case Of A Joint Venture (jv), Each Of The Parties Forming The Jv Must Possess The Iso Certifications As Stated Herein. Total Php 1,000,000,000.00 Delivery Of The Goods Is Required Within Three (3) Calendar Day After Receipt Of Notice To Proceed. Bidders Should Have Completed, Within Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Cebu Normal University And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 30, 2024 To July 22, 2024 From The Given Address And Website(s) And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Seventy-five Thousand Pesos (₱ 75,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees If It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. 6. The Cebu Normal University Will Hold A Pre-bid Conference On July 8, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City On Or Before July 22, 2024 @ 1:00 P.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On July 22, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Cebu Normal University Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Ma. Jodelle C. Badilla Bac Secretariat Office Cebu Normal University Osmeña Boulevard, Cebu City 6000 Philippines Cnubacsec@gmail.com (+63 32) 254 1452 Local 141 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.philgeps.gov.ph Www.cnu.edu.ph June 28, 2024 Dr. Joseph Elvir C. Tubilan Bac Chairperson

Details: Description Republic Of The Philippines Department Of Health Adela Serra Ty Memorial Medical Center Capitol Hills, Telaje, Tandag City, Surigao Del Sur E-mail Add: Astmmcprocurement@gmail.com Bids And Awards Committee Office Procurement Of Laboratory Reagents (tie-up Basis) For Immuno-serology, Clinical Microscopy And Microbiology Sections Ib No. 2024-06-05 (25) 1. The Adela Serra Ty Memorial Medical Center, Using A Single Year Framework Agreement, Through The Astmmc Fund Intends To Apply The Sum Thirty-one Million Three Hundred Fifty Eight Thousand Four Hundred Fifty Pesos Only [php 31,358,450.00], Being The Abc To Payments Under The Contract For Each Item. Bids Received In Excess Of Abc Shall Be Automatically Rejected. 2. The Adela Serra Ty Memorial Medical Center Now Invites Bids For The Procurement Laboratory Reagents (tie-up Basis) For Immuno-serology, Clinical Microscopy And Microbiology Sections. Delivery Of The Goods Is Required Within 15 Calendar Days After Issuance Of A Call-off. Bidders Should Have Completed, Within 5 Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non- Discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Adela Serra Ty Memorial Medical Center And Inspect The Bidding Documents At The Address Given Below During 8:00am To 5:00pm, Monday Thru Friday. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On May 16, 2024 To June 5, 2024 From The Given Address Below And Upon Payment Of The Applicable Fee For The Bidding Documents In The Amount Of Twenty Five Thousand Pesos Only [php 25,000.00]. The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment In Person. 6. The Adela Serra Ty Memorial Medical Center Will Hold A Pre-bid Conference1 On May 24, 2024; 10:30 Am At Bac Conference Room, Opd Bldg, Astmmc, Tandag 1 May Be Deleted In Case The Abc Is Less Than One Million Pesos (php1,000,000) Where The Procuring Entity May Not Hold A Pre-bid Conference. City And Or Through Video Conferencing Or Webcasting Via Meet.google.com/rbu-snjw-vga Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below, On Or Before 10:30 Am; June 5, 2024. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On 10:31 Am; June 5, 2024 At Bac Conference Room, Opd Bldg, Astmmc, Tandag City And Or Through Video Conferencing Or Webcasting Via Meet.google.com/rbu-snjw-vga Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Adela Serra Ty Memorial Medical Center Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Bac Office, 2nd Floor Opd Bldg. Astmmc, Tandag City, Sds, 8300 Tel No. 086-211-4306 Astmmcprocurement@gmail.com 12. For Downloading Of Bidding Documents, You May Visit: Philgeps.gov.ph May 16, 2024 Date Issued Dominador B. Toral, Rn, Md, Dpbohns Hbac Chairman Lot/ Item Number Unit Description Quantity Unit Price Total Delivered, Weeks/months Immuno-serology Section Lot No. 1 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Immunology Analyzer For Free Of Use."if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage > Must Provide At Least 3 Consecutive Excellent Neqas Result For The Past 3 Years > Must Strictly Provide And Installed A Back-up Machine Utilizing The Same Reagents In Case Of Machine Breaks Down To Avoid Delay Release Of Results That Will Affects The Turnaround Time Of Testing. >service Engineer Must Be Knowledgeable Of Their Machine And Responds To Any Of The End-users' Problems Or Concerns Immediately. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. > Supplier Must Shoulder The Main And Back Up Machine's Lis Connectivity Fee/charges Services And Coordinate With Astmmc Lis Provider For The Connection. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Our Objective Which Is Our Turnaround Time (tat) To Release Our Result After 2 Hours And Can Run All Tests 24 Hours A Day, 7 Days A Week > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Possess A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Analyzer Should Be Delivered Complete With Its Accessories (ups 3kva, Keyboard, Printer, Avr 3kva, Safety Breaker And Etc.) >must Provide And Free Of Charge (foc): - All Consumable Needed For The Machine To Function Like Calibrators, Controls, Cuvettes/sample Cups, Rv, Pre-trigger, Disposable Tips, Deionized / Distilled Water, Wash Buffer, System Cleaning Solution And Etc. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Electrochemiluminescence (eclia) Immunoassay Technology Or Chemiluminescence Immunoassay (clia) > Throughput: At Least 75 Tests/hr > Test Mode: Routine/random, Batch > Stat Assay Turnaround Time: <15mins > Non-stat Assay Turnaround Time: <25mins > Sample Volume: 10-50ul Per Test > 2-point Calibration Per Reagent Lot > Sample-clot Detection > Liquid-level Detection > Sensitivity : >99% > Specificity : >99% > Accuracy :> 99% >sample Type: Serum, Plasma, Whole Blood >reagent Type: Liquid, Ready To Use/no Mixing Reagent Pack / Cartridge >on-board Reagent Integrity/stability Control >automatic Inventory Tracking And Updating As To Number Of Tests And Remaining Test Available >program For Calibration Tracker And Validity >machine Quality Assurance: Autocalibration, Auto-qc, Auto Westgard Rules/levy Jennings Plotting Of Real Time Qc >machine Diagnostics System & Services: Online/remote Access >barcode Reader/scanner For Easy Samples And Reagents Identification And Tracking >lis Ready >with Buit-in Touch Screen Monitor >user-friendly, Easy To Use >if Water Is Needed, Buit-in Water System Or Distilled Water Must Be Provided For Free Of Charge >provide Computer/software System To Store Results For Accessibility And Result Management >sturdy Floor-type Machine Box T3 (100's/box) 4 46,000.00 184,000.00 15 Calendar Days After Issuance Of A Call-off Box T4 (100's/box) 4 46,000.00 184,000.00 15 Calendar Days After Issuance Of A Call-off Box Tsh (100's/box) 13 46,000.00 598,000.00 15 Calendar Days After Issuance Of A Call-off Box Ft3 (100's/box) 6 46,000.00 276,000.00 15 Calendar Days After Issuance Of A Call-off Box Ft4 (100's/box) 10 46,000.00 460,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbs (100's/box) 9 46,000.00 414,000.00 15 Calendar Days After Issuance Of A Call-off Box Total Psa (100's/box) 5 84,000.00 420,000.00 15 Calendar Days After Issuance Of A Call-off Box Ca-125 (100's/box) 2 40,000.00 80,000.00 15 Calendar Days After Issuance Of A Call-off Box Beta-hcg (100's/box) 10 21,000.00 210,000.00 15 Calendar Days After Issuance Of A Call-off Box Hbsag Quantitative (100's/box) 2 20,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Hbeag (100's/box) 1 40,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbe (100's/box) 1 40,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Ana (anti-nuclear Antibody) (100's/box) 1 80,000.00 80,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbc (100's/box) 1 32,000.00 32,000.00 15 Calendar Days After Issuance Of A Call-off Box Serum C3 (100's/box) 1 140,000.00 140,000.00 15 Calendar Days After Issuance Of A Call-off Box Pro-bnp (100's/box) 2 148,000.00 296,000.00 15 Calendar Days After Issuance Of A Call-off Box Rf ( Rheumatoid Factor) (100's/box) 1 24,000.00 24,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-dsdna (100's/box) 1 96,000.00 96,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 3,614,000.00 Lot No. 2 Winning Bidder Responsibilities: > Winning Bidder Must Provide For Free An Iso-certified, Semi-automated Machine And Its Consumables, Calibrators And Controls For The Analysis Of C-reactive Protein, D-dimer, Ferritin And Procalcitonin. > Analytical Principle/system Description: Fluorescense Immunoassay (fia) > Provide Accessories For Effective And Uninterrupted Operation Like Ups, Avr, Computer Set And Printer. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. > Prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down > Expenses Incurred For Send Out Of Tests Due To Failure Of The Machine And/or Poor Supplier Performance Shall Be Charged To The Winning Bidder. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > A Framework Agreement For A 1-year Contract Shall Be Made. Box D-dimer(100's/box) 2 80,000 160,000.00 15 Calendar Days After Issuance Of A Call-off Box Aso (anti-streptolysin O) Titer (100's/box) 2 28,000 56,000.00 15 Calendar Days After Issuance Of A Call-off Box Ferritin (100's/box) 2 80,000 160,000.00 15 Calendar Days After Issuance Of A Call-off Box C-reactive Protein (25's/box) 28 21,000 588,000.00 15 Calendar Days After Issuance Of A Call-off Box Procalcitonin (10's/box) 20 15,000 300,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 1,264,000.00 Lot No. 3 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Quantitative Troponin I Analyzer For Free Of Use. "if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage >service Engineer Must Be Knowledgeable Of Their Machine And Responds To Any Of The End-users' Problems Or Concerns Immediately. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services And Coordinate With Astmmc Lis Provider For The Lis Connection. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Laboratory Objective Of The Test Turnaround Time (tat) To Release Our Result Within 1 Hour And Can Run All Tests 24 Hours A Day, 7 Days A Week > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Analyzer Should Be Delivered Complete With Its Accessories (ups 3kva, Keyboard, Printer, Avr 3kva, Etc.) >must Provide And Free Of Charge (foc): - All Consumable Needed For The Machine To Function Like Calibrators, Controls, Cuvettes/sample Cups, Reaction Vessels, Pre-trigger, Disposable Tips, Deionized / Distilled Water, Wash Buffer, System Cleaning Solution And Etc. - Computer Sets, Ups, Avr, Printer - Calibration And Preventive Maintenance - Any Parts Or Accessories Of The Machine > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Lateral Flow Chromatography (immunofluorescence) >sample Type: Whole Blood/serum/plasma/urine/fingertip Blood >sample Position: At Least 40 Samples Per Run, 120 Tests/hr >continuous Loading Of Different Test Items >user-friendly Interface Diversified Test Modes: Random, Batch, Stat >fully-automatic Sample Adding System Disposable Tips With Filter Elements, Which Avoid Cross-contamination Automatic Calibration, Dilution And Sample Loading Fully-automatic Quality Control >touch Screen >automatic Barcode Scanning Of Test Items >automatic Recognition Of Reagents >bench-type Box Troponin-i Quantitative (48's/box) 20 40,000.00 800,000.00 15 Calendar Days After Issuance Of A Call-off Clinical Microscopy Section Lot No. 4 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Urine Analyzer For Free Of Use."if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage > Must Provide At Least 3 Consecutive Excellent Neqas Result For The Past 3 Years > Must Strictly Provide And Installed A Back-up Machine Utilizing The Same Reagents In Case Of Machine Breaks Down To Avoid Delay Release Of Resulted That Will Affects The Turnaround Time Of Testing. >must Provide Complete Set Of Reagents, Controls, Calibrators, Distilled Water, Test Tubes And Other Consumables Needed To Generate A Fully Automated Accurate Urinalysis Result. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive 24/7 To Any Machine's Problems Or Concerns. Conduct Regular Monthly Machine's Calibration And Preventive Maintenance Or As Needed > Supplier Must Shoulder The Main And Back Up Machine's Lis Connectivity Fee/charges Services And Coordinate With Astmmc Lis Provider For The Connection. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Our Objective Which Is Our Turnaround Time (tat) To Release Our Result After 2 Hours And Can Run All Tests 24 Hours A Day, 7 Days A Week >analyzer Should Be Delivered Complete With Its Accessories (ups 6kva, Keyboard, Printer, Avr 3kva, Safety Breaker And Etc.) > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Urine Flow Cytometry/flow Imaging Technique, Photoelectric Colorimetry. > Throughput: At Least 100 Samples/hour > With Autoloader > Sample Volume: At Least 3 Ml > Built-in Reagent Strip Reader/ Chemical Testing And Visual Urine Sediment Reader In One Machine. >user Friendly Design, Simple Operation And Convenient Maintenance. >urine Strip Bottle Must Have Color Reaction Comparator For Manual Method >reagent Strip Parameters/chemical Testing (at Least 12 Parameters): 1. Urobilinogen 2. Bilirubin 3. Ketone 4. Creatinine 5. Blood 6. Microalbumin 7. Nitrite 8. Leukocyte 9. Glucose 10. Specific Gravity 11. Ph 12. Protein >microscopic Testing / Urine Sediment Visual Reading: 1. Rbc 2. Wbc 3. Non-squamous Epithelial Cells 4. Squamos Epithelial Cells 5. Bacteria 6. Mucus 7. Urine Crystals 8. Casts 9. Yeast Cells Bottle Urine Strips, At Least 12 Parameters (100's/bot) 240 19,750.00 4,740,000.00 15 Calendar Days After Issuance Of A Call-off Micrpbiology Section Lot No. 5 Winning Bidder Responsibilities: > Must Provide For Free An Iso-certified Fully Automated Blood Culture Machine That Utilizes Comprehensive Detection Technology > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >should Have At Least 2 Installation Within Mindanao Area >excellent Eqas Result For The Past 2 Years > Machine Should Be Delivered Complete With A Heavy Duty Accessories (ups 6 Kva, Avr,keyboard, Printer And Any Other Needed Accesories, Safety Breaker And Etc.) > Supplier Must Provide Back-up Machine That Is Also Ready To Use. > Two Machine Provided Must Be Lis Ready. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services For Two Machine And Coordinate With Astmmc Lis Provider For The Lis Connection. > Capable Of A Prompt Replacement Of Defective Parts In Case Of Breakdown (not Later Than 48 Hours From Bug Down) >supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. Machine Specifications: > Has Colorimetric Technology And Specialized Liquid Emulsion Sensors (les) At The Bottom Of Each Culture Bottle > Offers A Comprehensive Range Of Media Bottles To Ensure The Recovery Of A Wide Variety Of Microorganisms Including Bacteria, Mycobacteria, And Fungi > Can Provide Graph Analysis > Blood Culture Bottles Must Be Plastic And Color Coded For Pediatric And Adult Patients > Bottles With Direct Draw > With Agitation Technology > With Built-in Quality Control > With Immediate Bottle Recognition > With Rapid Response Time And Greater Accuracy.faster Time To Detection (9-25 Hours) > At Least 60 Cells Or Capacity Per Drawer > Could Fit Shatter-proof Plastic Culture Bottles > Preferably With Ard (antimicrobial Removal Device) Blood Culture System,to Increase The Sensitivity Of Isolation Of Pathogenic Microorganisms In Bacteremic Patients Who Are Already On Antibiotic. Box Pedia Culture Bottles For Automated Isolation Of Aerobic Microorganisms In Sterile Samples 50's/box 40 35,000.00 1,400,000.00 15 Calendar Days After Issuance Of A Call-off Box Adult Culture Bottles For Automated Isolation Of Aerobic Microorganisms In Sterile Samples 50's/box 60 35,000.00 2,100,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 3,500,000.00 Lot No. 6 Winning Bidder Responsibilities: > Must Provide For Free An Iso-certified Fully Automated Machine For The Identification And Susceptibility Of All Bacteria And Yeast > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >should Have At Least 2 Installation Within Mindanao Area >excellent Eqas Result For The Past 2 Years > Machine Should Be Delivered Complete With A Heavy Duty Accessories (ups, Avr,keyboard,printer And Any Other Needed Accesories Etc.) >preferrably With Remote Connectivity For Updates And Fast Troubleshooting > Supplier Must Provide Back-up Machine That Is Also Ready To Use. > Capable Of A Prompt Replacement Of Defective Parts In Case Of Breakdown (not Later Than 48 Hours From Bug Down) > Two Machine Provided Must Be Lis Ready. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services For Two Machine And Coordinate With Astmmc Lis Provider For The Lis Connection. >supplier Must Provide A Free Of Charge Consumables Like Reagents Of Machine Needed To Operate And To Generate Result,turbidimeter To Ensure Correct Macfarland Standard,calibrators,calibrated Pipettes, And Other Consumables For Ast Suspencion > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. Machine Specifications: > Automated Bacterial Identification And Susceptibility Testing System That Uses Fluorescence-based Technology.with Gold-standard Accuracy For Microorganism Identification And Susceptibility > Delivers Accurate Emerging Resistance Detection For The Toughes Pathogens, Including Visa, Vrsa, Mrsa,icr And Rapid Detection Of Esbl Production And Confirmation. > Processes Rapid And Specialty Id Panels For Reduced Turnaround Time.could Generate Results As Little As 5 To 8 Hours > Utilizes Closed Tests Card And Cassettes For Id And Ast > Allows Consolidation Of Data From Multiple Testing Systems On Epidemiology Reports > Lis-who Net Configuration And Connection Ready.has Remote Support Feature In Instrument Monitoring And Lis Connectivity >with Built-in Barcode Scanner And Scan Card And Isolate Barcodes To Establish Traceability > Has Rapid Result Searches By Patient, Date Tested, Organism, Technician And Accession Number > Allow Remote Access By Multiple Users And Real-time Connectivity To Our Existing Lis > Updated Clsi Guidelines Compliant Ast Interpretation/formulations Available Producing Mic's Based On Reference Clsi And Iso Mic Methods Box Gram Positive Combo Panel 20's 100 30,000.00 3,000,000.00 15 Calendar Days After Issuance Of A Call-off Box Gram Negative Combo Panel 20s 120 30,000.00 3,600,000.00 15 Calendar Days After Issuance Of A Call-off Box Rapid Yeast Combo Panel 20s 30 30,000.00 900,000.00 15 Calendar Days After Issuance Of A Call-off Box Haemophilus And Neisseria Combo Panel 20s 30 30,000.00 900,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 8,400,000.00 Stock Or Property No. Unit Item Description Quantity Unit Cost Total Cost 1 Carts Ciprofloxacin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 2 Carts Trimethoprim-sulfamethoxazole Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 3 Carts Piperacillin-tazobactam Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 4 Carts Amikacin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 5 Carts Ampicillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 6 Carts Ampicillin-sulbactam Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 7 Carts Azithromycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 8 Carts Cefixime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 9 Carts Cefotaxime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 10 Carts Clindamycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 11 Carts Cefuroxime Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 12 Carts Chloramphenicol Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 13 Carts Erythromycin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 14 Carts Levofloxacin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 15 Carts Norfloxacin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 16 Carts Oxacillin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 17 Carts Aztreonam Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 18 Carts Ceftazidime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 19 Carts Cefazolin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 20 Carts Cefifime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 21 Carts Trimethoprim Dics (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 22 Carts Gentamicin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 23 Carts Imipenem Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 24 Carts Meropenenm Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 25 Carts Nitrofurantoin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 26 Carts Penicillin G Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 27 Carts Tetracycline Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 28 Carts Tobramycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 29 Carts Vancomycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 30 Carts Cefoxitin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 31 Carts Piperacillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 32 Carts Cephalexin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 33 Carts Ticarcillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 34 Carts Linezolid Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 35 Carts Taxo P (optochin) 50's 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 36 Carts Taxo A (bacitracin) 50's 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 37 Carts V Factor Disc (50's) 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 38 Carts X Factor Disc (50's) 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 39 Carts Xv Factor Disk (50"s) 1 5,000.00 5,000.00 15 Calendar Days After Issuance Of A Call-off 40 Carts Oxidase Disc/strip (50's) 10 5,000.00 50,000.00 15 Calendar Days After Issuance Of A Call-off 41 Vial Atcc Control Strains (pae 27853) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 42 Vial Atcc Control Strains (eco 25922) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 43 Vial Atcc Control Strains (eco 35218) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 44 Vial Atcc Control Strains (sau 25923) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 45 Vial Atcc Control Strains (spn 49619) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 46 Vial Atcc Control Strains (hin 29427) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 47 Vial Atcc Control Strains (ngo 49226) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 48 Plate Sheep Blood Agar (commercially Prepared) 10s 5000 200.00 1,000,000.00 15 Calendar Days After Issuance Of A Call-off 49 Plate Chocolate Agar (commercially Prepared) 10's 3000 215.00 645,000.00 15 Calendar Days After Issuance Of A Call-off 50 Plate Mueller Hinton Agar (commercially Prepared) 10s 500 210.00 105,000.00 15 Calendar Days After Issuance Of A Call-off 51 Plate Gba Commercially Prepared (10's) 1000 300.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 52 Plate Bacitracin Chocoolate Agar Commercially Prepared (10's) 1000 300.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 53 Bot Alkaline Peptone Water Agar (500g) 2 7,000.00 14,000.00 15 Calendar Days After Issuance Of A Call-off 54 Bot Salmonella Shigela Agar (500g) 2 13,600.00 27,200.00 15 Calendar Days After Issuance Of A Call-off 55 Bot Selenite F (500g) 2 15,000.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 56 Bot Tcbs (500g) 2 10,000.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 57 Bot Mueller Hinton Agar (500g) 10 10,000.00 100,000.00 15 Calendar Days After Issuance Of A Call-off 58 Bot Mac Conkey Agar Powder (500g) 15 9,000.00 135,000.00 15 Calendar Days After Issuance Of A Call-off 59 Bot Nutrient Agar Powder (500g) 3 3,000.00 9,000.00 15 Calendar Days After Issuance Of A Call-off 60 Bot Sabouraud Dextrose Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 61 Bot Fluid Thioglycolate Medium Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 62 Bot Tsb Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 63 Bot Gc Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 64 Bot Tsi Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 65 Bot Lysine Iron Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 66 Bot Simmon Citrate Agar Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 67 Bot Urea (christensen) Agar Base (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 68 Bot Simmon Citrate Agar Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 69 Bot Sim Medium (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 70 Bot Lim Medium (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 71 Bot Sodium Chloride Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 72 Bot Bile Esculin Agar (500g) 4 8,000.00 32,000.00 15 Calendar Days After Issuance Of A Call-off 73 Bot Dnase Agar (500g) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 74 Bot Soluble Hemoglobin Powder (400g) 5 15,000.00 75,000.00 15 Calendar Days After Issuance Of A Call-off 75 Box Iso Vitalex Supplement (10's) 2 5,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 76 Box Vcnt Supplement (10"s) 2 5,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 77 Box Coagulase Rabbit Plasma (10's) 10 20,000.00 200,000.00 15 Calendar Days After Issuance Of A Call-off 78 Bot 0.9 % Normal Saline Solution 1l 100 100.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 79 Set Gram Stain Set 10 3,000.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 80 Bot Kovac's Reagent (100ml) 2 11,000.00 22,000.00 15 Calendar Days After Issuance Of A Call-off 81 Bot 10% Koh Solution (500ml) 3 8,000.00 24,000.00 15 Calendar Days After Issuance Of A Call-off 82 Bot India Ink (100 Ml) 1 10,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 83 Box Disposable Sterile Loop 10ul+1ul Calibration(100's) 20 5,000.00 100,000.00 15 Calendar Days After Issuance Of A Call-off 84 Pc Wire Loop 5 300.00 1,500.00 15 Calendar Days After Issuance Of A Call-off 85 Pc Wire Needle 5 300.00 1,500.00 15 Calendar Days After Issuance Of A Call-off 86 Box Sterile Cotton Swab (100's) 50 800.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 87 Box Betadine Cotton Swab (25's) 100 200.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 88 Bot Povidone Iodine Bottle (500ml) 10 600.00 6,000.00 15 Calendar Days After Issuance Of A Call-off 89 Pc Sterile Bottle Container Individually Pack 50 Ml 3000 15.00 45,000.00 15 Calendar Days After Issuance Of A Call-off 90 Pc Petri Dish (big) 2000 40.00 80,000.00 15 Calendar Days After Issuance Of A Call-off 91 Pc Petri Dish (small Single Plate) 1000 10.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 92 Box Glass Tubes (100's) 13x75mm 10 1,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 93 Pc Petri Dish(small Biplate) 1000 30.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 94 Pack Sterile Transfer Pipettes (100s) 20 1,500.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 95 Pc Glass Beaker 500ml 5 1,000.00 5,000.00 15 Calendar Days After Issuance Of A Call-off 96 Pc Glass Beaker 1000ml 5 1,500.00 7,500.00 15 Calendar Days After Issuance Of A Call-off 97 Pc Erlenmeyer Flask With Cap 500 Ml 5 3,500.00 17,500.00 15 Calendar Days After Issuance Of A Call-off 98 Pc Erlenmeyer Flask With Cap 1000ml 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 99 Pc Glass Stirrer 10 100.00 1,000.00 15 Calendar Days After Issuance Of A Call-off 100 Set Autoclave Bags (200's) 5 4,000.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 101 Pc Aluminum Foil (30x150) 5 250.00 1,250.00 15 Calendar Days After Issuance Of A Call-off 102 Pc Autoclave Tape 10 200.00 2,000.00 15 Calendar Days After Issuance Of A Call-off 103 Box Disposable Sterile Loop 10ul+needle Calibration(100's) 10 5,000.00 50,000.00 15 Calendar Days After Issuance Of A Call-off 104 Pc Autoclavable Culture Tube With Screw Cap 13x100mm 1000 62.00 62,000.00 15 Calendar Days After Issuance Of A Call-off 105 Pc Big Test Tube Rack (autoclavable) 2 3,000.00 6,000.00 15 Calendar Days After Issuance Of A Call-off 106 Pc Small Test Rack (autoclavable) 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 107 Box H. Pylori Ab Rt (20's/box) 30 6,500.00 195,000.00 15 Calendar Days After Issuance Of A Call-off 108 Box Typhidot Ab Duo Rt (25's/box) 14 13,000.00 182,000.00 15 Calendar Days After Issuance Of A Call-off 109 Box Leptospira Ab Rt (10's/box) 15 14,000.00 210,000.00 15 Calendar Days After Issuance Of A Call-off 110 Box Dengue Ns1 (25's/box) 80 9,000.00 720,000.00 15 Calendar Days After Issuance Of A Call-off 111 Box Dengue Ab Duo Rt (40's/box) 60 12,000.00 720,000.00 15 Calendar Days After Issuance Of A Call-off 112 Box Hcv Rt (100's/box) 8 20,000.00 160,000.00 15 Calendar Days After Issuance Of A Call-off 113 Box Hbsag Rt (30's/box) 270 6,000.00 1,620,000.00 15 Calendar Days After Issuance Of A Call-off 114 Box Hav Rt (25's/box) 25 12,000.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 115 Box Syphilis Rt (100's/box) 30 9,600.00 288,000.00 15 Calendar Days After Issuance Of A Call-off

Details: This Is A Sources Sought Notice Only. This Is Not A Request For Quotes And No Contract Will Be awarded From This Announcement. The Government Will Not Provide Any Reimbursement for Responses Submitted In Response To This Source Sought Notice. Respondents Will Not Be notified Of The Results Of The Evaluation. the Purpose Of This Announcement Is To Perform Market Research To Gain Knowledge Of Potential qualified Sources And Their Size Classification Relative To Naics 541330, (engineering Services) with A Size Standard $25.5million. The Department Of Veterans Affairs (va), Network contracting Office 1 (nco 1) Is Seeking To Identify Any Vendor Capable Of providing A Boundary Survey Per The Requirements Below. Refer To The Statement Of work Below For The Requested Requirement Description. The Standard Shall Be Of Quality; Meeting or Exceeding Those Outlined In The Statement Of Work. this Sources Sought Notice Provides An Opportunity For Respondents To Submit Their Capability and Availability To Provide The Requirement Described Below. Vendors Are Being Invited To Submit information Relative To Their Potential To Fulfill This Requirement, In The Form Of A Capability response That Addresses The Specific Requirement Identified In This Sources Sought. Information received From This Sources Sought Shall Be Utilized To Facilitate The Contracting Officer S Review of The Market Base, For Acquisition Planning, Size Determination, And Procurement Strategy. submission Instructions: Interested Parties Who Consider Themselves Qualified To Perform boundary Surveys Are Invited To Submit A Response To This Sources Sought Notice By 7-17-2024. all Responses Under This Sources Sought Notice Must Be Emailed To Carissa.sarazin@va.gov. telephone Inquiries Will Not Be Accepted Or Acknowledged, And No Feedback Or Evaluations Will be Provided To Companies Regarding Their Submissions. interested Parties Should Complete The Attached Sources Sought Worksheet. Parties May Submit additional Information Related To Their Capabilities, Provided It Contains All The Requirements contained In The Sources Sought Worksheet. Responses To This Sources Sought Shall Not Exceed 8 pages. In Addition, All Submissions Should Be Provided Electronically In A Microsoft Word Or adobe Pdf Format. sam: Interested Parties Shall Be Register In The System For Award Management (sam) As prescribed In Far Clause 52.232-33. Sam Information Can Be Obtained By Accessing The Internet at Www.sam.gov Or By Calling 1-866-606-8220. Interested Parties Not Registered In Sam Will Be ineligible To Receive A Government Contract, Should A Solicitation Be Issued Resulting From This sources Sought. vista: The Va Utilizes Vista To Issue A Purchase Order And Liquidate Invoices. Failure To register In Vista May Result In Exclusion From The Issuance Of A Va Contract, Should A solicitation Be Issued Resulting From This Sources Sought. attachment 1 sources Sought Worksheet qualification Information: company / Institute Name: _______________________________________________________ address: ______________________________________________________________________ phone Number: ________________________________________________________________ point Of Contact: _______________________________________________________________ e-mail Address: ________________________________________________________________ unique Entity Identifier (uei) #: ___________________________________________________ cage Code: __________________________________________________________________ other Available Contract Vehicles (gsa/fss/nasa Sewp/etc): ________________________ _____________________________________________________________________________ _____________________________________________________________________________ socio-economic Status: vip Verified Sdvosb: (y / N) vip Verified Vosb: (y / N) 8(a): (y / N) hubzone: (y / N) economically Disadvantaged Women-owned Small Business: (y / N) women-owned Small Business: (y / N) small Business: (y / N) note: Respondent Claiming Sdvosb And Vosb Status Shall Be Registered And Center For veterans Enterprise (cve) Verified In Vetbiz Registry Www.vetbiz.gov. based On The Responses To This Sources Sought Notice/market research, This Requirement May Be Set-aside For Sdvosb, Vosb, Small businesses Or Procured Through Full And Open Competition. capability Statement: provide A Brief Capability And Interest In Providing The Supply Of Shower Repairs As Listed In attachment 2 Statement Of Work With Enough Information To Determine If Your Company Can meet The Requirement. The Capabilities Statement For This Sources Sought Is Not A Request For quotation, Request For Proposal Or Invitation For Bid, Nor Does It Restrict The Government To An ultimate Acquisition Approach, But Rather The Government Is Requesting A Short Statement regarding The Company S Ability To Provide The Services Outlined In The Sow. Any Commercial brochures Or Currently Existing Marketing Material May Also Be Submitted With The Capabilities statement. This Synopsis Is For Information And Planning Purposes Only And Is Not To Be Construed as A Commitment By The Government. The Government Will Not Pay For Information Solicited. respondents Will Not Be Notified Of The Results Of The Evaluation. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ attachment 2 performance Work Statement department Of Veterans Affairs (va) medical Center, Leeds Ma boundary Survey Of The Edward P. Boland Campus 1. General the Va Central Western Mass. Edward P Boland Campus In Leeds, Ma Requires Survey Confirmation Of The Property Owned By The Va. The Original Tract Was Approximately 280 Acres And Is Now Approximately 105. The Va Has Records Of Agreements/conveyances That May Or May Not Have Occurred/been Recorded Over The And Is looking For Confirmation Of The Property Owned By The Va Through A Alta/nsps Land Title Survey. the Edward P. Boland Campus Also Has A Lot Of Construction Going On And Needs A Survey Control Network Installed To Standardized And Coordinate Construction And Records Throughout The Campus. A Traverse Through The Control Points Installed Is Required And Shall Be Submitted With The Control Point Coordinates. The Control Network Shall Use The Massachusetts State Plane Coordinate System. place Of Performance: 421 N. Main St, Leeds Ma 2. Project Scope Of Work item 1 Conduct An Alta/nsps Land Title Survey 1 Lump Sum see Attachment 1 Alta/nsps Land Title Survey Table A alta Deliverables: plat Hard Copy (min 24 X36 ) plat Digital Copy plat Does Not Have To Be Recorded. provide Copies Of All Recorded Conveyances, Plats And Deeds For 1922 To Present. item 2 Install Survey Control Monument 15 Each furnish And Install Precast Concrete Monument 6 X6 X36 With 2.5 Minimum Bronze Marker. markers Will Be Placed At Locations Agreed To With The Cor. include Costs To Traverse And Balance The Control Point Network. see Attachment 2 - Example Marker. item 3 Install Survey Control Disk 10 Each furnish And Install A 2.5 Minimum Bronze Marker On Either A Rebar Base Or In Existing Concrete. rebar Shall Be A Minimum Of 2 Long #5 Bar. concrete Install Will Be Drilled And Grouted Into Existing Concrete. include Costs To Traverse And Balance The Control Point Network. see Attachment 2 - Example Marker. item 4 Topographic Survey Of Property 1 Lump Sum this Item Is An Add Alternate For Items 5 And 15 Of Alta/nsps Land Title Survey Table A. Perform A topographic Survey Of The Property, Survey Drones Would Be Permitted For This Task. 1/24/2024 3. The Performance Period For This Work Is 120 Days From Time Of Award, Unless Other Time Frames are Approved In Writing By The Contracting Office With No Options To Renew. a) Services Will Be Performed During Business Hours 7:00am 4:30 Pm. If Work Needs To Be Done off Hours, It Must Be Coordinated With The Cor. b) There Will Be No Unscheduled Work During Federal Holidays. vha Supplemental Contract Requirements For Combatting Covid-19 1. Contractor Employees Who Work In Or Travel To Vha Locations Must Comply With The Following: a. Documentation Requirements: 1) If Fully Vaccinated, Contractors Shall Show Proof Of Vaccination. i. Note: Acceptable Proof Of Vaccination Includes A Signed Record Of Immunization From A Health care Provider Or Pharmacy, A Copy Of The Covid-19 Vaccination Record Card (cdc Form Mls- 319813_r, Published On September 3, 2020), Or A Copy Of Medical Records Documenting The vaccination. 2) If Unvaccinated, Contractors Shall Show Negative Covid-19 Test Results Dated Within Three Calendar days Prior To Desired Entry Date. Test Must Be Approved By The Food And Drug Administration (fda) for Emergency Use Or Full Approval. This Includes Tests Available By A Doctor S Order Or An Fda approved Over-the-counter Test That Includes An Affiliated Telehealth Service. 3) Documentation Cited In This Section Shall Be Digitally Or Physically Maintained On Each Contractor employee While In A Va Facility And Is Subject To Inspection Prior To Entry To Va Facilities And After entry For Spot Inspections By Contracting Officer Representatives (cors) Or Other Hospital Personnel. 4) Documentation Will Not Be Collected By The Va; Contractors Shall, At All Times, Adhere To And Ensure compliance With Federal Laws Designed To Protect Contractor Employee Health Information And personally Identifiable Information. 2. Contractor Employees Are Subject To Daily Screening For Covid-19 And May Be Denied Entry To Va Facilities if They Fail To Pass Screening Protocols. As Part Of The Screening Process Contractors May Be Asked screening Questions Found On The Covid-19 Screening Tool. Check Regularly For Updates. a. Contractor Employees Who Work Away From Va Locations, But Who Will Have Direct Contact With Va patients Shall Self-screen Utilizing The Covid-19 Screening Tool, In Advance, Each Day That They Will Have direct Patient Contact And In Accordance With Their Person Or Persons Who Coordinate Covid-19 workplace Safety Efforts At Covered Contractor Workplaces. Contractors Shall, At All Times, Adhere To And ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And personally Identifiable Information. 3. Contractor Must Immediately Notify Their Cor Or Contracting Officer If Contract Performance Is jeopardized Due To Contractor Employees Being Denied Entry Into Va Facilities. 1/24/2024 4. For Indefinite Delivery Contracts: Contractor Agrees To Comply With Vha Supplemental Contract requirements For Any Task Or Delivery Orders Issued Prior To This Modification When Performance Has already Commenced. