Scanning Tenders
Scanning Tenders
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
Laboratory Equipment and Services
United States
Details: Sources Sought Notice
sources Sought Notice
page 5 Of 5
sources Sought Notice
*= Required Field
sources Sought Notice
page 1 Of 5
subject: Sources Sought, Microbiology Walk Away Automated Specimen Processor Or Equal For The Va Palo Alto Healthcare System (vapahcs) Located At 3801 Miranda Ave, Palo Alto, Ca 94304.
the Purpose Of This Sources Sought Is To Conduct Market Research To Support The Procurement Of A Microbiology Walk Away Automated Specimen Processor Or Equal For The Va Palo Alto Healthcare System. This Notice Serves To Survey The Market In An Attempt To Ascertain Whether Or Not Sources Are Capable Of Providing The Requested Supplies. This Notice Allows Potential Vendors To Submit A Non-binding Statement Of Interest And Documentation Demonstrating Their Capability. The Sources Sought Effort Is Intended To Assess Industry Capabilities And Develop/support The Intended Direction Of Acquisition Planning. The Network Contracting Office (nco 21) Is Requesting Responses From Qualified Business Concerns; The Qualifying Naics Code For This Effort Is 334516 Analytical Laboratory Instrument Manufacturing.
this Sources Sought Is To Gain Knowledge Of Potential Qualified Sources And Their Size Classifications (service Disabled/veteran Owned Small Business (sdvosb/vosb), Hub Zone, 8(a), Small, Small Disadvantaged, Woman Owned Small Business, Or Large Business) Relative To Naics 334516. Responses To This Notice, Will Be Used By The Government To Make Appropriate Acquisition Decisions. After Review Of The Responses To This Notice, A Solicitation Announcement May Be Published. Responses To This Notice Are Not Considered Adequate Responses To Any Corresponding Solicitation Announcement. All Interested Offerors Will Have To Respond To The Solicitation Announcement In Addition To Responding To This Notice.
background: The Department Of Veterans Affairs (va), Vanchcs Has A Requirement For A Walk-away Automated Specimen Processing Instrument Equivalent To 2.0 Ftes. The Automated Specimen Processor Will Vortex, Inoculate, Streak And Make Gram Slides For A Variety Of Specimens. Refer To Below List Of Requirements:
scope Of Work: The Automated Specimen Processor Automatically Opens And Closes Specimen Containers, Which Helps Reduce Repetitive Motion Stress For Employees. The Automated Specimen Processor Utilizes Reusable Metal Loops To Streak In Calibrated, Standardized Patterns. The Use Of Metal Loops Cuts Down On The Cost Of Disposable Loops. Gram Slides Are Automatically Prepared And Labeled By The Specimen Processor Using Permanent Inkjet Directly On The Slide To Reduce The Chance Of Patient Identification Errors. The Specimen Processor Is An On-demand System, So No Batching Of Specimens Is Required Which Helps With The Recovery Of Fastidious Organisms Such As, Haemphilus Influenzae And Neisseria Gonorrhoeae. An Lis Connection Is Used To Label Plates, Tubes And Slides To Ensure Patient Samples Are Not Mislabeled.
list Of Requirements Below Are Brand Name Or Equal :
item #
description/part Number*
qty
unit
1
wasp - Basic System W/start-up Kit / 419650
1
each
2
wasp - Urine Turning Table / 419861
1
each
3
wasp - Sort Out Carousel / 419651
1
each
4
wasp - Wasp Hepa Filter / 419652
1
each
5
wasp - Bi-directional Interface / 419653
1
each
6
wasp - Automatic Loop Change Module / 419654
1
each
7
wasp - Broth Inoculation And Kb / 410658
1
each
8
wasp - Gram Slide Prep / 419660
1
each
9
vilink Remote Connectivity (on-site) / 421070
10
wasp - Maintenance And Technical Support
instrument Requirements:
the Automated Specimen Processor Should Automatically Open And Close Specimen Containers
streak In Calibrated, Standardized Patterns
gram Slides Should Be Automatically Prepared And Clearly Labeled
specimen Processor Is An On-demand System, No Batching Of Specimens
lis Connection Required
maintenance, Training And Service:
included In The Agreement Is On-site Training Of Staff, Customer Service By Phone, Emergency And Preventative Service Repair/ Monday Friday Regular Work Hours.
operators Training Will Be Provided And All Expenses For Training Will Be Paid For By Vendor As Part Of Purchase Contract.
period Of Performance:
base Year Plus Four Option Years. Five-year Total Contract.
performance Requirements:
once A Need For Repair Is Identified, It Is Expected The Service Representative Would Arrive Within 24 Hours.
if Equipment Is Inoperable More Than 3 Working Days Replacement Will Be An Option. This Is To Avoid Extended Periods Of Equipment Down Time.
billing/invoicing Will Be Monthly Through The Tungsten Online Payment System. Late Or Inaccurate Invoicing Will Cause A Delay In Payment.
not Meeting Standards Stated Here Can Result In A Poor Performance Rating In The Va Contract Performance Assessment Reporting System (cpars). This Can Adversely Affect Future Government Contracts.
appendix B:
va Acquisition Regulation Solicitation Provision And Contract Clause
note: This Clause Will Undergo Official Rule Making By The Office Of Acquisitions And Logistics.
the Below Language Will Be Submitted For Public Review Through The Federal Register. The Final
wording Of The Clause May Be Changed From What Is Outlined Below Based On Public Review And
comment. Once Approved, The Final Language In The Clause Can Be Obtained From The Office Of
acquisitions And Logistics Programs And Policy.
1. Subpart 839.2 Information And Information Technology Security
requirements
839.201 Contract Clause For Information And Information Technology Security:
a. Due To The Threat Of Data Breach, Compromise Or Loss Of Information That Resides On
either Va-owned Or Contractor-owned Systems, And To Comply With Federal Laws And
regulations, Va Has Developed An Information And Information Technology Security Clause To
be Used When Va Sensitive Information Is Accessed, Used, Stored, Generated, Transmitted, Or
exchanged By And Between Va And A Contractor, Subcontractor Or A Third Party In Any Format
(e.g., Paper, Microfiche, Electronic Or Magnetic Portable Media).
b. In Solicitations And Contracts Where Va Sensitive Information Or Information Technology
will Be Accessed Or Utilized, The Co Shall Insert The Clause Found At 852.273-75, Security
requirements For Unclassified Information Technology Resources.
2. 852.273-75 - Security Requirements For Unclassified Information
technology Resources (interim- October 2008)
as Prescribed In 839.201, Insert The Following Clause:
the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws,
regulations, Standards, And Va Directives And Handbooks Regarding Information And
information System Security As Delineated In This Contract.
appendix C:
va Information And Information System Security/privacy Language For
inclusion Into Contracts, As Appropriate
1. General
contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be
subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks
as Va And Va Personnel Regarding Information And Information System Security.
2. Access To Va Information And Va Information Systems
a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va
information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only
to The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task
order.
b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With
va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees
or Employees Who Have Access To The Same Types Of Information. The Level And Process Of
background Security Investigations For Contractors Must Be In Accordance With Va Directive
and Handbook 0710, Personnel Suitability And Security Program. The Office For Operations,
security, And Preparedness Is Responsible For These Policies And Procedures.
c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid
security Clearance. National Industrial Security Program (nisp) Was Established By Executive
order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The
classified Information In Their Possession While Performing Work On Contracts, Programs, Bids,
or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A
memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security
clearance Must Be Processed Through The Special Security Officer Located In The Planning And
national Security Service Within The Office Of Operations, Security, And Preparedness.
d. Custom Software Development And Outsourced Operations Must Be Located In The U.s.
to The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And
are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State
where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable
by Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control,
data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor.
e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When
an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves
the Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified
immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination.
3. Va Information Custodial Language
a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance
or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In
performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall
not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause
expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data
- General, Far 52.227-14(d) (1).
b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The
contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure
va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling
must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure
that Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization
requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And
subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties,
and Destruction/media Sanitization Procedures Are In Compliance With Va Directive
requirements.
c. Prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not
destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of
performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On
behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives
and Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records
and Information Management And Its Handbook 6300.1 Records Management Procedures,
applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media
sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above
have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The
contract.
d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use,
disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And
applicable Federal And Va Information Confidentiality And Security Laws, Regulations And
policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies
become Applicable To The Va Information Or Information Systems After Execution Of The
contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After
execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The
information Confidentiality And Security Laws, Regulations And Policies In This Contract.
e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As
authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic
information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case
any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To
an Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is
complete, The Copies Must Be Appropriately Destroyed.
f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality,
privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For
cause Under Federal Acquisition Regulation (far) Part 12.
g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated
and Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business
associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information,
there Is No Business Associate Relationship.
h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information
in An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2
validated.
i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable,
shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available
upon Request.
j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For
performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information
only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent
jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All
requests For, Demands For Production Of, Or Inquiries About, Va Information And Information
systems To The Va Contracting Officer For Response.
k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va
records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records
and/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug
addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human
immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other
requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately
refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response.
l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va
sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The
contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On
a Yearly Basis And Provide It To The Cotr.
4. Information System Design And Development
a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va
facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa,
nist, And Related Va Security And Privacy Control Requirements For Federal Information
systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r.
part 164, Subpart C, Information And System Security Categorization Level Designations In
accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls
commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va
handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va
privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment.
b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully
functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core
configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or
the Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in
protected Mode On Vista) And Future Versions, As Required.
c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software
shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration.
information Technology Staff Must Also Use The Windows Installer Service For Installation To The
default Program Files Directory And Silently Install And Uninstall.
d. Applications Designed For Normal End Users Shall Run In The Standard User Context
without Elevated System Administration Privileges.
e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented
in Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In
nist Special Publication 800-37, Guide For Applying The Risk Management Framework To
federal Information Systems, Va Handbook 6500, Information Security Program And Va
handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle.
f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of
records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy
act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And
applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of
criminal And Civil Penalties.
g. The Contractor/subcontractor Agrees To:
(1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations
issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On
individuals To Accomplish An Agency Function When The Contract Specifically Identifies:
(a) The Systems Of Records (sor); And
(b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To
perform;
(2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And
resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work
statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A
sor On Individuals That Is Subject To The Privacy Act; And
(3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts
awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A
sor.
h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency
involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On
individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The
officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On
individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For
the Operation Of A Sor On Individuals To Accomplish An Agency Function, The
contractor/subcontractor Is Considered To Be An Employee Of The Agency.
(1) Operation Of A System Of Records Means Performance Of Any Of The Activities
associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And
dissemination Of Records.
(2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That
is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions,
medical
history, And Criminal Or Employment History And Contains The Person S Name, Or Identifying
number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A
fingerprint Or Voiceprint, Or A Photograph.
(3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency
from Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number,
symbol, Or Other Identifying Particular Assigned To The Individual.
i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And
technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout
the Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes,
but Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components
(hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security
vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating
systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact
the Systems.
j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful
exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The
confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such
issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than ____ Days.
k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os
patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has
been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is
responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes
within ____ Days.
l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely
manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This
paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The
contracting Officer And The Va Assistant Secretary For Office Of Information And Technology.
5. Information System Hosting, Operation, Maintenance, Or Use
a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va
at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For
ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And
privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments,
routine Vulnerability Scanning, System Patching And Change Management Procedures, And The
completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security
control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A
privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va
privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network
involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation.
b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of
personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In
place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The
information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be
assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or
inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior
to The Collection Of Pii.
c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or
network Operations, Telecommunications Services, Or Other Managed Services Requires
certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance
with Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification
program Office. Government-owned (government Facility Or Government Equipment)
contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums
of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types
are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems
connected To Va Networks.
d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist
standards Related To The Annual Fisma Security Controls Assessment And Review And Update
the Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va
contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The
contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial
actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices,
and The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The
timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To
periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector
general. The Physical Security Aspects Associated With Contractor/subcontractor Activities
must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May
affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be
reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing
and Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The
certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary.
e. The Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems
and Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment
must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An
assessment Using Government Personnel Or Another Contractor/subcontractor. The
contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The
contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No
additional Cost.
f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/sub-contractor Owned
equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To
fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or
contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must
be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The
equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av)
software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va Approved
configuration. Software Must Be Kept Current, Including All Critical Updates And
patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral
software And The Firewall On The Non-va Owned Oe.
g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment
that Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va
handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The
contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any
person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard
drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That
contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The
contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1
requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract.
h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives,
optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End
of Lease, For Trade-in, Or Other Purposes. The Options Are:
(1) Vendor Must Accept The System Without The Drive;
(2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In
place Of The Original Drive At Time Of Turn-in; Or
(3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement
cost At Time Of Purchase.
(4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software
associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard
drive, Then;
(a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has
sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned
physically Intact; And
(b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest
extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To
patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting
technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Preapproved
and Described In The Purchase Order Or Contract.
(c) A Statement Needs To Be Signed By The Director (system Owner) That States That The
drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed.
the Iso Needs To Maintain The Documentation.
6. Security Incident Investigation
a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In
unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action
that Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify
the Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any
known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive
information, Including That Contained In System(s) To Which The Contractor/subcontractor Has
access.
b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S
notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident
(including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or
compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant.
c. With Respect To Unsecured Protected Health Information, The Business Associate Is
deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have
known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify
the Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The
executed Business Associate Agreement.
d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor
must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of
jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its
employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law
enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible
criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall
cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive
relief Against Any Third Party Arising From, Or Related To, The Incident.
7. Liquidated Damages For Data Breach
a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To
sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In
the Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor
processes Or Maintains Under This Contract.
b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set
forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must
secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk
analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For
the Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The
term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other
than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal
information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The
confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity
performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And
grounds For Contract Termination.
c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach,
including The Following:
(1) Nature Of The Event (loss, Theft, Unauthorized Access);
(2) Description Of The Event, Including:
(a) Date Of Occurrence;
(b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number,
date Of Birth, Home Address, Account Number, Disability Code;
(3) Number Of Individuals Affected Or Potentially Affected;
(4) Names Of Individuals Or Groups Affected Or Potentially Affected;
(5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The
degree Of Protection For The Data, E.g., Unencrypted, Plain Text;
(6) Amount Of Time The Data Has Been Out Of Va Control;
(7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised
(made Accessible To And Usable By Unauthorized Persons);
(8) Known Misuses Of Data Containing Sensitive Personal Information, If Any;
(9) Assessment Of The Potential Harm To The Affected Individuals;
(10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And
privacy Incidents, As Appropriate; And
(11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating
the Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been
compromised.
d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be
responsible For Paying To The Va Liquidated Damages In The Amount Of $______ Per Affected
individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals
consisting Of The Following:
(1) Notification;
(2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least
3 Relevant Credit Bureau Reports;
(3) Data Breach Analysis;
(4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And
credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution;
(5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And
(6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit
records, Histories, Or Financial Affairs.
8. Security Controls Compliance Testing
on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To
evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor
under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request
of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored
security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored,
or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va,
including Those Initiated By The Office Of Inspector General. The Government May Conduct A
security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As
determined By Va In The Event Of A Security Incident Or At Any Other Time.
9. Training
a. All Contractor Employees And Subcontractor Employees Requiring Access To Va
information And Va Information Systems Shall Complete The Following Before Being Granted
access To Va Information And Its Systems:
(1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And
responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To
access To Va Information And Information Systems;
(2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior
training And Annually Complete Required Security Training;
(3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete
required Privacy Training; And
(4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For
va Personnel With Equivalent Information System Access [to Be Defined By The Va Program
official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g.,
any Role-based Information Security Training Required In Accordance With Nist Special
publication 800-16, Information Technology Security Training Requirements.]
b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The
training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each
applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As
required.
c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior
annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical
or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The
training And Documents Are Complete.
instructions:
submit A Brief Description, Two-three (2-3) Pages (including Cover Letter) That Demonstrates How Your Company Can Provide The Requested Supplies That Are Required. Include Past Experience In Providing This System To The Va, Other Government (federal Or State) Agency, Or For A Private Facility. Please Specify Your Availability And Your Address. Please Indicate Whether You Hold A Gsa Federal-supply Schedule Contract That Covers These Products & Services And, If So, The Contract Number. Provide Business Size And Socio-economic Status; (a) Indicate Whether Your Business Is Large Or Small (b) If Small, Indicate If Your Firm Qualifies As A Small, Emerging Business, Or Small Disadvantages Business (c) If Disadvantages, Specify Under Which Disadvantaged Group And If Your Firm Is Certified Under Section 8(a) Of The Small Business Act (d) Indicate If Your Firm Is A Certified Service-disabled Veteran Owned Small Business (sdvosb) Or Veteran Owned Small Business (vosb) (g) Include The Duns Number Of Your Firm. (h) State Whether Your Firm Is Registered With The System For Award Management (sam) At Http://www.sam.gov And/or The Vetbiz Registry At Http://vip.vetbiz.gov. If Not, Please Note That Any Future Solicitation Could Only Be Awarded To A Contractor Who Is Registered In Sam And To Receive Award Based On Vosb Or Sdvosb Status You Must Be Registered In The Vetbiz Registry (i) Provide Current Commercial Pricing And Any Applicable Discounts. (j) Link To The Respondent S General Services Administration (gsa) Schedule, Or Attached File Of Same, If Applicable (k) Citation Of Any Current Or Past Customers (i.e., Within The Past Two (2) Years) To Include Contract Number, Point Of Contact Telephone Number Or E-mail Address; And (l) Other Material Relevant To Establishing Core Competencies Of The Firm.
response Is Due By 12:00 Pm Pacific Time, Friday, February 16, 2024. Please Submit E-mail Responses To Ms. Amanda Hildreth, Contracting Officer, At Email Address: Amanda.hildreth@va.gov And Ms. Tawnya Krommenhoek, Contracting Specialist, At Email Address: Tawnya.krommenhoek@va.gov. Your Response Should Include A Statement Of Capablility, Gsa Schedule Information, Duns#, Business Size, And Socio-economic Status Information As Explained Above. Please Place Attention: Microbiology Walk Away Automated Specimen Processor (wasp) - Vapahcs In The Subject Line Of Your Email. This Notice Is To Assist The Va In Determining Sources Only.
notes: Issuance Of This Notice Does Not Constitute Any Obligation Whatsoever On The Part Of The Government To Procure These Services, Or To Issue A Solicitation, Nor To Notify Respondents Of The Results Of This Notice. No Solicitation Documents Exists At This Time; However, In The Event The Acquisition Strategy Demonstrates That Gsa Is A Viable Option For Procuring A Solution, The Rfq Shall Be Posted To Gsa Ebuy Where Only Those Firms Who Currently Hold A Gsa Schedule With The Applicable Sin Will Be Able To Respond. The Department Of Veterans Affairs Is Neither Seeking Quotes Nor Accepting Unsolicited Quotes, And Responses To This Notice Cannot Be Accepted As Offers. Any Information The Vendor Considers Proprietary Should Be Clearly Marked As Such. The U.s. Government Will Not Pay For Any Information Or Administrative Costs Incurred In Response To This Sources Sought Notice.
Closing Date16 Feb 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
Chemical Products
United States
Details: Statement Of Work
newington Medical Gas Deficiencies
va Connecticut Healthcare System (vachs)
va Medical Center Newington
555 Willard Avenue
newington, Ct 06111
background
va Connecticut Healthcare System Newington Campus Requires The Replacement Of Medical Gas Conversion Area Alarms In Building 2e.
justification
an Annual Survey Was Conducted. Deficiencies Include Conversion Area Alarms And Failed/out Of Service Master Alarm Panels.
place Of Performance
the Place Of Performance For This Contract Is Va Connecticut Healthcare System, Newington Va Medical Center Located At 555 Willard Avenue, Newington, Ct 06111.
period Of Performance
the Contract Time Period Of Performance Will Be 60 Calendar Days From Notice To Proceed (ntp) And Includes Contractor Closeout.
qualifications
to Be Considered Eligible For Consideration, Potential Bidders Shall Have A Field Service Representative Located Within 200 Miles Of The West Haven Campuses Of The Va Connecticut Healthcare System And Have Been Trained By The Original Equipment Manufacturer (oem) On The Specific Model Of Equipment That He/she Is Being Asked To Provide Services For.
licensed Medical Gas Installer Meeting Asse 6030 Medical Gas Systems Verifier Certification.
bidders Must Provide Upon Request, Documentation Of Factory Certified Service/maintenance Training On The Specific Equipment Under The Terms Of This Contract. The Contracting Officer And/or Contracting Officer S Representative (cor) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided.
scope Of Work
the Scope Of This Work Includes The Replacement Of Master Alarm Panel In The Boiler Plant Area Alarm Conversion In Building 2e, All Required Power, Piping, Installation, Programming, And Certification Of The Medical Gas System.
work Shall Occur Outside Of Regular Business Hours; Weekdays 4:30 P.m. Midnight And/or Weekend Days Saturday 7:00 A.m. 4:30 P.m. Or As Coordinated.
objectives:
the Project Will Include But Not Be Limited To The Following:
contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Remove Existing Area Alarm And Replace With The Following:
five (5) Amico Lcd Alert 3 Conversion Area Alarm For Allied Chemetron Digital Ii Panel 3 Gas Oav
building 2 East: 1st Floor Urgent Care (beds 1-7)
building 2 East: 1st Floor Exam Room 2e-1159
building 2 East: 2nd Floor Room 2e-244
building 2 East: 2nd Floor Cystoscopy
building 2 East: 2nd Floor Specialty Clinic
five (5) Amico Lcd Alert 3 Conversion Panel Filler Frame 4 Gang
one (1) Amico Alert 4 Lcd Master Alarm Panel 20 Points Ethernet And Installation In Boiler Plant Command Center, Building 3.
include Power And Wiring As Required.
contractor Shall Perform All Installation And Testing Of New Master Alarm Panel With Existing Critical Medical Gas Components.
contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Perform Installation Of Conversion Area Alarm Panels And Frames.
the Manufacturer Procedures Take Precedence Over Other Recommended Installation And Operation Procedures.
coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With The Va Cor/maintenance & Operations.
protect All Equipment In Place During Replacement Activities.
remove And Dispose Of Old Compressor And Other Debris As A Result Of This Work And Return Required Manifest.
perform Post Installation Inspections, Testing, And Certification Of The Medical Gas System As Required By Nfpa 99.
all Contractor Personnel, Sub-contractors And Representatives Visiting Va Sites Will Be Required To Sign In Upon Arrival At Building 3 And/or Retain A Temporary Va Badge. Each Visiting Individual Be Required To Enter Their Name, Their Company S Name, Va Project Title, Reason For Visit, And The Times Of Arrival And Departure. Arrangements For After Normal Hour Working Site Visits Must Be Made In Advance And During Normal Working Hours.
general: The Contracting Officer Reserves The Right To Terminate Any Construction Period Services, Without Payment For Services Completed, If Such Services Are Not Needed Or Are Not Being Adequately Completed.
approved Plans And Permits: Prior To The Start Of Construction, Submit To Va Copies Of All Required Permits.
site Visits: Day To Day Construction Administration Will Be Performed By The Cor. Periodic Reviews, Tests, And Other Field Observation By The Government Are Not To Be Interpreted As Superintendence Nor As Resulting In Any Approval Of The Contractor S Apparent Progress Toward Meeting The Government S Objectives; But Are Intended To Discover Any Information That The Contracting Officer May Be Able To Call To The Contractor S Attention To Prevent Costly Misdirection Of Effort.
the Contractor Shall Remain Responsible For Constructing, Operating, And Maintaining The Site In Full Accordance If The Requirements Of This Solicitation.
the Contractor Shall Provide Va With A Copy Of All Inspection Reports For Inspections Conducted By Local, Regional, And State Code Authorities From The Start Of Construction Through Issuance Of The Certificate Of Occupancy Or Completion.
the Contractor Shall Develop And Provide To The Va The Following:
safety Plan: The Contractor Shall Produce Work In Accordance With The Latest Editions Of All Applicable Dva Guidelines (e.g. Construction Standards, Master Specifications, Standard Details, Special Design Criteria To Meet Hospital Joint Commission (jcaho) Requirements), Nfpa, Federal And State Codes Pertinent To The Project Scope.
all Applicable Personnel On Site Are Required To Obtain An Occupational Safety And Health Administration (osha) 10 Hour Construction Certification, And The Site Competent Person For The Contractor Must Obtain An Osha 30 Hour Construction Certification.
prior To The Start Of Work, The Specifications Shall Require The Contractor To Develop And
submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To:
job Hazard Analysis And Loto
quality Control Plan: A Quality Control Plan Shall Be Implemented For Identifying And Specifying The Appropriate Standard Forms For Quality Control Inspections That Will Become Part Of The Overall Plan.
per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees.
no Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time.
prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives.
prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021.
parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor.
the Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others.
billing: Provide Cor With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report.
safety Codes / Certification / Licensing:
environmental Abatement Work, If Necessary, Is To Be Performed By Contractor Under Supervision And
monitoring For The Va By A Certified Industrial Hygienist.
the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In
va Construction Jobs Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor
shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses
shall Be Included In The Reports.
travel:
contractor And/or Subcontractors Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System.
appendix A
infection Prevention Measures
a. Implement The Requirements Of Va Medical Center S Infection Control Risk Assessment (icra) Team. Icra Group May Monitor Dust, In The Vicinity Of The Construction Work, And Require The Contractor To Take Corrective Action Immediately If The Safe Levels Are Exceeded.
b. Establish And Maintain A Dust Control Program As Part Of The Contractor S Infection Preventive Measures In Accordance With The Guidelines Provided By Icra Group As Specified Here. Prior To Start Of Work, Prepare A Plan Detailing Project-specific Dust Protection Measures, Including Periodic Status Reports, And Submit To Project Manager And Facility Icra Team For Review For Compliance With Contract Requirements In Accordance With Section 01340, Samples And Shop Drawings.