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 1 Of 10 american Land Title Association And national Society Of Professional Surveyors minimum Standard Detail Requirements For alta/nsps Land Title Surveys (effective February 23, 2021) 1. Purpose - Members Of The American Land Title Association⮠(alta) Have Specific Needs, unique To Title Insurance Matters, When Asked To Insure Title To Land Without Exception As To The many Matters Which Might Be Discoverable From Survey And Inspection, And Which Are Not evidenced By The Public Records. for A Survey Of Real Property, And The Plat, Map Or Record Of Such Survey, To Be Acceptable To A Title insurance Company For The Purpose Of Insuring Title To Said Real Property Free And Clear Of Survey Matters (except Those Matters Disclosed By The Survey And Indicated On The Plat Or Map), Certain Specific And pertinent Information Must Be Presented For The Distinct And Clear Understanding Between The Insured, The client (if Different From The Insured), The Title Insurance Company (insurer), The Lender, And The Surveyor professionally Responsible For The Survey. in Order To Meet Such Needs, Clients, Insurers, Insureds, And Lenders Are Entitled To Rely On Surveyors To conduct Surveys And Prepare Associated Plats Or Maps That Are Of A Professional Quality And Appropriately uniform, Complete, And Accurate. To That End, And In The Interests Of The General Public, The Surveying profession, Title Insurers, And Abstracters, The Alta And The Nsps Jointly Promulgate The Within Details and Criteria Setting Forth A Minimum Standard Of Performance For Alta/nsps Land Title Surveys. A complete 2021 Alta/nsps Land Title Survey Includes: (i) The On-site Fieldwork Required Pursuant To Section 5, (ii) The Preparation Of A Plat Or Map Pursuant To Section 6 Showing The Results Of The Fieldwork and Its Relationship To Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4, (iii) Any Information From Table A Items Requested By The Client, And (iv) The Certification Outlined In Section 7. 2. Request For Survey - The Client Shall Request The Survey, Or Arrange For The Survey To Be requested, And Shall Provide A Written Authorization To Proceed From The Person Or Entity Responsible For paying For The Survey. Unless Specifically Authorized In Writing By The Insurer, The Insurer Shall Not Be responsible For Any Costs Associated With The Preparation Of The Survey. The Request Must Specify That An "alta/nsps Land Title Survey" Is Required And Which Of The Optional Items Listed In Table A, If Any, are To Be Incorporated. Certain Properties Or Interests In Real Properties May Present Issues Outside Those normally Encountered On An Alta/nsps Land Title Survey (e.g., Marinas, Campgrounds, Mobile Home parks, Easements, Leases, Mineral Interests, Other Non-fee Simple Interests). The Scope Of Work Related To surveys Of Such Properties Or Interests In Real Properties Should Be Discussed With The Client, Lender, And insurer, And Agreed Upon In Writing Prior To Commencing Work On The Survey. When Required, The Client shall Secure Permission For The Surveyor To Enter Upon The Property To Be Surveyed, Adjoining Properties, or Offsite Easements. 3. Surveying Standards And Standards Of Care a. Effective Date - The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title surveys Are Effective February 23, 2021. As Of That Date, All Previous Versions Of The Minimum standard Detail Requirements For Alta/acsm Or Alta/nsps Land Title Surveys Are superseded By These Standards. b. Other Requirements And Standards Of Practice - Many States And Some Local Jurisdictions have Adopted Statutes, Administrative Rules, And/or Ordinances That Set Out Standards Regulating the Practice Of Surveying Within Their Jurisdictions. In Addition To The Standards Set Forth Herein, surveyors Must Also Conduct Their Surveys In Accordance With Applicable Jurisdictional Survey requirements And Standards Of Practice. Where Conflicts Between The Standards Set Forth Herein american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 2 Of 10 american Land Title Association And national Society Of Professional Surveyors and Any Such Jurisdictional Requirements And Standards Of Practice Occur, The More Stringent Must apply. c. The Normal Standard Of Care - Surveyors Should Recognize That There May Be Unwritten Local, state, And/or Regional Standards Of Care Defined By The Practice Of The Prudent Surveyor In Those locales. d. Boundary - The Boundary Lines And Corners Of Any Property Or Interest In Real Property Being surveyed (hereafter, The Surveyed Property Or Property To Be Surveyed ) As Part Of An alta/nsps Land Title Survey Must Be Established And/or Retraced In Accordance With appropriate Boundary Law Principles Governed By The Set Of Facts And Evidence Found In The course Of Performing The Research And Fieldwork. e. Measurement Standards - The Following Measurement Standards Address Relative Positional precision For The Monuments Or Witnesses Marking The Corners Of The Surveyed Property. i. Relative Positional Precision Means The Length Of The Semi-major Axis, Expressed In Meters or Feet, Of The Error Ellipse Representing The Uncertainty In The Position Of The Monument Or witness Marking Any Boundary Corner Of The Surveyed Property Relative To The Position Of The monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The Surveyed property Resulting From Random Errors In The Measurements Made In Determining Those positions At The 95 Percent Confidence Level. Relative Positional Precision Can Be Estimated by The Results Of A Correctly Weighted Least Squares Adjustment Of The Survey. Alternatively, relative Positional Precision Can Be Estimated By The Standard Deviation Of The Distance between The Monument Or Witness Marking Any Boundary Corner Of The Surveyed Property and The Monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The surveyed Property (called Local Accuracy) That Can Be Computed Using The Full Covariance matrix Of The Coordinate Inverse Between Any Given Pair Of Points, Understanding That Relative positional Precision Is Based On The 95 Percent Confidence Level, Or Approximately 2 Standard deviations. ii. Any Boundary Lines And Corners Established Or Retraced May Have Uncertainties In Location resulting From (1) The Availability, Condition, History And Integrity Of Reference Or Controlling monuments, (2) Ambiguities In The Record Descriptions Or Plats Of The Surveyed Property Or Its adjoiners, (3) Occupation Or Possession Lines As They May Differ From The Written Title Lines, Or (4) Relative Positional Precision. Of These Four Sources Of Uncertainty, Only Relative positional Precision Is Controllable, Although, Due To The Inherent Errors In Any Measurement, it Cannot Be Eliminated. The Magnitude Of The First Three Uncertainties Can Be Projected Based on Evidence; Relative Positional Precision Is Estimated Using Statistical Means (see Section 3.e.i. Above And Section 3.e.v. Below). iii. The First Three Of These Sources Of Uncertainty Must Be Weighed As Part Of The Evidence In The determination Of Where, In The Surveyor S Opinion, The Boundary Lines And Corners Of The surveyed Property Should Be Located (see Section 3.d. Above). Relative Positional Precision is A Measure Of How Precisely The Surveyor Is Able To Monument And Report Those Positions; It is Not A Substitute For The Application Of Proper Boundary Law Principles. A Boundary Corner Or line May Have A Small Relative Positional Precision Because The Survey Measurements Were precise, Yet Still Be In The Wrong Position (i.e., Inaccurate) If It Was Established Or Retraced using Faulty Or Improper Application Of Boundary Law Principles. iv. For Any Measurement Technology Or Procedure Used On An Alta/nsps Land Title Survey, the Surveyor Must (1) Use Appropriately Trained Personnel, (2) Compensate For Systematic errors, Including Those Associated With Instrument Calibration, And (3) Use Appropriate Error propagation And Measurement Design Theory (selecting The Proper Instruments, Geometric layouts, And Field And Computational Procedures) To Control Random Errors Such That The maximum Allowable Relative Positional Precision Outlined In Section 3.e.v. Below Is Not exceeded. v. The Maximum Allowable Relative Positional Precision For An Alta/nsps Land Title Survey Is 2 Cm (0.07 Feet) Plus 50 Parts Per Million (based On The Direct Distance Between The Two american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 3 Of 10 american Land Title Association And national Society Of Professional Surveyors corners Being Tested). It Is Recognized That In Certain Circumstances, The Size Or Configuration of The Surveyed Property, Or The Relief, Vegetation, Or Improvements On The Surveyed Property, will Result In Survey Measurements For Which The Maximum Allowable Relative Positional precision May Be Exceeded In Which Case The Reason Shall Be Noted Pursuant To Section 6.b.x. Below. 4. Records Research - It Is Recognized That For The Performance Of An Alta/nsps Land Title survey, The Surveyor Will Be Provided With Appropriate And, When Possible, Legible Data That Can be Relied Upon In The Preparation Of The Survey. In Order To Complete An Alta/nsps Land Title survey, The Surveyor Must Be Provided With The Following: a. The Current Record Description Of The Real Property To Be Surveyed Or, In The Case Of An original Survey Prepared For Purposes Of Locating And Describing Real Property That Has Not been Previously Separately Described In Documents Conveying An Interest In The Real Property, the Current Record Description Of The Parent Parcel That Contains The Property To Be Surveyed; b. Complete Copies Of The Most Recent Title Commitment Or, If A Title Commitment Is Not Available, other Title Evidence Satisfactory To The Title Insurer; c. The Following Documents From Records Established Under State Statutes For The Purpose Of imparting Constructive Notice Of Matters Relating To Real Property (public Records): i. The Current Record Descriptions Of Any Adjoiners To The Property To Be Surveyed, Except where Such Adjoiners Are Lots In Platted, Recorded Subdivisions; ii. Any Recorded Easements Benefitting The Property To Be Surveyed; And iii. Any Recorded Easements, Servitudes, Or Covenants Burdening The Property To Be surveyed; And d. If Desired By The Client, Any Unrecorded Documents Affecting The Property To Be Surveyed And containing Information To Which The Survey Shall Make Reference. except, However, If The Documents Outlined In This Section Are Not Provided To The Surveyor Or If Non-public or Quasi-public Documents Are Otherwise Required To Complete The Survey, The Surveyor Must Conduct That research Which Is Required Pursuant To The Statutory Or Administrative Requirements Of The Jurisdiction where The Surveyed Property Is Located And That Research (if Any) Which Is Negotiated And Outlined In The terms Of The Contract Between The Surveyor And The Client. 5. Fieldwork - The Survey Must Be Performed On The Ground (except As May Be Otherwise negotiated Pursuant To Table A, Item 15 Below). Except As Related To The Precision Of The Boundary, Which is Addressed In Section 3.e. Above, Features Located During The Fieldwork Shall Be Located To What Is, In The surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) The Existing use, If The Planned Use Is Not So Reported. The Fieldwork Shall Include The Following: a. Monuments i. The Location, Size, Character, And Type Of Any Monuments Found During The Fieldwork. ii. The Location, Size, Character, And Type Of Any Monuments Set During The Fieldwork, If Item 1 Of table A Was Selected Or If Otherwise Required By Applicable Jurisdictional Requirements And/or standards Of Practice. iii. The Location, Description, And Character Of Any Lines That Control The Boundaries Of The surveyed Property. b. Rights Of Way And Access i. The Distance From The Appropriate Corner Or Corners Of The Surveyed Property To The Nearest right Of Way Line, If The Surveyed Property Does Not Abut A Right Of Way. ii. The Name Of Any Street, Highway, Or Other Public Or Private Way Abutting The Surveyed property, Together With The Width Of The Travelled Way And The Location Of Each Edge Of The travelled Way Including On Divided Streets And Highways. If The Documents Provided To Or obtained By The Surveyor Pursuant To Section 4 Indicate No Access From The Surveyed property To The Abutting Street Or Highway, The Width And Location Of The Travelled Way Need not Be Located. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 4 Of 10 american Land Title Association And national Society Of Professional Surveyors iii. Visible Evidence Of Physical Access (e.g., Curb Cuts, Driveways) To Any Abutting Streets, highways, Or Other Public Or Private Ways. iv. The Location And Character Of Vehicular, Pedestrian, Or Other Forms Of Access By Other Than the Apparent Occupants Of The Surveyed Property To Or Across The Surveyed Property Observed in The Process Of Conducting The Fieldwork (e.g., Driveways, Alleys, Private Roads, Railroads, railroad Sidings And Spurs, Sidewalks, Footpaths). v. Without Expressing A Legal Opinion As To Ownership Or Nature, The Location And Extent Of Any potentially Encroaching Driveways, Alleys, And Other Ways Of Access From Adjoining Properties onto The Surveyed Property Observed In The Process Of Conducting The Fieldwork. vi. Where Documentation Of The Location Of Any Street, Road, Or Highway Right Of Way Abutting, On, or Crossing The Surveyed Property Was Not Disclosed In Documents Provided To Or Obtained By the Surveyor, Or Was Not Otherwise Available From The Controlling Jurisdiction (see Section 6.c.iv. Below), The Evidence And Location Of Parcel Corners On The Same Side Of The Street As the Surveyed Property Recovered In The Process Of Conducting The Fieldwork Which May indicate The Location Of Such Right Of Way Lines (e.g., Lines Of Occupation, Survey Monuments). vii. Evidence Of Access To And From Waters Adjoining The Surveyed Property Observed In The process Of Conducting The Fieldwork (e.g., Paths, Boat Slips, Launches, Piers, Docks). c. Lines Of Possession And Improvements Along The Boundaries i. The Character And Location Of Evidence Of Possession Or Occupation Along The Perimeter Of the Surveyed Property, Both By The Occupants Of The Surveyed Property And By Adjoiners, observed In The Process Of Conducting The Fieldwork. ii. Unless Physical Access Is Restricted, The Character And Location Of All Walls, Buildings, Fences, and Other Improvements Within Five Feet Of Each Side Of The Boundary Lines Observed In The process Of Conducting The Fieldwork (see Section 5.e.iv. Regarding Utility Poles). Trees, bushes, Shrubs, And Other Vegetation Need Not Be Located Other Than As Specified In The contract, Unless They Are Deemed By The Surveyor To Be Evidence Of Possession Or Occupation pursuant To Section 5.c.i. iii. Without Expressing A Legal Opinion As To The Ownership Or Nature Of The Potential encroachment, The Evidence, Location, And Extent Of Potentially Encroaching Structural appurtenances And Projections Observed In The Process Of Conducting The Fieldwork (e.g., Fire escapes, Bay Windows, Windows And Doors That Open Out, Flue Pipes, Stoops, Eaves, Cornices, areaways, Steps, Trim) By Or Onto Adjoining Property, Or Onto Rights Of Way, Easements, Or setback Lines Disclosed In Documents Provided To Or Obtained By The Surveyor. d. Buildings the Location Of Buildings On The Surveyed Property Observed In The Process Of Conducting The fieldwork. e. Easements And Servitudes i. Evidence Of Any Easements Or Servitudes Burdening The Surveyed Property As Disclosed In the Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 And Observed In the Process Of Conducting The Fieldwork. ii. Evidence Of Easements, Servitudes, Or Other Uses By Other Than The Apparent Occupants Of the Surveyed Property Not Disclosed In The Documents Provided To Or Obtained By The Surveyor pursuant To Section 4, But Observed In The Process Of Conducting The Fieldwork If They Are On or Across The Surveyed Property (e.g., Roads, Drives, Sidewalks, Paths And Other Ways Of access, Utility Service Lines, Utility Locate Markings (including The Source Of The Markings, With a Note If Unknown), Water Courses, Ditches, Drains, Telephone Lines, Fiber Optic Lines, Electric lines, Water Lines, Sewer Lines, Oil Pipelines, Gas Pipelines). iii. Surface Indications Of Underground Easements Or Servitudes On Or Across The Surveyed property Observed In The Process Of Conducting The Fieldwork (e.g., Utility Cuts, Vent Pipes, filler Pipes, Utility Locate Markings (including The Source Of The Markings, With A Note If unknown)). iv. Evidence On Or Above The Surface Of The Surveyed Property Observed In The Process Of american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 5 Of 10 american Land Title Association And national Society Of Professional Surveyors conducting The Fieldwork, Which Evidence May Indicate Utilities Located On, Over, Or Beneath the Surveyed Property. Examples Of Such Evidence Include Pipeline Markers, Utility Locate markings (including The Source Of The Markings, With A Note If Unknown), Manholes, Valves, meters, Transformers, Pedestals, Clean-outs, Overhead Lines, Guy Wires, And Utility Poles On Or within Ten Feet Of The Surveyed Property. Without Expressing A Legal Opinion As To The ownership Or Nature Of The Potential Encroachment, The Extent Of All Encroaching Utility Pole crossmembers Or Overhangs. f. Cemeteries as Accurately As The Evidence Permits, The Perimeter Of Cemeteries And Burial Grounds, And The location Of Isolated Gravesites Not Within A Cemetery Or Burial Ground, (i) Disclosed In The documents Provided To Or Obtained By The Surveyor, Or (ii) Observed In The Process Of Conducting the Fieldwork. g. Water Features i. The Location Of Springs, Ponds, Lakes, Streams, Rivers, Canals, Ditches, Marshes, And Swamps on, Running Through, Or Outside, But Within Five Feet Of, The Perimeter Boundary Of The Surveyed property And Observed During The Process Of Conducting The Fieldwork. ii. The Location Of Any Water Feature Forming A Boundary Of The Surveyed Property. The attribute(s) Of The Water Feature Located (e.g., Top Of Bank, Edge Of Water, High Water Mark) should Be Congruent With The Boundary As Described In The Record Description Or, In The Case of An Original Survey, In The New Description (see Section 6.b.vi. Below). 6. Plat Or Map - A Plat Or Map Of An Alta/nsps Land Title Survey Shall Show The Following information. Where Dimensioning Is Appropriate, Dimensions Shall Be Annotated To What Is, In The surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) Existing Use, if The Planned Use Is Not So Reported. a. Field Locations. The Evidence And Locations Gathered, And The Monuments And Lines Located during The Fieldwork Pursuant To Section 5 Above, With Accompanying Notes If Deemed Necessary by The Surveyor Or As Otherwise Required As Specified Below. b. Boundary, Descriptions, Dimensions, And Closures i. (a) The Current Record Description Of The Surveyed Property, Or (b) In The Case Of An Original Survey, The Current Record Document Number Of The Parent Tract that Contains The Surveyed Property. ii. Any New Description Of The Surveyed Property That Was Prepared In Conjunction With The survey, Including A Statement Explaining Why The New Description Was Prepared. Except In The case Of An Original Survey, Preparation Of A New Description Should Be Avoided Unless deemed Necessary Or Appropriate By The Surveyor And Insurer. Preparation Of A New description Should Also Generally Be Avoided When The Record Description Is A Lot Or Block In A platted, Recorded Subdivision. Except In The Case Of An Original Survey, If A New Description Is prepared, A Note Must Be Provided Stating (a) That The New Description Describes The Same real Estate As The Record Description Or, (b) If It Does Not, How The New Description Differs From the Record Description. iii. The Point Of Beginning, The Remote Point Of Beginning Or Point Of Commencement (if applicable) And All Distances And Directions Identified In The Record Description Of The surveyed Property (and In The New Description, If One Was Prepared). Where A Measured Or calculated Dimension Differs From The Record By An Amount Deemed Significant By The surveyor, Such Dimension Must Be Shown In Addition To, And Differentiated From, The corresponding Record Dimension. All Dimensions Shown On The Survey And Contained In Any new Description Must Be Horizontal Ground Dimensions Unless Otherwise Noted. iv. The Direction, Distance, And Curve Data Necessary To Compute A Mathematical Closure Of The surveyed Boundary. A Note If The Record Description Does Not Mathematically Close. The Basis of Bearings And, Where It Differs From The Record Basis, The Difference. v. The Remainder Of Any Recorded Lot Or Existing Parcel, When The Surveyed Property Is american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 6 Of 10 american Land Title Association And national Society Of Professional Surveyors composed Of Only A Portion Of Such Lot Or Parcel, Shall Be Graphically Depicted. Such remainder Need Not Be Included As Part Of The Actual Survey, Except To The Extent Necessary to Locate The Lines And Corners Of The Surveyed Property, And It Need Not Be Fully Dimensioned or Drawn At The Same Scale As The Surveyed Property. vi. When The Surveyed Property Includes A Title Line Defined By A Water Boundary, A Note On The face Of The Plat Or Map Noting The Date The Boundary Was Measured, Which Attribute(s) Of The water Feature Was/were Located, And The Caveat That The Boundary Is Subject To Change Due To natural Causes And That It May Or May Not Represent The Actual Location Of The Limit Of Title. when The Surveyor Is Aware Of Natural Or Artificial Realignments Or Changes In Such boundaries, The Extent Of Those Changes And Facts Shall Be Shown Or Explained. vii. The Relationship Of The Boundaries Of The Surveyed Property To Its Adjoiners (e.g., Contiguity, gaps, Overlaps) Where Ascertainable From Documents Provided To Or Obtained By The Surveyor pursuant To Section 4 And/or From Field Evidence Gathered During The Process Of Conducting the Fieldwork. If The Surveyed Property Is Composed Of Multiple Parcels, The Extent Of Any Gaps or Overlaps Between Those Parcels Must Be Identified. Where Gaps Or Overlaps Are Identified, the Surveyor Must, Prior To Or Upon Delivery Of The Final Plat Or Map, Disclose This To The Insurer and Client. viii. When, In The Opinion Of The Surveyor, The Results Of The Survey Differ Significantly From The record, Or If A Fundamental Decision Related To The Boundary Resolution Is Not Clearly Reflected on The Plat Or Map, The Surveyor Must Explain This Information With Notes On The Face Of The plat Or Map. ix. The Location Of Buildings On The Surveyed Property Dimensioned Perpendicular To Those perimeter Boundary Lines That The Surveyor Deems Appropriate (i.e., Where Potentially impacted By A Setback Line) And/or As Requested By The Client, Lender Or Insurer. x. A Note On The Face Of The Plat Or Map Explaining The Site Conditions That Resulted In A Relative positional Precision That Exceeds The Maximum Allowed Pursuant To Section 3.e.v. xi. A Note On The Face Of The Plat Or Map Identifying Areas, If Any, On The Boundaries Of The surveyed Property, To Which Physical Access Within Five Feet Was Restricted (see Section 5.c.ii.). xii. A Note On The Face Of The Plat Or Map Identifying The Source Of The Title Commitment Or Other title Evidence Provided Pursuant To Section 4, And The Effective Date And The Name Of The insurer Of Same. c. Easements, Servitudes, Rights Of Way, Access, And Documents i. The Location, Width, And Recording Information Of All Plottable Rights Of Way, Easements, And servitudes Burdening And Benefitting The Surveyed Property, As Evidenced By Documents provided To Or Obtained By The Surveyor Pursuant To Section 4. ii. A Summary Of All Rights Of Way, Easements, And Other Survey-related Matters Burdening The surveyed Property And Identified In The Title Evidence Provided To Or Obtained By The Surveyor pursuant To Section 4. Such Summary Must Include The Record Information Of Each Such Right of Way, Easement, Or Other Survey-related Matter, A Statement Indicating Whether It Lies Within or Crosses The Surveyed Property, And A Related Note If: (a) Its Location Is Shown; (b) Its Location Cannot Be Determined From The Record Document; (c) There Was No Observed Evidence At The Time Of The Fieldwork; (d) It Is A Blanket Easement; (e) It Is Not On, Does Not Touch, And/or Based On The Description Contained In The Record document Does Not Affect, The Surveyed Property; (f) It Limits Access To An Otherwise Abutting Right Of Way; (g) The Documents Are Illegible; Or (h) The Surveyor Has Information Indicating That It May Have Been Released Or Otherwise terminated. in Cases Where The Surveyed Property Is Composed Of Multiple Parcels, Indicate Which Of Such american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 7 Of 10 american Land Title Association And national Society Of Professional Surveyors parcels The Various Rights Of Way, Easements, And Other Survey-related Matters Cross Or touch. iii. A Note If No Physical Access To An Abutting Street, Highway, Or Other Public Or Private Way Was observed In The Process Of Conducting The Fieldwork. iv. The Locations And Widths Of Rights Of Way Abutting Or Crossing The Surveyed Property And The source Of Such Information (a) Where Available From The Controlling Jurisdiction, Or (b) Where disclosed In Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4. v. The Identifying Titles Of All Recorded Plats, Filed Maps, Right Of Way Maps, Or Similar Documents that The Survey Represents, Wholly Or In Part, With Their Recording Or Filing Data. vi. For Non-platted Adjoining Land, Recording Data And, Where Available, Tax Parcel Number, identifying Adjoining Tracts According To Current Public Records. For Platted Adjoining Land, The recording Data Of The Subdivision Plat. vii. Platted Setback Or Building Restriction Lines That Appear On Recorded Subdivision Plats Or That were Disclosed In Documents Provided To, Or Obtained By, The Surveyor. viii. If In The Process Of Preparing The Survey The Surveyor Becomes Aware Of A Recorded easement Not Otherwise Listed In The Title Evidence Provided, The Surveyor Must Advise The insurer Prior To Delivery Of The Plat Or Map And, Unless The Insurer Provides Evidence Of A release Of That Easement, Show Or Otherwise Explain It On The Face Of The Plat Or Map, With A note That The Insurer Has Been Advised. d. Presentation i. The Plat Or Map Must Be Drawn On A Sheet Of Not Less Than 8 ½ By 11 Inches In Size At A legible, Standard Engineering Scale, With That Scale Clearly Indicated In Words Or Numbers And with A Graphic Scale. ii. The Plat Or Map Must Include: (a) The Boundary Of The Surveyed Property Drawn In A Manner That Distinguishes It From Other lines On The Plat Or Map. (b) If No Buildings Were Observed On The Surveyed Property In The Process Of Conducting The fieldwork, A Note Stating No Buildings Observed. (c) A North Arrow (with North To The Top Of The Drawing When Practicable). (d) A Legend Of Symbols And Abbreviations. (e) A Vicinity Map Showing The Surveyed Property In Reference To Nearby Highway(s) Or Major street Intersection(s). (f) Supplementary Or Detail Diagrams When Necessary. (g) Notes Explaining Any Modifications To Table A Items And The Nature Of Any Additional table A Items (e.g., 20(a), 20(b), 20(c)) That Were Negotiated Between The Surveyor And client. (h) The Surveyor S Project Number (if Any), And The Name, Registration Or License Number, signature, Seal, Street Address, Telephone Number, Company Website, And Email Address (if Any) Of The Surveyor Who Performed The Survey. (i) The Date(s) Of Any Revisions Made By The Surveyor Who Performed The Survey. (j) Sheet Numbers Where The Plat Or Map Is Composed Of More Than One Sheet. (k) The Caption Alta/nsps Land Title Survey. iii. When Recordation Or Filing Of A Plat Or Map Is Required By State Statutes Or Local Ordinances, such Plat Or Map Shall Be Produced In The Required Form. 7. Certification - The Plat Or Map Of An Alta/nsps Land Title Survey Must Bear Only The Following unaltered Certification Except As May Be Required Pursuant To Section 3.b. Above: to (name Of Insured, If Known), (name Of Lender, If Known), (name Of Insurer, If Known), (names Of others As Negotiated With The Client): this Is To Certify That This Map Or Plat And The Survey On Which It Is Based Were Made In accordance With The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 8 Of 10 american Land Title Association And national Society Of Professional Surveyors surveys, Jointly Established And Adopted By Alta And Nsps, And Includes Items ___________ of Table A Thereof. The Fieldwork Was Completed On ___________ [date]. date Of Plat Or Map: ___________ (surveyor S Signature, Printed Name And Seal With registration/license Number) 8. Deliverables - The Surveyor Shall Furnish Copies Of The Plat Or Map Of Survey To The Insurer And client And As Otherwise Negotiated With The Client. Hard Copies Shall Be On Durable And Dimensionally stable Material Of A Quality Standard Acceptable To The Insurer. A Digital Image Of The Plat Or Map May Be provided In Addition To, Or In Lieu Of, Hard Copies Pursuant To The Terms Of The Contract. If The Surveyor Is required To Record Or File A Plat Or Map Pursuant To State Statute Or Local Ordinance It Shall Be So Recorded or Filed. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 9 Of 10 american Land Title Association And national Society Of Professional Surveyors table A optional Survey Responsibilities And Specifications note: Whether Any Of The Nineteen (19) Items Of Table A Are To Be Selected, And The Exact Wording Of and Fee For Any Selected Item, May Be Negotiated Between The Surveyor And Client. Any Additional Items negotiated Between The Surveyor And Client Must Be Identified As 20(a), 20(b), Etc. Any Additional Items negotiated Between The Surveyor And Client, And Any Negotiated Changes To The Wording Of A Table A item, Must Be Explained Pursuant To Section 6.d.ii.(g). Notwithstanding Table A Items 5 And 11, If An engineering Design Survey Is Desired As Part Of An Alta/nsps Land Title Survey, Such Services Should be Negotiated Under Table A, Item 20. if Checked, The Following Optional Items Are To Be Included In The Alta/nsps Land Title Survey, except As Otherwise Qualified (see Note Above): 1. ___x__ Monuments Placed (or A Reference Monument Or Witness To The Corner) At All Major corners Of The Boundary Of The Surveyed Property, Unless Already Marked Or Referenced By Existing monuments Or Witnesses In Close Proximity To The Corner. 2. _____ Address(es) Of The Surveyed Property If Disclosed In Documents Provided To Or Obtained by The Surveyor, Or Observed While Conducting The Fieldwork. 3. _____ Flood Zone Classification (with Proper Annotation Based On Federal Flood Insurance Rate maps Or The State Or Local Equivalent) Depicted By Scaled Map Location And Graphic Plotting Only. 4. __ X __ Gross Land Area (and Other Areas If Specified By The Client). 5. __#5__ Vertical Relief With The Source Of Information (e.g., Ground Survey, Aerial Map), Contour interval, Datum, With Originating Benchmark, When Appropriate. 6. _____ (a) If The Current Zoning Classification, Setback Requirements, The Height And Floor Space area Restrictions, And Parking Requirements Specific To The Surveyed Property Are Set Forth In A Zoning report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, List The above Items On The Plat Or Map And Identify The Date And Source Of The Report Or Letter. _____ (b) If The Zoning Setback Requirements Specific To The Surveyed Property Are Set Forth In A zoning Report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, and If Those Requirements Do Not Require An Interpretation By The Surveyor, Graphically Depict Those requirements On The Plat Or Map And Identify The Date And Source Of The Report Or Letter. 7. __ X __ (a) Exterior Dimensions Of All Buildings At Ground Level. (b) Square Footage Of: __ X __ (1) Exterior Footprint Of All Buildings At Ground Level. _____ (2) Other Areas As Specified By The Client. _____ (c) Measured Height Of All Buildings Above Grade At A Location Specified By The Client. If No location Is Specified, The Point Of Measurement Shall Be Identified. 8. _____ Substantial Features Observed In The Process Of Conducting The Fieldwork (in Addition To the Improvements And Features Required Pursuant To Section 5 Above) (e.g., Parking Lots, Billboards, signs, Swimming Pools, Landscaped Areas, Substantial Areas Of Refuse). 9. _____ Number And Type (e.g., Disabled, Motorcycle, Regular, And Other Marked Specialized types) Of Clearly Identifiable Parking Spaces On Surface Parking Areas, Lots, And In Parking Structures. striping Of Clearly Identifiable Parking Spaces On Surface Parking Areas And Lots. american Land Title Association⮠(alta) Minimum Standard Detail Requirements national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys copyright 2021. All Rights Reserved. Page 10 Of 10 american Land Title Association And national Society Of Professional Surveyors 10. _____ As Designated By The Client, A Determination Of The Relationship And Location Of Certain division Or Party Walls With Respect To Adjoining Properties. 11. Evidence Of Underground Utilities Existing On Or Serving The Surveyed Property (in Addition To The observed Evidence Of Utilities Required Pursuant To Section 5.e.iv.) As Determined By: _____ (a) Plans And/or Reports Provided By Client (with Reference As To The Sources Of Information) _____ (b) Markings Coordinated By The Surveyor Pursuant To A Private Utility Locate Request. note To The Client, Insurer, And Lender With Regard To Table A, Item 11, Information From The Sources checked Above Will Be Combined With Observed Evidence Of Utilities Pursuant To Section 5.e.iv. To develop A View Of The Underground Utilities. However, Lacking Excavation, The Exact Location Of underground Features Cannot Be Accurately, Completely, And Reliably Depicted. In Addition, In Some jurisdictions, 811 Or Other Similar Utility Locate Requests From Surveyors May Be Ignored Or Result In An incomplete Response, In Which Case The Surveyor Shall Note On The Plat Or Map How This Affected The surveyor S Assessment Of The Location Of The Utilities. Where Additional Or More Detailed Information Is required, The Client Is Advised That Excavation May Be Necessary. 12. __ X __ As Specified By The Client, Governmental Agency Survey-related Requirements (e.g., Hud surveys, Surveys For Leases On Bureau Of Land Management Managed Lands). The Relevant Survey requirements Are To Be Provided By The Client Or Client S Designated Representative. 13. _____ Names Of Adjoining Owners According To Current Tax Records. If More Than One Owner, identify The First Owner S Name Listed In The Tax Records Followed By Et Al. 14. _____ As Specified By The Client, Distance To The Nearest Intersecting Street. 15. _#5__ Rectified Orthophotography, Photogrammetric Mapping, Remote Sensing, Airborne/mobile laser Scanning And Other Similar Products, Tools Or Technologies As The Basis For Showing The Location Of certain Features (excluding Boundaries) Where Ground Measurements Are Not Otherwise Necessary To locate Those Features To An Appropriate And Acceptable Accuracy Relative To A Nearby Boundary. The surveyor Must (a) Discuss The Ramifications Of Such Methodologies (e.g., The Potential Precision And completeness Of The Data Gathered Thereby) With The Insurer, Lender, And Client Prior To The Performance of The Survey, And (b) Place A Note On The Face Of The Survey Explaining The Source, Date, Precision, And other Relevant Qualifications Of Any Such Data. 16. _____ Evidence Of Recent Earth Moving Work, Building Construction, Or Building Additions observed In The Process Of Conducting The Fieldwork. 17. _____ Proposed Changes In Street Right Of Way Lines, If Such Information Is Made Available To The surveyor By The Controlling Jurisdiction. Evidence Of Recent Street Or Sidewalk Construction Or Repairs observed In The Process Of Conducting The Fieldwork. 18. __x__ Pursuant To Sections 5 And 6 (and Applicable Selected Table A Items, Excluding Table A item 1), Include As Part Of The Survey Any Plottable Offsite (i.e., Appurtenant) Easements Disclosed In documents Provided To Or Obtained By The Surveyor. 19. _____ Professional Liability Insurance Policy Obtained By The Surveyor In The Minimum Amount Of $____________ To Be In Effect Throughout The Contract Term. Certificate Of Insurance To Be Furnished upon Request, But This Item Shall Not Be Addressed On The Face Of The Plat Or Map. 20. _____ ___________________________________________________________________ adopted By The American Land Title Association On October 1, 2020. More At: Www.alta.org. adopted By The National Society Of Professional Surveyors On October 30, 2020. More At: Www.nsps.us.com. 11/16/2023 attachment 2 - Example Survey Marker 2.5 Minimum Diameter bronze mountable On New Precast Monument, Existing Concrete Or Rebar Pin

Details: The subject of the performance of this order is the delivery of the performance expected in the framework of the subsidy project "innovation of the production of optical security elements for the security of polycarbonate documents". The technical parameters are as follows, with the fact that the client allows their modification while maintaining the principle that performance and range parameters are set as minimum and power, size and weight parameters as maximum, unless something else is stated for a specific parameter, with a tolerance so that the device It Could Be Installed In The Location For This Equipment. This contract also includes transportation, assembly, and commissioning at the place designated by the client. The selected supplier is responsible for ensuring that the order will be delivered complete and will contain all parts necessary for trouble-free operation. Only Original (non-refurbished) Components Will Be Used For Production. The Technical Specification Establishes the Basis of Minimum Requirements for Function, Performance, Lifetime, Etc. If Zd or its Annexes contain specific trade names or brands, this is only a definition of the required standard, and the client also allows other technically and qualitatively comparable solutions. The Inspection Equipment Must Meet The Specifications And Requirements That Are Listed Below: General Description: The Equipment Must Be Capable Of Checking The Quality Of Pressed Holographic (dovid) Elements In A Polymer Substrate Formed By Pressing From Nickel Plates On A Pressing Machine Operating In R2r Mode In Real Time. The device must be able to inspect the high-resolution details inside the holographic motifs (dovid). Dovid elements are created in Max. 254,000 Dpi And The Required Inspection System Must Be Able To Optically Process Such Complex Structures And Deal With Unwanted Reflections. Must Use Appropriate Light Sources, Detect Defects In Molded Structures Even In An Intact Substrate With A Minimum Size Of 50 Microns, Must Monitor Transverse And Longitudinal Stretching Of The Substrate During The Pressing Process, Must Monitor And Monitor The Diffraction Efficiency Of Dovid Elements. Must Have Appropriate Software Capable of Creating a Scalable Log of the Inspection Performed. Required Technical Parameters: Material: Polycarbonate Film 50 to 175 Μm, One Side Glossy, One Side Matte, Dovid elements are always pressed on the glossy side. Controlled Width: Up to 500 Mm Repeat Length: Up to 850 Mm Maximum Speed: 50 M/min Optical Resolution: Min. 50 X 50 Μm Configuration: Due to the Specific Polymeric Substrate Used (glossy/matte), it is Necessary to Use a Two-Channel Solution with Light Sources Working on the Principle of Both Specular Reflection and Scattering in Combination with an Appropriate Number of Cameras for Line Scanning with Sufficient Resolution. Workstation: Sufficiently Powerful Computer Data Storage: Minimum 4 Tb Capacity for Data Storage Network: Option to Connect to a Local Ethernet Network Required System Features:  The System Must Detect Different Types of Defects (such as Scratches, Dust Particles, Paint/Oil Splashes, Smudges, etc. .) Inside the Relief Element Dovid And On The Surface And In The Mass Of The Intact Polycarbonate Substrate.  System Must Continuously Monitor Diffraction Efficiency.  The system must be capable of tracking the brightness of light diffraction at an unlimited number of locations within each iteration. These Tracking Points Must Be Freely Definable by the User.  Brightness Must Be Measured On 100% Viewed Points At 100% Repetition - No Sampling.  The Diffraction Efficiencies Determined At Each Monitored Location, After Each Revolution, Must Be Visualized As A Scalable Graph That Shows The Brightness Level In Percentage Of The Reference Value. In the graph, the lines representing individual monitoring locations must be color distinguishable.  The System Must Continuously Monitor Transverse And Longitudinal Stretching (As A Result Of The Pulls And Temperature Used During Pressing) Of The Substrate.  The system must continuously monitor the repetitive length and width of the material and graphically represent their progress in time and place.  The System Must Display Deviations From Target Values In Appropriate Units (mm, %).  The system must support the visualization of multiple control channels on one workstation (displays).  The system must have suitable software capable of creating a scalable report on the performed inspection. The order is not divided into parts. The contracting authority does not intend to discuss offers with the participants within the meaning of Art. 5.4 of the Rules.