1. All Personnel Involved In The Construction Or Renovation Activity Shall Be Educated And Trained In Infection Prevention Measures Established By The Medical Center.
c. Medical Center Infection Control Personnel Shall Monitor For Airborne Disease (e.g. Aspergillosis) As Appropriate During Construction. A Baseline Of Conditions May Be Established By The Medical Center Prior To The Start Of Work And Periodically During The Construction Stage To Determine Impact Of Construction Activities On Indoor Air Quality. In Addition:
1. The Project Manager And Vamc Infection Control Personnel Shall Review Pressure Differential Monitoring Documentation To Verify That Pressure Differentials In The Construction Zone And In The Patient-care Rooms Are Appropriate For Their Settings. The Requirement For Negative Air Pressure In The Construction Zone Shall Depend On The Location And Type Of Activity.
upon Notification, The Contractor Shall Implement Corrective Measures To Restore Proper Pressure Differentials As Needed.
2. In Case Of Any Problem, The Medical Center, Along With Assistance From The Contractor, Shall Conduct An Environmental Assessment To Find And Eliminate The Source.
d. In General, Following Preventive Measures Shall Be Adopted During Construction To Keep Down Dust And Prevent Mold.
1. Dampen Debris To Keep Down Dust And Provide Temporary Construction Partitions In Existing Structures Where Directed By Resident Engineer. Blank Off Ducts And Diffusers To Prevent Circulation Of Dust Into Occupied Areas During Construction.
2. Analyze Each Site During Design To Determine The Effects Of Blocking Hvac Ducts And Their Impact On Existing Air Handling Systems That Must Remain Operational Before Initiating A Dust Control Program. The Method Of Capping Ducts Shall Be Dust Tight And Withstand Airflow.
3. Construct Anteroom To Maintain Negative Airflow From Clean Area Through Anteroom And Into Work Area Where Required.
4. High Risk Patient Care Areas May Require Additional Measures Like Air Locks, Special Signage, Smoke And Negative Pressure Alarms.
5. Identify These Areas Clearly On The Drawings And Work With Medical Center Personnel To Achieve Desired Level Of Isolation Suited To The Scope Of Risk Involved.
6. Do Not Perform Dust- Producing Tasks Within Occupied Areas Without The Approval Of The Project Manager. For Construction In Any Areas That Will Remain Jointly Occupied By The Medical Center And Contractor S Workers, The Contractor Shall:
a. Provide Dust Proof Fire-rated Temporary Drywall Construction Barriers To Completely Separate Construction From The Operational Areas Of The Hospital In Order To Contain Dirt Debris And Dust. Barriers Shall Be Sealed And Made Presentable On Hospital Occupied Side. Install A Self-closing Rated Door In A Metal Frame, Commensurate With The Partition, To Allow Worker Access. Maintain Negative Air At All
times. A Fire Retardant Polystyrene, 6-mil Thick Or Greater Plastic Barrier Meeting Local Fire Codes May Be Used Where Dust Control Is The Only Hazard, And An Agreement Is Reached With The Resident Engineer And Medical Center.
b. Hepa Filtration Is Required Where The Exhaust Dust May Reenter The Breathing Zone. Contractor Shall Verify That Construction Exhaust To Exterior Is Not Reintroduced To The Medical Center Through Intake Vents, Or Building Openings. Install Hepa (high Efficiency Particulate Accumulator) Filter Vacuum System Rated At 95% Capture Of 0.3 Microns Including Pollen, Mold Spores And Dust Particles. Insure Continuous Negative Air Pressures Occurring Within The Work Area. Hepa Filters Should Have Ashrae 85 Or Other Pre-filter To Extend The Useful Life Of The Hepa. Provide Both Primary And Secondary Filtrations Units. Exhaust Hoses Shall Be Heavy Duty, Flexible Steel Reinforced And Exhausted So That Dust Is Not Reintroduced To The Medical Center.
c. Adhesive Walk-off/carpet Walk-off Mats, Minimum 24 X 36 , Shall Be Used At All Interior Transitions From The Construction Area To Occupied Medical Center Area.
these Mats Shall Be Changed As Often As Required To Maintain Clean Work Areas Directly Outside Construction Area At All Times.
d. Vacuum And Wet Mop All Transition Areas From Construction To The Occupied Medical Center At The End Of Each Workday. Vacuum Shall Utilize Hepa Filtration.
maintain Surrounding Area Frequently. Remove Debris As They Are Created. Transport These Outside The Construction Area In Containers With Tightly Fitting Lids.
e. The Contractor Shall Not Haul Debris Through Patient-care Areas Without Prior Approval Of The Resident Engineer And The Medical Center. When, Approved, Debris Shall Be Hauled In Enclosed Dust Proof Containers Or Wrapped In Plastic And Sealed With Duct Tape. No Sharp Objects Should Be Allowed To Cut Through The Plastic. Wipe Down The Exterior Of The Containers With A Damp Rag To Remove Dust. All Equipment, Tools, Material, Etc. Transported Through Occupied Areas Shall Be Made Free From Dust
and Moisture By Vacuuming And Wipe Down.
f. Using A Hepa Vacuum, Clean Inside The Barrier And Vacuum Ceiling Tile Prior To Replacement. Any Ceiling Access Panels Opened For Investigation Beyond Sealed Areas Shall Be Sealed Immediately When Unattended.
g. There Shall Be No Standing Water During Construction. This Includes Water In Equipment Drip Pans And Open Containers Within The Construction Areas. All Accidental Spills Must Be Cleaned Up And Dried Within 12 Hours. Remove And Dispose Of Porous Materials That Remain Damp For More Than 72 Hours.
h. At Completion, Remove Construction Barriers And Ceiling Protection Carefully, Outside Of Normal Work Hours. Vacuum And Clean All Surfaces Free Of Dust After The Removal.
e. Final Cleanup:
1. Upon Completion Of Project, Or As Work Progresses, Remove All Construction Debris From Above Ceiling, Vertical Shafts And Utility Chases That Have Been Part Of The Construction.
2. Perform Hepa Vacuum Cleaning Of All Surfaces In The Construction Area. This Includes Walls, Ceilings, Cabinets, Furniture (built-in Or Free Standing), Partitions, Flooring, Etc.
1. All New Air Ducts Shall Be Cleaned Prior To Final Inspection. Spec Writer Note: On Small Projects Developed At Medical Center, Engineering Officer May Tag Items To Be Removed And Stored, Instead Of Noting Such Items On Drawings Or In Specifications.
end Of Appendix
appendix B
va Information And Information System Security/privacy Language For
inclusion Into Contracts, As Appropriate
1. General
contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks
as Va And Va Personnel Regarding Information And Information System Security.
2. Access To Va Information And Va Information Systems
a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va
information And Va Information Systems For Their Employees, Subcontractors, And
affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract,
agreement, Or Task Order.
b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va
information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures.
c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s> Defense Industry Contractor Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bid, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Secretary Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness.
d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor.
e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When
an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination.
3. Va Information Custodial Language
a. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor S Rights To Use Data As Described In Rights In Data General, Far 52.227-14(d) (1).
b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met.
if Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct Onsite Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements.
c. Prior To Terminator Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1 Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract.
d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract.
e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed.
f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality,
privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12.
g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship.
h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated.
i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable,
shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request.
j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response.
k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va
records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response.
l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor.
4. Information System Design And Development
a. Information Systems That Are Designed Or Developed For On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designation In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment.
b. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required.
c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration.
information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall.
d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges.
e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented
in Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle.
f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties.
g. The Contractor/subcontractor Agrees To:
(1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies:
a. The Systems Of Records (sor); And
b. The Design, Development, Or Operation Work That The Contractor/subcontractor
is To Perform;
i. Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And Ii. Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor.
h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency.
(1) Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records.
(2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph.
(3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual.
i. The A/e Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes)
which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The A/e Anywhere In The Systems Including Operating Systems And Firmware. The A/e Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems.
j. The A/e Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than 7 Days.
k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The A/e Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The System Within 10 Working Days. When The A/e Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within 7 Days.
l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology.
5. Information System Hosting, Operation, Maintenance, Or Use
a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va
at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cor And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation.
b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii.
c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or
network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks.
d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process.
the Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government.
contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary.
e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cor. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost.
f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned
equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow, Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Or Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclaved Based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe.
g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That
is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract.
h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives,
optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The A/e At The
end Of Lease, For Trade-in, Or Other Purposes. The Options Are:
(1) A/e Must Accept The System Without The Drive;
(2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed
in Place Of The Original Drive At Time Of Turn-in; Or
(3) Va Must Reimburse The Company For Media At A Reasonable Open Market
replacement Cost At Time Of Purchase
(4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software
associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain
the Hard Drive, Then;
(a) The Equipment A/e Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And
(b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation.
selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Purchase Order Or Contract.
(c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation.
6. Security Incident Investigation
a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosures Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access.
b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant.
c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement.
d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor
must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident.
7. Liquidated Damages For Data Breach
a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To
sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages
in The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract.
b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term Data Breach Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed For, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination.
c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following:
(1) Nature Of The Event (loss, Theft, Unauthorized Access);
(2) Description Of The Event, Including
(a) Date Of Occurrence
(b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code;
(3) Number Of Individuals Affected Or Potentially Affected;
(4) Names Of Individuals Or Groups Affected Or Potentially Affected;
(5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text;
(6) Amount Of Time The Data Has Been Out Of Va Control;
(7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons);
(8) Known Misuses Of Data Containing Personal Information, If Any;
(9) Assessment Of The Potential Harm To The Affected Individuals;
(10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And
(11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised.
d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following:
(1) Notification;
(2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At
least 3 Relevant Credit Bureau Reports;
(3) Data Breach Analysis;
(4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And
credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution;
(5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And
(6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit
records, Histories, Or Financial Affairs.
8. Security Controls Compliance Testing
on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time.
9. Training
a. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems:
(1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems;
(2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training;
(3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And
(4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-1 6, Information Technology Security Training Requirements.]
b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required.
c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete.
end Of Appendix
Closing Date20 Mar 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
United States
Details: Statement Of Work
medical Gas Deficiencies
va Connecticut Healthcare System (vachs)
va Medical Center West Haven
950 Campbell Avenue
west Haven, Ct 06516
background
va Connecticut Healthcare System Requires The Replacement Of A Master Alarm Medical Gas Panel And Installation Of Distribution Piping To Support The Building 2 Vacuum System.
justification
an Annual Survey Was Conducted. Deficiencies Include The Master Alarm Panel Located In Building 1 Operator Booth And Installation Of Distribution Piping To Support The Building 2 Vacuum System.
place Of Performance
the Place Of Performance For This Contract Is Va Connecticut Healthcare System, West Haven Va Medical Center Located At 950 Campbell Avenue, West Haven, Ct 06516.
period Of Performance
the Contract Time Period Of Performance Will Be 60 Calendar Days From Notice To Proceed (ntp) And Includes Contractor Closeout.
qualifications
to Be Considered Eligible For Consideration, Potential Bidders Shall Have A Field Service Representative Located Within 200 Miles Of The West Haven Campuses Of The Va Connecticut Healthcare System And Have Been Trained By The Original Equipment Manufacturer (oem) On The Specific Model Of Equipment That He/she Is Being Asked To Provide Services For.
licensed Medical Gas Installer Meeting Asse 6030 Medical Gas Systems Verifier Certification.
bidders Must Provide Upon Request, Documentation Of Factory Certified Service/maintenance Training On The Specific Equipment Under The Terms Of This Contract. The Contracting Officer And/or Contracting Officer S Representative (cor) Specifically Reserve The Right To Reject Any Of The Contractor S Personnel And Refuse Them Permission To Work On The Equipment Outlined Herein, Based Upon Credentials Provided.
scope Of Work
the Scope Of This Work Includes The Removal Of Existing Master Alarm Panel Located In The Building 1 Ground Floor Operator Booth, Installation And Testing Of New Master Alarm Panel; Installation Of New Vacuum Switch And Gauge Assembly; Installation Of Distribution Piping System, And Certification Of The Medical Gas System.
work Shall Occur Outside Of Regular Business Hours; Weekdays 4:30 P.m. Midnight And/or Weekend Days Saturday And/or Sunday 7:00 A.m. 4:30 P.m. Or As Coordinated.
objectives:
the Project Will Include But Not Be Limited To The Following:
contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Remove Existing Master Alarm Panel And Replace With Contractor Provided New Amico Alert 4 Lcd Master Alarm Panel In The Building 1 Operator Booth.
contractor Shall Perform All Installation And Testing Of New Master Alarm Panel With Existing Critical Medical Gas Components.
contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Provide And Install Amico Vacuum Switch And Gauge Assembly.
contractor Shall Furnish Appropriate Tools, Equipment, And Certified Labor To Perform Installation Of Distribution Piping System In Building 2.
brazing Materials
silver Rod
t Drilling ½ Connection
the Manufacturer Procedures Take Precedence Over Other Recommended Installation And Operation Procedures.
coordinate All Placement And Removal Of Lockout Tagout Devices For Any Energy Sources With The Va Cor/maintenance & Operations.
protect All Equipment In Place During Replacement Activities.
remove And Dispose Of Old Compressor And Other Debris As A Result Of This Work And Return Required Manifest.
perform Post Installation Inspections, Testing, And Certification Of The Medical Gas System As Required By Nfpa 99.
all Contractor Personnel, Sub-contractors And Representatives Visiting Va Sites Will Be Required To Sign In Upon Arrival At Building 15 And/or Retain A Temporary Va Badge. Each Visiting Individual Be Required To Enter Their Name, Their Company S Name, Va Project Title, Reason For Visit, And The Times Of Arrival And Departure. Arrangements For After Normal Hour Working Site Visits Must Be Made In Advance And During Normal Working Hours.
general: The Contracting Officer Reserves The Right To Terminate Any Construction Period Services, Without Payment For Services Completed, If Such Services Are Not Needed Or Are Not Being Adequately Completed.
approved Plans And Permits: Prior To The Start Of Construction, Submit To Va Copies Of All Required Permits.
site Visits: Day To Day Construction Administration Will Be Performed By The Cor. Periodic Reviews, Tests, And Other Field Observation By The Government Are Not To Be Interpreted As Superintendence Nor As Resulting In Any Approval Of The Contractor S Apparent Progress Toward Meeting The Government S Objectives; But Are Intended To Discover Any Information That The Contracting Officer May Be Able To Call To The Contractor S Attention To Prevent Costly Misdirection Of Effort.
the Contractor Shall Remain Responsible For Constructing, Operating, And Maintaining The Site In Full Accordance If The Requirements Of This Solicitation.
the Contractor Shall Provide Va With A Copy Of All Inspection Reports For Inspections Conducted By Local, Regional, And State Code Authorities From The Start Of Construction Through Issuance Of The Certificate Of Occupancy Or Completion.
the Contractor Shall Develop And Provide To The Va The Following:
safety Plan: The Contractor Shall Produce Work In Accordance With The Latest Editions Of All Applicable Dva Guidelines (e.g. Construction Standards, Master Specifications, Standard Details, Special Design Criteria To Meet Hospital Joint Commission (jcaho) Requirements), Nfpa, Federal And State Codes Pertinent To The Project Scope.
all Construction Personnel On Site Are Required To Obtain An Occupational Safety And Health
administration (osha) 10 Hour Construction Certification, And The Site Competent Person For The
contractor Must Obtain An Osha 30 Hour Construction Certification.
prior To The Start Of Construction, The Specifications Shall Require The Contractor To Develop And
submit Such Plans As Required By The Va Relating To Safety And Environmental Issues. These May Include But Are Not Limited To:
job Hazard Analysis And Loto
quality Control Plan: A Quality Control Plan Shall Be Implemented For Identifying And Specifying The Appropriate Standard Forms For Quality Control Inspections That Will Become Part Of The Overall Plan.
per Va Directive 1805, Smoking Vaping, And Smokeless Tobacco Are Prohibited On The Grounds Of Va Facilities, Including In Vehicles. This Directive Applies To All Service Providers And Their Employees.
no Photography Of Va Premises Is Allowed Without Written Permission Of The Contracting Officer. Patients And Staff Are Not To Be Photographed At Any Time.
prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Covid Vaccinations And Boosters In Compliance With Current Vha Directives.
prior To Commencing Work Onsite, All Service Providers And Provider Personnel Shall Furnish Proof Of Receipt Of Required Tuberculosis Testing In Compliance With Vha Directive 1131(5), Dated June 04, 2021.
parking For Service Provider And Its Employees Shall Be In Designated Areas Only. Service Provider To Coordinate With Cor.
the Service Provider Shall Confine All Operations (including Storage Of Materials) On Government Premises To Areas Authorized Or Approved By The Va Contracting Officer. The Service Provider Shall Hold And Save The Government, Its Officers, And Agents, Free And Harmless From Liability Of Any Nature Occasioned By The Service Provider S Performance. Working Space And Space Available For Storing Materials Shall Be As Determined By The Cor. Workers Are Subject To The Rules Of The Medical Center Applicable To Their Conduct. Execute Work In Such A Manner As To Reduce Impacts With Work Being Done By Others.
billing: Provide Cor With A Report Or Statement Of Work Completed And Include Statements With Request For Payment. Statement Should Include Service Completed And The Date Each Service Item Was Completed. Labor Charges Shall Be Billed Hourly, And Any Unused Labor Totals Will Be Credited Back To The Va Medical Center On The Next Billing Cycle, Upon Receipt Of The Service Report.
safety Codes / Certification / Licensing:
environmental Abatement Work, If Necessary, Is To Be Performed By Contractor Under Supervision And
monitoring For The Va By A Certified Industrial Hygienist.
the Contractor Shall Comply With All Codes As Described Above, As Well As Codes Customarily Applied In
va Construction Jobs Such As Nfpa Fire Code, Osha, Va Design Guides, Etc. Labs Used By The Contractor
shall Be Licensed As Required By Any Applicable Governing Agencies, And Their Certifications And Licenses
shall Be Included In The Reports.
travel:
contractor And/or Subcontractors Will Travel From Their Place Of Business To The West Haven Vamc Of The Va Connecticut Healthcare System.
appendix A
infection Prevention Measures
a. Implement The Requirements Of Va Medical Center S Infection Control Risk Assessment
(icra) Team. Icra Group May Monitor Dust, In The Vicinity Of The Construction Work, And
require The Contractor To Take Corrective Action Immediately If The Safe Levels Are Exceeded.
b. Establish And Maintain A Dust Control Program As Part Of The Contractor S Infection
preventive Measures In Accordance With The Guidelines Provided By Icra Group As Specified
here. Prior To Start Of Work, Prepare A Plan Detailing Project-specific Dust Protection Measures,
including Periodic Status Reports, And Submit To Project Manager And Facility Icra Team For
review For Compliance With Contract Requirements In Accordance With Section 01340, Samples
and Shop Drawings.
1. All Personnel Involved In The Construction Or Renovation Activity Shall Be Educated
and Trained In Infection Prevention Measures Established By The Medical Center.
c. Medical Center Infection Control Personnel Shall Monitor For Airborne Disease (e.g.
aspergillosis) As Appropriate During Construction. A Baseline Of Conditions May Be Established
by The Medical Center Prior To The Start Of Work And Periodically During The Construction Stage
to Determine Impact Of Construction Activities On Indoor Air Quality. In Addition:
1. The Project Manager And Vamc Infection Control Personnel Shall Review Pressure
differential Monitoring Documentation To Verify That Pressure Differentials In The Construction
zone And In The Patient-care Rooms Are Appropriate For Their Settings. The Requirement For
negative Air Pressure In The Construction Zone Shall Depend On The Location And Type Of Activity.
upon Notification, The Contractor Shall Implement Corrective Measures To Restore Proper
pressure Differentials As Needed.
2. In Case Of Any Problem, The Medical Center, Along With Assistance From The
contractor, Shall Conduct An Environmental Assessment To Find And Eliminate The Source.
d. In General, Following Preventive Measures Shall Be Adopted During Construction To Keep
down Dust And Prevent Mold.
1. Dampen Debris To Keep Down Dust And Provide Temporary Construction Partitions In
existing Structures Where Directed By Resident Engineer. Blank Off Ducts And Diffusers To
prevent Circulation Of Dust Into Occupied Areas During Construction.
2. Analyze Each Site During Design To Determine The Effects Of Blocking Hvac Ducts And
their Impact On Existing Air Handling Systems That Must Remain Operational Before Initiating A
dust Control Program. The Method Of Capping Ducts Shall Be Dust Tight And Withstand Airflow.
3. Construct Anteroom To Maintain Negative Airflow From Clean Area Through Anteroom
and Into Work Area Where Required.
4. High Risk Patient Care Areas May Require Additional Measures Like Air Locks, Special
signage, Smoke And Negative Pressure Alarms.
5. Identify These Areas Clearly On The Drawings And Work With Medical Center Personnel
to Achieve Desired Level Of Isolation Suited To The Scope Of Risk Involved.
6. Do Not Perform Dust- Producing Tasks Within Occupied Areas Without The Approval Of
the Project Manager. For Construction In Any Areas That Will Remain Jointly Occupied By The
medical Center And Contractor S Workers, The Contractor Shall:
a. Provide Dust Proof Fire-rated Temporary Drywall Construction Barriers To
completely Separate Construction From The Operational Areas Of The Hospital In Order
to Contain Dirt Debris And Dust. Barriers Shall Be Sealed And Made Presentable On
hospital Occupied Side. Install A Self-closing Rated Door In A Metal Frame,
commensurate With The Partition, To Allow Worker Access. Maintain Negative Air At All
times. A Fire Retardant Polystyrene, 6-mil Thick Or Greater Plastic Barrier Meeting Local
fire Codes May Be Used Where Dust Control Is The Only Hazard, And An Agreement Is
reached With The Resident Engineer And Medical Center.
b. Hepa Filtration Is Required Where The Exhaust Dust May Reenter The Breathing
zone. Contractor Shall Verify That Construction Exhaust To Exterior Is Not Reintroduced
to The Medical Center Through Intake Vents, Or Building Openings. Install Hepa (high
efficiency Particulate Accumulator) Filter Vacuum System Rated At 95% Capture Of 0.3
microns Including Pollen, Mold Spores And Dust Particles. Insure Continuous Negative
air Pressures Occurring Within The Work Area. Hepa Filters Should Have Ashrae 85 Or
other Pre-filter To Extend The Useful Life Of The Hepa. Provide Both Primary And
secondary Filtrations Units. Exhaust Hoses Shall Be Heavy Duty, Flexible Steel
reinforced And Exhausted So That Dust Is Not Reintroduced To The Medical Center.
c. Adhesive Walk-off/carpet Walk-off Mats, Minimum 24 X 36 , Shall Be Used At All
interior Transitions From The Construction Area To Occupied Medical Center Area.
these Mats Shall Be Changed As Often As Required To Maintain Clean Work Areas
directly Outside Construction Area At All Times.
d. Vacuum And Wet Mop All Transition Areas From Construction To The Occupied
medical Center At The End Of Each Workday. Vacuum Shall Utilize Hepa Filtration.
maintain Surrounding Area Frequently. Remove Debris As They Are Created. Transport
these Outside The Construction Area In Containers With Tightly Fitting Lids.
e. The Contractor Shall Not Haul Debris Through Patient-care Areas Without Prior
approval Of The Resident Engineer And The Medical Center. When, Approved, Debris
shall Be Hauled In Enclosed Dust Proof Containers Or Wrapped In Plastic And Sealed
with Duct Tape. No Sharp Objects Should Be Allowed To Cut Through The Plastic. Wipe
down The Exterior Of The Containers With A Damp Rag To Remove Dust. All Equipment,
tools, Material, Etc. Transported Through Occupied Areas Shall Be Made Free From Dust
and Moisture By Vacuuming And Wipe Down.
f. Using A Hepa Vacuum, Clean Inside The Barrier And Vacuum Ceiling Tile Prior To
replacement. Any Ceiling Access Panels Opened For Investigation Beyond Sealed Areas
shall Be Sealed Immediately When Unattended.
g. There Shall Be No Standing Water During Construction. This Includes Water In
equipment Drip Pans And Open Containers Within The Construction Areas. All
accidental Spills Must Be Cleaned Up And Dried Within 12 Hours. Remove And Dispose
of Porous Materials That Remain Damp For More Than 72 Hours.
h. At Completion, Remove Construction Barriers And Ceiling Protection Carefully,
outside Of Normal Work Hours. Vacuum And Clean All Surfaces Free Of Dust After The
removal.
e. Final Cleanup:
1. Upon Completion Of Project, Or As Work Progresses, Remove All Construction Debris
from Above Ceiling, Vertical Shafts And Utility Chases That Have Been Part Of The Construction.