Details: This Is Not A Request For Competitive Proposals. the Department Of Veterans Affairs, James A. Haley Veteran's Hospital Tampa, Located At 13000 At Bruce B. Downs, Blvd, Tampa, Fl. 33612 Intends To Solicit And Negotiate A Sole Source Requirement, Contract For Analyzer Systems (lease Of Equipment) Reagents And Test Kits With Siemens, A Large Business Located At 511 Benedict Ave., Terrytown, Pa. 10591. this Procurement Is Conducted Under Far 15.002 (a) Sole Source Acquisitions. Under The Authority Of (far) 6.302-1, "only One Responsible Source And No Other Supplies Or Services Will Satisfy Agency Requirements. In Accordance With (iaw) Far 5.207(c)15, The Reason Justifying The Lack Of Competition Is That, After Extensive Market Research, No Other Responsible Source Was Identified That Could Meet The Government S Needs. Iaw Far 5.207(c)16, All Responsible Sources May Submit A Capability Statement, Proposal, Or Quotation, Which Will Be Used For Future Procurement. This Notice Of Intent Is Not A Request For Competitive Proposals. Interested Parties May Identify Their Capability To Be Considered For Future Procurements. Naics Code 334516 Analytical Laboratory Instrument Manufacturing 1,000 Employees Apply To This Procurement. see The Statement Of Need Below: all Information Must Be Received By 10: 00 A.m.est, 02/15/2024, And Will Be Reviewed To See If It Meets The Government S Needs. A Determination By The Government Not To Compete With This Proposed Contract Based Upon Responses To This Notice Is Solely Within The Discretion Of The Government. interested Parties May E-mail Information To Leonora.simmons@va.gov. Nlt Than 02/15/2024. statement Of Need 1. General: 1.1 Contractor To Provide A Food And Drug Administration (fda) Approved, Cost-per-test (cpt) Autoimmune Analyzer Testing System, Reagents, Supplies, And Consumables Capable Of Performing Fda-approved Patient Testing. Cpt Assays To Include Vitamin B12, Folate, Acth, Homocysteine, Alpha-feto Protein (afp), Follicle Stimulating Hormone (fsh), Luteinizing Hormone (lh), Prolactin, Insulin-like Growth Factor 1 (igf 1), Beta-2-microglobulin, Helicobacter Pylori, Thyroglobulin, Thyroglobulin Antibody (tg), Thyroid Peroxidase Antibody (tpo), And Allergens. The Requirement Is For James A. Haley Va Medical Center (jah Vamc), Pathology & Laboratory Medicine Service, Hematology Department, Tampa, Florida. 1.2 The Requirement Is For James A. Haley Va Medical Center (jah Vamc), Pathology & Laboratory Medicine Service, Hematology Departments, Tampa, Florida. This Requirement Includes Any Other Future Jah Vamc Testing Location Deemed Necessary By Va Care Providers. 2. Background: 2.1 Currently, The James A. Haley Veterans Hospital (jahvh), Pathology & Laboratory Medicine Service Has A Short-term (6 Months) Contract With Siemens Healthcare Diagnostics, Reference Number 36c24823n0993 Procurement In Place To Enable The Hospital To Continue To Lease And Order The Required Da-approved, Automated Immunoassay Analyzer Testing Systems And Test Kits. The Reference Contract Will Expire On 03/31/2024, The Jahvh Needs To Pursue A Base And Four Option Year Contract. The Contract Will Include Vendor-provided Equipment, Fda-approved Reagents, Supplies, And Consumables For Immunoassay Testing To Provide Care For Our Va Patient Population. 3. Purpose: 3.1 The Ability To Continue To Perform Autoimmune Testing Using The Contractor S Existing Fda-approved Automated Analyzer System Utilizing Fda-approved Reagents, Supplies, And Consumables To Provide Care For Our Va Patient Population Via A Base + Four (4) Years Contract. 4. Scope: 4.1 Jah Vamc Is Requesting Equipment And Test Kits That Meet All The Minimum Physical, Functional, And Performance Features Of The Listed Salient Characteristics In This Section. These Salient Characteristics Are Essential To The Technical Requirements To Continue To Meet The Needs Of The Government. The Contractor Shall Maintain This Testing System And Continue To Provide These Assay Requirements For A Period Of Performance From 04/01/2024 Through 03/31/2029. 5. Equipment: 5.1 The Contractor Shall Provide An Fda-approved, Fully Automated, And Integrated Analyzer Testing System, Printer, Computer, Uninterruptable Power Supplies (ups) For The Analyzer, And Accessories Required For Equipment Usage. 5.2 Below Are The Salient Characteristics Of The Autoimmune Fda-approved Instrument And Fda-approved Reagents Capable Of Performing Vitamin B12, Folate, Acth, Homocysteine, Alpha-feto Protein (afp), Follicle Stimulating Hormone (fsh), Luteinizing Hormone (lh), Prolactin, Insulin-like Growth Factor 1 (igf 1), Beta-2-microglobulin, Helicobacter Pylori, Thyroglobulin, Thyroglobulin Antibody (tg), Thyroid Peroxidase Antibody (tpo), And Allergens Testing With Specific Functionality And Performance-based Requirements Of The System: 5.3 General Instrument Characteristics Include Ability To Run Fda-approved Patient Testing For 100% Of The Below Listed Tests On Fda-approved, Fully Automated, Random Access, Testing Platform With Priority Processing: a. Sufficient Capacity And Throughput To Meet The Volume And Service Demands As Defined In The Tests And Volumes Listed In Section A. Above. b. Bar-coded Primary Patient Sample Tube Entry Capabilities. c. Ability To Run Multiple Assay Protocols Simultaneously. d. Contractor Shall Provide All Necessary Software And Hardware For The Systems Valid, Acceptable, Bidirectional Interface Data Transmission Through Data Innovation (di) Instrument Manager (im) Middleware Network Connections. e. Contractor Shall Provide All Necessary System Interface Hardware And Software Upgrades As Required For Va Network Compliance. f. Contractor Shall Provide All Upgrades To The Equipment Hardware And Operating System Software. g. Operator And Service Manual Shall Be Furnished With Each Model Supplied. Electronic Formats Are Acceptable. h. Procedures Shall Be Provided In Accordance With The Clinical And Laboratory Standards Institute (clsi) In Editable Format. i. Contractor To Provide All Test Kits, Reagents, Calibrators, Controls, Supplies, Consumables, And Contractor Assistance Required For Any Instrument And Method Validations. j. Additional Testing May Be Added In Support Of Patient Care Needs As Determined By Care Providers. k. Computer Systems (cpus, Monitors, Keyboards, Printers), And Upss Provided By The Contractor For The Instrument Throughout The Contract Period. l. Electrical Characteristics: 100-240 Vac At 50-60hz, 1000 Watts. 6.0 Deliverables: 6.1 2 Immulite 2000 Xpi Immunoassay Testing Site System - Fully Automated System (tampa-hematology) - Lease/service/maintenance., Qty 12 Mo. dimensions: 182.88 (h) X 160.02 (w) X 91.44 (d) Cm; 72 (h) X 63 (w) X 36 (d ) Inches 6.2 Versacell X3 Testing Site System - Fully Automated System (tampa-hematology) - Lease/service/maintenance., Qty 12 Mo. dimensions: 1.02 (w) X 1.09 (d) X 1.56 (h) M; 40.16 (w) X 42.91 (d) X 61.42 (h) Inches 7.0 Reagent Kits. Immunoassay One Year Estimated Test Volumes: description/part Number - Test Kits Qty Unit acth 5 Kt tumor Marker Afp 26 Kt alternaria Tenuis Ige 16 Kt allergen, Asp.fumigatus 16 Kt allergen, Australian Pine 28 Kt allergen, Bahia Grass 28 Kt allergen, Bermuda Grass 16 Kt microglobulin-b 2 3 Kt allergen, Cat Dander/epitheli 16 Kt allergen, Cockroach 28 Kt allergen, Common Ragweed 16 Kt allergen, Derma Fariae 16 Kt allergen, Derma Pteronyssinu 16 Kt allergen, Dog Dander 16 Kt allergen, Elm 28 Kt allergen, Epicoccum Purpur 28 Kt folate 180 Kt fsh Hormone 13 Kt allergen, Fusarium Monoliform 25 Kt allergen, Giant Ragweed 28 Kt helicobacter Pylori Ige 3 Kt homocysteine 3 Kt allergen, House Dust, Greer 16 Kt total Ige 7 Kt insulin Like Growth Factor Igf-1 5 Kt allergen Johnson Grass 28 Kt allergen, Lambs Quarters 28 Kt luteinizing Hormone Lh 13 Kt allergen, Mountain Cedar 28 Kt oak Ige 16 Kt allergen, Orchard Grass 16 Kt allergen, Pecan 28 Kt allergen, Penicillium Notat 16 Kt allergen, Perennial Rye Grass 16 Kt prolactin 13 Kt allergen, Rough Marsh Elder 28 Kt allergen, Rough Pigweed 28 Kt allergen, Sheep Sorrel 28 Kt allergen, Stemphylium Botryos 28 Kt thryroglobulin 5 Kt thyroglobulin Antibody 6 Kt thyroid Preoxidase Antibody 5 Kt allergen, Timothy Grass 16 Kt vitamin B-12 230 Kt allergen, White Mulberry 28 Kt 8. Functional And Performance Characteristics: 8.1 Must Provide The Following Functional And Performance Capabilities To Ensure Equipment Is Utilized And Maintained According To The Requirements Of The System: a) Preventive Maintenance Shall Be Performed Per Manufacturer S Guidelines. b) Instrument Service To Be Provided During Routine Business Hours. Certain Circumstances May Dictate The Need For Repair Service To Be Conducted Outside Routine Business Hours. All Such Arrangements Will Be Coordinated Between The Contractor And Va Laboratory Personnel. c) Expected Response To Service Call Time From Initial Call To Contractor To Service Engineer Arriving On Site Should Be No More Than 24 Hours. d) Technical Support Hotline Must Be Available For In-house Troubleshooting. 8.2 The Cost Per Test Includes Costs Covering (a) Fda-approved Instrument System (lease), (b) Equipment Use, Computers, Printers, And Accessories Including Uninterruptable Power Supply (ups) For The Instrument, (c) Software And Hardware, (d) All Aspects Of Computer Interfacing For The Analyzer System, (e) Reagents Offered By The Vendor, (f) All Necessary Supplies And Consumables, (g) All Necessary Service, Maintenance, And Parts To Keep The Equipment In Good Operating Condition To Fulfill The Test Requirements And Produce High-quality Patient Results, (h) Operational Hardware And Software Upgrades, (i) User Training For Government Personnel, And (j) Upon Expiration Of Order(s) And/or Termination And/or Replacement Of Equipment, Will Provide Equipment Decontamination, Turn-in Hard Drives With Va Sensitive Information To Va It Department, And Return Packing And Shipping At No Additional Charge. 8.3. All Work Is To Be Performed In Accordance With The Guidelines Established By Federal, State, And Local Ordinances, With The Fda, And Manufacturer S Guidelines, And With All Terms, Conditions, Provisions, Schedules, And Specifications Provided Herein. 8.4. The Contractor Will Provide Analyzers Or Testing Systems, Parts And All Operational Upgrades To The Equipment Hardware And Operating System Software That Materially Affects The Performance Of The Equipment, Without Additional Charge To The Government. 8.5. All Models Shall Perform Satisfactorily At Any Laboratory Temperature Between 59- And 86 Degrees F (15 And 30 Degrees Celsius). All Models Shall Perform Satisfactorily At Any Laboratory Relative Humidity Of 10 To 70%. 8.6. With All Equipment, Ownership Of Equipment Shall Remain With The Contractor For The Life Of The Contract. All Equipment Accessories (hardware And Software) Furnished By The Contractor Shall Accompany The Equipment When Returned To The Contractor. 8.7. The Contractor, Upon Expiration Of Order(s) At Termination And/or Replacement Of Equipment, Will Remove The Equipment And Turn In Any Hard Drives Containing Va Sensitive Information To Va It Department. 8.8. The Contractor Shall Disconnect The Equipment And Shall Be Responsible For Packing, Shipping, And Charges Required To Remove The Equipment Within Ten Business Days. 8.9. With All Equipment, The Standard And Acceptance Of Performance Shall Begin On The Contract Awarded Date. It Shall End On The Earlier Date Of When A Certificate Of Acceptance Has Been Signed Or The Equipment Has Met The Standard Of Performance For A Period Of 30 Consecutive Calendar Days By Operating In Conformation With The Contractor S Technical Specification Or As Quoted In Any Contract At Effectiveness Level Of 90% Or More. 8.10. In The Event The Equipment Does Not Meet The Standard Of Performance During The Initial 30 Consecutive Calendar Days, The Standard Of The Performance Test Shall Continue On A Day-by-day Basis Until The Standard Of Performance Is Met For A Total Of 30 Consecutive Days. 8.11. Operational Use Time For Performance Testing For A System Is Defined As The Accumulated Time During Which The Equipment Is In Actual Use. 8.12. System Failure Downtime Is 24 Hours When Any Machine In The System Is Inoperable Due To Equipment Failure. 8.13. Downtime For Each Incident Shall Start From The Time The Government Makes A Bona Fide Attempt To Contact The Contractor S Designated Representative At The Prearranged Contact Point Until The System Or Machine(s) Is Returned To The Government In Proper Operating Condition. 8.14. During The Performance Period For A System, A Minimum Of 100 Hours Of Operational Use Time With Productive Or Simulated Work Will Be Required As A Basis For The Computation Of The Effectiveness Level. However, In Computing The Effectiveness Level, The Actual Number Of Operational Use Hours Shall Be Used When In Excess Of The Minimum Of 100 Hours. 8.15. The Government Shall Maintain Appropriate Daily Records To Satisfy The Requirements Of This Paragraph And Shall Notify The Contractor In Writing Of The Date Of The First Day Of The Successful Performance Period. 8.16. Operations Use Time And Downtime Shall Be Measured In Hours And Whole Minutes. 9. Government S Responsibility: 9.1 The User Will Perform Daily Routine Operator Maintenance And Cleaning As Required In The Manufacturer S Operation And Maintenance Instructions. 10. Training Of Operating Personnel: N/a 11. Performance, Delivery, Inspection And Acceptance: 12. Reagents Delivery Terms, Quality Of Reagents, Supplies, And Consumables: 12.1. The Va Shall Require The Delivery Of Reagents, Supplies, And Consumables For All Services Required Within 30 Days Of The Contract Awarded Date. 12.2. The Contractor Shall Deliver Reagents, Supplies, And Consumables, Shipping Cost Included, From Monthly Call Orders Placed By The Jahvh Representative, (cor). 12.3. The Contractor Shall Ensure That All Supplies Provided/ordered For Use On Their Equipment Will Be Of The Quality Necessary To Produce High-quality, Accurate Patient Results. 12.4. The Fda-approved Reagent Quality Must Be High Enough To Satisfy The Proficiency Testing Standards Of The College Of American Pathologists (cap) And Joint Commission (jc). 13. Maintenance: 13.1. The Contractor Shall Provide Maintenance (labor, Parts, And Shipping) To Keep The Equipment In Good Operating Condition And Subject To Security Regulations. 13.2. The Government Shall Provide The Contractor Access To The Equipment To Perform Maintenance Services. 13.3. Preventive Maintenance (pm) By The Contractor Shall Be Provided Regular, Scheduled Maintenance To Ensure The Continued Reliable Operation Of The Equipment. These Preventative Maintenance Visits Shall Be Performed Semi-annually By The Manufacturer S Operation And Maintenance Instructions For The Supported Equipment. 14. Service: 14.1. Emergency Repairs Shall Be Performed Within 24 Hours After Notification By The Cor That The Equipment Is Inoperative. 14.2. The Scheduled Maintenance And Service Shall Be Performed By A Qualified Engineer With Notice To The Contracting Officer Representative (cor). James A Haley Va Hospital, Pathology & Laboratory Medicine Service Is Open 24 Hours A Day, 7 Days A Week Including Holidays. 14.3. Telephone Response Does Not Satisfy This Requirement. The Contractor Shall Provide The Government With A Designated Point Of Contact And Shall Make Arrangements To Enable His Maintenance Representative To Receive Such Notification. 14.4. The Contractor Shall Provide All Parts, Labor, And Shipping Needed To Repair The Malfunction. 14.5. The Travel, Per Diem And Other Expenses Associated With The Repair Will Be Borne By The Contractor. Otherwise, All Services Will Be Performed At No Charge To The Government During This Period. 14.6. The Contractor Shall Furnish A Malfunction Incident Report To The Installation Upon Completion Of Each Maintenance Call. 14.7. The Report Shall Include, As A Minimum, The Following: (a Date And Time Of Notification, (b) Date And Time Of Arrival, (c) Serial Number Type And Model Number(s) Of Equipment, (d) Time Spent For Repair, (e) Description Of Malfunction And (f) Proof Of Repair. Parts (e) And (f) Shall Be Written Verification Of Quality Control For A Sample Run. 15. Techincal Upgrades: 15.1. Contractor Shall Provide Supplemental Operating Training To The Government Personnel, Without Additional Charge To The Government, Upon Installation Of An Upgrade In Equipment Hardware Or Operating System Software Connected With The Operation Of An Instrument Already Furnished. 16. Warranty Of Equipment: 16.1. Government Requirement For Standard Manufacturer Industry Warranty Term. The Government Does Not Accept An Extended Warranty, Which Requires Advance Payment. 17. Delivery Schedule: Delivery Performance Shall Start On 04/01/2024. 18. Place Of Delivery: 18.1. Department Of Veterans Affairs, James A. Haley Veterans Hospital, 13000 Bruce B. Downs, Blvd. Tampa, Fl. 33612. with Sensitive Data And Training va Information And Information System Security/privacy Language access To Va Information And Va Information Systems: a. Contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. b. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. c. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. d. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. contractor Personnel Security Requirements: all Contractor Employees Who Require Access To The Department Of Veterans Affairs Computer Systems Shall Be The Subject Of A Background Investigation And Must Receive A Favorable Adjudication From The Va Office Of Security And Law Enforcement Prior To Contract Performance. This Requirement Is Applicable To All Subcontractor Personnel Requiring The Same Access. If The Investigation Is Not Completed Prior To The Start Date Of The Contract The Contractor Will Be Responsible For The Actions Of Those Individuals That Provide Or Perform Work For The Va. 1. Position Sensitivity The Position Sensitivity Has Been Designated As ( Low) Risk. 2. Background Investigation The Level Of Background Investigation Commensurate With The Required Level Of Access Is National Agency Check (naci) With Written Inquiries. 3. Contractor Responsibilities: a. The Contractor Shall Bear The Expense Of Obtaining Background Investigations. If The Investigation Is Conducted By The Office Of Personnel Management (opm), The Contractor Shall Reimburse The Va Within 30 Days. the Website Which Provides Information On The Cost Of The Security Investigation Is: www.opm.gov\extra\investigate Select Federal Investigations Notices (fin 01-01) b. The Contractor Shall Prescreen All Personnel Requiring Access To The Computer Systems To Ensure They Maintain U.s. Citizenship And Can Read, Write, Speak, And Understand The English Language. c. The Contractor Will Provide To The Contracting Officer Prior To Award The Following: (1) List Of Names Of Contract Personnel. (2) Social Security Numbers Of Contractor Personnel. (3) Home Address Of Contractor Personnel Or The Contractor Address. the Contracting Officer Will Submit The Above Information To The Office Of Security And Law Enforcement, Washington, D.c. The Office Of Security And Law Enforcement Will Provide The Necessary Investigative Forms (these Forms Are Indicated In Paragraph 3.d. Below) To The Contractor S Personnel, Coordinate The Background Investigations With Opm And Notify The Contracting Officer And Contractor Of The Results Of The Investigation. d. The Contractor Shall Submit Or Have Their Employees Submit The Following Required Forms To The Va Office Of Security And Law Enforcement Within 30 Days Of Receipt: (i) Standard From 85p, Questionnaire For Public Trust Positions (ii) Standard Form 85p-s, Supplemental Questionnaire For Selected Positions (iii) Fd 258, U.s. Department Of Justice Fingerprint Applicant Chart (iv) Va Form 0710, Authority For Release Of Information Form (v) Optional Form 306, Declaration For Federal Employment (vi) Optional Form 612, Optional Application For Federal Employment d. The Contractor, When Notified Of An Unfavorable Determination By The Government, Shall Withdraw The Employee From Consideration From Working Under The Contract. e. Failure To Comply With The Contractor Personnel Security Requirements May Result In Termination Of The Contract For Default. va Information Custodial Language: a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In The Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That The Va S Information Is Returned To The Va Or Destroyed In Accordance With The Va S Sanitization Requirements. Va Reserves The Right To Conduct On-site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. c. Prior To Termination Or Completion Of This Contract, The Contractor/subcontractor Must Not Destroy Information Received From Va Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.1, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, The Confidentiality Of Medical Quality Assurance Records, And/or Title 38 U.s.c. 7332, The Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above-mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor. security Incident Investigation: a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss, Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. liquidated Damages For Data Breach: a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. However, It Is The Policy Of The Va To Forego The Collection Of Liquidated Damages In The Event The Contractor Provides Payment Of Actual Damages In An Amount Determined To Be Adequate By The Agency. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, The Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. The Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: (1)nature Of The Event (loss, Theft, Unauthorized Access); (2)description Of The Event, Including: (a)date Of Occurrence; (b)data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, And Disability Code; (3)number Of Individuals Affected Or Potentially Affected; (4)names Of Individuals Or Groups Affected Or Potentially Affected; (5)ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6)amount Of Time The Data Has Been Out Of Va Control; (7)the Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8)known Misuses Of Data Containing Sensitive Personal Information, If Any; (9)assessment Of The Potential Harm To The Affected Individuals; (10)data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And (11)whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 For Affected Individuals To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: (1)notification; (2)one Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; (3)data Breach Analysis; (4)fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5)one Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6)necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. security Controls Compliance Testing : on A Periodic Basis, The Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working Days Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. training: a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete Va Privacy And Information Security Awareness And Rules Of Behavior Training And Privacy And Hipaa Training And Hipaa Training Before Being Granted Access To Va Information And Its Systems. (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Rules Of Behavior Before Being Granted Access To Va Information And Its Systems. b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete. the Certification And Accreditation (c&a) Requirements Do Not Apply And A Security Accreditation Package Is Not Required For This Sow. *** If Applicable*** information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With The Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By The Va, And Implemented In Accordance With The Provisions Of The Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: (a) The Systems Of Records (sor); And (b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform; (2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of An Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) Operation Of A System Of Records Means The Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) That May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical But In No Event Longer Than Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For The Office Of Information And Technology. information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By The Va Privacy Service Prior To Operational Approval. All External Internet Connections To The Va S Network Involving Va Information Must Be Reviewed And Approved By The Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By The Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment, Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor-owned Equipment Or Software On Va S Network. If Non-va-owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Or Contract. All Of The Security Controls Required For Government-furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave-based) Firewall That Is Configured With A Va- Va-approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va-owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Backup Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) Vendor Must Accept The System Without The Drive; (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At The Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then; (a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. all Contractor, Pharmaceutical Company Representative (pcr), And Healthcare Industry Representatives (hir) Will Coordinate With The Contracting Officer Representative For Instructions So They Are In Compliance With James A. Haley Veterans Hospital Policies Listed On The James A. Haley Document Management Center Share Point Site: hpm No. 90-25; Healthcare Vendor Access And Competency Hpm No. 132-04; Security Management Program hpm No. 132 05; Hospital Identification Program hpm No. 11-91; Pharmaceutical Company Representatives hir Are Required To Report To Msdu (room Gc-003), Immediately After Entering The Facility. Hir Will Be Required To Sign Into The Monitoring System And Print A Badge For Proper Identification. The Healthcare Industry Representatives For Nutrition And Food Services, Office Of Information And Technology, And Social Work Services Are In Included In This Policy; Vendors (hir) For Pharmacy Services Are To Follow (hpm 11-91) Policy. Hir Must Be Sponsored By A Physician, A Service Chief, Or Their Designee, For A Specified Date And A Specified Case. Hir Is Not Permitted In Patient Care Areas Or Clinics Unless A Prior Appointment Has Been Made. pharmaceutical Company Representative (pcr) Refers To Anyone Acting On Behalf Of A Pharmaceutical Company Or Its Business Partners For The Purpose Of Promoting The Use Of Items Managed Under The Va Formulary Process. These Items Primarily Include Drugs, But To A Lesser Extent Also Include Any Medical Supplies, Nutritional Supplements, And Similar Commodities Managed Under The Va Formulary Process. A. Sign-in Pcrs May Visit Va Medical Care Facilities No Earlier Than 8:00 A.m. And Stay No Later Than 3:30 P.m., Monday Through Friday, Unless They Receive Prior Approval From Both The Chief Of The Service That They Will Be Visiting And The Chief Of Pharmacy. Representatives Visiting The Jahvh Must Sign In At The Pharmacy Administrative Office (located In Trailer 78) And Wear A Visitor S Badge As Well As Their Company S Personal Name Badge While In The Hospital. vendors: Reference Hospital Memorandum Policy Number 90-25 Healthcare Vendor Access And Competency. contractors And/or Project Managers: Will Be Issued A Piv/id Badge In Accordance With The Facility S Piv Policy. Contactors Will Contact Their Assigned Va Contracting Officer Representative (cor) For Coordination. contract Personnel/sub-contractors: Contractors Are Responsible For The Daily Accountability And Identification Of All Personnel Assigned To Their Respective Contracts Including Sub-contractors. Contractors Will Identify Personnel Using The Following Procedures As Appropriate. construction Project Contract Personnel Will Report To The Contractor For Issuance Of A Temporary Self-adhesive Identification Badge. This Badge Will Be Issued On A Daily Basis And Must Include The Following Information: Company Name, Project Number, Date, And Name Of Individual. The Contractor Will Maintain A Daily Log Of All Personnel. contract Personnel Not Involved In An Actual Construction Project Will Report To Police Dispatch For Issuance Of A Numbered Badge. A Driver S License Or Photo Id Will Be Required Each Day Upon Entering The Facility, In Exchange For The Badge, And Will Be Given Back Once The Badge Is Returned To Police Dispatch. The Contractor Will Provide The Police Service With A List Of Names For All Sub-contract Personnel Requiring Access To The Facility. It Is The Responsibility Of The Contractor To Update The List As Necessary. npr Opc; Cbocs And Off-site Lease Facilities With Va Police Staffing: As Above With Check-in With Va Police. Off-site Lease Facilities W/o Va Police Staffing: Coordinate With Cor, Administrative Officer, Or Service Point Of Contact.

Details: This Is A Sources Sought Notice Only. This Is Not A Solicitation For Bids, Proposals, Proposal Abstracts, Or Quotations. The Purpose Of This Sources Sought Notice Is To Obtain Information Regarding The Availability And Capability Of All Qualified Sources To Perform A Potential Requirement. The Responses Received From Interested Contractors Will Assist The Government In Determining The Appropriate Acquisition Method. the Department Of Veterans Affairs (va), Network Contracting Office (nco) 20, Is Conducting Market Research To Identify Potential Sources Which Can Provide The Following Services: the Department Of Veterans Affairs Visn 20 Facilities Located In The States Of Oregon Washington Idaho And Alaska Requires Service Of Existing And Additional Point Of Use (pou) Weight Based Supply Systems To Automate Inventory Management Processes In Open Shelf Distribution Points (or Supply Closets ) Brand Name Or Equal To Par Excellence. b.2 Statement Of Work (sow) 1. Contract Title purchase, Install, And Set-up Of Weight-based Inventory Management Systems And Support Services For Commodity Inventory Points Throughout All Facilities Within Visn 20. 2. Background historically, Visn 20 Has Used A Cabinet Based, Point Of Use (pou) System For Inventory Management. Visn 20 Has Recently Deployed A Program For A Weight-based Inventory Supply System. The Weight-based System Has Been Implemented Over The Past 5 Years Successfully Improving Inventory Control. 3. Scope to Install Weight-based Inventory Management Systems At Various Facilities Throughout Visn 20, (identified In Section 4. Specific Tasks) Ensure System Is Fully Operational, Ensure System Communications Are Intact, And Fully Train Staff To Be Knowledgeable On The Use Of The System. 4. Specific Tasks task 1 - Installation. To Stage And Install Scales, Cabinets, Controllers, And Bins As Required For Specific Projects At Visn 20 Facilities. Installation Shall Include: Staging, Wiring, Calibrating, And Registering Scales building Graphical Walls And Rows In The System Application Based On Room Layout That Will Allow For Item Identification And Location By The User Assembling Third Party Equipment As Needed For A Project coordinate The Installation Of Wall Mounted Louvers Upon Written Approval From Local Facilities Management Service (fms), As Applicable confirmation Of Installed Controllers Connecting And Communicating With The Par Excellence Server installation Is Not Considered Complete Unless All Tasks Identified Above At Minimum Are Performed the Specific Locations For Identified Projects Will Be At The Discretion Of The Facility Chief Supply Chain Officer. The Location Can Be On Site At The Main Facility Campus Or At A Remote Location, I.e., Community Based Outpatient Clinic (cboc). visn 20 Facilities facility location address distance From Main Campus anchorage muldoon Clinic 1201 North Muldoon Road, Anchorage, Ak 99504 domiciliary 3001 C Street, Anchorage, Ak from Muldoon: 6 Miles transitional housing Units 3 Each 932 E. 12th Avenue 944 E. 12th Avenue 709 N. Hoyt Street Anchorage, Ak the Transitional Housing Units On 12th Avenue Are 5 Miles From Muldoon. the Hoyt Street Unit Is 3 Miles. cboc Mat-su 865 North Seward Meridian Parkway, Wasilla, Ak 99654 from Anchorage: 38 Miles cboc Kenai 240 Hospital Place, Suite 105   Soldotna, Ak 99669 from Anchorage: 152 Miles cboc Fairbanks building 4076, Neeley Road, Room 1j101, Fort Wainwright, Ak 99703 from Anchorage: 358 Miles cboc Juneau 709 W 9th St #150, Juneau, Ak 99801 843 Miles From 1201 North muldoon, Anchorage, Ak 99504 anchorage Vet Center 4201 Tudor Centre Drive, Suite 115, anchorage, Ak 99508 from Muldoon: 6 Miles wasilla Vet Center 851 E. West Point Drive Suite 111, wasilla, Ak 99654 from Anchorage: 38 Miles kenai Vet Center building F, Suite 4 Red Diamond center, 43335 Kalifornsky Beach road, Soldotna, Ak 99701 from Anchorage: 163 fairbanks Vet Center 540 4th Avenue, Suite 100, Fairbanks, Ak 99701 from Anchorage: 358 ft. Richardson national cemetery building 58-512, Davis Highway, P. O. box 5-498, Fort Richardson, Ak 99505 from Muldoon: 2 Miles Boise main Campus To Include All Buildings 500 W. Fort Street, Boise, Id 83702 cboc Caldwell 4521 Thomas Jefferson Street caldwell, Id 83605-5100 32miles cboc Mt. Home 815 N. 6th East, Mt. Home, Id 83647 44 Miles cboc Twin falls 260 2nd Avenue East, Twin Falls, Id 83301 128 Miles cboc Salmon 705 Lena Street, Salmon, Id 83467 249 Miles eastern Oregon Va Clinic 635 Highway 20 North, Suite 4 hines, Or 97738-9462 191 Miles outreach Center 2424 Bank Drive Boise, Id 83702 3 Miles vmoc 1289 Boeing Street, Boise, Id 83705 4.6 Miles contracting Office 960 Broadway boise, Id 83706 1 Mile portland portland Campus To Include All Buildings And Oregon Health science university 3710 Sw Us Veterans Hospital Road, portland, Or 97239 vancouver Campus To Include All buildings On Campus 1601 E. 4th Plain Boulevard, Vancouver, Wa 98661 from Portland: 12 Miles cboc Hillsboro 1925 North East Stucki Avenue, Suite 300 hillsboro, Or 97006-6945 from Portland: 13 Miles cboc Salem 1750 Mcgilchrist St Se #130, Salem, Or 97302 from Portland: 49 Miles salem Vet Center 2645 Portland Road Ne, Suite 250 Salem Or 97301 from Portland: 53 Miles cboc Fairview 1800 Ne Market Drive Fairview, Or 97024 from Portland: 17 Miles cboc West Linn 1750 Sw Blankenship Road, Suite 300, West Linn, Or 97068 from Portland: 18 Miles cboc Camp rilea 91400 N. Neacoxie Street, Building 7315, Warrenton, Or 97146 from Portland: 86 Miles cboc Bend bend Va Clinic, 2650 Ne Courtney Dr, Bend, Or 97701 from Portland: 174 Miles central Oregon Vet Center 1645 Ne Forbes Rd. Suite 105 bend Or 97701 from Portland: 177 Miles outreach Clinic The Dalles 704 Veterans Drive, The Dalles, Or 97058 from Portland: 87 Miles community outreach & referral Center 308 Sw 1st Ave. portland, Or 97204 from Portland: 3 Miles portland Vet Center 1505 Ne 122nd Ave. portland Or 97230 from Portland: 13 Miles willamette national cemetery 11800 Se Mt. Scott Boulevard, portland, Or 97086 from Portland: 15 Miles veterans Benefit Administration 100 Sw Main Street, Floor 2, Portland, or 97204 from Portland: 3 Miles roseburg main Campus To Include All Buildings 913 Nw Garden Valley Boulevard, roseburg, Or 97471 cboc Eugene 1255 Pearl Street, Suite 200, Eugene, Or 97401 71 Miles cboc North Bend 2191 Marion Street, North Bend, Or 97459 85 Miles cboc Brookings 555 5th Street, Suite 1, Brookings, Or 97415 165 Miles cboc Crescent city 1575 Railroad Avenue, Crescent City, ca 95531 151 Miles cboc Bandon 1010 First Street, Suite 100, Bandon, Or 97411 85 Miles seattle seattle Campus To include All Buildings On Campus address community reintegration services 9245 Lakeside Way, Tacoma, Wa 98493 from Tacoma: 2 Miles american Lake Campus To Include All Buildings On Campus 9600 Veterans Drive, Tacoma, Wa 98493 from Seattle: 42 Miles cboc silverdale 9177 Ridgetop Boulevard Nw silverdale, Wa 98383-8519 from Tacoma: 48 Miles cboc Port Angeles 1005 Georgiana Street, Port Angeles, wa 98362 from Seattle: 110 Miles cboc Mt. Vernon 307 S. 13th Street, Suite #200, Mt. Vernon, Wa 98273 from Seattle: 65 Miles north Seattle cboc (valor) 12360 Lake City Way Ne, Suite 200 seattle, Wa 98125 from Seattle: 14 Miles cboc Bellevue (valor) 13033 Bel-red Road Suite 210 bellevue, Wa 98005 from Seattle: 15 Miles federal Way cboc (valor) 34617 11th Place S suite 301 federal Way, Wa 98003 from Seattle: 23 Miles south Sound cboc (sterling) 151 Ne Hampe Way Chehalis, Wa 98532 from Tacoma: 50 Miles bellingham Vet center 3800 Byron Ave suite 124 bellingham Wa 98229 from Seattle: 90 Miles puyallup Va Clinic 11216 Sunrise Boulevard East, Suite 209, Building 3 puyallup, Wa 98374-8848 from Tacoma: 20 Miles everett Vet center 3311 Wetmore Ave everett Wa 98201 from Seattle: 32 Miles federal Way vet Center 32020 32nd Ave South Suite 110 federal Way Wa 98001 from Seattle: 23 Miles seattle Vet center 4735 E Marginal Way S, Room 1102 seattle Wa 98134 from Seattle: 3 Miles tacoma Vet center 4916 Center St. Suite E tacoma Wa 98409 from Tacoma: 50 Miles oxbow 4735 East Marginal Way, Seattle, Wa 98134 on The Federal Center South Campus from Seattle: 5 Miles va Homeless veterans Program 419 S 2nd St Renton, Wa 98057 from Seattle: 10 Miles university Of wa (harborview) 325 9th Ave, Seattle, Wa 98104 from Seattle: 4 Miles university Of wa t-334, Health Sciences Building, 1959 Ne Pacific Street, Seattle, Wa 98195 from Seattle: 7 Miles seattle Regional benefit Office jackson Federal Building 915 2nd Ave. seattle, Wa 98174 from Seattle: 4 Miles tahoma National Cemetery 18600 Southwest 240th Street, Kent, Wa 98042 from Seattle: 24 Miles va Nco Office 1495 Wilmington Dr dupont, Wa from Tacoma: 9 Miles spokane main Campus To Include All Buildings On Campus n. 4815 Assembly Street, Spokane, wa 99205 cboc Coeur D Alene 915 West Emma Avenue coeur D'alene, Id 83814-2531 36 Miles cboc wenatchee 2530 Chester Kimm Road, Wenatchee, wa 98801 175 Miles mayfair 6002 N. Mayfair, Spokane Wa 4.5 Miles homeless Center 705 W. 2nd Ave., Spokane Wa 5.2 Miles Libby Va Clinic 211 East 2nd Street libby, Mt 59923-2047 160 Miles walla walla main Campus To Include All Buildings 77 Wainwright Drive, Walla Walla, wa 99362 cboc Lewiston 1630 23rd Avenue, Suite 2, Lewiston, Id 83501 101 Miles cboc Richland 825 Jadwin Avenue, Suite 250, Richland, Wa 99352 69 Miles cboc Yakima 1211 Ahtanum Ridge Drive union Gap, Wa 98903 128 Miles cboc Lagrande 202 12th Street, La Grande, Or 97850 75 Miles Wallowa County Va Clinic 401 Northeast 1st Street, Suite A enterprise, Or 97828-1186 103 Miles morrow County Va Clinic 2 Marine Drive, Suite 103 boardman, Or 97818 81 Miles sorcc (white city) main Campus To Include All Buildings 8495 Crater Lake Highway, White city, Or 97503 cboc Klamath falls 2819 Dahlia Street, Klamath Falls, Or 97601 miles From Va Sorrc: 71 Miles cboc Grants Pass West 1877 Williams Hwy, Grants Pass, Or 97527 miles From Va Sorrc: 31 Miles veterans Center (grants Pass) 211 Se 10th Grants Pass, Or 97526 miles From Va Sorrc: 31 Miles eagle Point national cemetery 2763 Riley Rd., Eagle Point, Or 97524 miles From Va Sorrc: 5 Miles installed Equipment Shall Have A One-year Full Equipment Replacement For Defects Or Damage Not Caused By Va Personnel. Install Does Not Include Disassembly Of Existing Storage Devices. hardware And Software install: Install The Program And Software Packages Used To Add, Delete, And Edit Items Stored In The Bins/platforms On Va Owned Desktops Or Laptop Computers At Each Designated Facility. Install Software On 1 (one At Minimum) Va Owned Laptop For System Set-up And Installation. Install And Prepare Va Owned Server For Transmission Of Information Between Contractor And Va For Maintenance And Monitoring Of Equipment In Use. access: Grant Accesses And Train Va Employees For The Web-based Program That Shall Have Unlimited User Access And Provide Reports And Data Mining Capability Of Current Inventory Including But Not Limited To Current Stock Levels, Recommended Order Levels, And Average Usage Levels. The System Shall Be Capable Of Producing Reports In Excel Or Text Delimited Format Using Commercially Available Software. Training Includes But Is Not Limited To: adding Items removing Items assigning Items weighing Items calibrating Scales order Management user Admin Management troubleshooting Errors editing Items troubleshooting reporting Functions running Interactive Jobs locating Items Graphically From The System 5. Capabilities: The Inventory Management System Shall Produce An Accurate Real-time Reading Of Quantities On-hand Accessible By Web-based Program And Provide Data Mining Capabilities That Shall Include At A Minimum, Current Stock Levels, Recommended Order Points, Average Usage Levels Per Item And Ability To Track Medical Supply Usage Per Patient Treated At The Va Facilities Listed Above. the Weight-based System Will Be Interfaced With Gip (generic Inventory Package) And/or Va Approved Supply Inventory System, For Example Dmlss (defense Medical Logistics Standard Support). The Primary Purpose Of The Interface Is To Identify Out Of Balance On-hand Quantities And Values Between Gip And/or Supply Inventory System And The Weight-based System. the Weight-based System Will Identify Any Out Of Balance On Hand Quantities And Values, Accounting For Any Due Out Or Due Ins. If The Out Of Balance Condition Is Caused By A Pending Due In Or Due Out, It Will Be Displayed Separately To Easily Identify. Vendor System Due-ins And Due-outs Are To Be Automatically Removed When Gip And/or Supply Inventory System Due-in And Due-outs Are Cleared , Or Orders Are Closed. The Functionality Of The Weight Bin System Is Listed Below. Equipment Status communication About System Status Including System Failures Materials Management Status open Orders emergency/critical Item Levels Negative Quantities On-hand Item Locator Customer Item Requisition Par Level Analysis current Levels level Recommendations By Cost And Usage Demand Sku (stock Keeping Unit) Reduction Recommendations items Over Par Level stock Outs And Critical Hits Par Level Value Over Time Consumption average Monthly Usage consumption Analysis Including Time consumption Deviation consumption Over Time Reports activity Detail (sales, Receipts, Adjustments, Etc.) To Include Time Inventory On Hand Changed quantity On-hand Discrepant Inventory Alerts value On-hand department Transactions cycle Count Sheet out Of Balance With Gip - On Hand Due-ins due-outs issue Multiple Discrepancy Between Gip And Par Bin Emergency Levels Orders existing Orders order Preview Items item Master Item History item Classification Reconciliation History most Recent Recon Per Item Compatibility communication With Current Existing System adaptable To Be An Open Bin System Or Secured System compatible With Existing Web-based System compliant With Vista Pou Manual And Oit S 508 Compliance 6. Licensing per Far 12.212, Commercial Computer Software Or Commercial Computer Software Documentation Shall Be Acquired Under Licenses Customarily Provided To The Public To The Extent Such Licenses Are Consistent With Federal Law And Otherwise Satisfy The Government S Needs. Please See The Attachment In Section D., Regarding Governing Law, For More Details. 7. Support support To Include Continuous Monitoring By Means Of A Minimum Of 4 Remote Checks Of Equipment Functionality By Contractor Personnel Every 24 Hours. Notification And Maintenance Support From Contractor Personnel In The Event Of A Problem With Equipment Or Software. Contractor Personnel Shall Respond To Service Calls No Later Than 24 Hours After Being Notified Of A Problem With Either Equipment Or Installed Software. Equipment And Related Hardware To Be Replaced Within 48 Hours Of Notification Of A Problem If User Is Not At Fault For Damage Or Defect. Pou Weight Based System Must Maintain An Integrated Relationship To Existing Va Systems. Must Be Able To Script Configurable Interfaces That Enable Functional Connection To A System On The Va Lan Network. Specifically, Compatibility With Veterans Data Integration And Federation (vdif) Health-connect Is Required. Pou Weight Based System Also Must Interface With Va S Legacy (and Current) Inventory System - Gip. 8. Performance Monitoring completion Of The Install Will Be Verified By The Contracting Officer Representative (cor) Or Designated Personnel. Functionality And Accuracy Of The Installed Equipment Will Be Continuously Monitored By Supply Chain Staff To Ensure Equipment Is Functioning Properly And Providing Accurate And Timely Information For Inventory And Reordering Purposes. Installed Equipment And Software Is Monitored By Contractor Employees By Daily Check-ins That Shall Occur Remotely At Least 4 Times Every 24 Hours. Contractor Support To Be Provided For Any Defects Or Functionality Problems By Contacting Contractor Via Email Or Telephone Within Applicable Time Frames. The Contractor Will Meet (e.g., In Person, Telephone, Etc.) With The Cor Monthly To Address Any Unresolved Issues. Any Unresolved And/or Continuous Issues Will Be Addressed To The Contracting Officer For Corrective Action. 9. Security Requirements vendor Owned Software And/or Application Is To Be Installed On Va Owned Server, Laptop And Desktop Computer. Va Sensitive Information Is Not Being Transmitted, Only Scale Numbers And Supply Quantification Information. contractor Personnel Performing Installation May Be Required To Complete The Department Of Veterans Affairs Security Screening. General Contractor S Employees Shall Not Enter The Work Area Without The Appropriate Badge. They Must Present Themselves To The Facility Va Police For A Contractor S Badge To Be Worn During The Set-up Of The System. They May Be Subject To Inspection Of Their Personal Effects When Entering Or Leaving The Work Area. 10. Government-furnished Equipment (gfe)/government-furnished Information (gfi) va Visn 20 Facilities Will Furnish A Server, Laptop, And Desktop Computer For Installation Of Vendor Owned Software And Related Programs Need To Make The Installed Equipment Operational. 11. Other Pertinent Information Or Special Considerations identification Of Possible Follow-on Work. Support Services Will Be Maintained And Purchased After Initial 1-year Warranty Is No Longer Effective. 12. Risk Control employees Of Contractor Responsible For Installation And Setup Will Have Background Check Completed Or Show Proof Of Background Check Completed No Longer Than One (1) Year Ago, From Date Of Award Including Fingerprint Analysis. Contractor Employees Shall Always Obtain Va Badge And Wear On Their Person Above Their Waist And Visible. contractor Will Be Installing A Supply Storage And Tracking System In An Area Under Construction. Workers Will Need To Be Cognizant Of Staff Movements, Equipment, And A Plethora Of Activity During Certain Periods Of The Workday. Installation Staff Shall Have No Patient Contact Or Access To Sensitive Patient Information. Cor Will Be Available For Risk Intervention Should The Need Arise. 13. Period Of Performance installation To Begin No Later Than 30 Days After Contract Award Date. Installation Will Be Phased By Facility And Will Be At The Discretion Of The Visn 20 Csco (chief Supply Chain Officer). The Fcsco (facility Chief Supply Chain Officer) At Each Facility Will Provide The Contractor A Deployment Plan, To Include Time And Location Of Installations. The Pricing Period For This Idiq Is From Date Of Award Through 5 Years. b.3 Price/cost Schedule please Reference The Par Excellence Visn 20 Price List, Within Section D For A Complete List Of Applicable Pricing Throughout The Life Of The Contract. The Guaranteed Minimum Award Amount For This Contract Is $3,500.00. The Maximum Aggregate Value Of Orders That Can Be Placed Under This Contract Is $25 Million. The Government Does Not Guarantee That It Will Place Any Orders Under This Contract In Excess Of The Guaranteed Minimum Award Amount. The Above Amounts Are Based On The Independent Government Estimate Individual Task Orders For Funding Will Be Issued By A Network Contracting Office (nco) 20 Contracting Officer To The Contractor As The Need Arises (bona Fide Need). b.4 Attachment 1 - Va Handbook 6500.6 - Appendix B va Acquisition Regulation Solicitation Provision And Contract Clause note: This Clause Will Undergo Official Rule Making By The Office Of Acquisitions And Logistics. The Below Language Will Be Submitted For Public Review Through The Federal Register. The Final Wording Of The Clause May Be Changed From What Is Outlined Below Based On Public Review And Comment. Once Approved, The Final Language In The Clause Can Be Obtained From The Office Of Acquisitions And Logistics Programs And Policy. 1. Subpart 839.2 Information And Information Technology Security Requirements 839.201 Contract Clause For Information And Information Technology Security: a. Due To The Threat Of Data Breach, Compromise Or Loss Of Information That Resides On either Va-owned Or Contractor-owned Systems, And To Comply With Federal Laws And regulations, Va Has Developed An Information And Information Technology Security Clause To be Used When Va Sensitive Information Is Accessed, Used, Stored, Generated, Transmitted, Or exchanged By And Between Va And A Contractor, Subcontractor Or A Third Party In Any Format (e.g., Paper, Microfiche, Electronic Or Magnetic Portable Media). b. In Solicitations And Contracts Where Va Sensitive Information Or Information Technology will Be Accessed Or Utilized, The Co Shall Insert The Clause Found At 852.273-75, Security requirements For Unclassified Information Technology Resources. 2. 852.273-75 - Security Requirements For Unclassified Information technology Resources (interim- October 2008) as Prescribed In 839.201, Insert The Following Clause: the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws, regulations, Standards, And Va Directives And Handbooks Regarding Information And Information System Security As Delineated In This Contract. (end Of Clause) b.5 Attachment 2 - Va Handbook 6500.6 Appendix C va Information And Information System Security/privacy Language For Inclusion Into Contracts, As Appropriate 1. General contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems a Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. all Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness. d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. 3. Va Information Custodial Language information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. the Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. the Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed. if Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. if A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. the Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. the Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. for Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cotr. 4. Information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: (a) The Systems Of Records (sor); And (b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform; (2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than ____ Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within ____ Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. 5. Information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned Equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va Approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral software And The Firewall On The Non-va Owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) Vendor Must Accept The System Without The Drive; (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then; (a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Preapproved And Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. 6. Security Incident Investigation a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive relief Against Any Third Party Arising From, Or Related To, The Incident. 7. Liquidated Damages For Data Breach a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access); (2) Description Of The Event, Including: (a) Date Of Occurrence; (b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code; (3) Number Of Individuals Affected Or Potentially Affected; (4) Names Of Individuals Or Groups Affected Or Potentially Affected; (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6) Amount Of Time The Data Has Been Out Of Va Control; (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Sensitive Personal Information, If Any; (9) Assessment Of The Potential Harm To The Affected Individuals; (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $______ Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: (1) Notification; (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; (3) Data Breach Analysis; (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training a. All Contractor Employees And Subcontractor Employees Requiring Access To Va information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems: (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems; (2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training; (3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And (4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.] b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete. potential Businesses Having The Capabilities Necessary To Provide The Above Stated Equipment Services Are Invited To Respond To This Sources Sought Notice Via E-mail To Gregory.watson2@va.gov No Later Than 06/21/24. No Telephone Inquiries Will Be Accepted. responses Should Include The Following Information: Company Name, Address, And Business Size, Point Of Contact Name, Phone Number, And E-mail Address, Oem Certifications For Technicians To Provide The Services Must Be Included In The Response. Oem Documentation Confirming Access To All Required Oem Parts Must Be Included In The Response. please Note Whether System Is Presently Offered On A Current Government Contract. Naics Code 541990 Is Applicable To Determine Business Size Standard. Any Questions Or Concerns May Also Be Directed To Gregory.watson2@va.gov Via E-mail. disclaimer And Important Notes: this Sources Sought Notice Does Not Obligate The Government To Award A Contract Or Otherwise Pay For The Information Provided In Response. The Government Reserves The Right To Use Information Provided By Respondents For Any Purpose Deemed Necessary And Legally Appropriate. The Government Will Treat Any Information Received As Proprietary And Will Not Share Such Information With Other Companies. Any Organization Responding To This Sources Sought Notice Should Ensure That Its Response Is Complete And Sufficiently Detailed To Allow The Government To Determine The Organization's Qualifications To Perform The Work. Respondents

Details: Description Municipality Of Hinabangan Hinabangan, Samar Invitation To Bid For Supply And Delivery Of Office Supplies, Other Supplies & Materials, Office Equipment, Ict Equipment, Furniture And Fixtures For The Different Offices Of Lgu-hinabangan, Samar 1. The Municipal Government Of Hinabangan, Through The General Fund- Mooe –municipal Mayor’s Office Cy 2024 And General Fund- Capital Outlay – Municipal Mayor’s Office Cy 2024 As Per Appropriation Ordinance No. 06 Series Of 2023 Intends To Apply The Sum Of Two Million Five Hundred Fifty Four Thousand Five Hundred Thirty Seven Pesos Only (php2,554,537.00) Being The Abc To Payments Under The Contract For Supply And Delivery Of Office Supplies, Other Supplies & Materials, Office Equipment, Ict Equipment, Furniture And Fixtures For The Different Offices Of Lgu-hinabangan, Samar. Bids Received In Excess Of The Abc Shall Be Automatically Rejected At Bid Opening. 2. The Municipal Government Of Hinabangan Now Invites Bids For The Above Procurement Project Which Includes The Following To Wit; Mayor’s Office Item No. Description Unit Of Issue Quantity 1 Stapler #35 Pcs 3 2 Glue 240g Bottles 15 3 Staple Wire Boxes 15 4 Binder Clips 51mm(2") Boxes 20 5 Binder Clips 3/4 (19mm) Width Boxes 20 6 White Folder (long) Ream 1 7 White Folder (a4) Ream 1 8 Mailing Envelope (white Long) Pcs 100 9 Bond Paper (a4) Boxes 5 10 Paper Clip (big) Boxes 20 11 Paper Clip (small) Boxes 20 12 Paper Fastener Boxes 6 13 Masking Tape(1") Rolls 10 14 Masking Tape(2") Rolls 10 15 Scotch Tape (1") Rolls 10 16 Scotch Tape (2") Rolls 10 17 Yellow Pad Pad 3 18 Sign Pen 0.5 (blue) 12s Boxes 5 19 Sign Pen 0.5 (black) 12s Boxes 5 20 Permanent Marker Black/blue Boxes 2 21 Permament Marker Ink (black/blue) Boxes 1 22 Ballpen (blue) Boxes 5 23 Ballpen (black) Boxes 5 24 Record Book (500 Pages) Pcs 10 25 Correction Tape Pcs 48 26 Post It/sticky Note 3inx3in (assorted) Pad 20 27 Box Filer Pcs 20 28 Dtr Pad 20 29 Stamping Pad Pcs 6 30 Stamping Pad Ink Pcs 4 31 Calculator Pcs 2 32 Brown Envelope (long) Pcs 100 33 Scissors (big) Pcs 1 34 White Board 25*35cm Pcs 1 35 Spray Alcohol 500ml Bottles 12 36 Ink Bt5000 Black Bottles 5 37 Ink Bt5000 Cyan Bottles 5 38 Ink Bt5001 Magenta Bottles 5 39 Ink Bt5002 Yellow Bottles 5 40 Flash Drive Pcs 5 41 Ink Epson L3250/l3110/l5290 Cyan Bottles 10 42 Ink Epson L3250/l3110/l5290 Magenta Bottles 6 43 Ink Epson L3250/l3110/l5290 Yellow Bottles 6 44 Ink Epson L3250/l3110/l5290 Black Bottles 6 45 Ink Epson Wf-c5890 Black Bottles 5 46 Ink Epson Wf-c5890 Cyan Bottles 5 47 Ink Epson Wf-c5890 Magenta Bottles 5 48 Ink Epson Wf-c5890 Yellow Bottles 5 49 Portable External Hard Drive 1tb Pcs 1 50 Doormat Pcs 4 51 Dust Pan Pcs 2 52 Broomstick Pcs 10 53 Siphid (soft)/batad Pcs 6 54 Water Dipper Pcs 2 55 Toilet Bowl Cleaner 500ml Bottles 6 56 Albatros Big Pcs 10 57 Garbage Bag Rolls 12 58 Toilet Bowl Brush Pcs 2 59 500 Grams Powder Laundry Pack 2 60 Laundry Soap Bar 4 61 Bath Soap Bar 5 62 Printer Epson Wf-c5890 Unit 1 63 Wifi Modem Pc 1 Hrmo Item No. Description Unit Of Issue Quantity 1 Swivel Executive Chair Pc 1 2 Binder Clip/double Clip Small Box 5 3 Bond Paper-legal Size Ream 15 4 Bond Paper-a4 Size Ream 15 5 Vellum Paper-cream (long) Ream 1 6 Stapler Wire #35 Boxes 2 7 Stapler #35 Pc 2 8 Paper Clip Big Boxes 5 9 Paper Clip Small Boxes 3 10 Stamp Pad -purple Big Pc 2 11 Logbook/record Book 500leaves Pcs 10 12 Scissors Heavy Duty Pcs 3 13 Masking Tape 1" Roll 2 14 Scotch Tape 1" Roll 3 15 Correction Tape Pcs 12 16 Ballpen Black 24s Box 2 17 Sign Pen Green 24s Box 1 18 Sign Pen Blue 24s Box 1 19 Glue 240g Pcs 3 20 Pentel Pen Broad Black Box 1 21 7in1 Office Supplies Desk Organizer/supplies Storage Holder Black Pc 1 22 Folder Legal Size Ream 1 23 Pencil Box 1 24 Cutter (big) Pc 2 25 Casio Calculator (14digits) Pc 1 26 Heavy Duty Puncher Pc 2 27 Box Filer (legal Size-big) Pc 24 28 Incoming & Outcoming Rack Pc 1 29 Document Filer With Ring (long) Pc 20 30 Canon Ink G70 - Black Pc 6 31 Canon Ink G70 - Cyan Pc 3 32 Canon Ink G70 - Yellow Pc 3 33 Canon Ink G70 - Magenta Pc 3 34 Epson L350 Ink - Black Pc 4 35 Epson L350 Ink - Cyan Pc 3 36 Epson L350 Ink - Yellow Pc 3 37 Epson L350 Ink - Magenta Pc 3 38 Lysol Air Freshener (510g) Pc 2 39 Tissue Paper 2 Ply Rolls 12 40 Alcohol (70% Isopropyl) Gallon 1 41 Wet Wipe (large) Pack 6 42 Tornado Mop Pc 1 43 Dust Pan Pc 2 44 Swip Broom Pc 2 45 Trash Bin Pc 1 Mpdc Office Item No. Description Unit Of Issue Quantity 1 Bond Paper A4 70gsm Ream 30 2 Bond Paper Long 70gsm Ream 30 3 Stapler #35 Pcs 2 4 Folder - Legal Size Ream 2 5 Ballpen Black (flexstick)0.7 Boxes 6 6 Sign Pen Black 0.5 Boxes 6 7 Glue 240g Pcs 2 8 Pencil Boxes 3 9 Dtr Pads 12 10 Epson Ink 003 - Black Bottles 12 11 Epson Ink 003 - Cyan Bottles 8 12 Epson Ink 003 - Magenta Bottles 8 13 Epson Ink 003 - Yellow Bottles 8 14 Lyson Air Freshener Pcs 6 15 Epson Ink Wf-c5790 - Black Bottles 6 16 Epson Ink Wf-c5790 - Cyan Bottles 6 17 Epson Ink Wf-c5790 - Magenta Bottles 6 18 Epson Ink Wf-c5790 - Yellow Bottles 6 19 Tornado Mop Pc 1 20 Alcohol (spray Bottles) 500ml Bottles 6 21 Albatros Big Pcs 12 22 Toilet Bowl Cleaner Bottles 12 23 Detergent Powder 1 Kg Pack 6 24 Pvc Cover Long Ream 3 25 Pvc Cover A4 Ream 5 Item No. Description Unit Of Issue Quantity 1 Laptop Unit 1 Display Screen: 16" Screen Resolution : 2560 X 1440 Pixels Refresh Rate: 120hz Screen Technology: Ips Platform Processor: Amd Ryzen 7 Processor Manufacturer: Amd Os: Window 10 Pro Processor Core: Octa Core Processor Speed: 3.1ghz Storage Storage: 512gb Storage Type: Ssd Number Of Storage Slots: 2 Upgradable Storage: Yes Memory Ram: 16gb Ram Speed: 3200mhz Ram Type: Ddr4 Upgradable Ram: Yes Number Of Ram Slots: 2 Design Weight: 1.7kg Body Material: Magnesium Alloy Battery Battery Life: 11h Graphics Graphic Card: Nvidia Geforce Rtx 3060 Camera Webcam Resolution: Full Hd Connector Ports Usb Type 2 X Usb Type-c, 1 X Usb 3.0 Thunderbolt: Yes Vga: Yes Total Usb: 3 Dvi: Yes Card Reader: No Displayport: Yes Hdmi: Yes Headphone Jack: Yes Optical Disc Drive Optical Disc Drive: None Connection Wi-fi Standard: 802.11ax Features Touch Screen: No Fingerprint Reader: No Backlit Keyboard: Yes Colour Colour: Eclipse Gray Kalahi Office Item No. Description Unit Of Issue Quantity 1 Bond Paper A4 Ream 60 2 Bond Paper Legal Ream 50 3 Plastic Paper Fasterner Box 5 4 Stapler With Remover Pcs 10 5 Stapler Wire #35 Box 5 6 Binder Clip 32mm Box 5 7 Binder Clip 41mm Box 5 8 Binder Clip 51mm Box 5 9 Paper Clip Jumbo Box 10 10 Ballpen 0.5 Box 50 11 Folder Long Ream 1 12 Correction Tape Pcs 24 13 Pencil Box 3 14 Pencil Eraser Large Pcs 8 15 Pencil Sharpener Pcs 2 16 Elmer's Glue Big Pcs 5 17 Ruler Pcs 5 18 Calculator Pcs 2 19 Scissors Pcs 10 20 Black Permanent Marker Pcs 24 21 Masking Tape Pcs 24 22 Sticky Note 1x3 Pad 10 23 Sticky Note 3x3 Pad 10 24 Double Sided Tape Roll 24 25 White Envelope Box 2 26 Plastic Envelope With Holder Pcs 10 27 Epson Ink 003 Black Pcs 8 28 Epson Ink 003 Cyan Pcs 3 29 Epson Ink 003 Yellow Pcs 3 30 Epson Ink 003 Magenta Pcs 3 31 Tables Pcs 8 32 Kurtina Pcs 6 33 Wall Fan Pcs 2 Item No. Description Unit Of Issue Quantity 1 Laptop Unit 1 Operating System: Window 10 Home Processor: Intel Core I5 -1235u Processor (12 Mb Smart Cache, 1.3 Ghz Performance -core With Intel Turbo Boost Technology 2.0 Up To 4.4 Ghz) Supporting Hydrid Core Architechture With Performance Core And Efficientcore. Memory: 8gb 3200 Mhz Of Ddr4 System Memory (upgradeable Up To 32gb Using Two Sodimm Modules) 1 Memory Slot Harddisk: 512gb Nvme Ssd Resolution: 1920 X 1080 Battery: 48 Wh 3-cell Li-ion Battery Pack 2 Computer Set (mouse,avr, Keyboard And Monitor) Set 1 Computer Processor: Intel I5, Equivalent Amd Or Greater Processor Memory:16gb Ram Storage: 1tb Solid State(ssd) Hard Drive Or Large Web Camera And Mic Network:10/100/1000 Base: T Ethernet Wireless:802.11g/n Dual Band (2.4/5.0ghz) Operating System: Window 10 Professional/ Macos 3 Flashdrive (64gb) Pcs 10 4 External Drive (1tb) Pcs 4 Accounting Office Item No. Description Unit Of Issue Quantity 1 Bond Paper/a4,perfect Print Ream 50 2 Heavy Duty Extension Wire Pcs 2 3 Maintenance Box (epson L3210) Pcs 2 4 Maintenance Box (epson L1455) Pcs 1 5 Maintenance Box (epson L5290) Pcs 1 6 Epson L3210 Ink (black 003) Pcs 10 7 Epson L3211 Ink (cyan 003) Pcs 8 8 Epson L3212 Ink (yellow 003) Pcs 8 9 Epson L3213 Ink (magenta 003) Pcs 8 10 Black Ink 774 (epson L1455) Pcs 8 11 Cyan Ink 774 (epson L1455) Pcs 5 12 Magenta Ink 774 (epson L1455) Pcs 5 13 Rj45 Crimping Tool For Passthrough Rj45 Pcs 1 14 Cat6/cat5e Rj45 Passthrough/100pcs Box 1 15 Comlink Cat6 Utp Network Cable Box 1 16 Yellow Ink 664 (epson L1455) Pcs 5 17 Battery (aa) Box 2 18 Acer/aspire A514-53 Charger Pcs 1 19 White Folder/ Long Ream 3 20 Stapler Hbw Pcs 4 21 Black Flexistick Pen Box 5 22 Correction Tape Pcs 20 23 Elmers Glue Bottle 6 24 70% Alcohol/500ml Bottle 10 25 Masking Tape 2" Pcs 5 26 Box Filer/green Pcs 30 27 Binder Clip (2 Inches) Box 8 28 Paper Clip/big Colored Box 4 29 Paper Clip/ Small Colored Box 4 30 Sign Pen/ Black Box 3 31 Sign Pen/ Green Box 3 32 Sign Pen/ Blue Box 3 33 Record Book 500 Leaves Pcs 6 34 Sticky Notes Pad 10 35 Heavy Duty Puncher Pcs 6 36 Tissue/ 3 Ply Roll 36 37 Expanded Envelope/ Green Pcs 20 38 Pencil Sharpener Pcs 1 39 Pencil (mongol 2) Box 2 40 Lighter Pcs 3 41 High Strength Elastic Silicone Rubber Band 50g Box 10 42 Plastic Ring Binder 1" Pcs 6 43 Plastic Ring Binder 1/2" Pcs 7 44 Plastic Ring Binder 3/4" Pcs 6 45 Plastic Ring Binder 3/4" Pcs 