2. Perform Hepa Vacuum Cleaning Of All Surfaces In The Construction Area. This Includes
walls, Ceilings, Cabinets, Furniture (built-in Or Free Standing), Partitions, Flooring, Etc.
1. All New Air Ducts Shall Be Cleaned Prior To Final Inspection. Spec Writer Note:
on Small Projects Developed At Medical Center, Engineering Officer May Tag
items To Be Removed And Stored, Instead Of Noting Such Items On Drawings Or In
specifications.
end Of Appendix
appendix B
va Information And Information System Security/privacy Language For
inclusion Into Contracts, As Appropriate
1. General
contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be
subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks
as Va And Va Personnel Regarding Information And Information System Security.
2. Access To Va Information And Va Information Systems
a. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va
information And Va Information Systems For Their Employees, Subcontractors, And
affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract,
agreement, Or Task Order.
b. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va
information Are Subject To The Same Investigative Requirements As Those Of Va
appointees Or Employees Who Have Access To The Same Types Of Information. The Level
and Process Of Background Security Investigations For Contractors Must Be In Accordance
with Va Directive And Handbook 0710, Personnel Suitability And Security Program. The
office For Operations, Security, And Preparedness Is Responsible For These Policies And
procedures.
c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid
security Clearance. National Industrial Security Program (nisp) Was Established By
executive Order 12829 To Ensure That Cleared U.s> Defense Industry Contractor
personnel Safeguard The Classified Information In Their Possession While Performing
work On Contracts, Programs, Bid, Or Research And Development Efforts. The
department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With
defense Secretary Service (dss). Verification Of A Security Clearance Must Be Processed
through The Special Security Officer Located In The Planning And National Security
service Within The Office Of Operations, Security, And Preparedness.
d. Custom Software Development And Outsourced Operations Must Be Located In The U.s.
to The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad
and Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor
must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed
to Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of
communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be
an Evaluation Factor.
e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When
an Employee Working On A Va System Or With Access To Va Information Is Reassigned Or
leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be
notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly
termination.
3. Va Information Custodial Language
a. Information Made Available To The Contractor Or Subcontractor By Va For The
performance Or Administration Of This Contract Or Information Developed By The
contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used
only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written
agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor S Rights
to Use Data As Described In Rights In Data General, Far 52.227-14(d) (1).
b. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The
contractors/subcontractor S Information Systems Or Media Storage Systems In Order To
ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met.
if Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The
contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In
accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct Onsite
inspections Of Contractor And Subcontractor It Resources To Ensure Data Security
controls, Separation Of Data And Job Duties, And Destruction/media Sanitization
procedures Are In Compliance With Va Directive Requirements.
c. Prior To Terminator Or Completion Of This Contract, Contractor/subcontractor Must Not
destroy Information Received From Va, Or Gathered/created By The Contractor In The
course Of Performing This Contract Without Prior Written Approval By The Va. Any Data
destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In
accordance With National Archives And Records Administration (nara) Requirements As
outlined In Va Directive 6300, Records And Information Management And Its Handbook
6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And
va Handbook 6500.1 Electronic Media Sanitization. Self-certification By The Contractor
that The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va
contracting Officer Within 30 Days Of Termination Of The Contract.
d. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use,
dispose Of Va Information Only In Compliance With The Terms Of The Contract And
applicable Federal And Va Information Confidentiality And Security Laws, Regulations And
policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And
policies Become Applicable To The Va Information Or Information Systems After
execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special
publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good
faith To Implement The Information Confidentiality And Security Laws, Regulations And
policies In This Contract.
e. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As
authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve
electronic Information Stored On Contractor/subcontractor Electronic Storage Media For
restoration In Case Any Electronic Equipment Or Data Used By The
contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made
for Restoration Purposes, After The Restoration Is Complete, The Copies Must Be
appropriately Destroyed.
f. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality,
privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To
withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default
or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12.
g. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated
and Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business
associate Agreements. Absent An Agreement To Use Or Disclose Protected Health
information, There Is No Business Associate Relationship.
h. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive
information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A
minimum, Fips 140-2 Validated.
i. The Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable,
shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are
available Upon Request.
j. Except For Uses And Disclosures Of Va Information Authorized By This Contract For
performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va
information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court
of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The
contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or
inquiries About, Va Information And Information Systems To The Va Contracting Officer
for Response.
k. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va
records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance
records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining
to Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With
human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court
order Or Other Requests For The Above Mentioned Information, That
contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To
the Va Contracting Officer For Response.
l. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va
sensitive Information But Does Not Require C&a Or An Mou-isa For System
interconnection, The Contractor/subcontractor Must Complete A Contractor Security
control Assessment (csca) On A Yearly Basis And Provide It To The Cor.
4. Information System Design And Development
a. Information Systems That Are Designed Or Developed For On Behalf Of Va At Non-va
facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa,
nist, And Related Va Security And Privacy Control Requirements For Federal Information
systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45
c.f.r. Part 164, Subpart C, Information And System Security Categorization Level
designation In Accordance With Fips 199 And Fips 200 With Implementation Of All
baseline Security Controls Commensurate With The Fips 199 System Security
categorization (reference Appendix D Of Va Handbook 6500, Va Information Security
program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be
completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance
with Directive 6507, Va Privacy Impact Assessment.
b. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully
functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop
core Configuration (fdcc), And The Common Security Configuration Guidelines Provided
by Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows
xp And Vista (in Protected Mode On Vista) And Future Versions, As Required.
c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software
shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration.
information Technology Staff Must Also Use The Windows Installer Service For Installation
to The Default Program Files Directory And Silently Install And Uninstall.
d. Applications Designed For Normal End Users Shall Run In The Standard User Context
without Elevated System Administration Privileges.
e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented
in Accordance With The Provisions Of Va Security System Development Life Cycle As
outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management
framework To Federal Information Systems, Va Handbook 6500, Information Security
program And Va Handbook 6500.5, Incorporating Security And Privacy In System
development Lifecycle.
f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of
records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The
privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c.
552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The
imposition Of Criminal And Civil Penalties.
g. The Contractor/subcontractor Agrees To:
(1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations
issued Under The Act In The Design, Development, Or Operation Of Any System Of
records On Individuals To Accomplish An Agency Function When The Contract
specifically Identifies:
a. The Systems Of Records (sor); And
b. The Design, Development, Or Operation Work That The Contractor/subcontractor
is To Perform;
i. Include The Privacy Act Notification Contained In This Contract In Every
solicitation And Resulting Subcontract And In Every Subcontract Awarded
without A Solicitation, When The Work Statement In The Proposed Subcontract
requires The Redesign, Development, Or Operation Of A Sor On Individuals
that Is Subject To The Privacy Act; And
ii. Include This Privacy Act Clause, Including This Subparagraph (3), In All
subcontracts Awarded Under This Contract Which Requires The Design,
development, Or Operation Of Such A Sor.
h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency
involved When The Violation Concerns The Design, Development, Or Operation Of A
sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be
imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns
the Operation Of Sor On Individuals To Accomplish An Agency Function. For Purposes
of The Act, When The Contract Is For The Operation Of A Sor On Individuals To
accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An
employee Of The Agency.
(1) Operation Of A System Of Records Means Performance Of Any Of The Activities
associated With Maintaining The Sor, Including The Collection, Use,
maintenance, And Dissemination Of Records.
(2) Record Means Any Item, Collection, Or Grouping Of Information About An
individual That Is Maintained By An Agency, Including, But Not Limited To,
education, Financial Transactions, Medical History, And Criminal Or Employment
history And Contains The Person S Name, Or Identifying Number, Symbol, Or Any
other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or
voiceprint, Or A Photograph.
(3) System Of Records Means A Group Of Any Records Under The Control Of Any
agency From Which Information Is Retrieved By The Name Of The Individual Or By
some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The
individual.
i. The A/e Shall Ensure The Security Of All Procured Or Developed Systems And
technologies, Including Their Subcomponents (hereinafter Referred To As Systems ),
throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance
periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes,
upgrades, And Any Physical Components (hereafter Referred To As Security Fixes)
which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The
a/e Anywhere In The Systems Including Operating Systems And Firmware. The A/e
shall Ensure That Security Fixes Shall Not Negatively Impact The Systems.
j. The A/e Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful
exploits Of The Vulnerability Which Can Compromise The Security Of The Systems
(including The Confidentiality Or Integrity Of Its Data And Operations, Or The
availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical,
but In No Event Longer Than 7 Days.
k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os
patches Or Adobe Acrobat), The A/e Will Provide Written Notice To The Va That The
patch Has Been Validated As Not Affecting The System Within 10 Working Days. When
the A/e Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply
the Security Fixes Within 7 Days.
l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely
manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To
this Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval
of The Contracting Officer And The Va Assistant Secretary For Office Of Information
and Technology.
5. Information System Hosting, Operation, Maintenance, Or Use
a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va
at Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable
for Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security
and Privacy Directives And Handbooks. This Includes Conducting Compliant Risk
assessments, Routine Vulnerability Scanning, System Patching And Change Management
procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The
contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used
to Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided Ot The
cor And Approved By Va Privacy Service Prior To Operational Approval. All External
internet Connections To Va S Network Involving Va Information Must Be Reviewed And
approved By Va Prior To Implementation.
b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of
personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must
be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use
of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are
to Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be
in Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted
and Approved Prior To The Collection Of Pii.
c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or
network Operations, Telecommunications Services, Or Other Managed Services Requires
certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In
accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va
ocs Certification Program Office. Government-owned (government Facility Or
government Equipment) Contractor-operated Systems, Third Party Or Business Partner
networks Require Memorandums Of Understanding And Interconnection Agreements
(mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The
appropriate Level Of Security Controls For All Systems Connected To Va Networks.
d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist
standards Related To The Annual Fisma Security Controls Assessment And Review And
update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The
va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process.
the Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned
remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures,
and Practices, And The Completion Of Those Activities. Security Deficiencies Must Be
corrected Within The Timeframes Approved By The Government.
contractor/subcontractor Procedures Are Subject To Periodic, Unannounced
assessments By Va Officials, Including The Va Office Of Inspector General. The Physical
security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject
to Such Assessments. If Major Changes To The System Occur That May Affect The Privacy
or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed,
retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And
updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The
certification Program Office Can Provide Guidance On Whether A New C&a Would Be
necessary.
e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems
and Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The
assessment Must Be Provided To The Cor. The Government Reserves The Right To
conduct Such An Assessment Using Government Personnel Or Another
contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And
timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any
weaknesses Discovered During Such Testing, Generally At No Additional Cost.
f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned
equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be
used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement,
sow, Or Contract. All Of The Security Controls Required For Government Furnished
equipment (gfe) Must Be Utilized In Approved Or Other Equipment (oe) And Must Be
funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And
use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclaved
based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be
kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are
responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The
non-va Owned Oe.
g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That
is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With
va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination
of The Contract Or (ii) Disposal Or Return Of The It Equipment By The
contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds,
back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information
must Be Returned To The Va For Sanitization Or Destruction Or The
contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per
6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The
contract.
h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives,
optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The A/e At The
end Of Lease, For Trade-in, Or Other Purposes. The Options Are:
(1) A/e Must Accept The System Without The Drive;
(2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed
in Place Of The Original Drive At Time Of Turn-in; Or
(3) Va Must Reimburse The Company For Media At A Reasonable Open Market
replacement Cost At Time Of Purchase
(4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software
associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain
the Hard Drive, Then;
(a) The Equipment A/e Must Have An Existing Baa If The Device Being Traded In Has
sensitive Information Stored On It And Hard Drive(s) From The System Are Being
returned Physically Intact; And
(b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The
greatest Extent Possible Without Negatively Impacting System Operation.
selective Clearing Down To Patient Data Folder Level Is Recommended Using Va
approved And Validated Overwriting Technologies/methods/tools. Applicable
media Sanitization Specifications Need To Be Pre-approved And Described In The
purchase Order Or Contract.
620-21-205 Montrose River Front Storm Damage Repairs
va Medical Center Fdr Montrose, New York
page 19 Of 21
(c) A Statement Needs To Be Signed By The Director (system Owner) That States That
the Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place
and Completed. The Iso Needs To Maintain The Documentation.
6. Security Incident Investigation
a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In
unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An
action That Breaches Va Security Procedures. The Contractor/subcontractor Shall
immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer
for The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any
unauthorized Disclosures Of Sensitive Information, Including That Contained In System(s)
to Which The Contractor/subcontractor Has Access.
b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S
notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The
incident (including To Whom, How, When, And Where The Va Information Or Assets Were
placed At Risk Or Compromised), And Any Other Information That The
contractor/subcontractor Considers Relevant.
c. With Respect To Unsecured Protected Health Information, The Business Associate Is
deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should
have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate
must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In
accordance With The Executed Business Associate Agreement.
d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor
must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or
entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The
contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate
with Va And Any Law Enforcement Authority Responsible For The Investigation And
prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The
contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va
information, Obtain Monetary Or Other Compensation From A Third Party For Damages
arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From,
or Related To, The Incident.
7. Liquidated Damages For Data Breach
a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To
sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages
in The Event Of A Data Breach Or Privacy Incident Involving Any Spi The
contractor/subcontractor Processes Or Maintains Under This Contract.
b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set
forth In The Security Incident Investigation Section Above. Upon Such Notification, Va
must Secure From A Non-department Entity Or The Va Office Of Inspector General An
independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With
the Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In
the Data Breach. The Term Data Breach Means The Loss, Theft, Or Other Unauthorized
access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data
containing Sensitive Personal Information, In Electronic Or Printed For, That Results In The
potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully
cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be
deemed A Material Breach And Grounds For Contract Termination.
c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach,
including The Following:
(1) Nature Of The Event (loss, Theft, Unauthorized Access);
(2) Description Of The Event, Including
(a) Date Of Occurrence
(b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security
number, Date Of Birth, Home Address, Account Number, Disability Code;
(3) Number Of Individuals Affected Or Potentially Affected;
(4) Names Of Individuals Or Groups Affected Or Potentially Affected;
(5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of
the Degree Of Protection For The Data, E.g., Unencrypted, Plain Text;
(6) Amount Of Time The Data Has Been Out Of Va Control;
(7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised
(made Accessible To And Usable By Unauthorized Persons);
(8) Known Misuses Of Data Containing Personal Information, If Any;
(9) Assessment Of The Potential Harm To The Affected Individuals;
(10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security
and Privacy Incidents, As Appropriate; And
(11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or
mitigating The Results Of Identity Theft Based On The Sensitive Personal Information
that May Have Been Compromised.
d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be
responsible For Paying To The Va Liquidated Damages In The Amount Of $37.50 Per Affected
individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals
consisting Of The Following:
(1) Notification;
(2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At
least 3 Relevant Credit Bureau Reports;
(3) Data Breach Analysis;
(4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And
credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution;
(5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And
(6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit
records, Histories, Or Financial Affairs.
8. Security Controls Compliance Testing
on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To
evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The
contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice,
at The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A
government-sponsored Security Controls Assessment At Each Location Wherein Va
information Is Processed Or Stored, Or Information Systems Are Developed, Operated,
maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector
general. The Government May Conduct A Security Control Assessment On Shorter Notice (to
include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident
or At Any Other Time.
9. Training
a. All Contractor Employees And Subcontractor Employees Requiring Access To Va
information And Va Information Systems Shall Complete The Following Before Being
granted Access To Va Information And Its Systems:
(1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And
responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E
relating To Access To Va Information And Information Systems;
(2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior
training And Annually Complete Required Security Training;
(3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete
required Privacy Training; And
(4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required
for Va Personnel With Equivalent Information System Access [to Be Defined By The Va
program Official And Provided To The Contracting Officer For Inclusion In The
solicitation Document E.g., Any Role-based Information Security Training Required In
accordance With Nist Special Publication 800-1 6, Information Technology Security
training Requirements.]
b. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The
training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each
applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually
thereafter, As Required.
c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior
annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All
physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such
time As The Training And Documents Are Complete.