6 46 Specialty Paper A4/green Pack 6 47 Air Freshener Pcs 2 48 Paper Fastener Box 10 49 2 Layer Bond Paper Rack Pcs 6 50 Heavy Duty Staple Wire/ 8mm Box 5 51 Heavy Duty Staple Wire/ 6mm Box 5 52 Calculator,compact 12 Digits Pcs 4 53 Stamp Pad Pcs 6 54 Feather Duster Pcs 2 55 Scissor Pcs 6 56 Transparent Ruler/ 12 Inch Pcs 3 Item No. Description Unit Of Issue Quantity 1 Office Table Lenght: 100 Cm Width: 45 Cm Height: 74 Cm Pc 7 2 Office Swivel Chair Pc 7 Item No. Description Unit Of Issue Quantity 1 27inch High Definition Curve Monitor Pc 1 2 Printer Unit 1 3 Desktop Set/core I7 Processor Unit 5 4 Secure Ups 1000va, Uninterruptible Power Supply For Pc Laptop Of Wifi Unit 7 5 Duplex Sheet-fed Unit 2 6 Secure Ups 5000va, Uninterruptible Power Supply For Pc Laptop Of Wifi Unit Engineering Office Item No. Description Unit Of Issue Quantity 1 Bond Paper - Legal Size Reams 35 2 Bond Paper - A4 Reams 20 3 Stapler Wire Boxes 5 4 Stapler #35 Pc 1 5 Folder -legal Ream 1 6 Masking Tape 1" Pcs 3 7 Masking Tape 2" Pcs 3 8 Ballpen Black 24s Boxes 5 9 Sign Pen Black 24s Boxes 5 10 Glue 240g Pcs 2 11 Dtr Pads 3 12 Detergent Powder Kls 2 13 Pentel Pen Broad Black Boxes 2 14 Brother Ink Lc539xl -black Bottles 10 15 Brother Ink Lc539xl -cyan Bottles 5 16 Brother Ink Lc539xl -magenta Bottles 5 17 Brother Ink Lc539xl -yellow Bottles 5 18 Air Freshener Pcs 6 Item No. Description Unit Of Issue Quantity 1 Laptop Unit 1 Display Screen: 16" Screen Resolution : 2560 X 1440 Pixels Refresh Rate: 120hz Screen Technology: Ips Platform Processor: Amd Ryzen 7 Processor Manufacturer: Amd Os: Window 10 Pro Processor Core: Octa Core Processor Speed: 3.1ghz Storage Storage: 512gb Storage Type: Ssd Number Of Storage Slots: 2 Upgradable Storage: Yes Memory Ram: 16gb Ram Speed: 3200mhz Ram Type: Ddr4 Upgradable Ram: Yes Number Of Ram Slots: 2 Design Weight: 1.7kg Body Material: Magnesium Alloy Battery Battery Life: 11h Graphics Graphic Card: Nvidia Geforce Rtx 3060 Camera Webcam Resolution: Full Hd Connector Ports Usb Type 2 X Usb Type-c, 1 X Usb 3.0 Thunderbolt: Yes Vga: Yes Total Usb: 3 Dvi: Yes Card Reader: No Displayport: Yes Hdmi: Yes Headphone Jack: Yes Optical Disc Drive Optical Disc Drive: None Connection Wi-fi Standard: 802.11ax Features Touch Screen: No Fingerprint Reader: No Backlit Keyboard: Yes Colour Colour: Eclipse Gray Municipal Agriculture’s Office Item No. Description Unit Of Issue Quantity 1 Stapler Pcs 12 2 Stapler Wire Boxes 10 3 Ballpen Black Boxes 2 4 Ballpen Blue Boxes 2 5 Band Paper -legal Ream 5 6 Band Paper -a4 Ream 5 7 Ruler, Plastic, 18" Pcs 6 8 Correction Tape Pcs 20 9 Elmer's Glue Jar 10 10 Dtr Pad 10 11 Tissue (2ply) Rolls 60 12 Alcohol 70% 500ml Bottles 12 13 White Folder/ Long Pcs 50 14 White Folder/ A4 Pcs 50 15 Meter Stick Pcs 6 16 Packing Tape 2" Rolls 4 17 Masking Tape 2" Rolls 4 18 Marking Pen Black Pcs 10 19 Marking Pen Blue Pcs 10 20 Record Book 500leaves Pcs 4 21 Sign Pen Black Boxes 2 22 Sign Pen Blue Boxes 2 23 Pencil #2 Boxes 5 24 Paper Clip Big Boxes 5 25 Paper Fastener (plastic) Boxes 5 26 Cartolina Asstd. Pcs 100 27 Scissor Pcs 5 28 Box Filer Pcs 10 29 Air Freshener- Lysol 1000g Bottle 3 30 Ink L5190/balck Bottle 3 31 Ink L5190/yellow Bottle 3 32 Ink L5190/ Magenta Bottle 3 33 Ink L5190/ Cyan Bottle 3 34 Dust Pan Pcs 3 35 Feeder Duster Pcs 3 36 Liquid Soap Gallon 3 37 Muriatic Acid Gallon 3 38 Diswashing Liquid Gallon 3 39 Albatross Pcs 10 40 Steel Wool Pcs 10 Item No. Description Unit Of Issue Quantity 1 Computer Set (avr, Monitor, Keyboard And Mouse) Unit 1 Computer Processor: Intel I5, Equivalent Amd Or Greater Processor Memory:16gb Ram Storage: 1tb Solid State(ssd) Hard Drive Or Large Web Camera And Mic Network:10/100/1000 Base: T Ethernet Wireless:802.11g/n Dual Band (2.4/5.0ghz) Operating System: Window 10 Professional/ Macos 2 Steel Cabinet Unit 1 Assessor’s Office Item No. Description Unit Of Issue Quantity 1 Bond Paper Long-legal Size Boxes 5 2 Bond Paper - A4 Size Boxes 5 3 Logbook/record Book Pcs. 3 4 Correction Tape 10-15 Mm Dozen 2 5 Ballpen Black Dozen 4 6 Brown Envelope Long Pcs. 100 7 Tissue Paper 2 Ply Pcs. 36 8 Mouse Pad Pcs. 2 9 Carbon Paper Long Ream 3 10 Data Box Filer - Legal Pcs. 6 11 Fastener, Paper Plastic Vinyl Coated Boxes 3 12 Marker Permanent Black Boxes 2 13 Marker Permanent Blue Boxes 2 14 Pencil Monggol Boxes 3 15 Sign Pen Black Boxes 2 16 Staple Wire, Standard # 35 Pcs. 12 17 Stapler Standard # 35 Heavy Duty W/ Remover Pcs. 2 18 Stamp Pad Pcs. 2 19 Stamp Pad Ink 50ml. Pcs. 5 20 Puncher Heavy Duty Pcs 1 21 Sharpener, Pencil Pcs. 1 22 Scissor, ( 8") Pcs. 5 23 Epson L3210 Ink Black Bottle Bottle 6 24 Epson L3210 Ink Yellow Bottle Bottle 3 25 Epson L3210 Ink Magenta Bottle Bottle 3 26 Epson L3210 Ink Blue Bottle Bottle 3 27 Rack File 3 Layer Pcs. 2 28 Air Freshener Can 2 29 Alcohol 70% 500ml Bottle 5 30 Broom Soft Pcs. 2 31 Dishwashing Liquid Joy 250ml Bottle 6 32 Mop ( Cleaning Material ) Pc. 1 33 Spoon & Fork Dozen 1 34 Plate ( Glass ) Dozen 1 35 External Hard Drive 2tb Pcs 2 Item No. Description Unit Of Issue Quantity 1 Laptop Unit 1 Operating System: Window 11 Home Processor: Intel Core I5 -1235u Processor (12 Mb Smart Cache, 1.3 Ghz Performance -core With Intel Turbo Boost Technology 2.0 Up To 4.4 Ghz) Supporting Hydrid Core Architechture With Performance Core And Efficientcore. Memory: 8gb 3200 Mhz Of Ddr4 System Memory (upgradeable Up To 32gb Using Two Sodimm Modules) 1 Memory Slot Harddisk: 512gb Nvme Ssd Resolution: 1920 X 1080 Battery: 48 Wh 3-cell Li-ion Battery Pack 2 Executive Office Chair Unit 1 3 Swivel Chair Unit 1 Mcr Office Item No. Description Unit Of Issue Quantity 1 Ballpen Black Box 6 2 Correction Tape Pcs 20 3 Correction Fluid Pcs 10 4 Data File Box, (5"x9" X15"-3/4) Pcs 12 5 Envelop Brown (long) Pcs 500 6 Paper Fasteners (50 Pcs)-plastic Box 6 7 Folder Filer Pcs 20 8 Glue, All Purpose, 300 Grams Jars 6 9 Marker Permanent Black Pcs 6 10 Paper Band Premuim Grade A4 Ream 10 11 Paper Band Premuim Grade Legal Ream 10 12 Pencil, Lead W/ Eraser Box 6 13 Record Book, 300pages Pcs 3 14 Record Book,500 Pages Pcs 3 15 Sign Pen 0.5 Black Box 2 16 Staple Wire Standard #18 Boxes 6 17 Stamp Pad Ink Black 50ml Bottle 6 18 Tape Double Sided 1" Roll 6 19 Puncher Heavy Duty Pcs 2 20 Sharpener Pencil Heavy Duty Pcs 2 21 Stapler Heavy Duty W/ Remover Pcs 2 22 Scissor (8") Pcs 5 23 Table File Rack (4layer) Pcs 4 24 Dtr Pads 6 25 Highlighter (yellow) Pcs 6 26 Highlighter (green) Pcs 6 27 Highlighter (red) Pcs 6 28 Carbon Paper Long (black) Ream 6 29 Paper Clip (big) Boxes 10 30 Paper Clip (small) Boxes 10 31 Folder -legal Ream 1 32 Push Pins Box 1 33 Foldback Clip Box 1 34 Epson Ink 003- L5190 (black) Bottle 18 35 Epson Ink 003- L5190 (magenta) Bottle 18 36 Epson Ink 003- L5190 (cyan) Bottle 18 37 Epson Ink 003- L5190 (yellow) Bottle 18 38 Alcohol 70% Ethyl 500ml Bottle 6 39 Bath Soap 135grams Pcs 6 40 Broom, Soft (tambo) Pcs 2 41 Detergent Powder, All Pupose 2000grams Pack 2 42 Dust Pan, Non-rigid Plastic With Broom Pc 1 43 Toilet Paper Pcs 24 44 Toilet Bowl Cleaner 100ml Bottle 4 45 Tornado Map (home Gallery) Pcs Item No. Description Unit Of Issue Quantity 1 3-in-1 Printer Pc 1 2 Executive Chair Pc 1 3 Computer Set(monitor, Cpu, Avr, Keyboard W/ Mouse) Pc 1 Processor: Intel I5, Equivalent Amd Or Greater Processor Memory: 16gb Ram 1 Tb Ssd Hard Drive O/s: Windows 11 Budget Office Item No. Description Unit Of Issue Quantity 1 Bond Paper Long - Legal Size Boxes 15 2 Bond Paper - A4 Size Boxes 12 3 Correction Tape 10-15mm Dozen 2 4 Ballpen Black (pilot Fine) Dozen 10 5 Ballpen Blue (pilot Fine) Dozen 10 6 Tissue Paper 2 Ply(12s Bundle 5 7 Data Box Filer - Legal Pcs 24 8 Fastener Paper Plastc Vinyl Coated Boxes 6 9 Pencil Mongol Boxes 2 10 Sign Pen Black 0.5 Boxes 3 11 Sign Pen Blue 0.5 Boxes 3 12 Staple Wire Standard #35 Boxes 5 13 Puncher Heavy Duty(2 Hole Punch) Big Pcs 2 14 Pencil Sharpener Heavy Duty Pc 3 15 Scissor Pcs 3 16 Ruler 12" Plastic Pc 2 17 Epson Ink 003 - Black Bottles 12 18 Epson Ink 003 - Cyan Bottles 6 19 Epson Ink 003 -yellow Bottles 6 20 Epson Ink 003 Magenta Bottles 6 21 Double Sided Tape 20mm, 5m Roll 3 22 Masking Tape Roll 3 23 Packing Tape Roll 3 24 Transpapernt Tape 2" Roll 3 25 Pvc Cover Long Ream 5 26 Pvc Cover A4 Ream 3 27 Valiant Vellum Board 10s 180gsm-white Pack 5 28 Plastic Ringbider 1/2" X 44 Pcs 24 29 Air Freshener Can 2 30 Alcohol 70% Gallon (green Cross) Gallon 3 31 Door Mat Pc 4 32 Sponges (scotch Brite) Pc 2 33 Albatros Pc 3 34 Liquid Hand Soap 500ml Pc 1 35 Toilet Bowl Cleaner Pc 4 36 Broom Soft Pc 1 37 Trashbag Large (roll)10s Pack 2 Item No. Description Unit Of Issue Quantity 1 31.5" Monitor (brightness: 250 Cd/m (typical); Aspect Ratio 16:9) Pc 1 2 Printer A3 Monochrome Copier Equipped With Standard Gdi Printing And Twain Scanning Function: Network Connectivity; Copy/ Print Speed Up To 18 Pages Per Minute; Standard Paper Capacity Of 350 Sheets (incl. 100 Sheets From Multi-bypass Tray); Paper Sizes A5 To A3 And Paper Weight 64-157 G/m2 Pc 1 3 Computer/ Desktop Set: Set 1 Operating System: Window 11 Home Processor Type: Core™ I7 Processor Model: Intel® Processor Speed: 2.1 Ghz Processor Core: Hexadeca-core (16 Core) Standard Memory: 8 Gb Maximum Memory: 32 Gb Ddr4 Memory Technology: Ddr4 Sdram Total Hard Drive Capacity: 1tb Total Solid State Drive Capacity: 256gb Monitor Screen Size: 31.5" Screen Resolution: 1920x1080 ＠100hz Bac Office Item No. Description Unit Of Issue Quantity 1 Bond Paper -legal Size Reams 50 2 Bond Paper -a4 Reams 20 3 Stapler #35 Pcs 1 4 Folder -legal Ream 2 5 Ballpen Black (flexstick 0.7) Boxes 5 6 Signpen Black 0.5 Boxes 3 7 Glue 240g Pcs 3 8 Pvc Cover A4 Box 1 9 Pencil Mongol 2 Boxes 1 10 Ring Binder 1/2 X 44" Pcs 25 11 Ring Binder 3/4 X 44" Pcs 25 12 Masking Tape 2" Pcs 3 13 Box Filer Big Legal Size Pcs 20 14 Dtr Pads 2 15 Epson Ink 003 - Black Bottles 8 16 Epson Ink 003 - Cyan Bottles 3 17 Epson Ink 003 - Magenta Bottles 3 18 Epson Ink 003 - Yellow Bottles 3 19 Toilet Bowl Cleaner 100ml Bottles 2 20 Albatros (big) With Holder Pcs 3 21 Detergent Powder 1kg Pack 3 22 Dishwashing Liquid 850ml Pcs 2 23 Tissue (2ply) Rolls 12 24 Diswashing Sponge Pcs 5 25 Lysol Air Freshener (681ml) Pcs 4 26 Extension Wire (5meters) Unit 2 27 Dish Rack Plate Organizer With Holder Unit 1 28 2 Burner Gas Stove Set 1 29 Lpg Gas 11kg With Complete Accessories Set 1 30 Caldero Double Handle Pc 1 31 Aluminum Kawali Single Handle Pc 1 32 Rectangle Bathroom Mirror Pc 1 33 Spin Mop With Spinner & Bucket Magic Mop Pc 1 34 Plate Dozen 1 35 Spoon Dozen 1 36 Fork Dozen 1 37 Drinking Glass Transparent Dozen 1 38 Clearbook 80 Pockets (long) Pcs 10 Item No. Description Unit Of Issue Quantity 1 Heavy Duty Paper Shredder Machine Unit 1 2 4.8 Cu. Ft. 138l Refrigerator Mini Fridge 2 Door Unit 1 3 Aircon Unit 1 1.5hp Alpha Inverter, Split Type Air Corditioner R32 Refrigerant Eer 11.3 Cooling Capacity 13,000kj/hr Power Input 115w Sound Level At Low 23dba Unit Dimension (mm) (wxhxd): Indoor:789 X 293x 230 Mm Warranty: 1yr On Parts And Labor, Additional 4yrs Warranty On Compressor Peso Office Item No. Description Unit Of Issue Quantity 1 Bond Paper A4 Ream 20 2 Bond Paper Long Ream 20 3 Ballpen Black Box 2 4 Marker Permanent Black Box 2 5 Correction Tape Pc 1 6 Puncher Heavy Duty Pcs 2 7 Stapler #35 Pcs 2 8 Paper Fasterner Box 6 9 Folder Long Ream 1 10 Signpen Black 0.5 Box 1 11 Dtr Pad 3 12 Staple Wire #35 Box 3 13 Epson Ink - Black Bottle 2 14 Epson Ink - Cyan Bottle 2 15 Epson Ink - Magenta Bottle 2 16 Epson Ink - Yellow Bottle 2 Item No. Description Unit Of Issue Quantity 1 Window Type Steel Cabinet Pc 1 2 Laptop I5 16.6"(with Number Pad) Pc 1 Operating System: Window 11 Home Single Language Processor Family: 12th Generation Intel Core I5 Processor Memory: 8gb Ddr4-3200 Mhz Ram (1x8 Gb) Internal Storage: 512 Gb Pcie Nvme M.2 Ssd Mho Item No. Description Unit Of Issue Quantity 1 Glue 240g Pcs 10 2 Scissor Big Heavy Duty Pcs 10 3 Srapler N0. 35 Pcs 10 4 Staple Wire No. 35 Box 10 5 Box Filer Legal Size Big Pcs 20 6 Epson L3210 Ink- Black Pcs 25 7 Epson L3210 Ink- Magenta Pcs 20 8 Epson L3210 Ink- Yellow Pcs 20 9 Epson L3210 Ink- Cyan Pcs 20 10 Mailing Envelope (white Long) Boxes 2 11 Bond Paper (long) 20gsm Reams 20 12 Bond Paper (a4) 20gsm Reams 50 13 Paper Clip (big) Boxes 10 14 Binder Clip/ Double Clip Small Boxes 5 15 Paper Fastener Boxes 10 16 Masking Tape 1" Pcs 10 17 Pentel Pen Broad Black Boxes 2 18 Pentel Pen Broad Blue Boxes 2 19 Push Pins Boxes 10 20 Sticky Notes Assorted Colors Packs 20 21 Triple A Battery Everyday Boxes 2 22 Double A Battery Everyday Boxes 2 23 Puncher Heavyduty Pcs 4 24 Ballpen (flexstick 0.3) Black Pcs 4 25 Expandable Envelope Long Assorted Color Pcs 50 26 Signpen Black 0.3 (dong-a Finetech) Pcs 20 27 Manila Paper Pcs 20 28 Vellum Paper Long Packs 20 29 Photo Paper 210gsm Glossy Packs 5 Item No. Description Unit Of Issue Quantity 1 Window Type Aircon For Rhu Pharmacy 1.5hp Pc 1 2 Window Type Aircon For Drrm - H Opcen/ Epidemiology Surveillance Unit 1hp Pc 1 3 Window Type Aircon For Nurses And Midwives Quarters 1hp Pc 1 4 Exhaust Fan For Wards At Birthing (big) Pcs 2 5 Industrial Fan Pcs 3 Mswdo Item No. Description Unit Of Issue Quantity 1 Bond Paper (long) Reams 10 2 Bond Paper (short) Reams 10 3 Bond Paper A4 Pcs 10 4 Folder (long) Ream 1 5 Box Filer-legal Size Pcs 12 6 Brown Envelope (long) Pcs 50 7 White Envelope (sobre Long) Boxes 2 8 White Envelope (sobre Short) Box 1 9 Sign Pen (black) Box 1 10 Ballpen (black) Box 1 11 Ballpen (blue) Box 1 12 Pencil Boxes 2 13 Record Book (500 Leaves) Pcs 8 14 Record Book (300 Leaves) Pcs 3 15 Pentel Pen (black) Box 1 16 Pentel Pen (blue) Box 1 17 Correction Tape Pcs 12 18 Paper Fastener (plastic) Boxes 2 19 Paper Clip (big) Boxes 4 20 Paper Clip (small) Boxes 4 21 Rubber Band Box 1 22 Typewriter Ribbon Rolls 2 23 Stapler Pcs 2 24 Staple Wire Boxes 4 25 Puncher Pcs 2 26 Calculator Unit 2 27 Stamping Pad Pads 4 28 Plastic Enveloped Long Pcs 24 29 Expanding Folder Pcs 24 30 Expanding Enveloped Pcs 24 31 Stamping Ink Bottles 2 32 Scotch Tape Rolls 12 33 Masking Tape Rolls 12 34 Double Sided Tape Rolls 12 35 Bulb Bulbs 8 36 Curtains Pairs 8 37 Epson Printer Ink Colored 003 Pcs 6 38 Epson Printer Ink Black 003 Pcs 6 39 Pvc Id Ribbon Roll 2 40 Blank Printable Pvc Plastic Photo Id White Pcs 6 41 Mirror/top Glass Unit 2 42 Detergent Bar Bar 6 43 Dishwashing Liquid Bottles 6 44 Muriatic Acid Bottles 2 45 Toilet Paper Rolls 12 46 Floor Wax Can 1 47 Broom Pcs 4 48 Dustpan Pcs 2 49 Trash Bin With Cover Pcs 6 Supplies Office Item No. Description Unit Of Issue Quantity 1 Envelope Brown Long Ream 1 2 Envelope Brown Short Ream 1 3 Bond Paper A4 Ream 20 4 Stapler #35 Pc 1 5 Staple Wire #35 Box 1 6 Paper Clip Big Box 3 7 Folder Long Ream 1 8 Box Filer Pcs 2 9 Ballpen Black Boxes 2 Mto Item No. Description Unit Of Issue Quantity 1 Glue 100grams. - Pcs 12 2 Stapler Pcs 12 3 Staple Wire (5,000 Pcs)(35 Mm) Box 20 4 Calculator Standard- Casio Pcs 12 5 Ballpen Black /flexstick 0.5 (12 Pcs) Box 12 6 Ballpen Blue /flexstick 0.5 (12 Pcs) Box 12 7 Ballpen Red /flexstick 0.5 (12 Pcs) Box 1 8 Scissors Pcs 12 9 Paper Fasteners (50 Pcs)-plastic Box 12 10 Paper Clip (small) Box 12 11 Paper Clip (big) Box 12 12 Folder Long Ream 12 13 Mailing Envelope Ord. Long (50 Pcs)-white Pack 6 14 Scotch Tape (1 Inch) Pcs 12 15 Electrical Tape (16 M) Pcs 1 16 Masking Tape (2 Inches) Pcs 5 17 Correction Tape Pcs 48 18 Cash Book Green Pcs 12 19 Cashbook Blue Pcs 12 20 Cash Book Red Pcs 12 21 Box Filer Pcs 30 22 Tissue (200 M) Rolls 48 23 Seal For Weight & Measure Pcs 60 24 Puncher Pcs 6 25 Sticker Paper(habal Habal Sticker Permit) Sheets 400 26 Whiteboard Pcs 2 27 Marker Ink Black Pcs 6 28 Whiteboard Marker Pcs 12 29 Whiteboard Eraser Pcs 2 30 Stamping Pads Pcs 12 31 Ink Of Stamping Pad Pcs 12 32 Alcohol- Rea/biogenic Bottle 12 33 Sticky Notes S,m,l 12 34 Eraser Pcs 12 35 Rubber Band Box 24 36 Index Card For Bus. Permit Pcs 200 37 Ledger Card For Rpt Pcs 1000 38 Plastic Bag(extra Large) Pcs 100 39 Stabilo Pcs 12 40 Ink Black (epson L3210) Pcs 12 41 Ink Cyan (epson L3210) Pcs 1 42 Ink Yellow (epson L3210) Pcs 1 43 Ink Magenta (epson L3210) Pcs 1 44 Ink Black (epson L120) Pcs 12 45 Ink Cyan (epson L120) Pcs 1 46 Ink Yellow (epson L120) Pcs 1 47 Ink Magenta (epson L120) Pcs 1 48 (rat Poison) 200 G Pcs. 6 49 Albatros Pcs. 12 50 Trash Bag Rolls 12 51 Trash Can Pcs. 6 52 Dustpan Pcs. 4 53 Broom Pcs. 5 54 Toilet Brush Pcs 5 55 Air Freshener- 1000g Bottle 6 56 Disinfectant 1000g Bottle 6 57 Chlorine 1000g Bottle 6 58 Muriatic Acid 1000g Bottle 6 59 Hand Liquid Soap- 450ml Bottle 6 60 Powdered Soap 1kg Bottle 6 61 Dishwashing Liquid - Joy 250ml Bottle 6 62 Baygon 500ml Bottle 6 Water System Office Item No. Description Unit Of Issue Quantity 1 Bond Paper A4 70gsm Ream 25 2 Bond Paper Long 70gsm Ream 25 3 Ballpen (black) Box 6 4 Epson Ink 003 Black Bottles 10 5 Epson Ink 003 Yellow Bottles 5 6 Epson Ink 003 Magenta Bottles 5 7 Epson Ink 003 Cyan Bottles 5 8 Paper Fastener Boxes 6 9 Stapler #35 Pcs 2 10 Staple Wire #35 Boxes 6 11 Folder Long Ream 1 12 Diswashing Liquid 500ml Bottles 6 13 Sponge Pcs 3 14 Curtains 60x72 Inches Pcs 12 15 Adjustable Curtain Rod Pcs 6 16 Plastic Plates White 7.5 Inches Pcs 12 17 Spoon & Fork Stainless Pair 12 18 Tornado Mop Pc 1 19 Dish Drainer Large With Cover Pc 1 20 Siphid/ Batad Pcs 2 21 Dustpan Pc 1 22 Trash Can Pc 1 23 Doormat Pcs 2 24 Rice Cooker 4l Pc 1 25 Printer Epson L350 Pc 1 Delivery Of The Goods Is Required By Fourteen (14) Calendar Days Upon Receipt Of The Notice To Proceed. Bidders Should Have Completed, Within The Last Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. A. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Lgu-hinabangan, Samar And Inspect The Bidding Documents At The Address Given Below During Office Hours. 5. Complete Set Of Bidding Documents May Be Acquired By Interested Bidders Starting On June 17, 2024 From 8:00 A.m. To 5:00 P.m. Mondays To Fridays Except Holidays From The Given Address And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Five Thousand Pesos Only (php5,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment 1 The Fees And To Present In Person. [note: For Lot Procurement, The Maximum Fee For The Bidding Documents For Each Lot Shall Be Based On Its Abc, In Accordance With The Guidelines Issued By The Gppb; Provided That The Total Fees For The Bidding Documents Of All Lots Shall Not Exceed The Maximum Fee Prescribed In The Guidelines For The Sum Of The Abc Of All Lots.] 6. The Lgu-hinabangan, Samar Will Hold A Pre-bid Conference On June 25, 2024 At 11:00 A.m. At Bac Conference Room, Municipal Hall, Hinabangan, Samar Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below On Or Before 10:30 A.m. Of July 8, 2024. Late Bids Shall Not Be Accepted. *only Non-lawyers Are Allowed As Bidder’s Representative. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On 11:00 A.m. Of July 8, 2024 At The Given Address Below. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Lgu-hinabangan, Samar Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Engr. Mary Grace C. Mengote, Enp. Head, Bac Secretariat Lgu-hinabangan, Samar 0975-968-0959 Hinbac2020@gmail.com Engr. Menandro A. Gacelos Bac Chairman 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: Ps-philgeps Engr. Menandro A. Gacelos Bac Chairman

Details: Date: March 4, 2024 Competitive Bid Issued By: Agriculture Financial Services Corporation Competitive Bids For: It Security Consultant To Provide Penetration Tests And Vulnerability Assessment For Afsc Competitive Bid #: Rfp 0696 Contracted Service: Penetration Test And Vulnerability Assessment Provider Closing: March 26, 2024 Afsc Buyer: Kathy Walker Title: Buyer, Business Services Address: Afsc Purchasing Department 5718 56th Avenue Lacombe, Alberta T4l 1b1 E-mail: Rfp@afsc.ca Table Of Contents: Terms And Conditions - 1 - 1.0 Introduction - 1 - 1.1 Definitions - 1 - 1.2 Mandatory Requirements And Desirable Provisions - 1 - 1.3 Confidentiality And Security Of Information - 2 - 1.4 Material Ownership - 2 - 1.5 Conflict Of Interest - 2 - 1.6 Inaccuracies Or Misrepresentations - 3 - 1.7 Inquiries - 3 - 1.8 Blackout Period - 4 - 1.9 Liability For Errors - 4 - 1.10 Notification Of Changes - 4 - 1.11 Vendor’s Expenses - 5 - 1.12 Short Listing - 5 - 1.13 Resource Replacement - 5 - 1.14 Freedom Of Information And Protection Of Privacy - 5 - 1.15 Reservation Of Rights - 6 - 1.16 Competitive Bid Administration - 6 - 1.17 Afsc’s Policies And Procedures For Security And Training On Site - 7 - 1.18 Vendor Debriefing - 7 - 2.0 Statement Of Work - 8 - 2.1 Introduction - 8 - 2.2 Background - 8 - 2.3 Objectives - 9 - 2.3.1 Penetration Testing Services - 9 - 2.3.1.1 Network Penetration Testing Services - 10 - 2.3.1.2 Application Penetration Testing Services - 10 - 2.3.1.3 Social Engineering Testing Services - 10 - 2.3.2 Vulnerability Assessment Services - 10 - 2.3.3 Web Application Penetration Testing Services - 11 - 2.3.4 Red Teaming Exercise - 11 - 2.3.5 Additional Services - 11 - 2.3.6 Security Policy Review. Continuous Threat Exposure Management (ctem) - 12 - 2.4 Duration - 12 - 2.5 Requirements - 12 - 2.5.1 Preferred Requirements - 12 - 2.5.2 Optional Requirements - 16 - 2.5.3 Training - 18 - 2.6 Corporate Capabilities And Executive Summary - 18 - 2.7 Resources - 18 - 2.8 Value Add - 19 - 2.9 Approach - 19 - 2.10 Security - 20 - 2.10.1 Data Classification - 20 - 2.11 Technology Information - 20 - 2.12 Documentation - 20 - 2.13 Additional Information - 21 - 2.14 Disclosure - 22 - 2.15 Pricing - 22 - 3.0 Evaluation - 23 - 4.0 Contract Review - 26 - 4.1 Negotiations - 27 - 5.0 Master Schedule - 27 - 6.0 Proposal Submission Guidelines - 29 - 6.1 Proposal Format - 29 - 6.2 Proposal Submissions - 31 - Terms And Conditions 1.0 Introduction Agriculture Financial Services Corporation (afsc) Is An Alberta Provincial Crown Corporation Under The Ministry Of Agriculture And Irrigation. Afsc’s Core Programs Include Business Risk Management Programs And Services To The Agriculture Industry As Well As Lending Products And Services To Farmers’ Agribusinesses, Value Added Enterprises And Commercial Operations. More Detailed Information About Afsc Is Available On The Website Www.afsc.ca. The Objective Of This Competitive Bid Is For Afsc To Solicit Proposals From Those Qualified In Providing The Specified Services Described Under Section 2.0 Of This Competitive Bid. 1.1 Definitions The Following Abbreviations And Terminology Are Used Throughout This Competitive Bid: Term Description Personnel Employees, Contractors, Subcontractors And Agents Of The Vendor. Vendor Any Business That Is Registered In Canada And Is Authorized To Operate In Alberta, Proposing To Submit A Proposal To The Competitive Bid. Competitive Bid Competitive Bid (rfp), Request For Quote (rfq), Value Based Request (vbr), Notice Of Proposed Procurement (npp), Request For Information (rfi), Request For Comment (rfc) Statement Of Work The Services Required By This Competitive Bid As Described In Section 2.0 Of This Competitive Bid. Contract Monitor Afsc Representative That Will Be Responsible For The Management Of The Contract That May Result From This Competitive Bid. 1.2 Mandatory Requirements And Desirable Provisions Proposals That Do Not Comply With The Competitive Bid Requirements Will Be Rejected. “must”, “shall”, “mandatory” And “will” Mean A Requirement That Must Be Met In Order For The Proposal To Receive Consideration. For Mandatory Requirements, The Vendor Must Provide Sufficient Information In The Proposals To Sustain Compliance To The Competitive Bid’s Mandatory Requirements. “should” And “desirable” Mean A Provision Having A Significant Degree Of Importance To The Objectives Of The Competitive Bid. For Desirable/optional Provisions, The Vendor’s Proposal Should Provide Details Of How The Desirable/optional Provisions Are Addressed. 1.3 Confidentiality And Security Of Information The Vendor And The Vendor’s Personnel Shall: A) Keep Strictly Confidential All Information Concerning Afsc Or Third Parties, Or Any Of The Business Or Activities Of Afsc Or Third Parties Acquired As Result Of Participation In The Competitive Bid; B) Only Use, Copy Or Disclose Such Information As Necessary For The Purpose Of Submitting A Proposal Or Upon Written Authorization Of Afsc. The Vendor Shall Maintain Security Standards, Including Control Of Access To Data And Other Information, Consistent With The Highest Standards Of Business Practice In The Vendor’s Industry. 1.4 Material Ownership Ownership In All Materials Including Copyright, Patent, Trade Secret, Industrial Design Or Trademark That Are Made, Prepared, Developed, Generated, Produced Or Acquired Under Or In Relation To The Competitive Bid And Any Subsequent Contract By The Vendor, The Vendor’s Employees, Subcontractors Or Agents Belongs To Afsc As They Are Made, Prepared, Developed, Generated, Produced Or Acquired. Any Such Materials Shall Be Delivered To Afsc Upon Completion Or Termination Of The Competitive Bid. The Vendor: A) Irrevocably Waives In Whole All Moral Rights. B) Shall Ensure That Its Employees, Subcontractors, And Agents Irrevocably Waive In Whole All Moral Rights To The Materials Made, Prepaid, Developed, Generated Produced, Or Acquired Under The Competitive Bid And Any Subsequent Contract And Declares That These Waivers Shall Operate In Favour Of Afsc And Afsc’s Assignees And Licenses. 1.5 Conflict Of Interest Vendor(s) Must Fully Disclose, In Writing To Afsc On Or Before The Closing Date Of The Competitive Bid, The Circumstances Of Any Possible Conflict Of Interest Or What Could Be Perceived As A Possible Conflict Of Interest If The Vendor Were To Become A Contracting Party Pursuant To The Competitive Bid. Afsc Will Review Any Submissions By Vendor(s) Under This Provision And May Reject Any Proposals Where, In The Sole Opinion Of Afsc, The Vendor Could Be In A Conflict Of Interest Or Could Be Perceived To Be In A Possible Conflict Of Interest Position If The Vendor Were To Become A Contracting Party Pursuant To The Competitive Bid. 1.6 Inaccuracies Or Misrepresentations If, During The Competitive Bidding Process, Afsc Determines That The Vendor Has Made A Material Misstatement Or Misrepresentation Or That Materially Inaccurate Information Has Been Provided To Afsc, The Vendor Will Be Disqualified From The Competitive Bidding Process. 1.7 Inquiries All Inquiries Related To This Competitive Bid Must Be Addressed To The Afsc Buyer On Or Before The Date Specified In The Master Schedule And As Per The Following: A) Inquiries Must Be Sent By E-mail To The Afsc Buyer At Rfp@afsc.ca, Utilizing The Q&a Template Provided. B) No Telephone Inquiries Will Be Accepted. C) No Additional Information Or Clarifications Will Be Provided To Inquiries Received After The Applicable Deadline. D) To Be Considered, All Inquiries Must Provide The Following Vendor Information: • Name Of Primary Contact • Address • Telephone Number • E-mail Address • Competitive Bid Reference Number. E) All Inquiries Received Will Be Reviewed By Afsc. F) All Inquiries Will Be Compiled And Answered In The Form Of Written Addendum(s) Issued By Afsc Via Alberta Purchasing Connection (apc) To All Prospective Vendor(s). G) Vendor(s) Are Advised That All Inquiries Answered By Afsc Will Be Provided Verbatim In Writing To All Prospective Vendor(s). H) Inquiries That May Contain Proprietary Or Confidential Information Of A Vendor May Be Answered Exclusively To The Submitting Vendor (afsc Will Direct The Correspondence Regarding This Inquiry Only To The Vendor’s Primary Contact) Provided The Addendum Does Not: • Require A Modification To This Competitive Bid; Or • Potentially Provide An Undue Advantage In The Competitive Process. I) If Either Of The Above Situations (h) Arises, Afsc Reserves The Right To: • Request The Vendor Reword And Resubmit The Inquiry; Or • Decline To Provide A Response. J) Afsc Reserves The Right To Not Disclose Information In Conjunction With This Competitive Bid On Any Inquiry That Requires Releasing Information That Afsc, In Its Sole Discretion, Regards As Confidential To Afsc. K) Afsc Reserves The Right In Any Event To Decline To Provide A Proposal For Any Reason In Its Sole Discretion. L) It Is The Vendor’s Responsibility To Notify Afsc, In Writing, And In Advance, Of Any Change In The Vendor(s) Primary Contact Information. M) Afsc Assumes No Responsibility Or Liability Arising From Information Obtained In A Manner Other Than As Described In This Competitive Bid. 1.8 Blackout Period With Respect To The Competitive Bid, Afsc Prohibits Communications Initiated By A Vendor To Any Afsc Employee, Other Than The Purchasing Department, For The Period Of Time From The Submission Date Of The Competitive Bid Up To And Including The Date Of Contract Award Resulting From This Competitive Bid. Any Communication Between A Vendor And Afsc During The Blackout Period Will Be Initiated By Afsc, In Writing, For The Purpose Of Obtaining Information Or Clarification Necessary To Ensure A Proper And Accurate Evaluation Of The Proposal. Any Communication Initiated By A Vendor During The Blackout Period May Be Grounds For Disqualifying The Offending Vendor From Further Consideration For The Acquisition And/or Any Future Afsc Solicitations. Afsc Will Notify All Vendors Upon Award Of A Contract From This Requisition. Accordingly, Vendors Are Asked To Refrain From Requesting Status Updates During The Proposal Evaluation Process. Vendors Who Are Currently Engaged In An Active Contract With Afsc May Continue To Communicate Directly With The Afsc Contract Monitor As It Relates To Activities Covered Under The Active Contract. 1.9 Liability For Errors While Every Effort Is Taken To Ensure An Accurate Representation Of Information In This Competitive Bid, Afsc Shall Not Be Liable Or Accountable For Any Error Or Omission In Any Part Of This Competitive Bid. 1.10 Notification Of Changes Any Changes To This Competitive Bid, As Well As The Response(s) To Inquiries, Will Be Posted As An Addendum On The Alberta Purchasing Connection (apc). Vendors Should Routinely Check Apc For Amendments And Adhere To Any Amendment Requirements. In The Event Of A Directed Competitive Bid, Vendors Should Routinely Check The Email Address The Bid Was Delivered To For Amendments. 1.11 Vendor’s Expenses Vendors Are Solely Responsible For Their Own Expenses In Preparing The Proposal, As Well As Any Subsequent Proposals, Including Any Costs Associated With Attendance To Information Sessions, Site Tours Or A Potential Short-listed Vendor’s Interview With Afsc. 1.12 Short Listing A Shortlist Of Vendors May Be Established. Short Listed Vendors May Be Requested To Make Formal Presentations, Regarding Their Proposal To Afsc. Key Vendor Management And Technical Personnel Will Be Expected To Participate In The Presentations. This Process Is Used To Validate Claims Made In The Proposal And Confirm The Vendor’s Ability To Meet The Requirements In The Competitive Bid. These Presentations Must Be Made At No Cost To Afsc. Based On Information Obtained At The Presentation, Vendors’ Scores May Be Adjusted. 1.13 Resource Replacement Resource Replacement Is Not Encouraged, However, There Could Be Circumstances Following The Competitive Bids Closing Date And Prior To Contract Execution That A Vendor May Request That A Proposed Resource Be Replaced. Any Proposed Resource Replacement Must Have, In The Opinion Of Afsc, Equivalent Or Better Qualifications Than The Originally Proposed Resource. Vendors Will Not Receive Additional Credit In The Evaluation Process If The Qualifications Of The Replacement Resource Exceed Those Of The Original Resource. Afsc Reserves The Right To Deny Any Request For Replacement And Reject Any Proposed Replacement. 1.14 Freedom Of Information And Protection Of Privacy The Vendor Acknowledges That: A) The Freedom Of Information And Protection Of Privacy Act Of Alberta (foip) Applies To All Information And Records Relating To, Or Obtained, Generated, Created, Collected Or Provided Under The Competitive Bid And Any Subsequent Contract And Which Are In The Custody Or Control Of Afsc. Foip Allows Any Person A Right Of Access To Records In Afsc’s Custody Or Control, Subject To Limited And Specific Exceptions As Set Out In Foip. B) Foip Imposes An Obligation On Afsc, And Through The Competitive Bid And Any Subsequent Contract On The Vendor(s), To Protect The Privacy Of Individuals To Whom Information Relates. The Vendor(s) Will Protect The Confidentiality And Privacy Of Any Individual’s Personal Information Accessible To The Vendor(s) Or Collected By The Vendor(s) Pursuant To The Competitive Bid And Any Subsequent Contract. C) The Vendor(s), If It Considers Portions Of Its Proposal To Be Confidential, Will Identify Those Parts Of Its Proposal To Afsc Considered To Be Confidential And What Harm Could Reasonably Be Expected From Disclosure. Afsc Does Not Warrant That This Identification Will Preclude Disclosure Under Foip. D) Materials Produced By The Vendor(s), In Connection With Or Pursuant To The Competitive Bid And Any Subsequent Contract, Which Are The Property Afsc Pursuant To The Competitive Bid And Any Subsequent Contract, Could Be Considered Records Under The Control Of A Public Body And Could Therefore Also Be Subject To The Foip Before Delivery To Afsc. As Such, The Vendor Must Conduct Itself To A Standard Consistent With Foip In Relation To Such Materials. E) For The Records And Information Obtained Or Possessed By The Vendor(s) In Connection With Or Pursuant To The Competitive Bid And Any Subsequent Contract, And Which Are In The Custody Or Control Of Afsc, The Vendor(s) Must Conduct Itself To A Standard Consistent With Foip When Providing The Services Or Carrying Out The Duties Or Other Obligations Of The Vendor Under The Competitive Bid And Any Subsequent Contract. The Purpose For Collecting Personal Information For The Competitive Bid Is To Enable Afsc To Ensure The Accuracy And Reliability Of The Information, To Evaluate The Proposal, And For Other Related Program Purposes Of Afsc. Authority For This Collection Is The Government Organization Act, As Amended From Time To Time. The Vendor(s) May Contact The Buyer Identified In The Competitive Bid Regarding Any Questions About Collection Of Information Pursuant To The Competitive Bid. 1.15 Reservation Of Rights Afsc Reserves The Right In Its Sole Discretion To: A) Accept Or Reject Any Or All Proposals. B) Disqualify A Vendor In The Event That, In Afsc’s Opinion, The Proposal Does Not Contain Sufficient Information To Permit A Thorough Evaluation. C) Verify The Validity Of The Information Supplied And To Reject Any Proposal Where The Contents Appear To Be Incorrect Or Inaccurate In Afsc’s Estimation. D) Seek Proposal Clarification At Any Time With Vendor(s) To Assist In Making Evaluations. E) Accept Proposals In Whole Or In Part. F) Accept A Proposal With Only Minor Non-compliance. G) Retain One Copy And Destroy And Dispose Of All Other Copies Of Any And All Proposals Received By Afsc. H) Cancel This Competitive Bid Process At Any Stage, Without Award Or Compensation To Vendors, Their Officers, Directors, Employees Or Agents, Without Assigning Any Reasons. 