end Of Appendix
Closing Date15 Jan 2024
Tender AmountRefer Documents
Cebu Normal University Tender
Software and IT Solutions
Philippines
Details: Description Invitation To Bid For Procurement Of University Ict Modernization Development Program No. 24-06-167 1. The Cebu Normal University, Through The General Appropriations Act Of 2024 Intends To Apply The Sum Of One Billion Pesos (₽ 1,000,000,000.00) For The Procurement Of University Ict Modernization Development Program With Bid No. 24-06-167. Bids Received In Excess Of The Abc For Each Lot Shall Be Automatically Rejected At Bid Opening. 2. The Cebu Normal University Now Invites Bids For The Following Items Of The Above Rebidding For The Procurement Of University Ict Modernization Development Program Project. Unit Item Description Quantity Unit Cost Lot University Ict Modernization Development Program University Enterprise Resource Planning (erp) System 1 344,039,200.00 Human Resource Information System (hris) This Module Manages The Campus Staff Data, Including Recruitment, Payroll, And Billing. 1.1.1. Must Have The Following Modules: 1.1.1.1. Time Keeping Monitoring Modules 1.1.1.2. Automated Payroll System 1.1.1.3. Personnel Information System / Human Resource Information System. 1.1.1.4. Installation And Configuration Services 1.1.1.4.1. Application Installation 1.1.1.4.2. User Workflow Integration 1.1.1.4.3. Integration To Cnu Rdbms Database 1.1.1.4.4. Project Management Services 1.1.1.4.5. Capacity Building And Knowledge Transfer 1.1.1.4.5.1. The Winning Bidder Will Conduct User Training. 1.1.1.4.5.2. The Winning Bidder Will Perform A System Demo. 1.1.1.4.5.3. The Winning Bidder Will Perform System Flow Familiarity. Student Information System (sis) 1.2.1. System Features, Transactions, And Reports: 1.2.1.1. Must Have Tools To Enable Migration Of Existing Student Databases, Register New Students, Generate Adhoc Reports, Monitor And Manage Various Service Requests. 1.2.1.2. Must Contain Complete Student Information, Academic Data File, And Scanned Submitted Documents Of Students Converted Into Pdf. 1.2.1.3. Must Support Fast Generation Of Tor And Form 9 1.2.1.4. Must Be Capable Of Generating A List Of Candidates For Graduation, Scholarships, And Honors. 1.2.1.5. Must Be Able To Receive Approved Electronic Grades From Deans. 1.2.1.6. Must Be Able To Apply Tags To Documents Being Submitted By New Enrollees And Remind Students Of Missing Documents That Need To Be Submitted. 1.2.1.7. Must Have A Mobile Application That Will Enable Access To Online Services Relevant To The Students Such As Request For An Electronic Copy Of Grades, Request For Transcripts Of Records, Copies Of The Com, And Others To Be Determined By The University. 1.2.1.8. The Mobile Application Must Be Compatible With The Latest Versions Of Android And Ios Mobile Devices. 1.2.1.9. Must Have A Free Higher Education Application And Reports Generation System 1.2.1.10. Must Have A Reports Generation System (csc, Dbm, Ched And Other Government Reports) 1.2.1.11. Must Have An Online Verification System 1.2.1.12. Must Have An Electronic Issuance Of Transcript Of Records, Diploma, So, Certifications, Etc. 1.2.1.13. Must Have An Online Testing And Admission Scheduling System. 1.2.1.14. Must Have A Faculty Evaluation System. Financial Management System 1.3.1. Accounts Payable And Disbursements 1.3.1.1. Solution Must Allow Users To Set The Recognition Of Withholding Taxes Either Upon Recording Of Accounts Payable Or Upon Disbursement Depending On The Organization's Policy. 1.3.1.2. Solution Must Be Able To Record Payable Vouchers And Generate An Apv Form. The Payable Voucher Should Allow Users To Input The Supplier Invoice Number And Be Able To Retrieve And Automatically Populate The Details Of The Selected Receiving Report/s. 1.3.1.3. Solution Must Be Able To Record Payment Vouchers And Generate A Payment Voucher Form. The Payment Voucher Should Allow Users To Tag And Apply Payments To Specific Supplier Invoice/s Or Payable Voucher/s And Should Have Controls To Avoid Double Payment Of The Same Payable. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.1.4. Solution Must Be Able To Record Adjustments On Supplier Invoices And Accounts Payable Using A Debit Memo. The Debit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.1.5. Solution Must Allow Users To Monitor And Update The Status Of Checks Prepared Whether On-hand, Released, Cancelled, Or Stale. 1.3.1.6. Solution Must Be Able To Capture Details Of Receipts For Fund Replenishments, Reimbursements , And Liquidations. Users Should Also Be Able To Select The Appropriate Gl Account For The Receipt And Generate The Corresponding Accounting Entries. 1.3.2. Revenues And Collections 1.3.2.1. Solution Must Have Complete List Of Customer's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.2.2. Solution Must Be Able To Group Customers Up To Two Levels As Needed By The Organization. 1.3.2.3. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Sales Orders, Invoice, And Collection Transactions), System Reports, And Master Tables 1.3.2.4. Solution Must Be Able To Record Customer Orders And Generate An Order Form. The Customer Order Must Capture Essential Information Such As: Customer Details, Customer Po Number, Order Type (goods Or Services), Delivery Information, And Item Details 1.3.2.5. Solution Must Be Able To Record Invoice Or Billing Statement And Generate The Corresponding Forms. The Invoice Or Billing Statement Should Automatically Populate The Details From Approved Customer Order/s. Accounting Entries Should Automatically Be Generated Based On The Default Entry Setup. 1.3.2.6. Solution Must Be Able To Record Adjustments On Invoices And Accounts Receivable Using A Credit Memo. The Credit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.2.7. Solution Must Be Able To Record Receivable Collections And Generate An Official Receipt Or Ancai. The Collection Should Allow Users To Tag And Apply The Customer Payments To The Intended Sales Invoice/s Or Billing Statement/s With Controls To Avoid Double Tagging Of Collections. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.2.8. Solution Must Allow Users To Record Cash And Collection Deposits And Generate The Corresponding Accounting Entries To Recognize The Proper Cash In Bank Account. 1.3.2.9. Solution Must Be Able To Generate A Report That Shows Statement Of Account And Accounts Receivable Aging In A Given Period. The Aging Report Should Allow Users To Define Whether The Report Is Based On Transaction Date Or Due Date As Well As The Aging Parameters (weekly, Monthly, Custom Defined Aging). 1.3.2.10. Solution Must Be Able To Generate A Report That Shows The Receivable Ledger Per Customer Group Or Specific Customer In A Given Period. 1.3.2.11. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Collections In A Given Period. 1.3.2.12. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Cash And Check Deposits In A Given Period As Well As Undeposited Cash And Collections. 1.3.3. Inventory Module 1.3.3.1. Solution Must Allow The Setup Of Item Groups And Item Details For Goods, Fixed Assets And Consumables Including Safety Stock Levels And Reorder Point. 1.3.3.2. Solution Must Allow The Setup Of Unit Of Measure For Sales And Purchases. 1.3.3.3. Solution Must Allow The Creation Of Unit Of Measure (um) Conversion Table Where The User Can Define The Conversion Rate From One Um To Another. 1.3.3.4. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Receiving, Issuance And Transfer Transactions), System Reports, And Master Tables. 1.3.3.5. Solution Must Be Able To Create Delivery Receipts And Generate A Dr Form. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.6. Solution Must Allow Users To Record Items Returned To Suppliers. Purchase Return Should Automatically Populate Details From The Approved Purchase Order And Allow Users To Select The Items Returned. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.7. Solution Must Be Able To Record Stock Issuance And Generate A Material Issuance Form. The Material Issuance Can Be Issued To A Requesting Department And Should Capture Details On The Requestor And The Items Issued. 1.3.3.8. Solution Must Be Able To Record Incoming And Outgoing Transfer Of Items Between The Organization's Warehouse. 1.3.4. Property And Fixed Assets 1.3.4.1. Solution Must Have A Complete List Of Fixed Assets Details. Details Include The Asset Group, Technical Specifications, Useful Life, Serial Number, And Issuance Status. 1.3.4.2. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Asset Acquisition, Issuance, And Asset Disposal Transactions), System Reports, And Master Tables 1.3.4.3. Solution Must Allow Users To Record The Purchase Details Of Acquired Assets. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.4. Solution Must Allow The Issuance Of Fixed Assets To The Requesting Department And Authorized User Of The Asset. The Solution Should Be Able To Record The Details Of The Issuance As Well As Tag The Physical Location Of Assets Issued. 1.3.4.5. Solution Must Automatically Calculate The Monthly Depreciation And Net Book Value Of The Asset Using Straight-line Method Over The Asset's Remaining Useful Life. Accounting Entries For Depreciation Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.6. Solution Must Allow Users To Record The Repair Of Fixed Assets And Automatically Calculate The Depreciation For Capitalized Major Repairs. 1.3.4.7. Solution Must Allow Users To Record The Disposal Of Fixed Assets And Remove It From The List Of Active Assets Available For Issuance. Accounting Entries For The Disposal Of Fixed Assets Should Be Automatically Generated Based On The Default Entry Setup. 1.3.5. Government Budget 1.3.5.1. The Solution Must Be Able To Allow The Setup Of Responsible Signatories For Approval Of Budget. 1.3.5.2. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.3. Solution Must Be Able To Classify Budget Transactions To Personnel Services, Maintenance And Other Operating Expenses, Capital Outlay, And Financial Expenses 1.3.5.4. Solution Must Allow Setup Of Notice Of Cash Allocation As Transaction Limits. 1.3.5.5. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Budget Realignment, Budget Earmark, And Obligation Request Transactions), System Reports, And Master Tables 1.3.5.6. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.7. Solution Should Only Allow Transactions To Proceed Based On Approved Budget. Budget Review And Approval Should Apply To Earmarking For Purchase Requests, And Obligation Requests For Purchase Orders. 1.3.5.8. Solution Must Be Create A Request For Fund Appropriation By Requesting Department And Generate An Rfa Form. The Rfa Should Be Able To Capture Information On The Requestor, Department, Priority, And Purpose Of The Appropriation. 1.3.5.9. Solution Must Be Able To Reclassify Approved Budget From One Expense Item To Another Within The Same Budget Classification. 1.3.6. General Ledger And Accounting 1.3.6.1. Solution Must Be Able To Create Chart Of Accounts For Balance Sheet And Profit And Loss Statement. The Chart Of Accounts Can Be Grouped Up To Three Levels To Allow Drill Down Of Accounts When Reporting. 1.3.6.2. Solution Must Be Able Allow Creation Of Books Of Accounts Which Will Contain The Accounting Entries From Transactions. The Books Of Accounts Should Be Classified Into The General Ledger Book, Disbursement Book, Cash Receipts Book, Sales Book And Purchases Books. 1.3.6.3. Solution Must Allow Users To Format The Summarized And Detailed Reports For The Balance Sheet And Profit And Loss Statement 1.3.6.4. Solution Must Allow Users To Setup Multiple Dimensions For Income And Expense Accounts For More Detailed Reporting. Up To Four Dimensions Can Be Created Which Are: Profit Center Or Cost Center, Revenue Type, Principal Or Major Customer Type, And Location. 1.3.6.5. Solution Must Allow The Creation Of Multiple Currencies And Setup The Conversion Rate For Functional And Reporting Currency. 1.3.6.6. Solution Must Allow Creation Of Subsidiary Ledgers For Customers, Suppliers, Employees, And Others As Defined By The User. 1.3.6.7. Solution Must Allow Setup Of Various Tax Codes And Tax Rates For Vat, Creditable Withholding Taxes, And Expanded Withholding Taxes 1.3.6.8. Solution Must Allow Users To Enter The Amounts Which Will Be Set As The Beginning Balance For Each Account. 1.3.6.9. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Journal Entries), System Reports, And Master Tables 1.3.6.10. Solution Must Allow Users To Record Journal Entries To Record Transactions That Are Not From The Other Modules Such As Adjustments And Reclassification Entries. Journal Entries Should Allow The User To Select The Proper Books Of Account Where The Entry Is Recorded And Should Have Controls To Check The Balance Of Total Debit And Credit Accounts. 1.3.6.11. Solution Must Be Capable Of Month-end And Year-end Process To Close Transactions And Proceed To The Next Control Period. 1.3.7. Set-up And Application Manager 1.3.7.1. Solution Must Allow The Setup Of The Details Of The Organization Such As Tin, Address, Contact Details, Tax Settings, Transaction Currency. 1.3.7.2. Solution Should Allow The Creation Of Various Users Of The Accounting System. 1.3.7.3. Solution Must Allow Admin To Define And Control User Access So That Only Authorized Users Will Be Able To Access Specific Modules, Transact, Approve And Generate Reports. Users Can View, Add, Delete (if Not Yet Posted), Print, Or Approve Transactions. 1.3.7.4. Solution Must Allow Setting Up The Forms Used For Various Activities Including Transaction Number Or Document Series For The Forms Such As: Purchase Orders, Customer Orders, Invoice, Receipts, Payable Voucher, Etc. The System Can Automatically Generate The Succeeding Document Numbers During Transaction Entry. 1.3.7.5. Solution Must Allow Setting Up Forms To Be Used In The Various Transactions, Including The Preparers, Reviewers And Approvers Of Said Forms. 1.3.7.6. Solution Must Allow Setting Up Appropriate Department Of The Organization Which Will Be Used In Various Transactions. 1.3.7.7. Solution Must Allow The Setting Up Appropriate Fiscal Or Calendar Year Of The Organization. 1.3.7.8. Solution Must Have Control Checks To Allow Transactions To Proceed To The Next Activity Only When It Is Approved And Posted. Only Posted Transactions Will Appear In The System Reports. 1.3.7.9. Solution Must Allow Users To Perform Batch Approval Or Posting Of Transactions. 1.3.7.10. Solution Must Have Control Checks To Prevent Multiple Logins, And Failed Login Attempts From The Same Account. System Should Also Perform Automatic Logout For Idle Accounts. 1.3.7.11. Solution Must Be Able To Generate Reports That Shows User Access To The Various System Modules, Their Activities, And The Movement Of All Transactions. 1.3.8. Procurement Management System 1.3.8.1. The Solution Must Have A Complete Procurement Module That Can Capture Detailed Information From Purchase Requisition, Purchase Order, And Receiving 1.3.8.1.1. Module Setup - The Solution Must Have The Following Management And Setup Controls: 1.3.8.1.1.1. Solution Must Have Complete List Of Supplier's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.8.1.1.2. Solution Must Be Able To Group Suppliers Up To Two Levels As Needed By The Organization. 1.3.8.2. Transaction Activities - Solution Must Be Capable Of The Following Transactions: 1.3.8.2.1. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Purchase Request, Purchase Orders And Receiving Transactions), System Reports, And Master Tables 1.3.8.2.2. Solution Must Be Able To Record Purchase Requests And Generate A Pr Form. The Purchase Request Must Capture Essential Information Such As: Requestor, Purchase Type (goods, Services, Capital Expenses, Consumables), Date Needed, And The Item Details And Quantity. 1.3.8.2.3. Solution Must Allow Users To Create Requests For Quotation To Invite Suppliers Into A Bidding Process For The Requested Items. 1.3.8.2.4. Solution Must Be Able To Present Details Of Canvass To Aid In Decision Making For Purchases. 1.3.8.2.5. Solution Must Be Able To Record Purchase Orders And Generate A Po Form. The Purchase Order Should Be Able To Retrieve And Automatically Populate The Details Of Approved Purchase Requests And Capture Essential Information Such As: Supplier Details, Purchase Type, Chargeable Department, And Delivery Info. The Purchase Order Should Allow Users To Select The Vat Class Of Each Item (vatable/exempt) And Automatically Calculate The Vat For Each Item If Applicable. 1.3.8.2.6. Solution Must Have A Functionality To Adjust The Amount And Quantity Of The Purchase Order. 1.3.8.3. Generated Reports - The Solution Must Have The Following System Generated Reports: 1.3.8.3.1. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Request In A Given Period 1.3.8.3.2. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Order In A Given Period 1.3.8.3.3. The Solution Must Be Able To Generate A Report That Shows Purchase Requests That Are Unserved, Partially Served Or Fully Served 1.3.8.3.4. The Solution Must Be Able To Generate A Report That Shows Purchase Orders That Are Unserved, Partially Served Or Fully Served. Records Management System 1.4.1.1. Document Versioning: Able To Store Many Versions Of The Same Document, Download Or Revert To A Previous Version. 1.4.1.2. Digital Signatures: Check The Authenticity Of Documents By Verifying Their Embedded Cryptographic Signatures Or Upload Detached Signatures For Document Signed After They Were Stored. 1.4.1.3. Signature Captures: Capable Of Digital Recording Of Handwritten Signatures And Able To Be Used For Business Transactions And Remote Contract Signing. 1.4.1.4. Multiple Sources: Local File Or Server-side File Uploads, Multifunctional Copier, Or Even Via Email 1.4.1.5. Advanced Access Control: 1.4.1.5.1. Role Based Access Control. Able To Create An Unlimited Amount Of Different Roles Not Being Restricted To The Traditional Administrator, Operator, Guest Paradigm. 1.4.1.5.2. With Permission For Every Atomic Operation Performed By Users 1.4.1.6. Previews For Multiple File Formats: Provides Image Preview Generation For Many Popular File Formats. 1.4.1.7. Full Text Searching: Documents Can Be Searched By Its Text Content, Metadata Or Any Other File Attributes Such As Name, Extension, Etc. Multiple Search Engines Must Be Supported. 1.4.1.8. Configurable Document Grouping: Automatic Linking Of Documents Based On Metadata Values Or Document Properties. 1.4.1.9. Workflows: 1.4.1.9.1. Keep Track Of The State Of Documents, Along With The Log Of The Previous State Changes 1.4.1.9.2. Use The Workflow Engine To Automate Business Processes By Executing System Actions. 1.4.1.9.3. Trigger External Processes Using The Workflow. Execute Actions In Other Systems When A Document Hits A Specific State For Complete Business Automation. 1.4.1.9.4. Comply With Regulations Using Automatic State Expiration And Workflow Escalation. 1.4.1.10. Non-destructive Page Mapping: Change The Order Of The Pages Of The Files Uploaded To A Document Or Disable Them To Remove From View. Pages From Multiple Document Files Can Also Be Joined Or Appended To Create Multiple Document Versions From The Same Set Of Files. 1.4.1.11. Complete Event Tracking System: 1.4.1.11.1. Every Action Performed In The System Must Be Recorded For Audit Trail Purposes. 1.4.1.11.2. Users And Other Applications Can Subscribe To Events To Perform Actions Or Provide Notifications. 1.4.1.12. Deployable In Multiple Different Environments, Vendors, Hardware: 1.4.1.12.1. Able To Do A Direct Installation For Maximum Control And Performance 1.4.1.12.2. Use The Official Docker Image For Easier Installation And Scalability. 1.4.1.12.3. Deployable To A Virtual Machine, Direct Hardware, Public Cloud, Private Cloud, Or A Single Board Computer 1.4.2. 2 Units Document Scanner 1.4.2.1. Proposed Throughput Speed Must Have 50 Ppm / 100ppm. 1.4.2.2. Proposed Feeder Capacity Must Be Up To 80 Sheets Of 80 G/m Paper. 1.4.2.3. Proposed Maximum Document Size Must Be 216 Mm X 3,000 Mm. 1.4.2.4. Proposed Minimum Document Size Must Be 52 Mm X 52 Mm 1.4.2.5. Proposed Maximum Optical Resolution Must Have 600 Dpi. Asset Management System 1.5.1.1.1. Unique Asset Tag That Is Assigned To An Asset For The Purpose Of Tracking And Managing Throughout Its Lifecycle. It Must Consist Of A Barcode Or A Serial Number That Is Affixed To The Asset, And Allows Accurate Identification And Location Of The Asset, Track Its Maintenance And Repair History, Assign Ownership And Monitor Depreciation. 1.5.1.1.2. Search Engine For Locating Assets Within An Inventory Or Database. This Can Involve Searching For Assets Based On Various Criteria, Such As Location, Type, Condition, Or Other Attributes Such As Assignee, Barcode Or Serial Number. 1.5.1.1.3. Asset Check In/out Which Serves As A Check List Of Asset/s That Need To Be Accepted Or Released From Possession. It Should Be On Real Time Release And Acceptance With The Option To Attach Photos Or Videos. 1.5.1.1.4. Asset Status That Provides Information On Current Status Such As Accepted, Released, Current Location And Other Status Like Maintenance And Assigned Technician. 1.5.1.1.5. Sends Notifications Of The Status Of An Asset If Accepted, Released, Under Maintenance Or In Transit. 1.5.1.2. Administrator Settings That Provide The Following Functionalities: 1.5.1.2.1. Branding Functionality That Provides Distinctive Name, Logo, Symbol, Or Design To Differentiate Cnu’s Asset Management Services 1.5.1.2.2. Security Features That Provide User Authentication And Access Controls To Authorized Users To Access Sensitive Information Or Make Changes To Asset Records. Option Includes Two Factor Authentication 1.5.1.2.3. Groupings Functionality That Defines And Assigns Groups Within Cnu Such As Finance, Supply Office, Etc. That Will Help Define And Narrow Down Searches And Assignments Of Assets. 1.5.1.2.4. Localization That Defines And Assigns Personnel, Users, Administrator, Groups And Assets Within The Campus To Certain Areas Or Places. 1.5.1.2.5. Notification Feature For Automated Alerts Or Messages To Notify Users Of Events Or Activities Related To The Assets. This Must Include Alerts For Maintenance And Repairs, Asset Checkouts Or Returns, Or Changes To Asset Records. Notifications Can Be Sent Via Email, In-app Notification And Other Messaging Channels Such As Chatbots. 1.5.1.2.6. Qr Code Generation And Assignment To Assets. 1.5.1.2.7. Asset Labeling Feature That Generates Qr And Barcodes For Labelling Of Assets. 1.5.1.2.8. Grouping Of Assets Based On Common Characteristics Or Attributes. Asset Categories Shall Be Used To Organize Assets Into Logical Groupings To Simplify Asset Tracking And Management. 1.5.1.3. User Management Functionality That Provides The Following: 1.5.1.3.1. Rights And Permission For Assignment Of Rights, Permissions And Responsibilities Such As Administrators And Users 1.5.1.3.2. Manual Or Automatic Creation And Removal Of Users That Can Be Triggered By The Hr Application System Through Automatic Notification Of New, Resigned And/or Retired Employees. 1.5.1.4. Asset Management Sub-modules Capable Of The Following: 1.5.1.4.1. Dynamic Fields That Are Highly Customizable To Be Added Or Removed From An Asset Record Based On The Specific Needs Of Cnu, Type Or Category Of An Asset. These Fields Are To Be Used To Capture Additional Information Or Data Points That Are Not Included In The Standard Asset Record Or To Tailor The Asset Record To The Specific Requirements Of Cnu. 1.5.1.4.2. Generates A Checklist For Acceptance Or Release Of An Asset That Will Be Shown On The Dashboards Of The User And Assigner. 1.5.1.4.3. Provides The Users The Capability To Request For Equipment, Office Supplies Or Even Vehicle Service For Use On Certain Occasions. 1.5.1.4.4. Migration Of Assets From Flat File Or Excel File. 1.5.1.4.5. Inventory Status That Provides Stakeholders, Administrator, Users And Requester Of The Current Inventory Of Assets Such As But Not Limited To Office Supplies, Fuel, And Other Pertinent Assets Of Cnu. 1.5.1.4.6. Low Inventory Notification That Allows Cnu To Be Automatically Notified Of Low Inventory On A Threshold Previously Set. 1.5.1.4.7. Asset Assignment Feature That Assigns An Asset To A Specific User Or Location Within Cnu. This Is Done To Track The Person Responsible For The Asset, Asset Location, And How It Is Being Used Through The Use Of Qr Code And Or Barcode Labels. Once An Asset Is Assigned, The Asset Management Software Must Be Able To Track The Asset's Location, Usage History And Maintenance Records. It Should Be Able To Provide Alerts Or Notifications When The Asset Is Due For Maintenance, Repair, Or Replacement. 1.5.1.4.8. License Management Feature That Assigns, Tracks And Records The Number Of Sw Licenses And Its Usage Within Cnu. 1.5.1.4.9. In-app Notification With Secondary Notification Through Email Alerts. 1.5.1.4.10. Mobile Application Feature That Will Enable Access To The Asset Management System Anytime, Anywhere. 1.5.1.5. Single Sign-on 1.5.1.5.1. Must Be An Add-on To The Cms System So Sso And User Rights/roles Are Incorporated Within The Existing User Base. 1.5.1.5.2. Authentication Must Be Through The Sso Of The Cms 1.5.1.6. The Winning Bidder Must Provide Two (2) Units Of Barcode Printers, Two (2) Handheld Scanners And Consumables. 