1.16 Competitive Bid Administration The Proposal Must Indicate That The Vendor Accepts The Procedures Set Down In This Competitive Bid. In Accordance With This Competitive Bid, The Vendor, If It Considers Portions Of Its Proposal To Be Confidential, Shall Identify Those Parts Of Its Proposal To Afsc Considered To Be Confidential And What Harm Could Reasonably Be Expected From Disclosure. Afsc Does Not Warrant That This Identification Will Preclude Disclosure Under Foip. 1.17 Afsc’s Policies And Procedures For Security And Training On Site The Vendor, Its Employees, Subcontractors, And Agents When Using Any Of Afsc’s Buildings, Premises, Equipment, Hardware Or Software Shall Comply With All Safety And Security Policies, Regulations Or Directives Relating To Those Buildings, Premises, Equipment, Hardware Or Software That Are Promulgated By Afsc From Time To Time. The Vendor’s Employees, Subcontractors And Agents Shall Comply, As Applicable, With All Provisions Of The Alberta Occupational Health And Safety Act, Occupational Health And Safety Regulation And Occupational Health And Safety Code With Respect To The Provision Of Services And Materials. When The Workers’ Compensation Act (alberta), As Amended, Applies, And Upon Request From Afsc, Deliver To Afsc A Certificate From The Workers’ Compensation Board Showing That The Vendor Is Registered And In Good Standing With The Board. 1.18 Vendor Debriefing The Corporate Purchasing Section Will, At The Request Of An Unsuccessful Vendor Who Responded To This Competitive Bid, Conduct A Debriefing After Contract Award For The Purpose Of Informing The Vendor On The Reasons Their Proposal Was Not Selected.   2.0 Statement Of Work 2.1 Introduction Agriculture Financial Services Corporation (afsc), As Part Of Its Vulnerability Management Program Is Seeking The Services Of An Information Technology Security Vendor To Carry Out Third-party Assessment Of Afsc It Systems And Infrastructure Using Various Techniques And Services As Specified In 2.3 Of The Scope Of Work To Evaluate The Effectiveness Of The Existing Security Controls And To Provide Input Into The Development Of Security And Risk Management Program At Afsc. A Major High-level Objective Of This Engagement Is To Request The Respondents Independently Validate Identified Risks Discovered Utilizing Vendor’s Standard Penetration Testing Methodologies, Vulnerability Assessments Techniques, And Red Teaming Methodologies. Another Goal Is To Assist Afsc To Identify Critical Security Controls Gaps That Could Significantly Affect The Confidentiality, Integrity, Availability, Privacy, And Safety Of Afsc, Its Clients And/or Its Staff. 2.2 Background As An Alberta Provincial Crown Corporation, Afsc Provides Farmers, Agribusinesses And Other Small Businesses Loans, Crop Insurance And Farm Income Disaster Assistance. With This Service Portfolio, Afsc Holds In Trust, Vast Amounts Of Small And Medium Scale Enterprise Sme Records And Information That Must Be Protected; Afsc Must Also Comply With Alberta's Freedom Of Information And Protection Of Privacy (foip) Act Which Provides A Framework For How Alberta Public Bodies Must Handle Citizen’s Information. With The Sensitivity And Volume Of Data Involved, A Data Breach Will Have Severe Risk Consequences For Afsc. It Is Thus Paramount That This Supporting Risk Management Activity (continuous Threat Exposure Management, Vulnerability Assessment, Penetration Testing And Red Teaming Exercise) Complements Afsc’s Assurance Functions. The Purpose Of The Engagement Is To: • Find Vulnerabilities In The Publicly Exposed (internet Accessible) Elements Of The Afsc Infrastructure From A Potential Intruder’s Point Of View. • Determine Whether Technical Vulnerabilities May Be Exploited And The Degree Of Exploitation And Its Impact To Afsc. • Assess The Overall Effectiveness Of Security Controls On The Perimeter Network And External Hosts In A Safe And Controlled Manner With No Unplanned Interruptions To Afsc’s Business Functions. • Explore The Ability For A Company To Help Afsc Build And Mature A Ctem Program The Successful Respondent May Be Required To Provide The Following As Part Of Its Deliverables To Afsc: • Evaluate And Assess Current Afsc Information Security Controls For Mission Critical Applications Within The Organization. • Perform Cloud Assessment And Penetration Testing Services (e.g. Infrastructure, Applications). • Determine The Extent To Which Internal Users May Represent An Exploitable Vulnerability To The Afsc’s Security Through Social Engineering Techniques. • Analyze The Results, Rule Out False Positives, Prioritize The Confirmed Vulnerabilities And Provide Steps For Immediate Remediation. • Provide A Detailed Account Of Findings And A Prioritized List Of Remediation Actions To Be Taken. • Provide Or Assist In Building A Complete Ctem Actionable Security Posture Remediation And Improvement Plan • Perform A Detailed Analysis Of Afsc Network Architecture Evaluating Data Flow, Physical And Logical Connections, Communication Protocols (intranet, Extranet, Remote Vpn), And Identify All Vulnerabilities Not Covered By Current Security Controls. • Conduct An Enterprise Network Discovery And Data Leakage Test To Identify Hosts, Routers, And Subnets That May Be Transmitting Data On Non-approved Or Unauthorized Devices Such As Unauthorized Third-party Connections, Unauthorized Internet Circuits, Or Unauthorized Virtual Private Networks (vpn’s); • Live Fire Type Tuning Of Current Security Tools In Utilization At Afsc 2.3 Objectives The Respondent Shall Provide A Broad Range Of Quality Services To Meet The Requirements Of Afsc In The Following Categories: • Penetration Testing Services – Preferred • Vulnerability Assessment Services – Preferred • Web App Penetration Testing - Preferred • Red Teaming Exercise – Optional; • Additional / Value Add Services – Optional; And • Continuous Threat Exposure Management (ctem) – Optional The Respondent Is Expected To Submit A Proposal For All Preferred Categories And Can Choose To Submit For The Optional Categories As Well. 2.3.1 Penetration Testing Services Penetration Tests Are Important Part Of A Security Team’s Threat And Vulnerability Management Capability. Penetration Tests Are Used As An Independent Verification Mechanism To Assess Organizations’ It Environment Controls. This Type Of Test Will Be Utilized To Determine The Organization’s Overall Security Posture. The Respondent Shall Provide The Following Quality Penetration Testing Services As Further Described Below: • Network Penetration Testing Services; • Web Application Penetration Testing Services; • Web Application Testing Services; And • Social Engineering Testing Services. 2.3.1.1 Network Penetration Testing Services A Network Penetration Testing Of The Computing Infrastructure Of Afsc. This Test Will Be Designed To Determine What Vulnerabilities Exist From Within/outside Afsc Network. The Objective Is To Perform A Controlled Attack Against Findings To Verify Results, And Provide An Overall Risk Assessment To Assist Afsc In Securing Network Infrastructure. The Respondent Shall Provide Network Penetration Testing Services Including But Not Limited To The Details Provided In Section 2.5. 2.3.1.2 Application Penetration Testing Services Application Penetration Testing Provides An Independent Verification Of The Security Status Of Afsc’s Applications. This Test Determines Whether Applications Present And Exploitable Risk To The Organization. The Respondent Shall Provide Application Penetration Testing Services Including But Not Limited To The Details Provided In Section 2.5. 2.3.1.3 Social Engineering Testing Services Social Engineering Testing Is The Use Of Deception And Manipulation To Obtain Confidential Information. It Is A Non-technical Kind Of Intrusion That Relies Heavily On Human Interaction And Often Involves Tricking People Into Breaking Normal Security Procedure. The Respondent Shall Provide Human Centric Social Engineering Testing Services Including But Not Limited To The Following: • Pretexting; • Phishing Campaigns (e.g., Email, Phone); • Brute Force (on Designated Systems); • Password Cracking. 2.3.2 Vulnerability Assessment Services A Vulnerability Assessment Exercise Will Identify What Vulnerabilities Exist Within The Afsc Network And Will Also Provide Recommendation On Prioritization And Remediation Based On The Resultant Risks To Afsc. This Will Also Complement The Findings Of The Afsc Vulnerability Management Program. The Respondent Shall Provide Vulnerability Assessment Services Which Will Include; • Identification Of Vulnerabilities On The Afsc Network; • Analysis Of Such Identified Vulnerabilities And Removing False Positives; • Prioritization Of The Identified Vulnerabilities; • Contextualization Of Risks That Might Arise Due To A Successful Exploit Of The Vulnerability; • Recommendations For Remediation Of The Vulnerability. 2.3.3 Web Application Penetration Testing Services Web Application Penetration Testing Provides An Independent Verification Of The Security Status Of Afsc’s Web Applications. This Test Determines Whether Web Applications Present And Exploitable Risk To The Organization. The Respondent Shall Provide Web Application Penetration Testing Services Including But Not Limited To The Details Provided In Section 2.5. 2.3.4 Red Teaming Exercise Red Teaming Exercise Is Used To Validate The Efficacy Of Security Controls And Capabilities, Or As Part Of Ongoing Incident Response And Threat & Vulnerability Management. The Respondent Will Conduct A Red Teaming Exercise To Obtain A Realistic Level Of Risk And Vulnerabilities Against: • Technology – Systems, Networks And Applications Devices And Appliances; • People – Staff, Outsourced Vendor Personnel, Departments And Business Partners; • Processes; • Incident Response Handling(or Testing); And • Physical Facilities – Offices And Data Centre. 2.3.5 Additional Services The Respondent Should Provide Any Additional / Out Of The Band Services To Afsc. Additional Services May Include, But Not Limited To The Following: • Remediation Assessments Following To The Initial Penetration Tests: • Physical Security Controls Review: • Internet And Email Security Controls Review: • Security Architecture Review: • Security Awareness Exercise Review: 2.3.6 Security Policy Review. Continuous Threat Exposure Management (ctem) A Ctem Program Uses Tools To Inventory And Categorize Assets And Vulnerabilities, Simulate Or Test Attack Scenarios And Other Forms Of Posture Assessment Processes And Technologies. It Is Important That A Ctem Program Has An Effective And Actionable Path. A Continuous Threat Exposure Management (ctem) Program Is A Set Of Processes And Capabilities That Allow Enterprises To Evaluate The Accessibility, Exposure, And Exploitability Of An Enterprise’s Digital And Physical Assets Continually And Consistently. The Respondent Shall Provide Ctem Cycle That Must Include: • Scoping • Discovery • Prioritization • Validation • Mobilization 2.4 Duration May 2024 Would Be The Anticipated Start Date Of Contract, Activities To Follow After That. The Resulting Initial Contract Shall Be For A Period Of One (1) Year With An Option For Extension Subject To Negotiations Satisfactory To Both Parties The Successful Vendor(s) Will Be Afsc’s Preferred Vendor(s) On A Need-to-need Basis During The Term Of The Contract Or Until Such Time As Afsc’s Business Needs Change. If Cloud Services Are Involved, Then Durations May Change. Expansion Capabilities – In The Future, Afsc May Wish To Expand Services Into Other Areas Of Its Business. In This Regard, Afsc Reserves The Right To Engage The Successful Vendor In The Future For Integrated Expansion Capabilities/modules For Other Asfc Business Areas. 2.5 Requirements Afsc Requests Respondents To Execute A Comprehensive Vulnerability Assessment, Penetration Testing Services, And Red Teaming Exercise For Afsc’s Systems And Applications. Respondents Are Required To Provide Supporting Information To Show How Vendor Will Execute Based On The Above Exercises And/or Services. 2.5.1 Preferred Requirements Network Penetration Testing Please Indicate Which Of The Following Network-related Environments You Can Perform Penetration Testing On. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Network Penetration Testing Requirements Response (yes / No) Approach/methodology Internal And External Penetration Testing Perimeter And Publicly Facing Infrastructure Telephony Systems/voip Cloud Assessment And Penetration Testing Printers, Hvac, Cctv Systems Network Penetration Testing Supporting Information Please Indicate If And How You Can Perform And Meet The Following Network-related Testing Requirements. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Requirements Response (yes / No) Approach Or Methodology Denial Of Service Testing Out Of Band Attacks War Dialing Wireless, Wep/wpa Cracking Spoofing Malware Attacks Service Discovery/port Scanning Web & Non-web Application Penetration Testing Please Indicate Which Of The Following Application (web And Non-web)-related Environments And (or) Vectors You Can Perform Penetration Testing On. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Requirements Response (yes / No) Approach Or Methodology Web Applications (i.e. Apis, Java, Xml, Asp.net, Php) Custom Apps (i.e. Crm Systems, Sap, Hr Systems ) Databases (i.e. Sql, Mysql, Oracle) 3rd Party Hosted Applications Mobile Applications Web & Non-web Application Penetration Testing Supporting Information Please Indicate If And How You Can Perform And Meet The Following Application (web And Non-web) -related Testing Requirements. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Requirements Response (yes / No) Approach Or Methodology Code Review: Analyzing Application Source Code For Sensitive Information Of Vulnerabilities In The Code. Authorization Testing: Testing Systems Responsible For User Session Management To See If Unauthorized Access Can Be Permitted. This Includes: • Input Validation Of Login Fields: Inputting Of Bad Or Overlong Characters And Inputs With The Aim Of Generating Irregular Results. • Cookie Security: Theft Of Cookies By Unauthorized Person. • Lockout Testing: Validating Lockout Processes Such As Timeout And Intrusion Controls To Ensure Legitimate Sessions Cannot Be Compromised Functionality Testing: Performing Testing Of The Application Functionality Itself. This Includes: • Input Validation: Inputting Of Bad Or Overlong Characters, Urls, Or Other Inputs With The Aim Of Generating Irregular Results. • Transaction Testing: Ensuring Desired Application Performance And Run With No Ability To Be Abused By End Users. Website Penetration Testing: Active Analysis Of Web Application Weaknesses Or Vulnerabilities. Encryption Usage Testing: Testing Applications’ Use Of Encryption To Ensure Secure Standards And Management Are Being Used. Authentication Process Testing: Ensuring Strong Authentication Processes Are In Place For End Users. User Session Integrity Testing: Ensuring User Sessions’ Ability To Remain Uncompromised Social Engineering Testing Please Indicate Which Of The Following Vectors You Can Perform Some Level Of Penetration Testing On. Please Provide Short Descriptions Of Your Approach Or Methodology For Each Vector. Requirements Response (yes / No) Approach Or Methodology Email / Phishing Phone / Vishing Physical Building Access Social Engineering Testing Supporting Information Please Indicate Which Of The Following Methods Of Social Engineering Or Tendencies You Can Support. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Requirements Response (yes / No) Approach Or Methodology Phishing Attacks Social Networking Scams – Facebook, Linkedin Pretexting Watering Hole Attacks Tailgating Bypassing Other Physical Security Measures Impersonation – Employee Or External Authority Password Cracking Others – Please Indicate Vulnerability Analysis And Exploitation Please Indicate If And How You Can Perform And Meet The Following Vulnerability Analysis And Exploitation Requirements: Requirements Comments: Please State Your Justification For How Requirements Are Met Please Indicate Any Exploitation Techniques That Will Be Used To Validate Identified Vulnerabilities. Please Indicate What Tools Are Used To Exploit Vulnerabilities And Whether They Are Open Source, Commercial, Or Proprietary Please Indicate How You Will Perform Traversal Of Systems And Hosts Please Indicate Which Of The Following Methods Are Used: • Credential Compromise • Cross Site Scripting • Any Other Method Used 2.5.2 Optional Requirements Red Teaming Exercise Please Indicate If And How You Can Perform And Meet The Following Red Team Exercise Requirements. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Requirements Response (yes / No) Approach Or Methodology Please Provide Information About The Methodology That Will Be Used In Conducting Red Team Exercise Of The Afsc Environment. Which Of The Following Areas Are Included In The Assessment. • Digital Assets • Physical Assets • Technical And Operational Processes What Exploitation Tactics Are Used For This Exercise? Does These Include • The Network Services • Physical Layer • Application Layer Are There Particular Cyberattack Emulations Or Threat Actor Roles (such As Organized Crime, Cyberterrorist, Hacktivist, Cyberspy) That Will Be Used During This Exercise? If Yes, Please Provide Additional Information On The Emulations Used. How Does The Team Ensure Foothold And Maintain Presence During The Exercise To Achieve The Set Objectives Continuous Threat Exposure Management Please Indicate Which Of The Following Network-related Environments You Can Perform Ctem Plan On. Please Provide Short Descriptions Of Your Approach Or Methodology For Each. Ctem Requirements Response (yes / No) Approach/methodology Scoping Discovery Prioritization Validation Mobilization 2.5.3 Training If There Is A Need For A Device Install Or Configuration Changes Needed, Documentation And Training To Be Provide To Afsc Staff In Order To Assist With Timely Install And Configuration For What Is Needed. Vendor To Provide Any Needed Training For Documentation To Afsc In Order To Facilitate Any Vulnerability Assessment Activities. 2.6 Corporate Capabilities And Executive Summary Proposals Must Include An Executive Summary Of The Key Features Of The Proposal. This Summary Should Include: A) A Brief Introduction Of The Vendor; B) A Brief Company History And Overview Of The Vendor As It Applies To The Content Of The Competitive Bid; C) Demonstrate A Sound Understanding Of The Scope, Objectives And Requirements Presented In This Competitive Bid; D) The Number And Nature Of Engagements In Similar Scope And Size As Outlined In Section 2.0 Of Competitive Bid During The Past Two (2) Years; And E) Industry Awards, Certifications And Other Market Place Distinctions; F) Social Responsibilities And Environmental Consideration; G) Indicate Why The Vendor Considers Itself To Be A “right” Service Provider And What Key Strengths It Will Bring To Afsc In The Immediate And Long Term. 2.7 Resources Please Provide A List Of The Staff Members That Will Be Assigned To The Engagement At Afsc. Please Note, The Successful Respondent Will Be Required To Sign Off On All Of Afsc’s Security Forms Prior To Any Work Being Completed. The Response Should Include But Not Limited To The Following: Requirements Comments: Please State Your Justification For How Requirements Are Met Provide Information Pertaining To Previous Projects/engagements Of Similar Nature That The Resource Or Team Lead Has Had And Provide References For The Project Provide Resumes For Staff That Will Be Assigned To The Engagement At Afsc. The Resume Should Include Skills, Experience, Qualification, Certifications And Accreditation. If Any Of The Assigned Staff Possess Or Requires Government Security Clearances. Respondent Should Also Identify The Tasks And The Task Dependencies Involved In The Completion Of The Requested Services. Provide Evidence Of License To Conduct Pentest In Location. 2.8 Value Add The Vendor May Describe Two (2) Significant Value Added Services Provided Relative To The Scope Of Work Provided To Other Clients Including The Vendor’s Commitment For Future Support. The Proposal Should Contain A Description Of Value Added Services Provided By The Vendor And The Strategy That The Vendor Would Employ In Proposing A Similar Type Of Service To Afsc. The Proposal Must Clearly Outline If There Are Any Additional Cost For The Value Added Services. 2.9 Approach Proposal Should Include The Following: A) A Description Of Corporate Philosophies, Values, Culture And Approaches Especially As They Relate To The Requirements Of Afsc; B) A Description Of The Vendor’s Decision Making Approach And Philosophy; And; C) The Proposal Must Provide Two Project Examples To Demonstrate The Vendor’s Ability To Take Ownership, Accept Accountability And Deliver On Commitments Made And To “stand Behind Their Work”. D) How The Vendor Plans To Proactively Address Issues That May Come Up In Regards To A Relationship With Afsc. E) Provide The Vendor’s Approach To Quality Assurance, Continuous Improvement, And Performance Management Processes, Techniques, Change Control And Tools. Vendor(s) Proposing An Alternative To A Competitive Bid Requirement Must Clearly Denote Each As An Alternative And Substantiate The Merit Of That Alternative. Proposed Alternatives Must Substantially Meet The Fundamental Intent Of The Requirement. 2.10 Security Please Complete Appendix D Information Security Privacy Cloud Assessment Form And Include It With Your Proposal. This Form Must Be Completed And Submitted Prior To The Closing Date In Order To Proceed To The Next Review Phase. 2.10.1 Data Classification For Awareness, The Type Of Data Involved In This Project Are ( Not Limited To Restricted/protected C. This Can Be Reviewed On The Goa Site. Do You Provide The Ability To Apply Different Data Or Information Classification Levels To Your Data Sets, And Are Different Levels Of Controls Available For Them Based On The Classification? If So Please Provide Detail For Different Processes Such As Security, Privacy Or Retention. 2.11 Technology Information Afsc’s Central Office Is Situated In Lacombe, Alberta Canada. With 2 Geographically Separated Data Centers Located In Edmonton Ab And Lacombe Ab, Afsc’s Enterprise Network Also Consists Of Branch Office Lans Dispersed Across Alberta, Canada. The Afsc Branch Office Lans Are Connected Via Vpn Tunnels Implemented In A Hub-and-spoke Architecture. These Vpns Run In Private Leased Mpls Clouds And Terminate On Head-ends Situated At Each Of The Data Centers Earlier Described. At A Very Simplified Level, Afsc Has About 38 Offices Across Alberta, With Social Media And Cloud Presence; It Also Has Just Under 700 Staff Providing Client, Administration And Technical Support. 2.12 Documentation Please Describe Your Final Penetration Results Report Structure; Requirements Response (yes/ No) Comments: Please State Your Justification For How Requirements Are Met Are These Components Included In The Final Report? • Introduction • Executive Summary • Technical Review • Detailed Findings • Testing Methodology • Screen Shots • Validation Of Compromise Will The Report Contain The Methodology Used Please Describe How You Prioritize Any Identified Vulnerabilities Or Security Weaknesses Do You Provide Recommendations For Remediation? Please Describe Please Provide A Sample Report For Each Of The Test Services Conducted (i.e. Penetration Testing, Etc.) 2.13 Additional Information Additional Requirements Comments: Please State Your Justification For How Requirements Are Met Description Of At Least Three (3) Engagements For Vulnerability Assessment, Penetration Testing / Red Teaming Exercise The Respondent Company Has Conducted Including A Statement Regarding The Type Of It Infrastructure And The Results For Each. A Detailed Recommended Approach Associated With An Assessment Of This Nature For The Scope Of Work Outlined Above. Project Plan That Contains The Elements Relative To The Vulnerability Assessment, Penetration Test And Red Teaming Exercise Conducted From A Location External To Afsc. What Activities Would Be Performed And How Those Activities Would Be Controlled So That Afsc Operations Are Not Interrupted. A Detailed Timeline Required To Complete Scope And Provide Deliverables As Outlined. Preferably In Electronic/paper Form That Contains A Project Plan With The Entire High Level Work Breakdown List. A Brief Description Of Each Project (vulnerability Assessment, Penetration Testing & Red Teaming Exercise) Plan Phase And Milestones And Also The Estimated Timelines For Each Phase And Milestone. The Methodology That Will Be Followed For Implementation Of Your Plan From Within Afsc And Outside Of Afsc (remote Location) Processing Environment. Include Any Unique Requirements Or Conditions. Description Of How The Respondent Company Stays Abreast With The Changing Governmental Regulations And Industry Guidelines For Cyber Security. In Protection Of The Afsc Confidential Information, The Respondent Company Is Expected To Describe How It; • Protects The Information Gathered During The Engagement From Both Internal And External Sources. • Stores Data Collected During Engagement. • Disposes Of Data Collected During Engagement. Please List And Describe All The Tools You Use For An Engagement Like This And Include If They Are Commercially Or In-house Developed. 2.14 Disclosure In The Interest Of Full Disclosure To All Vendors Wishing To Submit A Proposal, Please Note That Afsc Has Had A Previous Working Relationship With A Vendor Who May Submit A Proposal To This Competitive Bid.  In This Regard, Through The Normal Course Of Providing Prior Services To Afsc, It Is Likely That This Vendor Will Have Acquired Knowledge About Afsc, In Addition To Having Had Access To Information, Beyond What Has Been Included Within This Competitive Bid. The Nature Of The Services Provided By The Vendor To Afsc Includes Services That Are Similar, Or Identical, To The Services Described In The Statement Of Work. 2.15 Pricing Please Indicate That The Price Quoted Will Be Guaranteed Until Implementation. Afsc Is Requesting A Fixed Price Response For The Scope Of Work As Outlined In The Section Above In Canadian Dollars. Identify Any Other Administrative Fees Or Services Charges, And Indicate How You Will Be Invoicing In Detail. Please Provide Pricing For One Year Period. Vendors Must Also Identify Any Other Administrative Fees Or Service Charges, And Provide Details On Invoicing (which May Subject To Change Based On Afsc’s Requirements). Services / Solution Pricing Penetration Test (internal Pentest And External Pentest) 3rd Party Hosted Web Application. Price Should Be Provided For Four (4) Of Such Applications Annually Red Teaming Exercise Vulnerability Assessment G. S. T. Certification Clause This Is To Certify That The Services Ordered Or Purchased Are For The Use Of, And Are Being Purchased By Afsc With Crown Funds, And Are Therefore Not Subject To The Goods And Services And Harmonized Sales Tax. 3.0 Evaluation Evaluation Criteria The Competitive Bid Evaluation Criteria Will Be Distributed Within The Following Rating Categories. Evaluation Criteria Evaluation Category Weighting % Requirements • Network Penetration Testing • Web & Non-web Application Penetration Testing • Social Engineering Testing • Vulnerability Analysis And Exploitation • Red Teaming Exercise • Continuous Threat Exposure Management For This Criteria The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.5 25% Corporate Capability & Executive Summary • Demonstrate A Sound Understanding Of The Scope • Indicate Why The Vendor Considers Itself To Be A “right” Service Provider And What Key Strengths It Will Bring To Afsc In The Immediate And Long Term. For This Criteria The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.6 5% Resource Qualifications • Previous Projects/engagements Of Similar Nature That The Resource Or Team Lead Has Had • Skills, Experience, Qualification, Certifications And Accreditation. • Identify The Tasks And The Task Dependencies Involved In The Completion Of The Requested Services. • Evidence Of License To Conduct Pentest In Location. For This Criteria The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.7 20% Value Add • The Vendor May Describe Two (2) Significant Value Added Services Provided Relative To The Scope Of Work Provided To Other Clients Including The Vendor’s Commitment For Future Support. • The Proposal Should Contain A Description Of Value Added Services Provided By The Vendor And The Strategy That The Vendor Would Employ In Proposing A Similar Type Of Service To Afsc. The Proposal Must Clearly Outline If There Are Any Additional Cost For The Value Added Services. For This Criteria The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.8 10% Approach For This Criterion The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.9 5% Documentation For This Criterion The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.12 10% Additional Requirements For This Criterion The Evaluation Committee Will Give Particular Reference To The Vendor’s Response To Section 2.13 5% Pricing (can Be Removed And Scored Independently) 20% Each Evaluation Category And/or Sub-category Is Given A Weight As A Percentage To Reflect Its Relative Importance In The Evaluation. The Members Of The Evaluation Committee Consist Of Afsc Staff From The Product Lines Or A Part Of The Specified Project/area/department Requesting The Services. Proposals Will Be Evaluated And Scored Based On Quality Of Response To The Requirements Of This Rfp. Those Proposals That Score The Highest May Be Shortlisted To Participate In A Subsequent Interview/presentation/demo Process. The Written Portion Will Be Weighted At _60_% And The Interview/demo At _40_%. The Scores From The Proposals May Be Adjusted As Per The Clarifications Presented In The Interview. Selection Of The Preferred Vendor Will Be Based On The Highest Score. (if Applicable) Contract Negotiations May Be Completed Prior To Award And May Be Used As Part Of The Award Decision. Pre-screening Proposals May Be Subject To Pre-screening Based On Select Mandatory Criteria. (if Applicable)   4.0 Contract Review All Agreements Must Be Drafted (or Reviewed And Agreed To) By Afsc’s Legal Department. Previously Entered Into Agreements Between Afsc And The Successful Vendor Will Not Be Used As The Form Of Definitive Agreement For This Engagement. The Definitive Agreement That Is Entered Into Between The Vendor And Afsc Will Incorporate Afsc’s Terms Of Business Set Out At Appendix (b), As Well As Key Afsc Standards For Contracts, Which Are As Follows: • Termination For Convenience Upon Written Notice. • No Limitations Of Liability Or Monetary Caps Granted. • No Disclaimers Of Liability Granted. • No Indemnities Against Third Party Claims Granted (limited Exceptions). • Governing Law - Province Of Alberta, Country Of Canada. • Finite Term Of Contract - No Auto-renewals. If The Vendor Wishes To Propose Alternative Wording To The Terms Of Business Set Out At Appendix (b) Or Disagrees With The Above-listed Key Afsc Standards For Contracts, The Vendor Must Complete And Submit Appendix (c) (alternate Wording – Additional Clause Template) Clearly Citing The Suggested Variations. ***note That Afsc Has The Sole Discretion To Consider Whether Wording Changes Or Alternate Clauses Will Be Considered For Negotiation Purposes And/or Incorporated Into The Definitive Agreement. The Extent And Materiality Of Any Requested Changes/deviations From The Terms Of Business Or Key Afsc Standards For Contracts By The Vendor May Impact The Vendor’s Overall Rating When The Proposal Is Evaluated. By Submitting A Proposal Without A Completed Appendix (c) Attached Thereto, Vendors Are Deemed To Accept The Terms Of Business As Set Out At Appendix (b), As Well As The Above-listed Key Afsc Standards For Contracts As A Condition Of Submitting A Proposal. A Vendor’s Acceptance Of The Terms Of Business And Key Afsc Standards For Contracts May Have A Positive Bearing On The Vendor’s Overall Score. As Part Of The Vendor’s Proposal, Afsc Requires The Vendor To Submit The Vendor’s Typical Form Of Agreement Generally Used With Customers. ***afsc May Or May Not Choose To Use The Vendor’s Typical Form Of Agreement As The Basis Of The Definitive Agreement Between Afsc And The Vendor. Even If Afsc Opts To Use The Vendor’s Typical Form Of Agreement As A Foundation For The Definitive Agreement, As Stated Above, The Final Version Of The Definitive Agreement Will Incorporate Afsc’s Terms Of Business Set Out At Appendix (b), As Well As Key Afsc Standards For Contracts. ***note That Afsc Has The Discretion To Amend The Wording Of The Terms Of Business As Set Out At Appendix (b) When Incorporating Into The Definitive Agreement And, To The Extent That There Is Any Inconsistency Between The Terms Of Business And The Definitive Agreement, The Definitive Agreement Shall Take Precedence. No Work Will Commence In Relation To This Competitive Bid Until A Fully Executed Definitive Agreement Is In Place Between Afsc And The Vendor. Failure To Comply With This Requirement Will Result In Non-payment Of Any Activities Performed Prior To The Execution Of The Definitive Agreement. 4.1 Negotiations Afsc May Require Selected Vendor(s) To Participate In Negotiations And To Submit Revisions To Pricing, Technical Information, Agreements And Any Other Items In Any Proposal That May Result From Negotiations. If Negotiations Do Not Result In Modification Of The Agreement(s) That Is Acceptable To Afsc, The Proposal May Be Rejected. 5.0 Master Schedule The Master Schedule Of Competitive Bid Related Events Is Set Out In The Table Below And Is Governed By The Following Principles: A) In The Event That Any Dates Elsewhere In This Competitive Bid Conflict With A Date Set Out In This Table, The Date Set Out In This Table Shall Prevail; B) All Times Listed Are Based On Mountain Standard Time (mst); C) Afsc Reserves The Right To Adjust The Dates Of The Schedule If Required Through An Addendum Process. # Event Scheduled Date/time 1 Afsc To Accept E-mail Inquiries Relevant To This Competitive Bid. Vendor(s) Must Use The Q & A Template Provided As Appendix (a) And Submit Through Rfp@afsc.ca. March 12, 2024 2 Final Receipt Of Proposals. (closing Date) March 26, 2024 @ 1:00 Pm 3 Evaluation Of Competitive Bid Written Proposals. Afsc In Its Discretion May Extend This Time. March 27, 2024 To April 4, 2024 4 Interviews Or Presentations For Short-listed Vendors. Afsc In Its Discretion May Change This Date. Week Of April 15, 2024 5 Afsc To Perform Reference Checks On Shortlisted Vendors. Afsc In Its Discretion May Change This Date. Week Of April 15, 2024 6 Final Evaluation And Notification Of Award Of Contract. Afsc In Its Discretion May Change This Date. Week Of April 22, 2024 7 Target Commencement Date Afsc In Its Discretion May Change This Date. May 15, 2024 6.0 Proposal Submission Guidelines 6.1 Proposal Format To Facilitate Ease Of Evaluation By The Evaluation Team, And To Ensure Each Proposal Receives Full Consideration, Proposals Should Be Organized In The Following Format Using The Section Titles And Sequence Listed Below: Table Of Contents; A) Pre-screening Requirements (optional) B) Proposal To Statement Of Work (2.0); Including Legal And Contact Information: • The Full Legal Name Of The Vendor. • The Location Of The Vendor’s Head Office And Service Centers. • A Vendor Contact For All Questions And Clarifications Arising From The Proposal. • Vendor Contact Authorized To Participate In Contract Finalizations. References • The Proposal Should Include Three (3) References Including, But Not Limited To Organization, Address, Contact Name, Telephone Number And Email Address. • References Should Include Organizations That Can Verify The Satisfactory Provision, Performance And Or/servicing Of Goods And Associated Services The Name As, Or Similar To The Requirements Of This Competitive Bids, The Corporate Purchasing Section May Contact References In Addition To Those Provided In The Proposal. • References May Be Conducted To Validate Information Provided In The Vendor’s Proposal • It Is Expected That The Vendor(s) Will Be Able To Arrange For Afsc To Contact The Reference During The Evaluation Period. • Government And Agencies, References Would Be Preferred If Available. (optional) Additional Information • Additional Information May Be Included At The Vendor’s Discretion, But This Must Not Detract From The Ability Of Afsc To Easily Reference Information For Evaluation Purposes. Assumptions • Vendor Is Expected To Identify In Detail Any Assumptions That Have Been Made During The Creation Of Their Written Proposal To The Scope Identified. C) Alternate Wording Template (appendix C) D) Vendor’s Agreement Template E) Proof Of Wcb And Insurance F) Proof Of Corporate Registry G) Financial Requirements (optional) H) Vendor’s Ethics Policy (optional) The Vendor Should Have An Ethics Policy That Guides Their Organization In All Its Business Activities And Should Provide A Copy Of This Ethical Policy As An Attachment To Their Proposal. This Policy Will Not Form Part Of The Evaluation. Appendices The Following Appendices Are Included And Applicable To This Competitive Bid: Appendix A: Question And Answer Template Appendix B: Terms Of Business Appendix C: Alternate Wording-additional Clause Template Appendix D: Information Security Privacy Cloud Assessment Form Appendix E: Letter Of Submission Revised 2023 Responsive Proposals Should Provide Straightforward, Concise Information That Satisfies The Requirements Noted In The Proposal Guidelines Section Of This Rfp. Emphasis Should Be Placed On Conformity To Afsc’s Instructions, Requirements Of This Rfp, And Completeness And Clarity Of Content. Ambiguous, Repetitive, Unclear Or Unreadable Proposals May Be Cause For Rejection. 6.2 Proposal Submissions Vendors Must Provide An Electronic Version Of Their Proposal By E-mail To Rfp@afsc.ca Prior To The Closing Date And Time Of This Competitive Bid. (optional) Buyer May Request That A Hard Copy Is Submitted. Electronic Versions (emails) Must Be Less Than 18 Mb In Order For Afsc To Receive The Vendor’s Submission. If The Proposal Is Larger Than 18 Mb, It Must Be Divided Into A Sufficient Number Of Files Such That Each Email, Including Attachments, Is Less Than 18 Mb. Afsc Cannot Accept Files On Media Storage Devices. (optional) All Hard Copy Proposal Materials Are To Be Sealed In A Single Package And Clearly Labelled With The Competitive Bid # To: Attention: Buyer, Business Services Afsc 5718 – 56th Avenue Lacombe, Ab T4l 1b1 In Responding To This Competitive Bid, Your Attention Is Drawn To The Following: • Proposals Received After This Competitive Bid’s Closing Date And Time Will Be Rejected. • Proposals Received Not In The Order Outlined Above In Section 6.1 May Not Be Evaluated Further. Vendors By Submitting A Proposal Are Deemed To Have Accepted The Competitive Bid Terms And Conditions.