1.5.1.7. The Winning Bidder Shall Perform Pre-functional Testing And User Acceptance Testing Upon Completion Of Its Installation, To Be Witnessed By Cnu Nominated Personnel. Consolidated University & Student Portal 1.6.3.1. Design, Development And Customization Of Faculty And Student Portal 1.6.3.2. Consolidated University & Student Portal Technical Requirements 1.6.3.2.1. Portal Services 1.6.3.2.1.1. Must Support At Most Ten Thousand (10,000) User Identities. 1.6.3.2.1.2. Must Provide User Logins With Appropriate Authentication. 1.6.3.2.1.3. Must Provide ‘forgot Password’ Facility. 1.6.3.2.1.4. Must Provide ‘change Password’ Facility. 1.6.3.2.1.5. Must Have Administration Functionalities Such As: 1.6.3.2.1.5.1. User Management 1.6.3.2.1.5.2. Role Management 1.6.3.2.1.5.3. Announcements 1.6.3.2.2. Development Of Frequently Asked Questions (faqs) 1.6.3.2.2.1. Create Faqs 1.6.3.2.2.2. Read Faqs 1.6.3.2.2.3. Update Faqs 1.6.3.2.2.4. Delete Faqs 1.6.3.2.2.5. List Faqs 1.6.3.2.3. Route Configuration 1.6.3.2.3.1. Route Creation 1.6.3.2.3.1.1. Redirection Link 1.6.3.2.3.1.2. Redirection Logo 1.6.3.2.3.1.3. User Role Assignment 1.6.3.2.3.1.4. Active / Inactive Route 1.6.3.2.3.2. Update Route 1.6.3.2.3.3. Delete Route 1.6.3.2.3.4. List Route 1.6.4. Dashboard Development 1.6.4.1. The Dashboard Must Provide Route Display And Redirection For At Most Four (4) Applications. 1.6.4.2. From The User Dashboard, A Link Must Be Provided To Route The User To A Particular Application. The Requirement Is A Routing Link And So No Application Development Or Application Side Configuration Is Part Of The Portal Requirement. Unified Database Platform 1.7.1.1. It Shall Be Cloud Agnostic And Cloud-native And Can Support Deployments In Bare Metal, Vms, Or Kubernetes Both In On Premise Infrastructure As Well As Cloud For At Least The Following Options: 1.7.1.1.1. Baremetal 1.7.1.1.2. Vmware Vsphere 1.7.1.1.3. Aws 1.7.1.1.4. Google Cloud Platform 1.7.1.1.5. Microsoft Azure 1.7.1.2. It Shall Synchronize The Data Across Multiple Sites And Support Multiple Advanced Replication Architecture. 1.7.1.3. It Must Be Deployed In An Active-active Manner To Ensure Minimal Disruption To Services And Can Withstand The Following Failure Scenarios Depending On The Deployment Topology: Virtual Machine Failure, Container/kubernetes Node Failure, Availability Zone Failure, Region Failure. 1.7.1.4. It Shall Support Both The Sql And Nosql Apis’ Under A Common Storage Substrate To Address Current And Future Use Cases. 1.7.1.5. It Shall Enable Client Applications To Auto- Discover Cluster Nodes And Cluster Topology Using An Application- Friendly Library. 1.7.1.6. It Shall Support A Single Synchronous Cluster Stretched Across Multiple Az’s/regions/clouds, And Support Multiple Advanced Replication Architectures For The Resiliency Of The System. 1.7.1.7. Shall Horizontally Scale Out/in/up/down With Minimal To No Business Disruptions. 1.7.1.8. Shall Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.1.9. It Shall Support Distributed Acid And Transactions With Strong Data Consistency. 1.7.1.10. One (1) Year Of Enterprise Support For Production And Non-production. 1.7.1.11. It Shall Provide The Ability To Increase Computing Capacity Linearly By Adding New Nodes To The Existing Database System With No Downtime. 1.7.1.12. It Shall Support Data Replication Between Two Isolated Instances To Support Application-level Active-active Deployments. 1.7.1.13. The Proposed Solution Shall Enhance The Primary Cluster Capability With Additional Read-replica Nodes To Facilitate Reads Closer To The Customer Base. 1.7.1.14. The Proposed Solution Shall Support Data Affinity To Comply With Country/region-specific Regulatory/compliance Requirements. 1.7.1.15. The Proposed Solution Shall Support Encryption In Transit And Rest To Have A Strong Security Posture. 1.7.1.16. The Proposed Solution Shall Be Able To Provision And Manage In A Fully Air-gapped Environment. 1.7.1.17. The Proposed Solution Shall Support Region/zone/cloud Affinity To Define Different Data Serving Topologies To Keep The Data Serving Nodes Closer To The User Base. 1.7.2. Other Requirements: 1.7.2.1. The Proposed Solution Must Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.2.2. The Proposed Solution Must Have Cdc Capability To Generate Events On Data Change. 1.7.2.3. The Proposed Solution Must Have Api For Management Automation. 1.7.2.4. The Proposed Solution Must Support Advanced Sql Features Like Stored Procedures, Foreign Keys, Triggers, Json Support (filtering, Constraints, And Projections) To Support Current And Future Use Cases. 1.7.2.5. Must Have The Following Services: 1.7.2.5.1. Ssl/dns Configuration - Must Be Able To Install And Configure Ssl Certificates And Assist In The Configuration Of Dns. 1.7.2.5.2. Workflow Integration - Ability To Define Different Approval Process In The Workflow Engine. 1.7.2.5.3. Database Migration - Must Be Able To Migrate All Existing Electronic Data To The New Database. Ict Infrastructure Requirements 1 22,236,484.00 2.1. Supply And Installation Of 48-core Single Mode Os2 Fiber Optic Cable That Will Link Select Buildings To The Data Center. The Backbone Will Serve As The Network Gateway Throughout The Campus. 2.2. 1gbps Direct Internet Access 2.2.1. The Winning Bidder Must Provide A 1gbps Direct Internet Access 2.2.2. The Winning Vendor Must Initiate A Service Application (service Subscription) And Activation From An Internet Service Provider (isp) That Is Capable Of Delivering Internet Service Through A Fiber Optic Cable (foc) Backbone. The University Shall Be The Subscription Account Owner. Centralized Security Operations Center 1 246,115,477.00 The Solution Must Be A Cloud-native Security Operation Platform With Built-in And Fully Integrated (single Interface/management) Next-generation Ngsiem, Ueba, Ndr, Fim, Sanboxing, And Soar Capabilities, As Well As Open Integration To Existing Security Stacks And Future Security Tools, To Automate Cybersecurity Threat Detection, Investigation, And Response Across The Entire Attack Surface. 3.1. Xdr 3.1.1. The Solution Must Be Soc 2 Type 2 Certified 3.1.2. The Solution Must Have Ng-siem Natively To Provide A Centralized Location For Gathering And Organizing Data From Any Existing Security Control, It, And Productivity Tool Using Pre-built Integrations That Are Easy To Use And Do Not Incur Additional Costs For Integrating New Security Tools. 3.1.3. The Solution Must Have Ndr Natively Built-in To Provide Visibility Into Threats At The Network Layer To Stop Attacks Faster To Limit Potential Damage. 3.1.4. The Solution Must Include Ueba Natively To Analyze Traffic And Produce Security Status And Event Information On Individual Users, As Well As Monitor Network Assets And Analyze Their Behavior To Detect Threats. 3.1.5. The Solution Must Include File Integrity Monitoring To Track Changes To Specified Files And Directories, Such As File Changes, File Creations, And File Deletions. 3.1.6. The Solution Must Have Sandbox Built-in Capable Of Detecting Reassembled Files Over The Wire That, If Found To Be Malicious, Will Actively Detonate In A Malware Sandbox To Detect Novel Threats. 3.1.7. The Solution Must Be Able To Collect Data Without Limiting The Type And Number Of Devices To Collect From. 3.1.8. The Software Solution Must Be Scalable And Capable To Accommodate Minimum Of 100gb Data. 3.1.9. The Solution Must Have Native Sensors That Can Be Delivered On-premises As A Purpose-built Appliance, A Virtual Appliance (vmware, Microsoft Hyper-v, Or Kvm), Or In The Cloud, Such As Aws, Azure, Google Cloud Platform, Or Oracle Cloud Infrastructure. 3.1.10. The Solution's Native Sensor Must Be Prepackaged With Network Ids, Deep Packet Inspection, And Malware Sandbox Functionality. 3.1.11. The Solution Must Integrate Threat Intelligence And Telemetry Data From Multiple Sources With Security Analytics To Contextualize And Correlate Security Alerts. 3.1.12. The Solution Must Have Soar Built-in To Provide Both Manual And Automated Response To Cyber Threats Using Pre-defined Playbooks And Pre-built Integrations To Security, It, And Productivity Products, Ensuring Identified Threats Are Mitigated Appropriately And Consistently. 3.1.13. The Solution Must Be Able To Automatically Generate Novel Alerts Based On Input Data Sources Without Requiring The Manual Creation Of Rules, Such As Finding Anomalous Patterns Based On Parent-child Process Relationships, Unusual Application Connections Or Usage, Unusually High User Command Execution Rates, And Unusually High Numbers Of Connections To Non-standard Ports For An Application. 3.1.14. The Solution Must Automatically Integrate Its Own Threat Intelligence Platform (tip) Into Its Architecture For Data Enrichment In Order To Rapidly Identify Attack Paths And Previous Interactions With Known Bad Actors, Increasing Threat Detection Accuracy While Decreasing Response Time. 3.1.15. The Solution Must Be Capable Of Catching, Extracting, And Reassembling Malware That Travels Through The Network Via Http, Ftp, Smb, And Smtp. 3.1.16. The Solution Must Be Capable Of Forwarding Malicious Files To An External Https Server. 3.1.17. The Solution Must Be Able To Translate An Ip Address Into A Geographical Location Or Reputation. 3.1.18. The Solution Must Be Able To Override The Geolocation Gathered From Geolocation Databases By Manually Defining The Geolocation Associated With Specified Ip Addresses. 3.1.19. The Solution Must Have An Aggregator That Can Be Deployed As A Virtual Appliance And Act As A Proxy To Forward Traffic From Other Sensors To The Central Data Repository. 3.1.20. The Solution Must Support Geo Location Public Ip Look Up 3.1.21. The Solution Must Have Reputation-based Threat Intelligence That Automatically Enriches Network Data And Logs During Real-time Ingestion To Add Context To The Data, Thereby Improving The Analyst's Threat Detection, Investigation, And Hunting. 3.1.22. The Solution Must Be Able To Cut Through The Noise Of An Overwhelming Volume Of Alerts By Automating Both Threat Detection (via Ai And Machine Learning) And Response (via Automated Threat Hunting). 3.1.23. The Solution Must Have Integrated Threats, Incident And Compliance Management. 3.1.24. The Solution Must Be Capable Of Constructing A Meaningful Security Context By Utilizing Machine Learning To Determine The Strength Of The Link Between An Alert And A Potential Incident By Employing Multiple Security Artifacts Such As Shared Entities (assets Or Users), Properties (hashes Or Urls), And Time. 3.1.25. The Solution Must Automatically Monitor For Known Bad Events, And Use Sophisticated Correlation Via Search, To Find Known Risk Patterns Such Brute Force Attacks, Data Leakage And Even Application-level Fraud. 3.1.26. The Solution Must Be Able To Detect Compromised Hosts Associated With Advanced Threats And Malware Infections 3.1.27. The Solution Must Be Able To Find Activities And Events Associated With Successful Attacks And Malware Infections 3.1.28. The Solution Must Issue Alert Upon Detection Of Blacklisted External Ip 3.1.29. The Solution Must Be Fully Customizable When Creating Warning Or Alarms For High Risks Events 3.1.30. The Solution Must Support Authentication Authorization Accounting (aaa). 3.1.31. The Solution Must Use Machine Learning Based Detections. Please Provide Some Use Cases And Evidence That The App Is Using Machine Learning Based Algorithms 3.1.32. The Solution Should Include Unsupervised Machine Learning Detection Model That Predicts Current Behavior Based On The Historical Distribution Of A Given Detection Parameter (host, User, Source Ip Address, Etc). 3.1.33. The Solution Should Include An Unsupervised Machine Learning Detection Model That Learns Steady Population Statistics From The Past Peer Data And Looks For Irregularities That Deviate From Typical Behavior Over Time. 3.1.34. The Solution Should Include An Unsupervised Machine Learning Detection Model That Examines Whether The Presence Of A Given Detection Parameter Has Appeared In The Last Number Of Days Or Not. 3.1.35. The Solution Should Include A Supervised Classification Model That Uses A Set Of Indicators To Determine A Decision Boundary Between Normal And Suspicious Data Points. 3.1.36. The Solution Must Provide An Api With The Following Capabilities: 3.1.36.1. Retrieve Detailed Collector Information 3.1.36.2. Retrieve Detailed Incident Information 3.1.36.3. Update Incident Detail 3.1.36.4. Next-generation Siem 3.1.37. The Solution Must Ensure That Security Incidents Are Accessible And Searchable Within Twelve (12) Months. As Needed, Evidence From Security Incidents Is Made Available For Historical Analysis. 3.1.38. The Solution Must Be Capable To Collect Different Types Of Metadata (e.g., Logs, Security Events, Network Flows, Among Others) From Data Sources And Shall Include Log Compression And Industry Standard Encryption At Rest And In Transit To Ensure Security Of Captured Data From Disclosure To Disinterested Parties. 3.1.39. The Solution Must Automatically Normalize And Enrich Data From Any Source With Context Such As Threat Intelligence, User Details, Device Information, Geographical Location To Enable Detailed, Extensible Data Analytics. 3.1.40. The Solution Must Be Capable Of Collecting And Normalizing Server Logs, Network Packets, Server Process Data, File Data, And Threat Intelligence Data Into Json-formatted Records. 3.1.41. The Solution Must Include An Alert Statistics Dashboard That Allows Analysts To Quickly Examine Any Discovered Alerts At A Glance, Such As: 3.1.41.1. Graph Of Critical Vs. Total Alert Status 3.1.41.2. Show The Open Vs. Total Alert Graph. 3.1.41.3. Show The Alert Trend. 3.1.41.4. The Solution Must Be Capable Of Ingesting Tls Encrypted Syslog And Syslog-ng Logs. 3.1.42. The Solution Must Have A Sensor That Can Be Deployed As An Agent In Windows Servers (windows Server 2008 R2, 2012, 2016, And 2019) To Collect Event Data Related To The Following: 3.1.42.1. Hardware 3.1.42.2. Security 3.1.42.3. System 3.1.42.4. Windows Firewall 3.1.42.5. Windows Defender 3.1.42.6. Windows Powershell 3.1.43. The Solution Must Be Able To Integrate With Domain Controllers In Order To Enrich Data Collected With The Relationship Between Users And Ip Addresses. 3.1.44. The Solution Must Be Able To Integrate With A Dhcp Server To Determine The Relationship Between Hostnames And Ip Addresses And Track Devices When The Ip Address Changes. 3.1.45. The Solution Must Be Able To Ingest Windows Sysmon Events. 3.1.46. The Solution Must Be Able To Correlate Traffic, Processes, Users, And Commands In Order To Detect Security, Ddos, And Breach Attempts. 3.1.47. The Solution Must Have A Collector That Can Be Deployed As An Agent In Linux Servers (rhel, Centos, Debian, Ubuntu, Amazon Linux, Oracle Linux, Suse Linux) To Monitor And Capture The Following Information: 3.1.47.1. Process Info. 3.1.47.2. Command Execution. 3.1.47.3. Files. 3.1.47.4. File Events. 3.1.48. The Solution Must Include A Tool For Finding And Visualizing Correlations Between Events. 3.1.49. The Solution Must Have A Visual Tool For Focusing In On A Single Entity (host, Ip, Url, Or User) In A Security Event And Viewing Its Relationship To Other Entities. 3.1.50. The Solution Must Include Out-of-the-box Threat Hunting Templates That Can Be Edited, Copied, And Exported. 3.1.51. The Solution Must Be Capable Of Removing Duplicate Data Through Packet Deduplication. 3.1.52. The Solution Must Be Able To Reduce The Amount Of Metadata Gathered For Smb Commands. 3.1.53. The Solution Must Automatically Compress The Ingested Data. 3.1.54. The Solution Must Be Capable Of Sending Alerts To Relevant Personnel Regarding Security Issues Based On Correlated Events. 3.1.55. The Solution Must Be Capable Of Serving Any Number Of Logical Network Data Or Log Segregation Based On Specific Departments, Functionalities, Or Locations That The User Considers To Be Managed Separately. Not Only Should Security Information Be Kept Completely Separate, But Machine Learning-based Threat Detections Should Also Be Distinct For Each Department. 3.1.56. The Solution Must Include Data Collectors That Are Able To Send Data (log/event) In Real-time And Batch Mode. 3.1.57. The Solution Must Be Capable Of Performing Server And Network Infrastructure Monitoring Out Of The Box. 3.1.58. The Solution Must Be Capable Of Performing Application Monitoring Out Of The Box. 3.1.59. The Solution Must Be Able To Maintain The Original Timestamps For Each Event While Handling Timestamps From Different Time Zones 3.1.60. The Solution Shall Provide Advance Correlation Capabilities To Detect Security Incidents Such As: 3.1.60.1. Ddos Attacks 3.1.60.2. Worm Outbreak 3.1.60.3. Port Scan 3.1.60.4. Sql Injection 3.1.60.5. Brute Force Attack 3.1.61. The Solution Must Be Able To Correlate Asset Info With Threat And Vulnerability Data. 3.1.62. The Solution Provides Network Visibility From Wire Data That Contains Critical Insights About Payloads, Session Information, Errors, Dns, Etc. 3.1.63. The Proposed Solution Shall Be Able To Provide Search Function That Support Boolean-style Patterns Search. 3.1.64. Proposed Solution Shall Be Able To Allow Analysts To Build Queries Using Combined Search Methods. A Single Query May Contain Keywords And Field-based Conditions. 3.1.65. The Proposed Solution Must Be Able To Perform Sub Search In Regard To The Security On Top The Current Search. 3.1.66. The Solution Must Have A Customizable Widget On The Dashboard. 3.1.67. The Solution Must Support Email Notification With Content In Json Format. 3.1.68. The Solution Should Include An Investigative Tool That Allows Security Analysts To Quickly Examine Any Security Alerts By Displaying Enriched Alert Information That Includes Identified Mitre Att&ck Tactic And Techniques Used, Attack Kill Chain Category, Ml Based Score, Alert Status, Key Event Parameters That Contribute To Triggering The Alert, And Full Event Details. 3.1.69. The Solution Must Have The Ability To Threat Hunt And Automate The Threat Hunt And Apply To Soar. 3.2. User And Endpoint Behavior And Analytics (ueba) 3.2.1. The Solution Must Be Capable Of Inspecting Assets For Threat Data And Past Performance. 3.2.2. The Solution Must Be Capable Of Monitoring Every Server, Router, And Host System In The Private Network. 3.2.3. The Solution Should Provide A Host-centric View Of Alert Activity For Specific Hosts. 3.2.4. The Solution Must Come With User Behavior Analytics That Collect User Information From Active Directory 3.2.5. The Solution Must Come With Entity Behavior Analytics That Collect Ip Information From Network Traffic. 3.2.6. The Solution Must Track Changes And Secure Your Environment By Monitoring For Suspicious Activity, User Role Changes, Unauthorized Access And More. 3.2.7. The Solution, Based On Observed Security Events And Asset Risk Profile, Assigns A Risk Score. 3.2.8. The Solution Must Discover Assets Dynamically Across Networks, Endpoints, And Cloud Environments. 3.2.9. The Solution Must Use Either Host Names, Mac Addresses, Or Ip Addresses To Uniquely Identify Assets. 3.2.10. The Solution Must Collect And Fuse User-relevant Data From Multiple Data Sources Across The Security Infrastructure Automatically. 3.2.11. The Solution's Machine Learning Must Be Used To Enable Sophisticated Behavioral Analytics In The Solution. 3.2.12. The Solution Without Any Rules Or Signatures, Must Detect Bad Behavior. 3.2.13. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An Internal User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.14. The Solution Must Be Capable Of Detecting When An Internal User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.15. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An External User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.16. The Solution Must Be Capable Of Detecting When An External User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.17. The Solution Must Be Able To Detect A User Who Logs In To A New Asset Who Typically Uses A Small, Consistent Number Of Assets. 3.2.18. The Solution Must Be Capable Of Detecting A User Who Has Logged In From An Unusual Location. 3.2.19. The Solution For Each Detected And Identified For Asset, Must Provide A Kill Chain View Of Security Events. 3.2.20. The Solution Must Track Threats Based On The User Rather Than The Threat Type. 3.2.21. The Solution Must Assign A Risk Score To Each User In Order To Easily Identify Risky Users. 3.2.22. The Solution Must Be Capable Of Detecting A User Who Typically Executes A Small, Consistent Number Of Processes But Has Recently Executed A New Process. 3.2.23. The Solution Must Be Capable Of Detecting An Internal Http Connection Made By An Internal User Agent That Has Never Been Observed Or Has Only Been Seen On Rare Occasions. 3.2.24. The Solution Must Be Capable Of Detecting An External Http Connection Made By A Potentially Malicious User Agent. 3.2.25. The Solution Must Be Capable Of Detecting A User Who Has Logged In From Locations That Are Geographically Impossible To Travel Between Within The Time Frame. 3.2.26. The Solution Must Be Capable Of Detecting A User Who Logs In At An Unusual Time. 3.2.27. The Solution Must Be Able To Detect An Asset That Started A Previously Unknown Process, Which Could Indicate A Malware Attack. 3.2.28. The Solution Must Be Capable Of Detecting Processes That Typically Launch A Small, Consistent Number Of Child Processes. 3.2.29. The Solution Must Be Capable Of Detecting A File Or Files That Have Been Created An Unusually Large Number Of Times. 3.3. Network Detection And Response (ndr) 3.3.1. The Solution Must Be Capable Of Monitoring Suspicious Traffic In Both External (north/south) And Internal (east/west) Traffic, As Well As Traffic In All Physical And Virtual Environments. 3.3.2. The Solution Must Enable The User To Safely Inspect Suspicious Files In Order To Detect The Presence Of Zero-day Malware And Advanced Persistent Threats. 3.3.3. The Solution Must Be Capable Of Ingesting Rspan Session Flows. 3.3.4. The Solution Must Be Capable Of Ingesting Gre Traffic That Has Been Mirrored With Erspan. 3.3.5. The Solution Must Be Capable Of Compiling Identical Metadata From Talkative Applications Into A Single Record To Reduce Traffic Going To Central Data Repository. 3.3.6. The Solution Must Be Capable Of Correlating Processes Running On The Sensor And Host And The Ip Address/port Visible In Traffic. 3.3.7. The Solution Must Passively Collect Asset Information And Network Flow Information. 3.3.8. The Solution Must Be Capable Of Correlating And Identifying Application Performance Issues Due To Security Incident (e.g. Ddos Attacks, Unauthorized Access To The System That Causing Application Performance Issues.). 3.3.9. The Solution Should Have The Ability To Report When Data Theft Occurs. 3.3.10. The Solution's Architecture Has To Be Very Extensive In Network Traffic Analysis Using Both Supervised And Unsupervised Learning. 3.3.11. The Solution Must Be Capable Of Capturing Raw Network Packets And Reducing The Data To Produce Valid Security Events Without The Size Of A Full Packet Capture. 3.3.12. The Solution Must Be Capable Of Collecting And Correlating Firewall Traffic Logs, Ids Events, Netflow And Cloud Flow Logs. 3.3.13. The Solution Must Be Able To Track The Interaction Between Network Devices, Services, And Applications In Real Time And Over Time. 3.3.14. The Solution Shall Be Able To Address All Alert Types Tied To Phases Of Attack Life Cycle. 3.3.15. The Solution Should Support Integration To Firewall To Do Inline Blocking Mode (not Tcp Reset). 3.3.16. The Solution Must Be Capable Of Monitoring Dns Resolution Changes For Specified Domains, So That If One Of The Observed Domains Resolves To A Different Ip Address, The Solution Will Populate A Visual Record Indicating The Change. 3.3.17. The Solution Must Provide A Visual Representation Of The Entire Attack Landscape, Mapping Detected Threats To Their Corresponding Attack Kill Chain Stage. The Detected Threat Must Be Clearly Tagged With The Relevant Mitre Attack Framework For Detailed Analysis Of An Ongoing Attack's Progression. 3.3.18. The Solution Must Be Capable To Do Comprehensive Network Traffic Analysis Which Includes: 3.3.18.1. Network Performance Statistics 3.3.18.2. Server Performance 3.3.18.3. Application Detection And Performance Monitoring: 3.3.18.4. Top Sources & Top Destinations 3.3.18.5. Asset Application Performance 3.3.18.6. Application Processing Time 3.3.18.7. Network Interactions With Asset 3.3.18.8. Http Statistics 3.3.18.9. Dns Statistics 3.3.18.10. Asset Discovery And Statistics 3.3.18.11. Ip Address 3.3.18.12. Device Manufacturer 3.3.18.13. Application Services 3.3.18.14. Time Discovered And Last Seen 3.3.18.15. Asset Tag(s) And Description 3.3.18.16. Server Certificate Visibility 3.4. Soar (security Orchestration Automation And Response) 3.4.1. The Solution Must Automatically Recognize Alerts From Multiple Sources, Analyze Them For Similarities, And Automatically Add Any Identified Connected Alerts To A Case Or Cases, Preventing The Team From Duplicating Efforts And Hunting For Details In Multiple Places. 3.4.2. The Solution Must Have A Dynamic Case Management Tool That Automates The Continuous Correlation Of Existing Cases To New Alerts When They Are Discovered To Be Potentially Related. 