Details: Page 1 Of 1. Requisition No. 2. Contract No. 3. Award/effective Date 4. Order No. 5. Solicitation Number 6. Solicitation Issue Date a. Name b. Telephone No. (no Collect Calls) 8. Offer Due Date/local time 9. Issued By code 10. This Acquisition Is Unrestricted Or set Aside: % For: small Business hubzone Small business service-disabled veteran-owned small Business women-owned Small Business (wosb) Eligible Under The Women-owned small Business Program edwosb 8(a) naics: size Standard: 11. Delivery For Fob Destina- tion Unless Block Is marked see Schedule 12. Discount Terms 13a. This Contract Is A rated Order Under dpas (15 Cfr 700) 13b. Rating 14. Method Of Solicitation rfq ifb rfp 15. Deliver To code 16. Administered By code 17a. Contractor/offeror code facility Code 18a. Payment Will Be Made By code telephone No. uei: eft: phone: fax: 17b. Check If Remittance Is Different And Put Such Address In Offer 18b. Submit Invoices To Address Shown In Block 18a Unless Block Below Is Checked see Addendum 19. 20. 21. 22. 23. 24. item No. schedule Of Supplies/services quantity unit unit Price amount (use Reverse And/or Attach Additional Sheets As Necessary) 25. Accounting And Appropriation Data 26. Total Award Amount (for Govt. Use Only) 27a. Solicitation Incorporates By Reference Far 52.212-1, 52.212-4. Far 52.212-3 And 52.212-5 Are Attached. Addenda are are Not Attached. 27b. Contract/purchase Order Incorporates By Reference Far 52.212-4. Far 52.212-5 Is Attached. Addenda are are Not Attached 28. Contractor Is Required To Sign This Document And Return _______________ 29. Award Of Contract: Ref. ___________________________________ Offer copies To Issuing Office. Contractor Agrees To Furnish And dated ________________________________. Your Offer On Solicitation deliver All Items Set Forth Or Otherwise Identified Above And On Any (block 5), Including Any Additions Or Changes Which Are additional Sheets Subject To The Terms And Conditions Specified set Forth Herein Is Accepted As To Items: 30a. Signature Of Offeror/contractor 31a. United States Of America (signature Of Contracting Officer) 30b. Name And Title Of Signer (type Or Print) 30c. Date Signed 31b. Name Of Contracting Officer (type Or Print) 31c. Date Signed authorized For Local Reproduction (rev. Nov 2021) previous Edition Is Not Usable prescribed By Gsa - Far (48 Cfr) 53.212 7. For Solicitation information Call: standard Form 1449 solicitation/contract/order For Commercial Products And Commercial Services offeror To Complete Blocks 12, 17, 23, 24, & 30 23 36c26224q0541 01-30-2024 garrett Lyles none 02-03-2024 12:00 mst 36c262 department Of Veterans Affairs nco 22 - Network Contracting 3601 S. 6th Avenue tucson Az 85723 x 811310 $12.5 Million n/a x 36c262 department Of Veterans Affairs southern Arizona Va Healthcare System 3601 S. 6th Avenue tucson Az 85723 36c262 department Of Veterans Affairs nco 22 - Network Contracting 3601 S. 6th Avenue tucson Az 85723 this Is Accomplished Through The tungsten Network Located At: http://www.fsc.va.gov/einvoice.asp this Is Mandatory And The Sole Method for Submitting Invoices. see Continuation Page to All Offerors: procurement Of Sterilization Of Washer refer To Statement Of Work questions Can Be Directed To Garrett Lyles At garrett.lyles@va.gov. Nlt 02/03/2024 At 12:00 pm Mst. see Continuation Page x x 36c26224q0541 page 1 Of page 2 Of 63 page 1 Of table Of Contents section A 1 a.1 Sf 1449 Solicitation/contract/order For Commercial Products And Commercial Services 1 section B - Continuation Of Sf 1449 Blocks 3 b.1 Contract Administration Data 3 b.2 It Contract Security 4 b.3 Price/cost Schedule 13 item Information 13 b.4 Delivery Schedule 14 section C - Contract Clauses 15 c.1 52.212-4 Contract Terms And Conditions Commercial Products And Commercial Services (nov 2023) 15 section D - Contract Documents, Exhibits, Or Attachments 21 36c26224q0541 page 1 Of page 14 Of 63 page 1 Of section B - Continuation Of Sf 1449 Blocks b.1 Contract Administration Data 1. Contract Administration: All Contract Administration Matters Will Be Handled By The Following Individuals: A. Contractor: B. Government: Contracting Officer 36c262 department Of Veterans Affairs nco 22 - Network Contracting 3601 S. 6th Avenue tucson Az 85723 2. Contractor Remittance Address: All Payments By The Government To The Contractor Will Be Made In Accordance With: [x] 52.232-33, Payment By Electronic Funds Transfer System For Award Management, Or [] 52.232-36, Payment By Third Party 3. Invoices: Invoices Shall Be Submitted In Arrears: A. Quarterly [] B. Semi-annually [] C. Other [] 4. Government Invoice Address: All Invoices From The Contractor Shall Be Submitted Electronically In Accordance With Vaar Clause 852.232-72 Electronic Submission Of Payment Requests. Acknowledgment Of Amendments: The Offeror Acknowledges Receipt Of Amendments To The Solicitation Numbered And Dated As Follows: amendment No date b.2 It Contract Security Va Information And Information System Security/privacy 1. General Contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. 2. Access To Va Information And Va Information Systems A. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. B. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. C. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness. D. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor. E. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor's Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. 3. Va Information Custodial Language A. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). B. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor's Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va's Information Is Returned To The Va Or Destroyed In Accordance With Va's Sanitization Requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. C. Prior To Termination Or Completion Of This Contract, Contractor/ Subcontractor Must Not Destroy Information Received From Va, Or Gathered/ Created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. D. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. E. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed. F. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. G. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. H. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. I. The Contractor/subcontractor's Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va's Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. J. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va's Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. K. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. L. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor. 4. Information System Design And Development A. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. B. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. C. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default "program Files" Directory And Silently Install And Uninstall. D. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. E. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. F. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. G. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: (a) The Systems Of Records (sor); And (b) The Design, Development, Or Operation Work That The Contractor/ Subcontractor Is To Perform; (1) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (2) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. H. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) "operation Of A System Of Records" Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. (2) "record" Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person's Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. (3) "system Of Records" Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. I. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As "systems"), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. J. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than Days. K. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days. L. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. 5. Information System Hosting, Operation, Maintenance, Or Use A. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerablity Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor's Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cor And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va's Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. B. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. C. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor's Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government- Owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. D. The Contractor/subcontractor's System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va's Poa&m Management Process. The Contractor/subcontractor Must Use Va's Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/ Subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re- Authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. E. The Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cor. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. F. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/ Subcontractor-owned Equipment Or Software On Va's Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe. G. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/ Subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. H. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) Vendor Must Accept The System Without The Drive; (2) Va's Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then; (a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. 6. Security Incident Investigation A. The Term "security Incident" Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/ Subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/ Subcontractor Has Access. B. To The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. C. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. D. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. 7. Liquidated Damages For Data Breach A. Consistent With The Requirements Of 38 U.s.c. 5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. B. The Contractor/subcontractor Shall Provide Notice To Va Of A "security Incident" As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. C. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access); (2) Description Of The Event, Including: (a) Date Of Occurrence; (b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code; (3) Number Of Individuals Affected Or Potentially Affected; (4) Names Of Individuals Or Groups Affected Or Potentially Affected; (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text; (6) Amount Of Time The Data Has Been Out Of Va Control; (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Sensitive Personal Information, If Any; (9) Assessment Of The Potential Harm To The Affected Individuals; (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. D. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: (1) Notification; (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports; (3) Data Breach Analysis; (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution; (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. 8. Security Controls Compliance Testing On A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day's Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. 9. Training A. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems: (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems; (2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training; (3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And (4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document - E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.] B. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. C. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete. (end Of Clause) b.3 Price/cost Schedule item Information item Number description Of Supplies/services quantity unit unit Price amount 0001 12.00 mo __________________ __________________ equipment, Transportation: 1 Sterilizer Cleaning On A Monthly Basis For Washer 1 And Washer 2 contract Period: Base pop Begin: 02-05-2024 pop End: 02-04-2025 principal Naics Code: 811310 - Commercial And Industrial Machinery And Equipment (except Automotive And Electronic) Repair And Maintenance product/service Code: Q901 - Healthcare Environmental Cleaning grand Total __________________ b.4 Delivery Schedule item Number shipping Information quantity delivery Date 0001 ship To: department Of Veteran Affairs phoenix Va Health Care System 650 E. Indian School Rd phoenix, Az 85012 1841 usa 12.00 02/05/2024-02/04/2025 mark For: marnie Neilsen 602-277-5551 X7833 marnie.neilsen@va.gov fob: destination 36c26224q0541 page 1 Of page 35 Of 63 page 1 Of section C - Contract Clauses c.1 52.212-4 Contract Terms And Conditions Commercial Products And Commercial Services (nov 2023) (a) Inspection/acceptance. The Contractor Shall Only Tender For Acceptance Those Items That Conform To The Requirements Of This Contract. The Government Reserves The Right To Inspect Or Test Any Supplies Or Services That Have Been Tendered For Acceptance. The Government May Require Repair Or Replacement Of Nonconforming Supplies Or Reperformance Of Nonconforming Services At No Increase In Contract Price. If Repair/replacement Or Reperformance Will Not Correct The Defects Or Is Not Possible, The Government May Seek An Equitable Price Reduction Or Adequate Consideration For Acceptance Of Nonconforming Supplies Or Services. The Government Must Exercise Its Post-acceptance Rights (1) Within A Reasonable Time After The Defect Was Discovered Or Should Have Been Discovered; And (2) Before Any Substantial Change Occurs In The Condition Of The Item, Unless The Change Is Due To The Defect In The Item. (b) Assignment. The Contractor Or Its Assignee May Assign Its Rights To Receive Payment Due As A Result Of Performance Of This Contract To A Bank, Trust Company, Or Other Financing Institution, Including Any Federal Lending Agency In Accordance With The Assignment Of Claims Act (31 U.s.c. 3727). However, When A Third Party Makes Payment (e.g., Use Of The Governmentwide Commercial Purchase Card), The Contractor May Not Assign Its Rights To Receive Payment Under This Contract. (c) Changes. Changes In The Terms And Conditions Of This Contract May Be Made Only By Written Agreement Of The Parties. (d) Disputes. This Contract Is Subject To 41 U.s.c. Chapter 71, Contract Disputes. Failure Of The Parties To This Contract To Reach Agreement On Any Request For Equitable Adjustment, Claim, Appeal Or Action Arising Under Or Relating To This Contract Shall Be A Dispute To Be Resolved In Accordance With The Clause At Federal Acquisition Regulation (far) 52.233-1, Disputes, Which Is Incorporated Herein By Reference. The Contractor Shall Proceed Diligently With Performance Of This Contract, Pending Final Resolution Of Any Dispute Arising Under The Contract. (e) Definitions. The Clause At Far 52.202-1, Definitions, Is Incorporated Herein By Reference. (f) Excusable Delays. The Contractor Shall Be Liable For Default Unless Nonperformance Is Caused By An Occurrence Beyond The Reasonable Control Of The Contractor And Without Its Fault Or Negligence Such As, Acts Of God Or The Public Enemy, Acts Of The Government In Either Its Sovereign Or Contractual Capacity, Fires, Floods, Epidemics, Quarantine Restrictions, Strikes, Unusually Severe Weather, And Delays Of Common Carriers. The Contractor Shall Notify The Contracting Officer In Writing As Soon As It Is Reasonably Possible After The Commencement Of Any Excusable Delay, Setting Forth The Full Particulars In Connection Therewith, Shall Remedy Such Occurrence With All Reasonable Dispatch, And Shall Promptly Give Written Notice To The Contracting Officer Of The Cessation Of Such Occurrence. (g) Invoice. (1) The Contractor Shall Submit An Original Invoice And Three Copies (or Electronic Invoice, If Authorized) To The Address Designated In The Contract To Receive Invoices. An Invoice Must Include (i) Name And Address Of The Contractor; (ii) Invoice Date And Number; (iii) Contract Number, Line Item Number And, If Applicable, The Order Number; (iv) Description, Quantity, Unit Of Measure, Unit Price And Extended Price Of The Items Delivered; (v) Shipping Number And Date Of Shipment, Including The Bill Of Lading Number And Weight Of Shipment If Shipped On Government Bill Of Lading; (vi) Terms Of Any Discount For Prompt Payment Offered; (vii) Name And Address Of Official To Whom Payment Is To Be Sent; (viii) Name, Title, And Phone Number Of Person To Notify In Event Of Defective Invoice; And (ix) Taxpayer Identification Number (tin). The Contractor Shall Include Its Tin On The Invoice Only If Required Elsewhere In This Contract. (x) Electronic Funds Transfer (eft) Banking Information. (a) The Contractor Shall Include Eft Banking Information On The Invoice Only If Required Elsewhere In This Contract. (b) If Eft Banking Information Is Not Required To Be On The Invoice, In Order For The Invoice To Be A Proper Invoice, The Contractor Shall Have Submitted Correct Eft Banking Information In Accordance With The Applicable Solicitation Provision, Contract Clause (e.g., 52.232-33, Payment By Electronic Funds Transfer System For Award Management, Or 52.232-34, Payment By Electronic Funds Transfer Other Than System For Award Management), Or Applicable Agency Procedures. (c) Eft Banking Information Is Not Required If The Government Waived The Requirement To Pay By Eft. (2) Invoices Will Be Handled In Accordance With The Prompt Payment Act (31 U.s.c. 3903) And Office Of Management And Budget (omb) Prompt Payment Regulations At 5 Cfr Part 1315. (h) Patent Indemnity. The Contractor Shall Indemnify The Government And Its Officers, Employees And Agents Against Liability, Including Costs, For Actual Or Alleged Direct Or Contributory Infringement Of, Or Inducement To Infringe, Any United States Or Foreign Patent, Trademark Or Copyright, Arising Out Of The Performance Of This Contract, Provided The Contractor Is Reasonably Notified Of Such Claims And Proceedings. (i) Payment. (1) Items Accepted. Payment Shall Be Made For Items Accepted By The Government That Have Been Delivered To The Delivery Destinations Set Forth In This Contract. (2) Prompt Payment. The Government Will Make Payment In Accordance With The Prompt Payment Act (31 U.s.c. 3903) And Prompt Payment Regulations At 5 Cfr Part 1315. (3) Electronic Funds Transfer (eft). If The Government Makes Payment By Eft, See 52.212-5(b) For The Appropriate Eft Clause. (4) Discount. In Connection With Any Discount Offered For Early Payment, Time Shall Be Computed From The Date Of The Invoice. For The Purpose Of Computing The Discount Earned, Payment Shall Be Considered To Have Been Made On The Date Which Appears On The Payment Check Or The Specified Payment Date If An Electronic Funds Transfer Payment Is Made. (5) Overpayments. If The Contractor Becomes Aware Of A Duplicate Contract Financing Or Invoice Payment Or That The Government Has Otherwise Overpaid On A Contract Financing Or Invoice Payment, The Contractor Shall (i) Remit The Overpayment Amount To The Payment Office Cited In The Contract Along With A Description Of The Overpayment Including The (a) Circumstances Of The Overpayment (e.g., Duplicate Payment, Erroneous Payment, Liquidation Errors, Date(s) Of Overpayment); (b) Affected Contract Number And Delivery Order Number, If Applicable; (c) Affected Line Item Or Subline Item, If Applicable; And (d) Contractor Point Of Contact. (ii) Provide A Copy Of The Remittance And Supporting Documentation To The Contracting Officer. (6) Interest. (i) All Amounts That Become Payable By The Contractor To The Government Under This Contract Shall Bear Simple Interest From The Date Due Until Paid Unless Paid Within 30 Days Of Becoming Due. The Interest Rate Shall Be The Interest Rate Established By The Secretary Of The Treasury As Provided In 41 U.s.c. 7109, Which Is Applicable To The Period In Which The Amount Becomes Due, As Provided In (i)(6)(v) Of This Clause, And Then At The Rate Applicable For Each Six-month Period As Fixed By The Secretary Until The Amount Is Paid. (ii) The Government May Issue A Demand For Payment To The Contractor Upon Finding A Debt Is Due Under The Contract. (iii) Final Decisions. The Contracting Officer Will Issue A Final Decision As Required By 33.211 If (a) The Contracting Officer And The Contractor Are Unable To Reach Agreement On The Existence Or Amount Of A Debt Within 30 Days; (b) The Contractor Fails To Liquidate A Debt Previously Demanded By The Contracting Officer Within The Timeline Specified In The Demand For Payment Unless The Amounts Were Not Repaid Because The Contractor Has Requested An Installment Payment Agreement; Or (c) The Contractor Requests A Deferment Of Collection On A Debt Previously Demanded By The Contracting Officer (see 32.607-2). (iv) If A Demand For Payment Was Previously Issued For The Debt, The Demand For Payment Included In The Final Decision Shall Identify The Same Due Date As The Original Demand For Payment. (v) Amounts Shall Be Due At The Earliest Of The Following Dates: (a) The Date Fixed Under This Contract. (b) The Date Of The First Written Demand For Payment, Including Any Demand For Payment Resulting From A Default Termination. (vi) The Interest Charge Shall Be Computed For The Actual Number Of Calendar Days Involved Beginning On The Due Date And Ending On (a) The Date On Which The Designated Office Receives Payment From The Contractor; (b) The Date Of Issuance Of A Government Check To The Contractor From Which An Amount Otherwise Payable Has Been Withheld As A Credit Against The Contract Debt; Or (c) The Date On Which An Amount Withheld And Applied To The Contract Debt Would Otherwise Have Become Payable To The Contractor. (vii) The Interest Charge Made Under This Clause May Be Reduced Under The Procedures Prescribed In Far 32.608-2 In Effect On The Date Of This Contract. (j) Risk Of Loss. Unless The Contract Specifically Provides Otherwise, Risk Of Loss Or Damage To The Supplies Provided Under This Contract Shall Remain With The Contractor Until, And Shall Pass To The Government Upon: (1) Delivery Of The Supplies To A Carrier, If Transportation Is F.o.b. Origin; Or (2) Delivery Of The Supplies To The Government At The Destination Specified In The Contract, If Transportation Is F.o.b. Destination. (k) Taxes. The Contract Price Includes All Applicable Federal, State, And Local Taxes And Duties. (l) Termination For The Government's Convenience. The Government Reserves The Right To Terminate This Contract, Or Any Part Hereof, For Its Sole Convenience. In The Event Of Such Termination, The Contractor Shall Immediately Stop All Work Hereunder And Shall Immediately Cause Any And All Of Its Suppliers And Subcontractors To Cease Work. Subject To The Terms Of This Contract, The Contractor Shall Be Paid A Percentage Of The Contract Price Reflecting The Percentage Of The Work Performed Prior To The Notice Of Termination, Plus Reasonable Charges The Contractor Can Demonstrate To The Satisfaction Of The Government Using Its Standard Record Keeping System, Have Resulted From The Termination. The Contractor Shall Not Be Required To Comply With The Cost Accounting Standards Or Contract Cost Principles For This Purpose. This Paragraph Does Not Give The Government Any Right To Audit The Contractor's Records. The Contractor Shall Not Be Paid For Any Work Performed Or Costs Incurred Which Reasonably Could Have Been Avoided. (m) Termination For Cause. The Government May Terminate This Contract, Or Any Part Hereof, For Cause In The Event Of Any Default By The Contractor, Or If The Contractor Fails To Comply With Any Contract Terms And Conditions, Or Fails To Provide The Government, Upon Request, With Adequate Assurances Of Future Performance. In The Event Of Termination For Cause, The Government Shall Not Be Liable To The Contractor For Any Amount For Supplies Or Services Not Accepted, And The Contractor Shall Be Liable To The Government For Any And All Rights And Remedies Provided By Law. If It Is Determined That The Government Improperly Terminated This Contract For Default, Such Termination Shall Be Deemed A Termination For Convenience. (n) Title. Unless Specified Elsewhere In This Contract, Title To Items Furnished Under This Contract Shall Pass To The Government Upon Acceptance, Regardless Of When Or Where The Government Takes Physical Possession. (o) Warranty. The Contractor Warrants And Implies That The Items Delivered Hereunder Are Merchantable And Fit For Use For The Particular Purpose Described In This Contract. (p) Limitation Of Liability. Except As Otherwise Provided By An Express Warranty, The Contractor Will Not Be Liable To The Government For Consequential Damages Resulting From Any Defect Or Deficiencies In Accepted Items. (q) Other Compliances. The Contractor Shall Comply With All Applicable Federal, State And Local Laws, Executive Orders, Rules And Regulations Applicable To Its Performance Under This Contract. (r) Compliance With Laws Unique To Government Contracts. The Contractor Agrees To Comply With 31 U.s.c. 1352 Relating To Limitations On The Use Of Appropriated Funds To Influence Certain Federal Contracts; 18 U.s.c. 431 Relating To Officials Not To Benefit; 40 U.s.c. Chapter 37, Contract Work Hours And Safety Standards; 41 U.s.c. Chapter 87, Kickbacks; 49 U.s.c. 40118, Fly American; And 41 U.s.c. Chapter 21 Relating To Procurement Integrity. (s) Order Of Precedence. Any Inconsistencies In This Solicitation Or Contract Shall Be Resolved By Giving Precedence In The Following Order: (1) The Schedule Of Supplies/services. (2) The Assignments, Disputes, Payments, Invoice, Other Compliances, Compliance With Laws Unique To Government Contracts, And Unauthorized Obligations Paragraphs Of This Clause; (3) The Clause At 52.212-5. (4) Addenda To This Solicitation Or Contract, Including Any License Agreements For Computer Software. (5) Solicitation Provisions If This Is A Solicitation. (6) Other Paragraphs Of This Clause. (7) The Standard Form 1449. (8) Other Documents, Exhibits, And Attachments (9) The Specification. (t) [reserved] (u) Unauthorized Obligations. (1) Except As Stated In Paragraph (u)(2) Of This Clause, When Any Supply Or Service Acquired Under This Contract Is Subject To Any End User License Agreement (eula), Terms Of Service (tos), Or Similar Legal Instrument Or Agreement, That Includes Any Clause Requiring The Government To Indemnify The Contractor Or Any Person Or Entity For Damages, Costs, Fees, Or Any Other Loss Or Liability That Would Create An Anti-deficiency Act Violation (31 U.s.c. 1341), The Following Shall Govern: (i) Any Such Clause Is Unenforceable Against The Government. (ii) Neither The Government Nor Any Government Authorized End User Shall Be Deemed To Have Agreed To Such Clause By Virtue Of It Appearing In The Eula, Tos, Or Similar Legal Instrument Or Agreement. If The Eula, Tos, Or Similar Legal Instrument Or Agreement Is Invoked Through An I Agree Click Box Or Other Comparable Mechanism (e.g., Click-wrap Or Browse-wrap Agreements), Execution Does Not Bind The Government Or Any Government Authorized End User To Such Clause. (iii) Any Such Clause Is Deemed To Be Stricken From The Eula, Tos, Or Similar Legal Instrument Or Agreement. (2) Paragraph (u)(1) Of This Clause Does Not Apply To Indemnification By The Government That Is Expressly Authorized By Statute And Specifically Authorized Under Applicable Agency Regulations And Procedures. (v) Incorporation By Reference. The Contractor S Representations And Certifications, Including Those Completed Electronically Via The System For Award Management (sam), Are Incorporated By Reference Into The Contract. (end Of Clause) section D - Contract Documents, Exhibits, Or Attachments general Objectives And Requirement purpose: The Phoenix Va Health Care System (agency) Requires A Service Contract To Have The Sterile Processing Service For Washer #1 And #2 And Sterilizers Cleaned Monthly Due To Build Up That Causes Particles In Sterile Trays That Are Needed For Surgeries And Direct Patient Care. background for Several Months Sterile Processing Service Department Found Foreign Objects In Surgical And Operating Handpieces And Instrument Trays. In Order To Maintain A Sterile Environment, The Washer-sterilizers Need To Be Professorially Cleaned. scope monthly Cleaning Of Washer-sterilizer #1 And #2 Located In Building 1, Room 1426. the Contractor Shall Provide All Parts, Travel, And Labor. the Contractor Shall Coordinate All Services With The Contracting Officer S Representative. the Contractor Shall Provide One-week Notice Prior To Coming On Site To Perform Services. the Contractor Shall Check-in And Check-out With The Sterile Processing Service Located In Building 1, Room 1403. the Contractor Shall Verify All Equipment Was Serviced Is Functional Before Leaving The Medical Facility. the Contractor Shall Deliver A Hard Copy Or Electronic Copy Of A Field Service Report That Delineates The Service Performed And Results To Cor. the Contract Shall Provide For The Addition And/or Removal Of Equipment And/or Services. deliverables filed Service Reports (fsr) Shall Be Provided For All Service Activities And Shall Contain The Following Information: date(s) And Time Period Of Service. complete Description Of Equipment Serviced Including Model Number And Serial Number. complete Description Of Equipment Services Performed. the Contractor Shall Submit A Copy Of The Fsr To The Cor risk Control n/a performance Monitoring The Agency Shall Oversee Work Done By The Vendor And Accept The Quality Of Work As Appropriate. other Pertinent Information Or Special Considerations inspection And Acceptance Criteria: The Agency Shall Sign Off On The Work Completed If Service Is Determined To Be Satisfactory. the Agency Shall Provide Utilities Necessary For Contractor Equipment Used Under This Contract. the Agency Shall Provide Physical Access To The Equipment. the Agency And Contractor Will Coordinate Date And Time When Contract Is Awarded. place Of Performance phoenix Va Health Care System. 650 E. Indian School Road phoenix, Az 85012 period Of Performance 02/05/2024 02/04/2025 security in Reference To Vha Handbook 6500.6 Appendix A, Block 6, The Service Included In This Contract Does Not Involve Connection Of It Devices To A Va Network. Therefore, C&a, Sap, & The Following From Appendix C Do Not Apply. in Reference To Vha Handbook 6500.6 Appendix A, Block 7, Service Does Not Involve Storing, Generating, Transmitting, Or Exchanging Va Sensitive Information. the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws, Regulations, Standards, And Va Directives And Handbooks Regarding Information Protection, Patient Privacy, And Information System Security As Delineated In This Contract. during Contract Performance, Contractor Will Not Require Physical Access To Va Facility, Equipment, Information Systems, Or Sensitive Data; To Provide Services, Install, Train, Maintain Or Repair Equipment. all Contracted Personnel Requiring Access To Va Facilities More Than Two Consecutive Days, Must Complete Vha Privacy Training, Course Va10203. All Service Agents Having Access To Protected Health Information (phi) In The Performance Of Their Official Duties Or Have Access To Va Systems (e.g. Cprs Or Vista Web) Must Provide Proof Of Training Upon Request. Va Privacy Training Is Available From The Tms Website At: Https://www.tms.va.gov. all Hard Drives Or Other Data Storage Devices Will Be Removed, And If Done On-site Will Be Purged Of Data, Prior To Contractor Access. upon Arrival At The Facility, All Contractor Personnel Shall Check-in With A Valid Driver License Or Company Id To The Sterile Processing Service Located In Building 1, Room 1403 During Normal Business Hours Monday Friday Local Time, Excluding Holidays, (holidays Work Schedules And Pay (opm.gov). Prior To Conducting Services, The Contractor Shall Be Issued A Visitor S Badge Which Shall Be Worn Above The Waist During The Contractor S Visit. the Contractor Shall Return To The Same Location To Sign Out And Turn-in Issued Visitors Badge Along With The Documented Service Report For The Service Performed. photography Is Prohibited At The Phoenix Va Health Care System. 36c26224q0541 page 1 Of page 63 Of 63 page 1 Of

Details: Description Sources Sought Rfi # 36c24824q0883 page 1 Of 29 this Is A Sources Sought Announcement Only. It Is Neither A Solicitation Announcement Nor A Request For Proposal Or Quotes And Does Not Obligate The Government Toward A Contract. The Purpose Of This Synopsis Is To Gain Knowledge Of Potential Qualified Sources And Their Size Classification To Include Large And Small Business As Well As The Following: (service Disabled Owned, Veteran Owned Small Business, Hub Zone, 8(a), Small Disadvantaged, Women Owned, Small) Relative To 541519, Other Computer Related Services (business Size Standard $34.0 Million). Responses To This Synopsis Will Be Used By The Government To Make Appropriate Acquisition Decisions. After Review Of The Responses To This Sources Sought Synopsis, A Solicitation Announcement May Be Published In Beta.sam.gov, Also Known As Contract Opportunities. Responses To This Sources Sought Synopsis Are Not Considered Adequate Responses To The Solicitation Announcement. All Interested Offerors Will Have To Respond To The Solicitation Announcement In Order To Be Considered. the Department Of Veterans Affairs, James A. Haley Veterans Hospital (jahvh), Seeks Sources To Provide A Service Agreement For Brainlab Elements For The Radiation Oncology Service. The Radiation Oncology Service Has Two New Linacs: A True Beam Stx And A Cyberknife. These Linacs Have Two Components: Varian And Brainlab. These Items Are Needed To Support The Operation Of Both Linacs And The Exactrac Patient Position System. The Contractor Shall Provide Brainlab Brand Name Or Equal Support For The Hardware And Application Support Package Exactrac X-ray And The Hardware Support Package Frameless Srs. Best Commercial Practices Shall Be Applied In The Performance Of Work. All Work Shall Be Completed Per Approved And Accepted Industry Standards Throughout The Duration Of The Contract. The Contractor Shall Furnish All Labor, Transportation, Supplies, And Equipment. if You Are Interested, And Can Provide The Required Services, Please Provide The Requested Information As Indicated Below. Responses To This Notice Should Include Company Name, Address, Point Of Contact, Uei# Number, And Size Of Business Pursuant To The Following Questions: 1. Is Your Business Small? 2. If Small, Does Your Firm Qualify As A Small, Emerging Business, Or Small Disadvantaged Business? 3. Is Your Firm A Certified Service-disabled Veteran Owned Small Business? 4. Is Your Firm A Veteran Owned Small Business? 5. Is Your Firm A Women Owned Small Business? 6. Are You Located In Hillsborough County? 7. Is Your Business A Non-profit Organization? please List In Your Response A Summary Of Your Company S Capabilities And Ability To Provide Services For The Jahvh. Please Provide The Information Via Electronic Transmission To Walida.mooresaintil@va.gov No Later Than (nlt) Wednesday, May 1, 2024, @ 15:00 Pm Est. no Reimbursement Will Be Made For Any Costs Associated With Providing Information In Response To This Announcement. Any Further Information Submitted By Respondents To This Notice Is Strictly Voluntary. Requests For Solicitation Will Not Receive A Response As A Solicitation Is Not Currently Available. If A Solicitation Is Issued, It Will Be Announced At A Later Date, And All Interested Parties Must Respond To That Solicitation Announcement Separately Form The Response To This Announcement. Responses To This Sources Sought Is Not A Request To Be Added To Prospective Bidders List Or To Receive A Copy Of The Solicitation. responses Must Be Received In Writing Wednesday, May 1, 2024 @ 15:00 Pm Est page 29 Of 29 1. Statement Of Need â  background: The Department Of Veterans Affairs, James A. Haley Veterans Hospital (jahvh), Seeks Sources To Provide A Service Agreement For Brainlab Elements For The Radiation Oncology Service. The Radiation Oncology Service Has Two New Linacs: A True Beam Stx And A Cyberknife. These Linacs Have Two Components: Varian And Brainlab. These Items Are Needed To Support The Operation Of Both Linacs And The Exactrac Patient Position System. â  scope Of Work: The Contractor Shall Provide Brainlab Brand Name Or Equal Support For The Hardware And Application Support Package Exactrac X-ray And The Hardware Support Package Frameless Srs. item Number description Of Supplies/services quantity unit unit Price amount 0001 12.00 mo __________________ __________________ elements Server (x2) And Exactrac System #1 contract Period: Base principal Naics Code: 541519 - Other Computer Related Services product/service Code: R499 - Support - Professional: Other local Stock Number: Qn-jahvah-wti-259 system Id/mf Part Numbers C10265 Qty: 2; 81024-91 Qty: 2; 81025-27 Qty: 2; 81025-20 Qty: 2; 81025-21 Qty: 2; 81025-30 Qty: 1; 81025-23 Qty: 2; 81025-22 Qty: 2; 81024-97 Qty: 1; 81025-12 Qty: 1; 81025-27 Qty: 1; 1001 12.00 mo __________________ __________________ elements Server (x2) And Exactrac System #1. contract Period: Option 1 principal Naics Code: 541519 - Other Computer Related Services product/service Code: R499 - Support - Professional: Other local Stock Number: Qn-jahvah-wti-259 system Id/mf Part Numbers C10265 Qty: 2; 81024-91 Qty: 2; 81025-27 Qty: 2; 81025-20 Qty: 2; 81025-21 Qty: 2; 81025-30 Qty: 1; 81025-23 Qty: 2; 81025-22 Qty: 2; 81024-97 Qty: 1; 81025-12 Qty: 1; 81025-27 Qty: 1; 2001 12.00 mo __________________ __________________ elements Server (x2) And Exactrac System #1. contract Period: Option 2 principal Naics Code: 541519 - Other Computer Related Services product/service Code: R499 - Support - Professional: Other local Stock Number: Qn-jahvah-wti-259 system Id/mf Part Numbers C10265 Qty: 2; 81024-91 Qty: 2; 81025-27 Qty: 2; 81025-20 Qty: 2; 81025-21 Qty: 2; 81025-30 Qty: 1; 81025-23 Qty: 2; 81025-22 Qty: 2; 81024-97 Qty: 1; 81025-12 Qty: 1; 81025-27 Qty: 1; 3001 12.00 mo __________________ __________________ elements Server (x2) And Exactrac System #1. contract Period: Option 3 principal Naics Code: 541519 - Other Computer Related Services product/service Code: R499 - Support - Professional: Other local Stock Number: Qn-jahvah-wti-259 system Id/mf Part Numbers C10265 Qty: 2; 81024-91 Qty: 2; 81025-27 Qty: 2; 81025-20 Qty: 2; 81025-21 Qty: 2; 81025-30 Qty: 1; 81025-23 Qty: 2; 81025-22 Qty: 2; 81024-97 Qty: 1; 81025-12 Qty: 1; 81025-27 Qty: 1; 4001 12.00 mo __________________ __________________ Elements Server (x2) And Exactrac System #1. contract Period: Option 4 principal Naics Code: 541519 - Other Computer Related Services product/service Code: R499 - Support - Professional: Other local Stock Number: Qn-jahvah-wti-259 system Id/mf Part Numbers C10265 Qty: 2; 81024-91 Qty: 2; 81025-27 Qty: 2; 81025-20 Qty: 2; 81025-21 Qty: 2; 81025-30 Qty: 1; 81025-23 Qty: 2; 81025-22 Qty: 2; 81024-97 Qty: 1; 81025-12 Qty: 1; 81025-27 Qty: 1; grand Total __________________ contractor Shall Provide Hardware And Application Support Package For Exactrac X-ray And Frameless Srs. Remote Applications Support Monday Friday 8am 5pm Est. 24x7 Website Access For Customer Download Of Information 15- 30-minute Initial Response Monday Friday 8am 5pm Est firm Ware Updates As Upon New Releases Of Software maintenance And Repair To Include Parts And Labor (not Including Negligence) 24/48 Loaner At No Additional Charge (subject To Availability Of Stock) one (1) Annual Onsite Manufacturer Preventative Maintenance Schedule performance Period: Base Plus 4 Option Years. government Responsibilities: Government Is Responsible For Completing Deployment And Education Training Provided By The Contractor. contractor Responsibilities: The Contractor Is Responsible For Hardware And Software Application Support. 2. Special Work Requirements: hours: Services Shall Be Performed According To Specifications Of Government Point Of Contact And Cor. The Regular Work Hours Four This Facility Is Monday Through Friday 0800am To 5:00pm (est). special Instruction: The Contractor's Representative Will Schedule All Work With The Bio Medical Engineering Department. Contractor Shall Drop Off All Service Reports To The Bio Medical Engineering Department Detailing The Work Performed. Failure To Drop Off Service Reports May Delay Contractor Payment. All Contractor Personnel (without Exception) Must Report To The Engineering Department, Msdu (room Gc-003), To Sign In And Receive A Contractor Identification Badge Before Any Work Is Performed And Return To The Same Location To Sign Out And Turn-in Said Badge Along With The Documented. Service Report For The Service Performed. Noncontract Charges: The Contractor Shall Not Perform Any Service That Will Result In Additional Charges Without Prior Approval From The Contracting Officer. property Damage: The Contractor Shall Take All Necessary Precautions To Prevent Damage To Any Government Property And Will Notify The Contracting Officer Immediately If Damages Occur. The Contracting Officer Will Authorize The Contractor To Remedy The Situation In One Of The Following Ways: Be Assessed Current Replacement Costs For Damaged Property, Replace Damaged Property In A Timely Manner, Or Correct The Damages With Like Materials At No Additional Cost. identification, Parking, Smoking, And Va Regulations: the Contractor Will Need To Acquire A Badge For Each Worker And Ensure That The Badge Be Always Worn In A Visible Location On The Worker While On The Premises Of The Va Property. It Is The Responsibility Of The Contractor To Park In The Appropriate Designated Parking Areas. Information On Parking Is Available From The Va Police. The Va Will Not Invalidate Or Make Reimbursement For Parking Violations Of The Contractor Under Any Conditions. Smoking Is Prohibited Inside Any Buildings At The Va. Possession Of Weapons Is Prohibited. Enclosed Containers, Including Tool Kits, Shall Be Subject To Search. Violations Of Va Regulations May Result In A Citation Answerable In The United States Dis Trict Court. documentation: All Service Documentation Must Contain: date And Time Of The Contractors' Arrival On Station type, Model, And Serial Number(s) Of All Equipment On Which Service Was Performed. total Time Of Performance Period, Excluding Travel Time detailed Narrative Description Of Reason For Service Performed To Include Reported Problem And Cause Of Problem (when Applicable) complete List Of Parts Replaced (when Applicable) date And Time Equipment Was Returned To Serviceability. infection Control: There Is A Potential For Exposure To Blood Borne Or Other Infectious Material With Equipment Throughout The Hospital. All Contractor Personnel Are Cautioned And Must Use "universal Precautions" (i.e., Hand Washing, Wearing Protective Gloves, Aprons, And Goggles, Etc.) As Appropriate During The Performance Of This Contract. personnel Qualifications: Contractor Personnel Performing Under This Contract Will Be Fully Qualified And Competent For The Equipment To Be Performed. Service Quality: All Services Provided In This Contract Must Meet Manufacturers' Performance And Technical Specifications, Federal Regulations, Va Regulations, And Meet The Requirements Of The Joint Commission And Life Safety Code. The Contractor Shall Document All Maintenance And Provide Said Documentation To The Cor Upon Completion Of Each Service Action. with Sensitive Data And Training va Information And Information System Security/privacy Language Access To Va Information And Va Information Systems: a. Contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security. b. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order. c. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures. d. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination. contractor Personnel Security Requirements: all Contractor Employees Who Require Access To The Department Of Veterans Affairs Computer Systems Shall Be The Subject Of A Background Investigation And Must Receive A Favorable Adjudication From The Va Office Of Security And Law Enforcement Prior To Contract Performance. This Requirement Is Applicable To All Subcontractor Personnel Requiring The Same Access. If The Investigation Is Not Completed Prior To The Start Date Of The Contract The Contractor Will Be Responsible For The Actions Of Those Individuals That Provide Or Perform Work For The Va. 1. Position Sensitivity The Position Sensitivity Has Been Designated As (low) Risk. 2. Background Investigation The Level Of Background Investigation Commensurate With The Required Level Of Access Is National Agency Check (naci) With Written Inquiries. 3. Contractor Responsibilities a. The Contractor Shall Bear The Expense Of Obtaining Background Investigations. If The Investigation Is Conducted By The Office Of Personnel Management (opm), The Contractor Shall Reimburse The Va Within 30 Days. the Web Site Which Provides Information On The Cost Of The Security Investigation Is: www.opm.gov\extra\investigate Select Federal Investigations Notices (fin 01-01) b. The Contractor Shall Prescreen All Personnel Requiring Access To The Computer Systems To Ensure They Maintain A U.s. Citizenship And Are Able To Read, Write, Speak, And Understand The English Language. c. The Contractor Will Provide To The Contracting Officer Prior To Award The Following: (1) List Of Names Of Contract Personnel. (2) Social Security Numbers Of Contractor Personnel. (3) Home Address Of Contractor Personnel Or The Contractor Address. the Contracting Officer Will Submit The Above Information To The Office Of Security And Law Enforcement, Washington, D.c. The Office Of Security And Law Enforcement Will Provide The Necessary Investigative Forms (these Forms Are Indicated In Paragraph 3.d. Below) To The Contractor S Personnel, Coordinate The Background Investigations With Opm And Notify The Contracting Officer And Contractor Of The Results Of The Investigation. D. The Contractor Shall Submit Or Have Their Employees Submit The Following Required Forms To The Va Office Of Security And Law Enforcement Within 30 Days Of Receipt: (i) Standard From 85p, Questionnaire For Public Trust Positions (ii) Standard Form 85p-s, Supplemental Questionnaire For Selected Positions (iii) Fd 258, U.s. Department Of Justice Fingerprint Applicant Chart (iv) Va Form 0710, Authority For Release Of Information Form (v) Optional Form 306, Declaration For Federal Employment (vi) Optional Form 612, Optional Application For Federal Employment d. The Contractor, When Notified Of An Unfavorable Determination By The Government, Shall Withdraw The Employee From Consideration From Working Under The Contract. e. Failure To Comply With The Contractor Personnel Security Requirements May Result In Termination Of The Contract For Default. va Information Custodial Language: a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1). b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct On-site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements. c. Prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract. d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract. e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed. f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12. g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.1, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship. h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated. i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request. j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response. k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above-mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response. l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor. security Incident Investigation: a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access. b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant. c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement. d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident. liquidated Damages For Data Breach: a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract. However, It Is The Policy Of The Va To Forego Collection Of Liquidated Damages In The Event The Contractor Provides Payment Of Actual Damages In An Amount Determined To Be Adequate By The Agency. b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination. c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following: (1) Nature Of The Event (loss, Theft, Unauthorized Access). (2) Description Of The Event, Including: (a)date Of Occurrence. (b)data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code. (3) Number Of Individuals Affected Or Potentially Affected. (4) Names Of Individuals Or Groups Affected Or Potentially Affected. (5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text. (6) Amount Of Time The Data Has Been Out Of Va Control. (7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons). (8) Known Misuses Of Data Containing Sensitive Personal Information, If Any. (9) Assessment Of The Potential Harm To The Affected Individuals. (10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And (11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised. d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 For Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following: (1) Notification. (2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports. (3) Data Breach Analysis. (4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution. (5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And (6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs. security Controls Compliance Testing: on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-days Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time. training: a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete Va Privacy And Information Security Awareness And Rules Of Behavior Training And Privacy And Hipaa Training And Hipaa Training Before Being Granted Access To Va Information And Its Systems. (1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Rules Of Behavior Before Being Granted Access To Va Information And Its Systems. b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required. c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete. the Certification And Accreditation (c&a) Requirements Do Not Apply, And A Security Accreditation Package Is Not Required For This Sow. *** If Applicable*** information System Design And Development a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment. b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required. c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall. d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges. e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle. f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties. g. The Contractor/subcontractor Agrees To: (1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies: (a) The Systems Of Records (sor); And (b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform. (2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And (3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor. h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency. (1) Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records. (2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph. (3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual. i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems. j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than Days. k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days. l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g., For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology. information System Hosting, Operation, Maintenance, Or Use a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation. b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii. c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks. d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary. e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost. f. Va Prohibits The Installation And Use Of Personally Owned Or Contractor/subcontractor- Owned Equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va- Approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe. g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract. h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are: (1) Vendor Must Accept The System Without The Drive. (2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or (3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase. (4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then. (a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And (b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre- Approved And Described In The Purchase Order Or Contract. (c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation. all Contractor, Pharmaceutical Company Representative (pcr), And Healthcare Industry Representatives (hir) Will Coordinate With Contracting Officer Representative For Instructions, So They Are In Compliance With James A. Haley Veterans Hospital Policies Listed On The James A. Haley Document Management Center Share Point Site: hpm No. 90-25; Healthcare Vendor Access And Competency hpm No. 132-04; Security Management Program hpm No. 132 05; Hospital Identification Program hpm No. 11-91; Pharmaceutical Company Representatives hir Are Required To Report To Msdu (room Gc-003), Immediately After Entering The Facility. Hir Will Be Required To Sign Into The Monitoring System And Print A Badge For Proper Identification. The Healthcare Industry Representatives For Nutrition And Food Services, Office Of Information And Technology, And Social Work Services Are In Included In This Policy; Vendors (hir) For Pharmacy Services Are To Follow (hpm 11-91) Policy. Hir Must Be Sponsored By A Physician, A Service Chief, Or Their Designee, For A Specified Date And A Specified Case. Hir Are Not Permitted In Patient Care Areas Or Clinics Unless A Prior Appointment Has Been Made. pharmaceutical Company Representative (pcr) Refers To Anyone Acting On Behalf Of A Pharmaceutical Company Or Its Business Partners For The Purpose Of Promoting The Use Of Items Managed Under The Va Formulary Process. These Items Primarily Include Drugs, But To A Lesser Extent Also Include Any Medical Supplies, Nutritional Supplements, And Similar Commodities Managed Under The Va Formulary Process. A. Sign-in: Pcrs May Visit Va Medical Care Facilities No Earlier Than 8:00 A.m. And Stay No Later Than 3:30 P.m., Monday Through Friday, Unless They Receive Prior Approval From Both The Chief Of The Service That They Will Be Visiting And The Chief Of Pharmacy. Representatives Visiting The Jahvh Must Sign In At The Pharmacy Administrative Office (located In Trailer 78) And Wear A Visitor S Badge As Well As Their Company S Personal Name Badge While In The Hospital. vendors: Reference Hospital Memorandum Policy Number 90-25 Healthcare Vendor Access And Competency. contractors And/or Project Managers: Will Be Issued A Piv/id Badge In Accordance With The Facility Piv Policy. Contactors Will Contact Their Assigned Va Contracting Officer Representative (cor) For Coordination. Contract Personnel/sub-contractors: Contractors Are Responsible For The Daily Accountability And Identification Of All Personnel Assigned To Their Respective Contract Including Sub-contractors. Contractors Will Identify Personnel Using The Following Procedures As Appropriate. construction Project Contract Personnel Will Report To The Contractor For Issuance Of A Temporary Self-adhesive Identification Badge. This Badge Will Be Issued On A Daily Basis And Must Include The Following Information: Company Name, Project Number, Date And Name Of Individual. Contractor Will Maintain A Daily Log Of All Personnel. contract Personnel Not Involved In An Actual Construction Project Will Report To Police Dispatch For Issuance Of A Numbered Badge. A Driver S License Or Photo Id Will Be Required Each Day Upon Entering The Facility, In Exchange For The Badge, And Will Be Given Back Once The Badge Is Returned To Police Dispatch. The Contractor Will Provide Police Service With A List Of Names For All Sub-contract Personnel Requiring Access To The Facility. It Is The Responsibility Of The Contractor To Update The List As Necessary. npr Opc; Cbocs And Off-site Lease Facilities With Va Police Staffing: As Above With Check-in With Va Police. off-site Lease Facilities W/o Va Police Staffing: Coordinate With Cor, Administrative Officer, Or Service Point Of Contact. nara Records Management Contract Language 1. Contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chess. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion. 2. In Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation. 3. In Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created While Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data. 4. James A Haley Veterans Hospital And Clinics And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of James A. Haley Veterans Hospital And Clinics Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. in The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To James A. Haley Veterans Hospital And Clinics. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. 5. The Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records, Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To James A. Haley Veterans Hospital And Clinics Control, Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). 6. The Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And James A. Haley Veterans Hospital And Clinics Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. 7. The Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With James A. Haley Veterans Hospital And Clinics Policy. 8. The Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public James A. Haley Veterans Hospital And Clinics Information That Are Not Specifically Tied To Or Authorized By The Contract. 9. The Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act. 10. The James A. Haley Veterans Hospital And Clinics Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which James A Haley Veterans Hospital And Clinics Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. 11. Training. All Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take Vha-provided Records Management Training, Talent Management System (tms) Item #3873736, Records Management For Records Officers, And Liaisons. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training. [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.] d. Flow Down Of Requirements To Subcontractors 1. The Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same. 2. Violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. records Management Obligations a.  applicability this Clause Applies To All Contractors Whose Employees Create, Work With, Or Otherwise Handle Federal Records, As Defined In Section B, Regardless Of The Medium In Which The Record Exists.   b.  definitions Federal Record As Defined In 44 U.s.c. § 3301, Includes All Recorded Information, Regardless Of Form Or Characteristics, Made Or Received By A Federal Agency Under Federal Law Or In Connection With The Transaction Of Public Business And Preserved Or Appropriate For Preservation By That Agency Or Its Legitimate Successor As Evidence Of The Organization, Functions, Policies, Decisions, Procedures, Operations, Or Other Activities Of The United States Government Or Because Of The Informational Value Of Data In Them.   the Term Federal Record: includes [agency] Records.â  does Not Include Personal Materials. applies To Records Created, Received, Or Maintained By Contractors Pursuant To Their [agency] Contract. may Include Deliverables And Documentation Associated With Deliverables. c.  requirements contractor Shall Comply With All Applicable Records Management Laws And Regulations, As Well As National Archives And Records Administration (nara) Records Policies, Including But Not Limited To The Federal Records Act (44 U.s.c. Chess. 21, 29, 31, 33), Nara Regulations At 36 Cfr Chapter Xii Subchapter B, And Those Policies Associated With The Safeguarding Of Records Covered By The Privacy Act Of 1974 (5 U.s.c. 552a). These Policies Include The Preservation Of All Records, Regardless Of Form Or Characteristics, Mode Of Transmission, Or State Of Completion.â  in Accordance With 36 Cfr 1222.32, All Data Created For Government Use And Delivered To, Or Falling Under The Legal Control Of, The Government Are Federal Records Subject To The Provisions Of 44 U.s.c. Chapters 21, 29, 31, And 33, The Freedom Of Information Act (foia) (5 U.s.c. 552), As Amended, And The Privacy Act Of 1974 (5 U.s.c. 552a), As Amended And Must Be Managed And Scheduled For Disposition Only As Permitted By Statute Or Regulation.â  in Accordance With 36 Cfr 1222.32, Contractor Shall Maintain All Records Created For Government Use Or Created In The Course Of Performing The Contract And/or Delivered To, Or Under The Legal Control Of The Government And Must Be Managed In Accordance With Federal Law. Electronic Records And Associated Metadata Must Be Accompanied By Sufficient Technical Documentation To Permit Understanding And Use Of The Records And Data.â  james A. Haley Veterans Hospital And Clinics And Its Contractors Are Responsible For Preventing The Alienation Or Unauthorized Destruction Of Records, Including All Forms Of Mutilation. Records May Not Be Removed From The Legal Custody Of James A. Haley Veterans Hospital And Clinics Or Destroyed Except For In Accordance With The Provisions Of The Agency Records Schedules And With The Written Concurrence Of The Head Of The Contracting Activity. Willful And Unlawful Destruction, Damage Or Alienation Of Federal Records Is Subject To The Fines And Penalties Imposed By 18 U.s.c. 2701. In The Event Of Any Unlawful Or Accidental Removal, Defacing, Alteration, Or Destruction Of Records, Contractor Must Report To James A. Haley Veterans Hospital And Clinics. The Agency Must Report Promptly To Nara In Accordance With 36 Cfr 1230. the Contractor Shall Immediately Notify The Appropriate Contracting Officer Upon Discovery Of Any Inadvertent Or Unauthorized Disclosures Of Information, Data, Documentary Materials, Records Or Equipment. Disclosure Of Non-public Information Is Limited To Authorized Personnel With A Need-to-know As Described In The [contract Vehicle]. The Contractor Shall Ensure That The Appropriate Personnel, Administrative, Technical, And Physical Safeguards Are Established To Ensure The Security And Confidentiality Of This Information, Data, Documentary Material, Records And/or Equipment Is Properly Protected. The Contractor Shall Not Remove Material From Government Facilities Or Systems, Or Facilities Or Systems Operated Or Maintained On The Government S Behalf, Without The Express Written Permission Of The Head Of The Contracting Activity. When Information, Data, Documentary Material, Records And/or Equipment Is No Longer Required, It Shall Be Returned To James A. Haley Veterans Hospital And Clinics Control, Or The Contractor Must Hold It Until Otherwise Directed. Items Returned To The Government Shall Be Hand Carried, Mailed, Emailed, Or Securely Electronically Transmitted To The Contracting Officer Or Address Prescribed In The [contract Vehicle]. Destruction Of Records Is Expressly Prohibited Unless In Accordance With Paragraph (4). the Contractor Is Required To Obtain The Contracting Officer's Approval Prior To Engaging In Any Contractual Relationship (sub-contractor) In Support Of This Contract Requiring The Disclosure Of Information, Documentary Material And/or Records Generated Under, Or Relating To, Contracts. The Contractor (and Any Sub-contractor) Is Required To Abide By Government And James A. Haley Veterans Hospital And Clinics Guidance For Protecting Sensitive, Proprietary Information, Classified, And Controlled Unclassified Information. the Contractor Shall Only Use Government It Equipment For Purposes Specifically Tied To Or Authorized By The Contract And In Accordance With James A. Haley Veterans Hospital And Clinics Policy.â  the Contractor Shall Not Create Or Maintain Any Records Containing Any Non-public James A. Haley Veterans Hospital And Clinics Information That Are Not Specifically Tied To Or Authorized By The Contract.â  the Contractor Shall Not Retain, Use, Sell, Or Disseminate Copies Of Any Deliverable That Contains Information Covered By The Privacy Act Of 1974 Or That Which Is Generally Protected From Public Disclosure By An Exemption To The Freedom Of Information Act.â  james A. Haley Veterans Hospital And Clinics Owns The Rights To All Data And Records Produced As Part Of This Contract. All Deliverables Under The Contract Are The Property Of The U.s. Government For Which James A. Haley Veterans Hospital And Clinics Shall Have Unlimited Rights To Use, Dispose Of, Or Disclose Such Data Contained Therein As It Determines To Be In The Public Interest. Any Contractor Rights In The Data Or Deliverables Must Be Identified As Required By Far 52.227-11 Through Far 52.227-20. training.  all Contractor Employees Assigned To This Contract Who Create, Work With, Or Otherwise Handle Records Are Required To Take James A. Haley Veterans Hospital And Clinics-provided Records Management Training. The Contractor Is Responsible For Confirming Training Has Been Completed According To Agency Policies, Including Initial Training And Any Annual Or Refresher Training.â  [note: To The Extent An Agency Requires Contractors To Complete Records Management Training, The Agency Must Provide The Training To The Contractor.]â  d.  flow Down Of Requirements To Subcontractors the Contractor Shall Incorporate The Substance Of This Clause, Its Terms And Requirements Including This Paragraph, In All Subcontracts Under This [contract Vehicle], And Require Written Subcontractor Acknowledgment Of Same.â  violation By A Subcontractor Of Any Provision Set Forth In This Clause Will Be Attributed To The Contractor. â records Management Language For Contracts | National Archives disclaimer This Rfi Is Issued Solely For Information And Planning Purposes Only And Does Not Constitute A Solicitation. All Information Received In Response To This Rfi That Is Marked As Proprietary Will Be Handled Accordingly. In Accordance With Far 15.201(e), Responses To This Notice Are Not Offers And Cannot Be Accepted By The Government To Form A Binding Contract. Responders Are Solely Responsible For All Expenses Associated With Responding To This Rfi.