3.4.3. The Solution Must Be Capable Of Storing Cases For A Year. 3.4.4. The Solution Must Be Capable Of Accelerating Security Incident Management Processes By Automating Case Generation With Key Details Such As The Ones Listed Below. 3.4.5. Incident Name And Ticket Id: These Must Be Generated Automatically. 3.4.6. Incident Score: A Score Based On How Serious The Incident Was. 3.4.7. Incident Severity: The Incident's Severity (critical, High, Medium, Or Low) 3.4.8. Incident Reported Time: The Time When The Incident Occurred. 3.4.9. Analyst Assigned To Incident: The Person Tasked With Handling The Incident. 3.4.10. Incident Status: The Incident's Associated State (new, Escalated, Ongoing, Solved, Cancelled). 3.4.11. Incident Closed Time: The Time When The Incident Was Resolved. 3.4.12. The Solution Must Have Out Of The Box Or Customizable Playbooks Of Best Practices To Scale Operations, Drive Consistency In Response And Meet Compliance Requirements. Playbooks Deployed Shall Include At Least: 3.4.12.1. Phishing Enrichment And Response 3.4.12.2. Malware Endpoint Response 3.4.12.3. Internal And External Login Anomalies (multiple Failed Logins, Unusual Activity Such As Login Attempts Outside Office Hours, Unusual Login Location, Login From Suspicious Device) 3.4.12.4. Unusual Browsing Activity 3.4.12.5. Web Attack Profiling And Blacklisting 3.4.12.6. File Activity Anomalies Such As Creation, Move, Delete, Or Change 3.4.12.7. Potential Data Exfiltration 3.4.12.8. C&c Connection 3.4.13. The Solution Must Automatically Trigger Playbooks With Predefined Workflows That To Perform A Variety Of Instructions That Could Include Executing Scripts Or Integrating With Other Tools In The Environment. 3.4.14. The Solution Must Have The Option To Create User-defined Playbooks With Customized Workflow. 3.5. 2 Units Next-generation Firewall For Perimeter 3.5.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.5.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.5.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.5.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.5.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.5.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.5.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.5.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Without Additional License Cost. 3.5.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.5.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.5.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.5.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance. 3.5.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.15. Must Have Zero-day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.5.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.5.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.5.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.5.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage. 3.5.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.5.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.5.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.5.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.5.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation. 3.5.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.5.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.5.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.5.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, And Asymmetric Routing. 3.5.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.5.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.5.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.5.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.5.32.1. Firewall Inspection Throughput – 42 Gbps; 3.5.32.2. Threat Prevention Throughput – 28 Gbps; 3.5.32.3. Application Inspection Throughput – 30 Gbps; 3.5.32.4. Ips Throughput – 28 Gbps; 3.5.32.5. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 10 Gbps; 3.5.32.6. Vpn Throughput – 22.5 Gbps; 3.5.33. The System Must Be Capable Of Handling: 3.5.33.1. Connections Per Second - 280,000/sec; 3.5.33.2. Maximum Connections (spi) – 15,000,000; 3.5.33.3. Max Dpi-ssl Connections – 1,500,000; 3.5.33.4. Maximum Connections (dpi) – 12,000,000 3.5.33.5. The System's Interface Must Include: 3.5.33.5.1. 2 X 100/40-gbe Qsfp28, 3.5.33.5.2. 8 X 25/10/5/2.5-gbe Sfp28, 3.5.33.5.3. 4 X 10/5/2.5/1-gbe Sfp+, 3.5.33.5.4. 4 X 10/5/2.5/1-gbe Cu, 3.5.33.5.5. 16 X 1-gbe Cu 3.5.33.5.6. 2 X Usb 3.0, 3.5.33.5.7. Management Interfaces - 1 Gbe, 1 Console" 3.5.33.5.8. Storage: 1.5tb 3.6. 2 Units Next-generation Firewall For Data Center 3.6.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.6.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.6.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.6.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.6.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.6.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.6.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.6.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Withought Additional License Cost. 3.6.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.6.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.6.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.6.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance 3.6.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.15. Must Have Zero Day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.6.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.6.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.6.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.6.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage 3.6.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.6.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.6.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.6.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.6.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation 3.6.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.6.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.6.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.6.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, Asymmetric Routing, And Common Access Card (cac) Support. 3.6.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.6.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.6.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.6.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.6.32.1. Firewall Inspection Throughput – 28 Gbps; 3.6.32.2. Threat Prevention Throughput – 15 Gbps; 3.6.32.3. Application Inspection Throughput – 18 Gbps; 3.6.32.4. Ips Throughput – 17 Gbps; 3.6.32.5. Anti-malware Inspection Throughput- 16 Gbps 3.6.32.6. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 7 Gbps; 3.6.32.7. Vpn Throughput – 15 Gbps;" 3.6.33. The System Must Be Capable Of Handling: 3.6.33.1. Connections Per Second - 228,000/sec; 3.6.33.2. Maximum Connections (spi) – 5,000,000; 3.6.33.3. Max Dpi-ssl Connections – 350,000; 3.6.33.4. Maximum Connections (dpi) – 3,500,000 " 3.6.34. The System's Interface Must Include: 3.6.34.1. 6 X 10/5/2.5/1-gbe Sfp+, 3.6.34.2. 2 X 10g/5g/2.5g/1g Cu, 3.6.34.3. 24 X 1-gbe Cu, 3.6.34.4. 2 X Usb 3.0, 3.6.34.5. Management Interfaces - 1 Gbe, 1 Console 3.6.34.6. Storage: 128gb M.2 (expandable Up To 256gb) 3.7. 2 Units Application Delivery Controller 3.7.1. System Must Of Be 19-inch Rack Mountable 1 U Form Factor. 3.7.2. System Must Have Dedicated Management Port. 3.7.3. System Must Have Rj-45 Console Port. 3.7.4. System Must Have 5x1g Copper Interface, 4x1g Sfp Or 4x10g Sfp+. 3.7.5. System Must Have Dual Power Supply. 3.7.6. System Must Support 20 Gbps Of L7 Throughput. 3.7.7. System Must Support 32 Million Concurrent Connection. 3.7.8. System Must Support 500k Layer4 Connection Per Second. 3.7.9. System Must Support 180 K 1:1 Layer7 Connection Per Second For Http. 3.7.10. System Must Support 9gbps Of Ssl Offloading Throughput With 28 K Ssl Cps On Ecdhe Cipher. 3.7.11. Application Delivery Partition/virtual Context. 3.7.12. System Must Support 32 Application Delivery Partition/virtual Context. 3.7.13. System Must Support Dedicated Configuration File For Each Virtual Context. 3.7.14. System Must Support Resource Allocation To Each Context Including Throughput, Cps, Concurrent Connection, Ssl Throughput. 3.7.15. System Must Be Able To Modify The Resource Allocation On The Fly Without Restarting/rebooting Any Context. 3.7.16. All The Virtual Context Must Be Available From Day-1. 3.7.17. System Must Support 7 Million Ddos Protection (syn Flood) Syn/sec 3.7.18. System Must Support Protection From Fragmented Packets. 3.7.19. System Must Support Protection From Ip Option. 3.7.20. System Must Support Protection From Land Attack. 3.7.21. System Must Support Protection From Packet Deformity Layer 3. 3.7.22. System Must Support Protection From Packet Deformity Layer 4. 3.7.23. System Must Support Protection From Ping Of Death. 3.7.24. System Must Support Protection From Tcp No Flag. 3.7.25. System Must Support Protection From Tcp Syn Fin. 3.7.26. System Must Support Protection From Tcp Syn Frag. 3.7.27. System Must Support Connection Limit Based On Source Ip. 3.7.28. System Must Support Connection Rate Limit Based On Source Ip. 3.7.29. System Must Support Request Rate Limit Based On Source Ip. 3.7.30. Server Load-balancing /proxy Features. 3.7.31. System Must Support Layer4-layer7 Load-balancing. 3.7.32. System Must Support Load-balancing Algorithims Including Round-robin, Least Connection, Service Least Connecttion, Fastest Reponse, Hash Etc. 3.7.33. System Must Support Active-active And Active-backup Server Configuration For Load-balancing. 3.7.34. System Must Support Reverse Proxy Functionality Of Hosting Multiple Http/https Service Behind Single Ip 3.7.35. System Must Support Source-nat For Slb Traffic 3.7.36. System Must Have Flexibility To Config Vip As Source Nat Ip 3.7.37. System Must Support X-forwarder Option. The Appliance Should Have Option To Enable X-forwarder Option Per Service To Log Actual Client Ip In Web Server Log. 3.7.38. System Must Support L7 Database Load-balancing 3.7.39. System Must Support Http Compression 3.7.40. System Must Support Global Server Load-balancing 3.7.41. System Must Support Tls 1.2 And Tls 1.3 3.7.42. System Should Integrate With Third Party Ssl Certificate Lifecycle Management Platform To Renew Certificates Automatically, Automate The Certificates Issuance, Automate Provisioning Of Renewed Certificates, Eliminate Outages With Continuous Key And Certificate Updates & Enable Devops Teams, Pki, And Security Teams To Acquire Full Visibility Of Certificate Usage Throughout Their Networks. 3.7.43. System Must Support Simple Certificate Enrollment Protocol. 3.7.44. System Must Support Dns Application Firewall. 3.7.45. System Should Stop Buffer Overflows, Malformed Requests And Head Off Dns Amplification-based Ddos Attacks, Also Able To Prevent Dns Cache-poisoning And Spoofing. 3.7.46. System Must Support Application Template A Wizard That Guide A User Through A Step-by-step Deployment Process For Quick And Easy App Deployment. 3.7.47. The Application Template Wizard Embeds Industry Best Practices Relevant To The Application And Enables To Deploy Applications In Minutes Instead Of Hours. Application Template Must Include Oracle, Microsoft Exchange, Skype, Sharepoint From Day One. 3.7.48. System Must Support Authentication Offloading From Back-end Servers Using Saml, Kerberos, Ntlm, Tds Sql Logon, Ldap, Radius, Basic, Ocsp Stapling, Html Form- Based From Day One. 3.7.49. System Must Support Graceful Activation And Disabling Of The Backend Server. 3.7.50. System Must Support Application Level Load-balancing Of Radius And Diameter Protocol. 3.7.51. System Must Support Application Level Load-balancing Of Dns Protocol. 3.7.52. System Must Support Application Level Load-balancing Of Spdy Protocol. 3.7.53. System Must Support Application Level Database Load-balancing. 3.7.54. System Must Support Application Level Imap,pop3 And Smtp Load-balancing. 3.7.55. System Must Support Application Level Load-balancing For Sip Protocol. 3.7.56. System Must Support Application Level Load-balancing For Fix Protocol. 3.7.57. System Must Support Dns Caching. 3.7.58. System Must Support Anycast Based Global Server Load-balancing. 3.7.59. System Must Support Connection Limit Per Server/link. 3.7.60. System Must Support Connection Rate Limit Per Server/link. 3.7.61. System Must Support Request Rate Limit Per Server/link. 3.7.62. System Must Support Single Sign-on (sso) Authentication Relay. 3.7.63. System Must Support Authentication For Microsoft Sharepoint, Outlook Web Access, And Other Packaged And Custom Applications. 3.7.64. System Must Support Perfect Forward Secrecy (pfs) With Elliptic Curve Diffiehellman Exchange (ecdhe) And Other Elliptic Curve Cryptography(ecc) Ciphers. 3.7.65. System Must Support Scriptable Health Check Support Using Tcl, Python, Perl, And Bash. 3.7.66. System Must Support Next Hop Load Distribution (nhld) For Load Balancing Multiple Links. 3.7.67. System Must Support Internet Content Adaptation Protocol (icap) 3.7.68. System Must Support Ipv4 To Ipv6 And Ipv6 To Ipv4 Slb-pt 3.7.69. System Should Support Ip Anomaly Detection. 3.7.70. System Must Have A Provision To Dynamically Add Ips To Black Lists When Ddos Attack Targeted Towards A Specific Ip Address Is Detected 3.7.71. System Must Have A Capabilities To Dynamically Updated Threat Intelligence Feed 3.7.72. System Must Support Starttls Offload For Secure Email And Ldap 3.7.73. System Must Support Vrrp Based Redundancy. 3.7.74. System Must Support Active-active And Active-backup Configuration. 3.7.75. System Must Support Automatic And Manual Configuration Sync. 3.7.76. System Must Support Dynamic Vrrp Priority By Traffic Interface, Server, Nexthop And Routes. 3.7.77. System Must Support Scale-out Configuration Upto 8 Devices To Support Higher Throughput. 3.7.78. System Must Support Dedicated Vrrp Setting Per Virtual Context. 3.7.79. System Must Have Web-based Graphical User Interface (gui) 3.7.80. System Must Have Industry-standard Command Line Interface (cli) 3.7.81. System Must Support Granular Role-based\object-based Access Control 3.7.82. System Must Support Snmp, Syslog, Email Alerts, Netflow V9 And V10 (ipfix), Sflow 3.7.83. System Must Support Rest-style Xml Api For All Functions. 3.7.84. System Must Support External Authentication Including Ldap, Tacacs+, Radius 3.7.85. System Must Have A Seperate Centralize Management For Easily Configure And Manage Policies Across Applications Deployed In Data Centers, Private And Public Clouds. 3.7.86. Centralize Management Should Provide Visibility And Actionable Insights Into The Application Traffic. Simplify Troubleshooting Via Access To Contextualized Data And Logs. Analyze Collected Data To Detect Anomalous Trends. Get Alerts Based On Various Metrics And Customizable Fields. Alerts Delivered Via Email Or Web-hook Url For Automated And Rapid Action. 3.7.87. Centralize Management Should Provide Multi-tenancy Function And Helps Application Team And Services Owners As Tenant And Allow Them To Manage Their Own Infrastructure And Application Policies. 3.7.88. Centralize Management Should Provide Api Driven Automation To Integrate With Devops Tool Like Ansible, Chef, Jenkins, And Orchestration Systems Like Vmware Vro/vra, Cisco Cloud Center, Microsoft Azure, Google Cloud Platform, Amazon Web Services And More. 3.7.89. Centralize Management Analytics Capabilities Must Include End-to-end Response Time Monitoring & Details, Per-request Analysis & Application Access Logs, Security Insight And Analytics, Granular Traffic Insight & Analytics, End-to-end Latency, Response Time Details, Request Rate & Request Method, Response Code, Locations, Os, Device & Browser Information, Top Clients, Worst-behaving Urls, Services And Domains And Many More. 3.7.90. Centralize Management Analytics Function Must Provide Per Transaction Logs With Visual Representation Of Time Spent In Various Phases Of Request And Response. 3.7.91. Adc Vendor Must Support Multi-cloud Function For Upcoming Applications Which Will Be Hosted On Cloud As A Future Requirement. Multi-cloud Function Must Support And Include Amazon Aws, Microsoft Azure, Oracle Cloud, & Also To Be Hosted On Container & Bare Metal. Byol Bandwidth License Will Be Purchased Separately As And When Required As A Future Requirement. 3.7.92. System Must Support Integrate With Third-party Such As Sdn Platforms (e.g., Cisco Aci And Vmware) And Cloud Orchestration Systems (e.g., Openstack And Microsoft Scvmm) From Day One. 3.7.93. System Must Support Network Equipment Building System (nebs) Compliance From Day One. 3.7.94. Should Be A Common Criteria Eal 2+ Certification Or Higher 3.7.95. Adc Vendor Should Have Iso 27001 – Information Security Certifications 3.7.96. Vendor Should Be Registered Under A Government E-market Place Website (https://gem.gov.in/) 3.7.97. Appliance Must Support Dnssec Pass-through. 3.7.98. Support Dnssec To Prevent Threats Like Dns Cache Poisoning And Spoofing. 3.7.99. System Must Support Redirection Of Dns Request On Udp To Tcp 3.7.100. System Must Support Dns Over Https (doh) 3.7.101. System Must Support Dns-udp And Dns-tcp 3.7.102. System Must Support Dns Caching And Recursive Lookup. 3.7.103. System Must Support Dns Load Balancing. 3.7.104. System Must Support Integration With 3rd Party Hardware Security Module (hsm) 3.8. Primary Network Infrastructure 3.8.1. 2 Units Core Network Switches 3.8.1.1. Must Have High Performance 1.92tbps With 1,190mpps Specification. 3.8.1.2. Must Have High Availability Setup/configuration And Hot-swap Redundant Power Supplies. 3.8.1.3. Must Have Intelligent Monitoring, Visibility, And Remediation. 3.8.1.4. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.1.5. Must Be A Compact 1u Switch With 1/10 Gbe And 40/100 Gbe Connectivity Form Factor. 3.8.1.6. Should Allow Individual Software Modules To Be Upgraded For Higher Availability. 3.8.1.7. Must Have Support For Congestion Actions, Such As Strict Priority (sp) Queuing And Weighted Fair Queuing. 3.8.1.8. Must Have An Enabled Distributed And Redundant Architecture By Deploying Two Switches, With Each Switch Maintaining Independent Control Yet Staying Synchronized During Upgrades Or Failover. 3.8.1.9. Must Be Able To Allow Groups Of Two Routers To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.1.10. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stp-based Networks. 3.8.1.11. Must Support Aggregation Groups (lags), Each With Eight Links Per Group With A User-selectable Hashing Algorithm. 3.8.1.12. Must Have Redundant And Load-sharing Fans, And Power Supplies. 3.8.1.13. Must Have Hot-swappable Power Supply And Fan Modules. 3.8.1.14. Must Have Separate Data And Control Paths. 3.8.1.15. Must Supports At Least 24 Ports Of 1/10g For Use With Sfp And Sfp+ Transceivers, And 4 Ports Of 40g/100g 3.8.1.16. Must Support 1 Expansion Module For Additional Interfaces Such As; 3.8.1.16.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.1.16.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.1.16.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.1.16.4. 4 X 40g Qsfp+ Ports Module 3.8.1.16.5. 1 X 100g Qsfp28 Port Module 3.8.1.17. Must Have Sfp+ Transceivers [optional 1gbase-t And 10gbase-t Transceivers And 4x10g Breakout Cables. 3.8.1.18. Must Support High-performance Backups And Disaster Recovery Systems; Provides A Maximum Frame Size Of 9 K Bytes. 3.8.1.19. Must Support Internal Loopback Testing For Maintenance Purposes. 3.8.1.20. Must Be Able To Protect Against Unknown Broadcast, Unknown Multicast, Or Unicast Storms With User-defined Thresholds. 3.8.1.21. Must Have Management Interface Control. 3.8.1.22. Must Have The Following Management Security. A. Restricts Access To Critical Configuration Commands. B. Offers Multiple Privilege Levels With Password Protection. C. Acls Provide Snmp Access. D. Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.1.23. Must Have Snmp V2c/v3 Which Provides Snmp Read And Trap Support Of The Industry Standard Management Information Base (mib) And Private Extensions. 3.8.1.24. Must Be Able To Monitor The Network For Degradation Of Various Services, Including Monitoring Voice. 3.8.1.25. Must Have Remote Monitoring (rmon) Which Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups, As Well As A Private Alarm Extension Group. 3.8.1.26. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.1.27. Must Have A Debug And Sampler Utility That Supports Ping And Traceroute For Ipv4 And Ipv6. 3.8.1.28. Must Have Network Time Protocol (ntp) Which Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network. Can Serve As The Ntp Server In A Customer Network. 3.8.1.29. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Which Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.1.30. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.1.31. Must Be Able To Support Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.1.32. Must Have Bridge Protocol Data Unit (bpdu) Tunneling - Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans 3.8.1.33. Must Be Able To Support Port Mirroring. 3.8.1.34. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp). 3.8.1.35. Must Be Able To Controls And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.1.36. Must Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.1.37. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.1.38. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.1.39. Must Have A Builtin Radius Server Function. 3.8.1.40. Must Support Aaa. 3.8.1.41. Must Have Domain Name System (dns) 3.8.1.42. Must Have Policy Based Routing (pbr) 3.8.1.43. Must Have Static Ipv4 Routing. 3.8.1.44. Must Be Able To Support Basic Layer3 Dynamic Routing Protocol Using Rip. 3.8.1.45. Must Be Able To Deliver Faster Convergence; Uses Link-state Routing Interior Gateway Protocol (igp), Using Standard Protocol Ospf. 3.8.1.46. Must Have Border Gateway Protocol 4 (bgp-4) 3.8.1.47. Must Be Able To Provide A Set Of Tools To Improve The Performance Of Ipv4 Networks; Including Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.1.48. Must Have Static Ipv6 Routing. 3.8.1.49. Must Have Dual Ip Stack, This Maintains Separate Stacks For Ipv4 And Ipv6 To Ease The Transition From An Ipv4-only Network To An Ipv6-only Network Design. 3.8.1.50. Must Be Able To Provide Ospf Support For Ipv6. 3.8.1.51. Must Have Generic Routing Encapsulation (gre) — Enables Tunneling Traffic From Site To Site Over A Layer 3 Path. 3.8.1.52. Must Be Able To Support Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Such As Ip Addresses. For Instance, It Management Devices Could Be Grouped In This Way. Acls Can Also Protect Control Plane Services, Such As Ssh, Snmp, Ntp, Or Web Servers. 3.8.1.53. Must Be Able To Ease Security Access Administration By Using A Password Authentication Server. 3.8.1.54. Must Be Able To Provide For Both On-box As Well As Off-box Authentication For Administrative Access. 3.8.1.55. Must Be Able To Use External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception. 3.8.1.56. Must Be Able To Enable Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.1.57. Must Support One-to-many And Many-tomany Media Casting Use Cases, Such As Iptv Over Ipv4 And Ipv6 Networks; Support For Pim Spare Mode (pim-sm, Ipv4, And Ipv6). 3.8.1.58. Must Have A Built-in Network Management System Feature. 3.8.1.59. Must Have A Built-in Wireless Access Controller Function. 3.8.2. 4 Units Distribution Switches (2 Units Aggregation; 2 Units Top Of Rack; 1 Unit 8 Port Poe Switch (for Cctv And Other Security Devices And Ip Telephony) 3.8.2.1. Must Have High-performance 1.92tbps With 1,190mpps Specification. 3.8.2.2. Must Have Intelligent Monitoring And Visibility. 3.8.2.3. Must Have High Availability With Industry Leading Stacking, And Hot-swap Redundant Power Supplies. 3.8.2.4. Must Be Able To Support Long Distance Virtual Stacking Feature. 3.8.2.5. Must Be Designed For Core/aggregation In The Campus Or Top Of Ra 3.8.2.6. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.2.7. Must Enable Congestion Avoidance. 3.8.2.8. Must Support Lossless Ethernet Networking Standards To Eliminate Packet Loss Due To Queue Overflow. 3.8.2.9. Must Have Separate Data And Control Paths Which Separates Control From Services And Keeps Service Processing Isolated; Increases Security And Performance. 3.8.2.10. Must Be Able To Allow A Group Of Switches To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.2.11. Must Have Ieee 802.3ad Lacp-supports With Up To 8 Members Per Lag With A User-selectable. 3.8.2.12. Must Have Scalable System Design-provides Investment Protection To Support Future Technologies And Higher-speed Connectivity. 3.8.2.13. Must Have High-speed Fully Distributed Architecture-provides Up To 1.92tbps For Bidirectional Switching And 1,190 Mpps For Forwarding To Meet The Demands Of Bandwidthintensive Applications Today And In The Future. 3.8.2.14. For Aggregation Switch Configuration, Bidder Must Propose 2 Units 48 Ports Of 1gbe/10gbe (sfp/sfp+) 4 Ports Of 40gbe/100gbe (qsfp+/qsfp28) 3.8.2.15. For Miscellaneous Function Switch Configuration, Bidder Must Propose 8 X 1/10gbe Rj45 Ports With 2 X 10gbe Ports As Uplink. 3.8.2.16. For Top Of Rack Switch Configuration, Bidder Must Propose 2 Units 24 X 1/10gbe Rj45 Ports With 4 X 40g/100gbe (qsfp+/qsfp28) Ports And 1 X Expansion Bay For Top Of Rack Switch. 3.8.2.16.1. Top Of Rack Switch Must Support 1 Expansion Module For Additional Interfaces Such As: 3.8.2.16.1.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.2.16.1.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.2.16.1.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.2.16.1.4. 4 X 40g Qsfp+ Ports Module 3.8.2.16.1.5. 1 X 100g Qsfp28 Port Module 3.8.2.17. Must Allow High-performance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.2.18. Must Be Able To Support Internal Loopback Testing For Maintenance Purposes And Increased Availability; Loopback Detection Protects Against Incorrect Cabling Or Network Configurations And Can Be Enabled On A Per-port Or Per-vlan Basis For Added Flexibility. 3.8.2.19. Must Be Able To Protect Against Unknown Broadcast, Multicast, Or Unicast Storms With Userdefined Thresholds. 3.8.2.20. Must Have Industry Standard Cli With A Hierarchical Structure. 3.8.2.21. Must Be Able To Restrict Access To Critical Configuration Commands; Offer Multiple Privilege Levels With Password Protection; Acls Provide Snmp Access; Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.2.22. Must Have An Ip Sla Which Monitors The Network For Degradation Of Various Services, Including Voice. 3.8.2.23. Must Have An Snmp V2c/v3-provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib) And Private Extensions. 3.8.2.24. Must Have Remote Monitoring (rmon) That Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group. 3.8.2.25. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.2.26. Must Have A Debug And Sampler Utility-supports Ping And Traceroute For Ipv4 And Ipv6 3.8.2.27. Must Have Network Time Protocol (ntp) That Synchronizes Timekeeping Among Distributed Time Servers And Clients And Keeps Timekeeping Consistent Among All Clock- Dependent Devices Within The Network And Can Serve As The Ntp Server In A Customer Network. 3.8.2.28. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) That Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.2.29. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.2.30. Must Have Vlan Which Supports Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.2.31. Must Be Able To Transmit Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.2.32. Must Be Able To Duplicate Port Traffic (ingress And Egress) To A Local Or Remote Monitoring Port; Supports 4 Mirroring Groups, With An Unlimited Number Of Ports Per Group. 3.8.2.33. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp)\ 3.8.2.34. Must Be Able To Control And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.2.35. Must Be Able To Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.2.36. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.2.37. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.2.38. Must Have A Built-in Radius Server Function. 3.8.2.39. Must Support Aaa. 3.8.2.40. Must Have Domain Name System (dns) Capability. 3.8.2.41. Must Enable The Use Of A Classifier To Select Traffic That Can Be Forwarded Based On Policy Set By The Network Administrator. 3.8.2.42. Must Have Static Ipv6 Routing. 3.8.2.43. Must Have Basic Layer3 Function Such As Rip 3.8.2.44. Must Have Open Shortest Path First (ospf) Capability. 3.8.2.45. Must Have Border Gateway Protocol 4 (bgp-4) Which Delivers An Implementation Of The Exterior Gateway Protocol (egp) Utilizing Path Vectors; Uses Tcp For Enhanced Reliability For The Route Discovery Process; Reduces Bandwidth Consumption By Advertising Only Incremental Updates; Supports Extensive Policies For Increased Flexibility; Scales To Very Large Networks. 3.8.2.46. Must Have Ip Performance Optimization, This Provides A Set Of Tools To Improve The Performance Of Ipv4 Networks; Includes Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.2.47. Must Have Static Ipv6 Routing. 3.8.2.48. Must Have Ospfv3 That Provides Ospf Support For Ipv6. 3.8.2.49. Must Have Access Control List (acl) Which Supports Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Like Ip Addresses. 3.8.2.50. Must Have Remote Authentication Dial-in User Service (radius) 3.8.2.51. Must Have Management Access Security. 3.8.2.52. Must Have Secure Shell (sshv2) Which Uses External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception; Increases The Security Of Secure Ftp (sftp) Transfers. Must Have Multicast Internet Group Management Protocol (igmp) Which Enables Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.2.53. Must Have Protocol Independent Multicast (pim) For Ipv4 And Ipv6 Supports One-to-many And Many-to-many Media Casting Use Cases Such As Iptv Over Ipv4 And Ipv6 Networks. Support For Pim Sparse Mode (pim-sm, Ipv4 And Ipv6) 3.8.3. 9 Units X 24 Port Access Poe Switches 3.8.3.1. Must Be A High Performance 160 Gbps System Switching Capacity, 119 Mpps Of System Throughput. 3.8.3.2. Must Be A Compact 1u Switch With 4 X 1/2.5/5g Rj45 Ports (multi-gigabit) And 20 X 10/100/1000mbps Rj45 Ports, And 4 X 1/10g Sfp+ Ports. 3.8.3.3. Must Be Able To Support 24 X Poe And 12 X Poe+ 3.8.3.4. Must Have A License Upgrade To Support Continuous Poe 3.8.3.5. Must Have A License Upgrade To Support Udld (uni-directional Link Detection) 3.8.3.6. Must Have Built-in High Speed 1/10gbe Uplinks. 3.8.3.7. Must Have Intelligent Monitoring, Visibility, And Remediation Via Single Pane Of Glass Across Wired, Wireless, And Wan. 3.8.3.8. Must Have Support For Automated Configuration And Verification. 3.8.3.9. Must Enables Secure And Simple Access For Users And Iot 3.8.3.10. Must Have Traffic Prioritization (ieee 802.1p) For Real-time Classification. 3.8.3.11. Must Be A High Performance Front Plane Stacking For Up To 4 Switches. 3.8.3.12. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stpbased Networks. 3.8.3.13. Must Have Ieee 802.3ad Lacp, Each With Eight Links Per Group. 3.8.3.14. Must Have Ethernet Ring Protection Switching (erps) Supports Rapid Protection And Recovery In A Ring Topology. 3.8.3.15. Must Have Ieee 802.1s Multiple Spanning Tree Provides High Link Availability In Vlan Environments Where Multiple Spanning Trees Are Required; And Legacy Support For Ieee 802.1d And Ieee 802.1w. 3.8.3.16. Must Have Support For 24x Ports 10/100/1000 Baset Poe+ Ports Supporting Up To 30w Per Port And 4x 1g/10g Sfp+ Ports. Should Have The Following Ports: A. 1x Console Port B. 1x Usb Port 3.8.3.17. Must Have Jumbo Frames Allow For Highperformance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.3.18. Must Have Packet Storm Protection Against Broadcast And Multicast Storms With Userdefined Thresholds Smart Link Enables Simple, Fast Converging Link Redundancy And Load Balancing With Dual Uplinks Avoiding Spanning Tree Complexities. 3.8.3.19. Must Have Management Interface Control Enables Or Disables Each Of The Following Depending On Security Preferences, Console Port, Or Reset Button. 3.8.3.20. Must Have Industry-standard Cli With A Hierarchical Structure For Reduced Training Time And Expense. 3.8.3.21. Management Security Restricts Access To Critical Configuration Commands, Provides Multiple Privilege Levels With Password Protection And Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.3.22. Must Have Snmp V2c/v3 Provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib), And Private Extensions. 3.8.3.23. Must Have Remote Monitoring (rmon) With Standard Snmp To Monitor Essential Network Functions. Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group; Rmon, And Sflow Provide Advanced Monitoring And Reporting Capabilities For Statistics, History, Alarms And Events. 3.8.3.24. Must Have Tftp And Sftp Support Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.3.25. Must Have Network Time Protocol (ntp) Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network So The Devices Can Provide Diverse Applications Based On The Consistent Time. 3.8.3.26. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.3.27. Must Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.3.28. Must Be Able To Assign Descriptive Names To Ports For Easy Identification. 3.8.3.29. Must Have Multiple Configuration Files Can Be Stored To A Flash Image. 3.8.3.30. Must Have Unidirectional Link Detection (udld) Which Monitors The Link Between Two Switches And Blocks The Ports On Both Ends Of The Link If The Link Goes Down At Any Point Between The Two Devices. 3.8.3.31. Must Have Vlan Support And Tagging For Ieee 802.1q (4k Vlan Ids). 3.8.3.32. Must Have Jumbo Packet Support Improves The Performance Of Large Data Transfers; Supports Frame Size Of Up To 9000 Bytes. 3.8.3.33. Must Have Bridge Protocol Data Unit (bpdu) Tunnelling That Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.3.34. Must Have Port Mirroring Which Duplicates Port Traffic (ingress And Egress) To A Monitoring Port; Supports 4 Mirroring Groups. 3.8.3.35. Must Have Stp That Supports Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp) 3.8.3.36. Internet Group Management Protocol (igmp) Controls And Manages The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.3.37. Must Have Domain Name System (dns) Capability. 3.8.3.38. Must Have Acls That Also Provides Filtering Based On The Ip Field, Source/ Destination Ip Address/subnet, And Source/ Destination Tcp/udp Port Number On A Per-vlan Or Per-port Basis. 3.8.3.39. Must Have Management Access Security For Both On And Off Box Authentication For Administrative Access. 3.8.3.40. Must Be Able To Support Multiple User Authentication Methods. Uses An Ieee 802.1x Supplicant On The Client In Conjunction With A Radius Server To Authenticate In Accordance With Industry Standards. 3.8.3.41. Must Support Mac-based Client Authentication. 3.8.3.42. Must Have Secure Management Access That Delivers Secure Encryption Of All Access Methods (cli, Gui, Or Mib) Through Sshv2, Ssl, And/or Snmpv3. 3.8.3.43. Must Have Icmp Throttling That Defeats Icmp Denial-of-service Attacks By Enabling Any Switch Port To Automatically Throttle Icmp Traffic. 3.8.3.44. Must Have Port Security Which Allows Access Only To Specified Mac Addresses. 3.8.3.45. Must Have Mac Address Lockout That Prevents Particular Configured Mac Addresses From Connecting To The Network. 3.8.3.46. Must Have Secure Sockets Layer (ssl) That Encrypts All Http Traffic, Allowing Secure Access To The Browser-based Management Gui In The Switch. 3.8.3.47. Must Have Igmp Snooping That Allows Multiple Vlans To Receive The Same Ipv4 Multicast Traffic, Lessening Network Bandwidth Demand By Reducing Multiple Streams To Each Vlan. 3.8.3.48. Must Have Multicast Listener Discovery (mld) That Enables Discovery Of Ipv6 Multicast Listeners; Support Mld V1 And V2. 3.8.3.49. Must Have Internet Group Management Protocol (igmp) That Utilizes Any-source Multicast (asm) To Manage Ipv4 Multicast Networks; Supports Igmpv1, V2, And V3. 3.9. Campus Network Expansion 3.9.1. 50 Units Indoor Access Points 3.9.1.1. Must Have 3.55 Gbps Raw Capacity Specification. 3.9.1.2. Must Have Wpa3 And Enhanced Open Security. 3.9.1.3. Must Have A Built-in Technology That Resolves Sticky Client Issues For Wi-fi 6 And Wi-fi 5 Devices. 3.9.1.4. Must Have Ofdma And Mu-mimo For Enhanced Multi-user Efficiency. 3.9.1.5. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo) Specification. 3.9.1.6. Must Be Able To Support Data Rates Of Up To 2.4 Gbps For Ieee802.11ax. 3.9.1.7. Must Have Multi-user Transmission With Downlink And Uplink Ofdma. 3.9.1.8. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.1.9. Must Have Dual Radio 802.11ax Access Point With Ofdma And Multi-user Mimo (mumimo): 3.9.1.10. Must Have Multi-gig Uplink Ethernet Port With The Following Specifications: A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.1.11. Must Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.1.12. Must Support The Following Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835ghz B. 5.150 To 5.250ghz C. 5.250 To 5.350ghz D. 5.470 To 5.725ghz E. 5.725 To 5.850ghz F. 5.850 To 5.895ghz 3.9.1.13. Must Have Dynamic Frequency Selection (dfs) Which Optimizes The Use Of Available Rf Spectrum. 3.9.1.14. Must Support Radio Technologies: A. 802.11b: Direct-sequence Spreadspectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequencydivision Multiple Access (ofdma) With Up To 16 Resource Units (for An 80mhz Channel)" 3.9.1.15. Must Support The Following Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024-qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024- Qam802.11n High-throughput (ht) Support: Ht20/40 3.9.1.16. Must Have 802.11ac And 802.11ax 3.9.1.17. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.1.18. Must Support Multi-channel Implementation. 3.9.1.19. Must Support Hybrid Implementation. 3.9.1.20. Must Support Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mvc31, Ht20 To Ht40) E. 802.11ac: 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4, Vht20 To Vht160) F. 802.11ax (2.4ghz): 3.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 3.6 To 4,803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: Ampdu, A-msdu 3.9.1.21. Must Have Four Integrated Dual-band Down Tilt Omni-directional Antennas For 4x4 Mimo With Peak Antenna Gain Of 4.2dbi In 2.4ghz And 7.5dbi In 5ghz. Built-in Antennas Are Optimized For Horizontal Ceiling Mounted Orientation Of The Ap. The Down Tilt Angle For Maximum Gain Should Be Roughly 30 Degrees. 3.9.1.22. Must Have Combining The Patterns Of Each Of The Antennas Of The Mimo Radios, The Peak Gain Of The Effective Per-antenna Pattern Is 3.8dbi In 2.4ghz And 4.6dbi In 5ghz. 3.9.1.23. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3af/at/bt (class 3 Or Higher) D. E1: 10/100/1000base-t Ethernet Network Interface (rj-45) E. Auto-sensing Link Speed And Mdi/mdx 3.9.1.24. Must Have Dc Power Interface: 48vdc (nominal, +/- 5%), Accepts 1.35mm/3.5mm Center-positive Circular Plug With 9.5mm Length. 3.9.1.25. Must Have Visual Indictors (two Multi-color Leds): For System And Radio Status. 3.9.1.26. Must Have A Reset Button: Factory Reset, Led Mode Control (normal/off). 3.9.2. 30 Units Outdoor Access Points 3.9.2.1. Must Have 8x8 Mu-mimo Capability. 3.9.2.2. Must Be Delivering A Raw Capacity Of 4.8 Gbps. 3.9.2.3. Must Have An Uplink And Downlink Orthogonal Frequency Division Multiple Access (ofdma), Downlink Multi-user Mimo (mu-mimo) And Cellular Colocation. 3.9.2.4. Must Have Ai Powered Technology Ensures That All Clients Are Attached To Their Best Serving Access Point. 3.9.2.5. Must Have Session Metrics, Network Metrics, Applications And Client Type Are Used To Identify And Maintain The Best Connection. 3.9.2.6. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo). 3.9.2.7. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.2.8. Must Have Multi-gig Uplink Ethernet Port A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.2.9. Must Have An Ap Type: Outdoor Hardened, Wi-fi 6 Dual Radio, 5 Ghz 8x8 Mimo And 2.4 Ghz 4x4 Mimo Software And Configurable Dual Radio Supports 5 Ghz And 2.4 Ghz 5 Ghz: 3.9.2.10. Must Be Able To Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.2.11. Must Have The Following Supported Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835 Ghz B. 5.150 To 5.250 Ghz C. 5.250 To 5.350 Ghz D. 5.470 To 5.725 Ghz E. 5.725 To 5.850 Ghz F. 5.825 To 5.875 Ghz 3.9.2.12. Must Have The Following Available Channels: Dependent On Configured Regulatory Domain. 3.9.2.13. Must Have Dynamic Frequency Selection (dfs) Optimizes The Use Of Available Rf Spectrum. 3.9.2.14. Must Support The Following Radio Technologies: A. 802.11b: Direct-sequence Spread-spectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequency-division Multiple Access (ofdma) With Up To 16 Resource Units (ru) 3.9.2.15. Must Have The Following Supported Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam E. 802.11n High-throughput (ht) Support: Ht 20/40 F. 802.11ac Very High Throughput (vht) Support: Vht 20/40/80/160 G. 802.11ax High Efficiency (he) Support: He20/40/80/160 3.9.2.16. Must Have The Following Supported Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54 C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mcs31, Ht20 To Ht40) E. 802.11ac: (5 Ghz): 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4 For Vht20 To Vht160) F. 802.11ax (2.4ghz): 8.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 8.6 To 4803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: A-mpdu, A-msdu 3.9.2.17. Must Have The Maximum (conducted) Transmit Power (limited By Local Regulatory Requirements): A. 2.4 Ghz Band: +22 Dbm Per Chain, +25dbm Aggregate (2x2) B. 5 Ghz Band: +22 Dbm Per Chain, +28dbm Aggregate (4x4) 3.9.2.18. Must Have Multi-gig Port (rj-45) A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) - 802.3az Energy Efficient Ethernet (eee) 3.9.2.19. Must Have 100/1000base-t (rj-45) A. Auto-sensing Link Speed And Mdi/mdx - 802.3az Energy Efficient Ethernet (eee) B. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) 3.9.2.20. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. 3.9.2.21. Must Have Visual Indicator (multi-color Led): For System And Radio Status. 3.9.2.22. Must Have A Reset Button: Factory Reset (during Device Power Up). 3.9.2.23. Must Have 802.11ac And 802.11ax 3.9.2.24. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.2.25. Must Support Multi-channel Implementation. 3.9.2.26. Must Support Hybrid Implementation. 3.9.3. Wireless Lan Controller 3.9.3.1. Bidder Must Supply Licenses For The Number Of Access Points Proposed In This Bid For 3 Years Maintenance. 3.9.3.2. Must Be Software Solution For Wi-fi Performance At The Edge That Support Up To 3,000 Aps. 3.9.3.3. The Network Controller Could Be A Software Solution Or A Network Appliance. 3.9.3.4. The Network Controller Can Be A Function/feature Within The Whole Network Management System Or Platform. 3.9.3.5. Must Be Able To Deliver 24x7 Reliability, Live Upgrades, And Always-on Connectivity. 3.9.3.6. Must Support Zero Touch Provisioning. 3.9.3.7. Must Support Plug-n-play Ap Replacement. 3.9.3.8. Wireless Network Can Still Function Normally When The Network Controller Fails. 3.9.3.9. If The Wireless Lan Controller Is Software Solution Only, Bidder Must Include An Operating System License. 3.10. Network Management System (nms) 3.10.1. Solution Should Support Zero-touch Deployment Of Switches And Wireless Controllers And Even Ngfw To Eliminate Human Intervention. 3.10.2. Solution Should Support Physical Branch Provisioning By Automating Onboarding, Initial Configuration, And Customer-supplied Configurations For The Complete Branch Network For Single Or Multiple Branches. 3.10.3. Proposed Solution Should Automatically Discover And Maps Network Devices. Should Have An Ability To Display Real-time Graphical Representation. 3.10.4. The Proposed Solution Should Classify Devices In The Topology Map Based On Different Network Layers And Filter Based On Vlan. 3.10.5. The Proposed Solution Should Have 2d And 3d Wireless Coverage Planning Tool Provide Real Time Rf Heat Maps That Show Accurate Information On The Overall Signal Quality Delivered To Locations On A Map. 3.10.6. The Proposed Solution Should Have Capability Of Visualize The Wi-fi 6 Insight Aps Over Legacy Aps, Airtime Efficiency, And Wireless Latency 3.10.7. The Solution Shall Have The Ability To Compare Configuration Versions Using A Side-by-side, Split-screen Display To Highlight Differences Between Current And Captured Configuration. 3.10.8. The Proposed Solution Must Be Able To Define Baseline Software Image Per Location For Specific Platform And Provide Pre- And Post-upgrade Checks For Software Image Management. 3.10.9. The Proposed Solution Must Have An Ai-driven Analytics Engine With Machine-learning Based Workflows To Provide Root Cause Analyses And Solve Complex Issues. 3.10.10. The Proposed Solution Shall Provide At-a-glance Fault Summary Dashboards To View Top Unhealthy Network Elements With Status Kpis And Drill Down To View The Detailed Information. 3.10.11. The Proposed Solution Shall Provide Actionable Insights Into Network, Client, And Application-related Issues Eliminating White Noise And False Positives Based On Recent And Historical Data; And Provide Guided Remediation To Troubleshoot The Issues. 3.10.12. The Proposed Solution Shall Support Vector-based Area Detection Technology For Wireless Network. 3.10.13. The Proposed Solution Should Have The Following Options Of Deployment; 3.10.13.1. Mini Version For Small Network And Can Run Built-in On Core Switches And Ngfw. 3.10.13.2. Full Featured Appliance-based Solution For An Average Network Size 3.10.13.3. Full Featured Software-based Solution For Extremely Large Network Size 3.10.14. Network Management System Solution Can Also Be Utilize To Implement Network Layer Security Based On Self-defending Network. 3.10.15. Must Include Operating System License If Bidder Will Propose Software Solution Only. Servers And Storage Appliances 1 86,140,314.00 4.1. Vm Servers Six (6) Units Vm Servers With Minimum Specifications As Follows: 4.1.1. Processor: Dual Processor With At Least 2.0ghz, 2 X 28c 4.1.2. Memory: 1tb Ram 4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 2tb Ssd Sas 4.1.4. Disk Controller: Raid 0, 1, 10, 5 4.1.5. Sas Raid Controller 4.1.6. Network Ports: At Least 2 X Dual Ports 10gbe 4.1.7. Hba Card (fc Card): 2 X Dp Fc16 4.1.8. Must Have N+1 Fan Redundancy 4.1.9. Must Have Dual Redundant Power Supply 4.1.10. Must Include Enterprise Linux Based Operating System Per Server That Can Accommodate Virtual Machines Without Additional License Cost 4.2. Storage Area Network Switches 4.2.1. 2 Units X 24 Ports 16gb Fc San Switch 4.2.2. 48 Pcs 16gb Fc Lc To Lc Cables 4.2.3. Redundant Power Supply 4.3. Block Storage System 4.3.1. Enterprise Block Storage System Specifications: 4.3.1.1. Must Have 50tb Nvme Ssd Usable Capacity. 4.3.1.2. Minimum Of 4 X 16gb Fc Ports 4.3.1.3. Designed For Six Nines Of Availability 4.3.1.4. Must Support Active-active, End-to-end Nvme Controllers 4.3.1.5. Must Support Nvme Ssd 4.3.1.6. Must Have The Capability To Natively Connect To And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.3.1.7. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.4. Back-up System Requirements For Enterprise On-premise Back-up System: 4.4.1. Back-up Server Must Have The Following Minimum Specifications: 4.4.1.1. Dual Processor With At Least 2.0ghz, 2 X 12c 4.4.1.2. Memory: 256gb Ram 4.4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 4tb Ssd Sas 4.4.1.4. Sas Raid Controller 4.4.1.5. At Least 4 X 10gbe 4.4.1.6. Hba Card (fc Card): 2x Dp Fc16 4.4.1.7. Must Have N+1 Fan Redundancy. 4.4.1.8. Windows Server Operating System 4.4.1.9. Must Have Dual Redundant Power Supply. 4.4.1.10. The Solution Must Include Tools For Effective Management. 4.4.1.11. The Solution Must Provide Software Licenses For Protection Of Either 20 Vm’s Or 50tb Capacity. 4.4.1.12. The Solution Must Support Native Tiering To Public And/or Private Clouds For Long-term Retention. 4.4.1.13. The Solution Must Support Data Deduplication. 4.4.1.14. The Solution Must Support Reporting Capabilities For Physical Capacity Utilization. 4.4.1.15. Must Include Operating System License For Back-up Software 4.5. Block Storage System For Back-up 4.5.1. Enterprise Block Storage System Specifications: 4.5.1.1. Must Have 300tb Nlsas Usable Capacity. 4.5.1.2. Minimum Of 4 X 16gb Fc Ports 4.5.1.3. Equipment Must Be Designed For A Minimum Of Six Nines Of Availability Or Higher. 4.5.1.4. Must Support Active-active Controllers. 4.5.1.5. Must Also Have The Capability To Natively Connect And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.5.1.6. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.6. Virtualization Software 4.6.1. Must Support Api And Policy Driven Storage Capabilities 4.6.2. Must Support Persistent Memory 4.6.3. Must Support Single Reboot 4.6.4. Must Support Quick Boot. 4.6.5. Must Support Live Migration Of Workloads 4.6.6. Support For Msft Vbs 4.6.7. Must Support Endpoint Security 4.6.8. Must Support Fault Tolerance 4.6.9. Must Support Per-vm Enhanced Vm Migration Compatibility. 4.6.10. Must Support Proactive High Availability 4.6.11. Must Support Vm-level Encryption. 4.6.12. Must Support Centralized Network Management 4.6.13. Must Support Load Balancing 4.6.14. Must Support Prioritize Resources To Virtual Machines Data Center Facility 1 92,008,302.00 5.1.1. The Winning Vendor Shall Supply, Install And Commission A Modular Data Center That Will Support The Network, Servers And Storage Deployments. This Data Center Must Be Scalable In Nature With Its Capacities, Including Additional Racks, Easily Upgraded Without Disruption To Normal Operations. 5.1.1.1. Server Racks 5.1.1.2. Uninterruptible Power Supply (ups) 5.1.1.3. Precision Air Conditioning Unit (pacu) 5.1.1.4. Cctv System 5.1.1.5. Environmental Monitoring System (ems) 5.1.1.6. Fire Suppression System 5.1.2. Cold Aisle Containment System 5.1.2.1. Equipped With Automatic Sliding Door, Magnetic Locking Roofs, Intelligent Lighting System, Cable Management, Touchscreen Display Controller, Sms Modem And Data Center Facility Equipment Status (ups And Pacu). 5.1.2.2. Must Have Access Controller With Management Of Users, Logs And Access Authorization (2-door Type) 5.1.2.3. Equipped With Access Control Reader (rfid Card, And Pin/badge Code) 5.1.2.4. Able To Communicate With The Following Sensors: Temperature & Humidity, Smoke, Leak Detection, Door Status And Data Center Equipment (pacu, Ups And Power Meters) 5.1.2.5. Includes A Monitoring Tool / System With Analytics. 5.1.2.6. Temperature & Humidity Sensor Included For All Entire Racks. 5.1.2.7. Includes Smoke Sensor (dry Contact Type With Alarm Light) For The Entire Racks. 5.1.2.8. Equipped With Door Status Sensor For The Entire Racks. 5.1.2.9. Equipped With Water Leak Sensor For The Entire Racks. 5.1.2.10. Able To Monitor Rack Space. 5.1.2.11. Able To Display Virtual Rack Diagram / Layout. 5.1.2.12. Equipped With Smart Meter. 5.1.3. Closed Bay Server Racks 5.1.3.1. Dimension: 600mm (width) *1100mm (depth) *2000mm (height) 5.1.3.2. Static Weight Loading Capacity Of At Least 1,400kg 5.1.3.3. Ip Rating – 20 5.1.3.4. Door Perforations – 70% Minimum 5.1.3.5. Adjustable Leveling Feet For Stability And Security 5.1.3.6. Front And Rear Doors Open Up To 130º 5.1.3.7. Front And Rear Doors Must Be Grounded To The Rack. 5.1.3.8. With Electronic Lockable Front & Rear Doors Integrated To Dcim Software 5.1.3.9. With Front And Rear U-position Numbers 5.1.3.10. With Removable Power Trough On The Roof For Power, Network And Optic Cables Management 5.1.3.11. With Heavy Duty Castor 5.1.4. Must Propose 1 Unit Out Of Band Switch With The Following Specifications: 5.1.4.1. 48 Ports X Rj45 Rs-232 Serial Ports 5.1.5. Managed Pdu 5.1.5.1. Metered Type. 5.1.5.2. Ac Input Voltage: 400v 3ph 5wire 60hz Wye. 5.1.5.3. Nominal Voltage Input: 350v – 415vac 3 Phase Wye. 5.1.5.4. Output Voltage: 200v-240vac 1phase. 5.1.5.5. 36 X Ec320-c13 Output Receptacles. 5.1.5.6. 3 X Iec320-c19 Output Receptacles. 5.1.5.7. With Branch/group Circuit Breaker Protection. 5.1.5.8. Equipped With Led Current (rms Value) Display And Overload Warning Indicator. 5.1.5.9. Must Be Monitored Through Dcim Software. 5.1.5.10. Tool-less Installation Standard Rack Cabinets. 5.1.5.11. Must Include Brackets For Mounting In Other Brand Rack Cabinets. 5.1.5.12. Zero-u Installation To Save Rack Space. 5.1.5.13. Operating Range: 0 To 45 Degrees Celsius. 5.1.6. Iot Smart Cctv Cameras 5.1.6.1. With Live Caption And Monitoring 5.1.6.2. Smart Features 5.1.6.3. Must Cover The Entire Sever Room And Server In An Aisle 5.1.6.4. At Least 5mp Resolution 5.1.6.5. With Storage Capable To Retain Videos For 30 Days 5.1.7. Precision Cooling 5.1.7.1. Must Provide 4 Units Of Precision Row Cooling With At Least 30kw Total Cooling And 30kw Sensible Cooling Capacity 5.1.7.2. Must Be Ce Certified Or Equivalent International Standard. 5.1.7.3. The Indoor Unit Fan Type Must Be Ec Fan With Automatic Adjustment Through A Controller To Match The Heat Load From 20%-100%. 5.1.7.4. The Outdoor Unit Fan Must Have Variable Speed Control Which Adjusts According To Different Weather Conditions. 5.1.7.5. The Indoor Fans Must Be Hot Swappable Which Should Not Require Shutting Down Of The Entire Pacu Unit When Replacing The Defective Fan/s. 5.1.7.6. The Pacu Unit Must Be Equipped With Electronic Expansion Valve (eev) To Provide Accurate Control Of The Refrigerant To Run Optimized On Various Conditions. 5.1.7.7. Filter Shall Be High Efficient Eu4/f4/merv8 Standard. 5.1.7.8. At Least Ten-inch Lcd Colored Touch Screen Display Externally Mounted And Viewed From The Front Of The Unit 5.1.7.9. The Touch Panel Must Contain The Settings And Programs Of All The Stored Operating Parameters That Can Be Used, Viewed, And Set On The User Display Interface. 5.1.7.10. Must Be Equipped With Automatic Restart Feature That Will Automatically Restart The System After A Power Failure. 5.1.7.11. High Pressure And Low Pressure Of Refrigerant System Shall Be Recorded In The Controller And Be Viewed Through The Display. 5.1.7.12. Shall Have Reheater With Positive Temperature Coefficient (ptc) Selfregulating Reheating Element At 3kw Rating. 5.1.7.13. Must Have Electrode Humidifier With 3kg/hr Capacity. 5.1.7.14. The Controller Is Able To Work In Teamwork Mode. 5.1.7.15. Capable To Accept 2 Power Source With Automatic Switching From Feed A To Feed B And Vice Versa To Support High Availability. 5.1.7.16. The Pacu Shall Be A 3 Phase (380/400/415v, 60hz) 5.1.7.17. 5.1.7.18. Must Have Built-in Or Has Available Slot For Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.7.19. Supports Communications Protocols Such As Rs-485, Snmp And Must Be Monitored Centrally On The Data Center Infrastructure Management Software (dcim). 5.1.7.20. Unit Dimension Shall Not Be Greater Than 300mm W X 2000mm H X 1090mm D. 5.1.7.21. All Pacu Units Must Have At Least One External Temperature And Humidity Sensors Installed On The Back Door Of The Rack Next To It. 5.1.7.22. Unit Must Be Compatible With R-410a Refrigerant Or Other Environmental Friendly Refrigerant 5.1.7.23. Must Have Dry Contact Device For Alarm System. 5.1.7.24. All Pacu Units Must Be Integrated To Door Access Control And Fire Suppression System 5.1.8. Ups Systems With Independent Battery System: 5.1.8.1. Supply 2 Units Modular Ups With 80kw Frame In 2n Configuration 5.1.8.2. 40kva Initial Modular Capacity 5.1.8.3. Can Cater 5kw Per Rack @ 8 Racks 5.1.8.4. At Least 15 Mins Back Up Time 5.1.8.5. The Ups Must Be Based On Igbt Technology Architecture That Provides High Quality, Low Noise, Pure And Uninterrupted Power Supply, Three Phase, Four Wire + Ground, Hot Swappable Modular Type Ups 5.1.8.6. Must Be Ce Certified, Iec/en62040-1, Iec/en62040-2 Or Equivalent. 5.1.8.7. The Ups Shall Have Built-in Protection Circuit Breakers For Input, Manual Bypass, Bypass And Output Connections. 5.1.8.8. The Ups Must Be A 3 Phase (380/400/415v, 60hz) Input Type And 3 Phase (380/400/415v, 60hz) Output Type. 5.1.8.9. The Ups Status Must Have User Friendly Interface With Big Graphic Lcd Screen For All Communication And Command Options To Show Operational And Functional Status, Measurements, Event Log, Etc. 5.1.8.10. Must Have Built-in Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.8.11. In Each Of The Ups, It Include Controller Module, Static Transfer Switch (sts Module) And Power Modules. Modules Must Be Hotswappable Without Bypass Mode Or Without System Shutdown Required In Order To Minimize Down Time. 5.1.8.12. Has Automatic Restart Function To Normal Mode Right After The Ac Input Resumes Following A Low Battery Shutdown And Returns Automatically To Normal Mode From Bypass Mode After An Overload Condition Or Short Circuit Condition Is Cleared. 5.1.8.13. Enclosure Ip Rating – Ip20 As A Minimum 5.1.8.14. Ambient Operating Temperature Between 0 To 40 Degrees C 5.1.8.15. Audible Noise <62db At 1 Meter 5.1.8.16. Winning Bidder Must Provide Calculation Of Mtbf (mean Time Between Failures) Which Must Not Be Lower Than 125,000 Hours Based On Online Mode (battery At Float & Battery Charge), Onbattery (inverter Mode) Back Up Mode And Bypass Mode. 5.1.8.17. Ups Input Specification 5.1.8.17.1. Voltage: 380v ± 20 % Or Better. 5.1.8.17.2. Frequency: 60 Hz ± 5 % Or Better. 5.1.8.17.3. Power Factor: 0.99 Or Better. 5.1.8.17.4. Harmonic Distortion (thdi): 5% Or Better 5.1.8.18. Ups Output Specification 5.1.8.18.1. Voltage: 380v/400v/415v ±1 % Or Better. 5.1.8.18.2. Frequency: 60 Hz ± 0.1 % Or Better. 5.1.8.18.3. Power Factor: Unity (1) 5.1.8.18.4. Harmonic Distortion: < 2%(at Linear Load) Or Better. 5.1.8.18.5. Overload: ≤125% ; 10 Min , ≤150% ; 1 Min Or Better. 5.1.8.18.6. Overall Efficiency: 96% (online Mode) And 99% (eco Mode) 5.1.8.19. Battery Specification 5.1.8.19.1. The Battery System Must Be Lithium Ion (lfp Type) Or Equivalent Complete With Battery Module, Battery Cabinet And Battery Management System. 5.1.8.19.2. Each Ups Must Have 15min Battery Runtime At 40kw Load. 5.1.8.19.3. The Battery System Must Be Designed To Support Each Ups Independently. A Common Battery Scheme For 2 Ups Is Not Allowed In Order To Prevent Single Point Of Failure. 5.1.8.19.4. The Lithium Ion Battery Cabinet Of Each Ups Shall Have Visual Display System For Real Time Display System Status 5.1.8.19.5. With Four Level Safety Protection To Ensure System Safety And Reliability (cell Level, Module Level, And System Level) 5.1.8.19.6. With Three Levels Of Battery Management System From Cell Level (basic), Rack Level And System Level 5.1.8.19.7. The Battery Must Be Manufactured By A Factory Which Has Been Certified For Iso 9001 And Iso14001. 5.1.9. Monitoring System 5.1.9.1. Able To Visualize The Overall Layout Of The Data Center 5.1.9.2. With Overall Environment Mapping Or Profile Of The Data Center 5.1.9.3. With Electrical, Mechanical, Fire And Safety Systems And Sub Systems Status Monitoring 5.1.9.4. Monitoring Of Precision Cooling Status And Profile 5.1.9.5. Power Diagrams 5.1.9.6. Alarm Notification And Reporting 5.1.9.7. The System Must Be Able To Monitor The Following: 5.1.9.7.1. Access Control And Surveillance (cctv) 5.1.9.7.2. Asset Management 5.1.9.7.3. Rack Utilization, Rack U-space, Weight, Power Load And Network Port For Each Rack 5.1.9.7.4. Multiple Site Management 5.1.9.7.5. Alarm Notification, Reporting And Schedule 5.1.9.8. Equipped With Intelligent Platform Management Interface (ipmi) 5.1.9.9. System Can Be Integrated To End User Active Directory (ldap) Management For: 5.1.9.9.1. Real Time And Historical Pue 5.1.9.9.2. Electricity Cost And Billing 5.1.9.9.3. Overall Capacity Utilization 5.1.9.9.4. Work Order Progress And Approval Process. 5.1.9.9.5. Alarm Notification And Reporting 5.1.10. Environmental Management System (ems) 5.1.10.1. Input Voltage: 100- 230vac 5.1.10.2. Input Frequency: 50hz 5.1.10.3. Digital Inputs: 4 5.1.10.4. Analogue Inputs: 2 5.1.10.5. Water Leak X 1: Detect Voltage < 1v ((alarm Signal With S-1fp Leak Sensor) 5.1.10.6. 8 X Sensor Hub Outputs For Smoke, Fire, Door Connections 5.1.10.7. Relay Outputs: 2 5.1.10.8. Led Warning Lights 5.1.10.9. 1 Ru 5.1.10.10. Ems Protocols 5.1.10.10.1. Ipv4/ Ipv6 Ftp/ Sftp/ Tftp 5.1.10.10.2. Dhcp Smtp 5.1.10.10.3. Http/ Https Sntp 5.1.10.10.4. Snmp V1/v3 Syslog 5.1.10.10.5. Telnet/ Ssh Radius 5.1.10.11. Rack Temp/humidity Sensor Specification 5.1.10.11.1. Input Power: Via Pdu Or Ups Snmp Or Ems Appliance 5.1.10.11.2. Temp Accuracy: 15ºc - 35ºc : ± 1ºc 5.1.10.11.3. Temp Accuracy: 0ºc - 15ºc & 35ºc - 45ºc: ± 2ºc 5.1.10.11.4. Humidity Operation: 20 - 90% Rh None Condensing. 5.1.11. Other Requirements 5.1.11.1. The Winning Bidder Shall Assess The Floor Loading Capacity Of The Cnu Nominated Area Where The Data Center Shall Be Installed. The Winning Bidder Must Perform Floor Loading Augmentation Works To Ensure That The Floor Loading Capacity Is Sufficient To Support The Data Center Equipment. 5.1.11.2. The Winning Bidder Shall Be Responsible In All Essential Installation Works. 5.2. Consolidated Command And Control Center 5.2.1. 6 Units Led Wall Monitors 5.2.1.1. Must Provision 6 Units 55 Inch Led Wall Monitors 5.2.2. 6 Units Desktop Computers 5.2.2.1. Must Have The Following Minimum Specifications: 5.2.2.2. Must Have A Minimum Of Intel I5 Cpu. 5.2.2.3. Must Have The Latest Windows Os 5.2.2.4. Must Have 16gb Memory. 5.2.2.5. Must Have A Minimum Of 512gb Ssd 5.2.2.6. Must Have An Integrated Video Card 5.2.2.7. Must Have A Minimum Of 1 X Hdmi Port 5.2.2.8. Must Have 2 X Usb 3.2 Gen Port 5.2.2.9. Must Have 1 X Rj45 Ethernet Port 5.2.2.10. Must Include Keyboard And Mouse 5.2.2.11. Must Include 23 Inch Monitor 5.2.2.12. Must Include Office Productivity Software 5.2.2.13. Must Include Endpoint Security (refer To 4.6 For Specifications) 5.2.3. Consolidation Of Various Monitoring System 5.2.3.1. The Winning Bidder Must Ensure Network, Security, Servers And Application Monitoring Systems Are Viewed And Controlled From The Command Center 5.2.3.2. Data Center Monitoring System (dcim) Must Be Viewed And Controlled From The Command Center 5.2.3.3. Cctv Monitoring Is To Be Done At The Command Center 5.2.4. Other Requirements 5.2.5. Provision Of Essential Furnishing 5.2.6. Provision Of Power Supply 5.2.7. Provision Of Network Nodes Including Required Data Cabling 5.2.8. Provision Of Services Essential To Prepare The Cnu Nominated Area Conducive For A Command Center Smart Security System 1 108,560,223.00 6.1. Smart Cctv Cameras (90 Units) 6.1.1. Cctv System Must Consist Of The Following: 6.1.1.1. Dome Camera, 4mp Or Higher Mp 6.1.1.2. Bullet Camera, 4mp Or Higher Mp 6.1.1.3. Ptz Camera, 4mp Or Higher Mp 6.1.1.4. Network Video Recorded (nvr) With Rightsized Storage Equipment 6.1.1.5. Cctv Software And Analytics 6.1.1.6. Video Retention Policy Of A Minimum Of 90 Days 6.1.2. Tcp/ip Based Cameras 6.1.2.1. The Camera Must Be Tcp/ip Based 6.1.2.2. Should Support 12-24 Vdc Or 24 Vac. 6.1.2.3. Should Support 1920 X 1080 Resolution. 6.1.2.4. Should Support 25/30 Fps. 6.1.2.5. Should Support Night Vision For At Least 40m For Dome, 60m For Bullet, 200m For Ptz. 6.1.2.6. Should Be At Least Ip67 Ingress Protection For Dome And Bullet, Ip66 For Ptz 6.2. Facial Recognition System The Facial Recognition System Shall Function, Among Others, As The Primary Data Capture Device For The Daily Time Record Of University Employees, Which Shall Be Integrated With The Hris Dtr Module. It Will Also Function As An Identification Tracker Of Students Coming In And Out Of The Campus. It Will Be Deployed Initially At The Main Entry And Exit Points Of The Campus. At A Minimum, The System Must Be Equipped With The Following: 6.2.1. Touch-less Access Control Reader Equipped With Facial Recognition Capable Of Four (4) Factor Authentication, Such As: 6.2.1.1. Face 6.2.1.2. Finger 6.2.1.3. Card 6.2.1.4. Pin 6.2.2. Equipped With At Least 2mp Camera And Able To Perform Thermal Screening That Will Manage Student And Personnel Credentials And Isolate Those With High Temperature To Keep The Campus Premises Safe And Secure. 6.2.3. Must Be Equipped With Ups. 6.2.4. Rfid Card Options Must Include, At A Minimum, Em Prox, Mifare, Desfire. 6.3. Video Analytics & Video Management System A Video Management System Collects Video From Cameras And Other Sources, Stores That Footage On A Storage Device, Provides An Interface To Both View The Live Video And Access Recorded Footage, And Integrates With Surveillance Systems Of Different Stakeholders Thereby Providing A Holistic And Integrated Solution For The Campus. The Following Capabilities Are Required (note: No Osm): 6.3.1. Analyze Video/camera Events 6.3.1.1. Video Signal Lost 6.3.1.2. Video Signal Restored 6.3.1.3. Camera Sabotage Features 6.3.2. Counting Events 6.3.2.1. A Person Counted As Entering. 6.3.2.2. A Person Counted As Exiting. 6.3.2.3. Car Counted In Lane. 6.3.2.4. Car Exited Carpark. 6.3.2.5. Car Entered Carpark. 6.3.3. Protect Areas Of Interest 6.3.3.1. Intrusion Detection 6.3.3.2. Loitering Detection 6.3.3.3. Possible Theft 6.3.3.4. Object Removed. 6.3.3.5. Object Left Unattended. 6.4. Automated Turnstile Through Rfid Access Supply And Installation Of Automated Gates, Turnstiles And Door Access Retrofitting Servers At The Main Entrance And Exit Area Of The University. 6.4.1.1. Accessed Using A Single Card And Programmable Control System. It Must Include Rfid Card Printers, Readers, And Stocks Of Consumables (rfid Cards And Printer Ribbons) To Meet The Initial Requirements Of All Students, Employees, And Guests Who Will Use The Facilities; 6.4.1.2. Passing Turnstile That Integrates Modules Such As Access Control, Turnstile Control, And Alarm; 6.4.1.3. The Access Control Management System Is Equipped With An Ic Card Reader; 6.4.1.4. Barriers Will Be Closed Automatically If No One Enters The Turnstile After Identity Is Verified. The Lock And Unlock Of Barriers Can Be Controlled By A Remote Controller. When Receiving A Fire Alarm Signal, The Turnstile Will Automatically Open; 6.4.1.5. Support Mechanical Anti-pinch And Ir Anti Pinch, Anti-collision. Support Sound And Light Alarms. Passing Modes. Pass With Identity Verified, Not Allowed To Pass, And Pass Without Restrictions, And Able To Use The Three Modes In Any Combination. Unlock And Lock Speed, Pass Duration, And Lock Delay Duration Must Be Adjustable. Support Intrusion Alarm (entering And Exiting), Trailing Alarm, Stay Overtime Alarm, Climbing Turnstile Alarm, Unlock Anomaly Alarm, Barrier Anomaly Alarm, Ir Anomaly Alarm, Communication Anomaly Alarm, And More. Support Integration Of Face, Fingerprint, Qr Code, Cpu Card Reader/id Card Reader Module, And More To Achieve A Combination Of Multiple Authentication Methods. 6.5. Vms Server Vms Server Consisting Of One (1) General Purpose Server, With Minimum Specifications As Follows: 6.5.1. Memory: 16 Gb Ddr4 Dimm 6.5.2. Storage: 1 Tb 7.2k Sata × 2 6.5.3. Network Ports: 2 × 1gbe Lom Network Interface Controller (nic) Ports. 6.5.4. Operating System: Windows Server Os (licensed Copy Auxiliary Communications 1 100,900,000.00 The Winning Bidder Shall Provide Below Listed Equipment, Appliances And/or Devices To Supplement The Overall Workability Of This Project As Well As Provide Additional Productivity Equipment To The University: 7.1. 9’ X 12’ Led Display 1 Unit Change 1 Unit Indoor 7.1.1. 2 Units Outdoor Led Wall Display To Be Used As Electronic Billboard, With A Minimum Size Of 9ft X 12ft 7.2. 85” Indoor Led Display For Video Conference 7.2.1. 6 Units 85” Indoor Led Display 7.2.2. Provision Of 10x Optical Zoom Video Conferencing Kit Camera 7.3. Ipbx System With Ip Phones The Winning Bidder Must Supply A Complete Working Ip Pbx System For At Least 100 Users. The Proposed System Must Be Compliant With The Following Specifications, At A Minimum: 7.3.1.1.1. Must Extend Voice And Video Features To Network Devices Such As Ip Phones, Telepresence Endpoints, Media-processing Devices, Gateways, And Multimedia Applications. 7.3.1.1.2. Must Be Able To Perform Multimedia Conferencing, Collaborative Contact Centers, And Interactive Multimedia Response Systems Through Open Telephony Apis. 7.3.1.1.3. Must Be Able To Provide Call Attendant With Tools That Quickly Accepts And Effectively Dispatch Incoming Calls To Individuals Across The Organization. 7.3.1.1.4. Must Be Able To Perform Calling, Meeting And Messaging. 7.3.1.1.5. Must Be Equipped With Instant Messaging Features. 7.3.1.1.6. Must Be Equipped With Convergence-based Communication Services To Listen To Messages In Hands-free Mode. 7.3.1.1.7. Must Be Able To Support Maximum Of 1000 Users. 7.3.1.1.8. Must Have 1000 Mailboxes And At Least 24 Voicemail Ports. 7.3.1.1.9. Must Support Up To 1200 Devices. 7.3.1.2. Ip Telephones (300 Units) 7.3.1.2.1. Equipped With Programmable Line Keys. 7.3.1.2.2. Must Have Fixed Function Keys That Allow One-touch Access To Service, Messaging, Directory, Hold/resume, Transfer, And Conference Features. 7.3.1.2.3. Must Have High-resolution Display. 7.3.1.2.4. Must Support Power-over- Ethernet (poe) Class 1 And Is Energy Star Certified 7.3.1.2.5. Equipped With Power Saving Option To Enable Power Consumption Reduction During Off-hours. 7.3.1.2.6. Equipped With Standard Wideband-capable Audio Handset And Connects Through An Rj-9 Port. 7.3.1.2.7. Equipped With Analog Headset Jack And Is Wideband-capable Rj- 9 Audio Port. 7.3.1.2.8. Must Support Backlit Indicators For Audio Path Keys (handset, Headset And Speakerphone), Select Key, Line Keys, And Message Waiting. 7.3.1.2.9. Must Be Equipped With A Fullduplex Speakerphone To Allow Flexibility In Placing And Receiving Calls. 7.3.1.2.10. Must Be Able To Mask The Audible Dual Tone Multifrequency (dtmf) Tones When The Speakerphone Mode Is Used. 7.3.1.3. Solution Should Include A Voice Gateway Solution. 7.4. Public Address And Voice Alarm System 1 Unit 7.4.1 Should Have A Distributed Control Device (dcs) That Is Integrated With Many Functions And Supports The Connection Via Ethernet. 7.4.2 Built-in 1g Memory To Store The Audio Such As Digital Voice Messages And The Alarm Tone Of The Emergency Broadcast Integrated Into The Fire Alarm System And Building Management. 7.8.3 Should Have A Fault Detection Function For The Broadcasting System That Can Automatically Examine The Host System, Power Amplifier, Power Source, And Communication, And Detect The Open Circuit, Short Circuit, And Grounding Fault To Generate The Fault Alarm And Log. 7.8.4 Should Have A Paging Microphone That Allows Users To Make Paging And Broadcast Search Notices By Zone. 7.8.5 Should Have A Broadcasting System That Has Its Own 1 Ppt Emergency Microphone, Which Could Be Used To Play Emergency Broadcasts And Evacuate The Crowds In Specific Zones. 7.8.6 Should Have System Standby Amplifiers. When The Main Amplifier Fails To Function, The Standby Amplifier Replaces It Automatically. After The Main Amplifier Recovers, The System Will Use It Instead Of The Standby Amplifier In An Automatic Way. 7.5. Warranties 7.5.1. Whenever Applicable, All Equipment, Devices, Software And Systems Must Have At Least 1 Year Warranty And Support Services.\ 7.6. Services Requirements 7.6.1. Testing And Commissioning 7.6.1.1. The Winning Bidder Shall Perform Testing And Commissioning Services Upon Completion Of All Required Installations As Defined In This Terms Of Reference. 7.6.1.2. All Testing To Be Performed Must Be Witnessed By Cnu Assigned Personnel To Ensure Transparency Of The Testing Results. 7.6.1.3. The Testing And Commissioning Shall Ensure The Workability Of The Systems On A Stand-alone And Integrated Perspectives. 7.6.1.4. The Winning Bidder Must Submit For Approval Testing Mops (method Of Procedures) Prior To Actual Testing. 7.6.1.5. The Testing And Commissioning Services Shall Serve As The Uat (user Acceptance Testing) Provided It Is Witnessed By Cnu’s Nominated Personnel. 7.6.1.6. In The Event Of Testing Failure, The Winning Bidder Is Required To Perform Rectification Works Not More Than 72 Hours From The Time The Failed Testing Is Witnessed Or Reported. In The Event That Parts, Units And/or Entire Device/s Are To Be Replaced Which May Take Longer Than 72 Hours, The Winning Bidder Is Required To Submit A Written Request Justifying The Extension Of The Prescribed Rectification Duration. 7.6.1.7. All Testing To Be Performed Must Be Within The Manufacturer Prescribed Testing Procedures Or Methods. 7.6.1.8. The Winning Bidder Must Submit A Testing Report. 7.6.2. Knowledge Transfer And Training 7.6.2.1. The Winning Bidder Must Conduct Appropriate Knowledge Transfer Or Training To All Supplied And Installed Equipment, Devices, Software, Systems And Platforms Prior To Handover. 7.6.2.2. Training Must Include Basic Operation Of The Equipment, Devices And/or Systems, Allowable Troubleshooting That Will Not Void The Warranties And Orientation On Support Requests. 7.6.2.3. The Training Sessions Can Be Face To Face Through Classroom Type Or Online/virtual Provided A Walk-through Of The Systems Are Made Possible (if Applicable). 7.6.3. As-built Plans 7.6.3.1. The Winning Bidder Is Required, As Part Of The Post Project Documentation, To Submit As-built Plans Which Will Reflect The Actual Design And Implementation Of Various Ict Infrastructure And Systems In A Form Of Diagrams And/or Layouts. 7.6.3.2. Whenever Applicable, The As-built Plans Must Be Signed By Licensed Engineer Of A Particular Trade. 7.7. Implementation Duration 7.7.1. From The Date Of Notice To Proceed (ntp), The Winning Bidder Has Three Hundred Sixty (360) Calendar Days To Deliver And Complete The Project. Completion Includes Formal Handover And Acceptance By Cnu. 7.7.2. Participating Bidders Must Include In Its Bid Submission A High-level Gantt Chart That Illustrates The Project Implementation Schedule Per Wbs. 7.8. Bidder Competency And Qualification Requirements 7.8.1. The Bid Submission Shall Be In Sufficient Detail To Show Compliance With The Specification And Shall Include The Following: 7.8.1.1. Statement Of Compliance, Or Otherwise, Against The Specification For The System Offered. 7.8.1.2. A Scaled Drawing Showing The Proposed Layout Of All The Equipment In The Proposed System. 7.8.1.3. A Detailed Technical Description Of The Proposed System, Including All The Equipment And Software Offered. 7.8.1.4. A Working Timeline Including The Periods Of Design And Manufacture, Delivery, Installation, Training, Site Acceptance Testing, And Commissioning. 7.8.1.5. A Description Of The Architectural, Mechanical, Electrical, And Other Data Center Facility-related Works. 7.8.1.6. Colored Brochures Of All Equipment Supplied Including Racks And Consoles. 7.8.2. The Participating Bidder Must Include The Following Certifications In Its Bid Submission: 7.8.2.1. Manufacturer’s / Distributor’s Certificate Or Manufacturer’s / Distributor’s Authorization From The Manufacturer Of The Data Center, Desktop, Laptop, Network, And Server That The Bidder Is An Authorized Dealer/reseller To Join The Bid And It Has Validated The Full Solution Of The Project. 7.8.2.2. The Certification Must State That The Manufacturer / Distributor Of The Server And Network, Through Its Local Office, Is Capable Of Providing Support For The Offered Solution Which Will Be Implemented In This Project. 7.8.2.3. The Certification Or Manufacturer’s / Distributor’s Authorization Must Be Issued By The Manufacturer’s Incountry (philippines) Office. In Cases Where The Manufacturer Has No Representative Office In The Philippines, The Bidder May Secure The Certification Or Manufacturer’s Authorization From The Manufacturer’s Regional Office Exercising Supervision Over All Activities In The Philippines. 7.8.3. Manufacturer’s / Distributor Certification For The Servers, Storage, Networking, And Desktop Computers: 7.8.3.1. Must Have In-country Spare Parts Warehouse. 7.8.3.2. Must Be An International Enterprise And Should Have More Than 10 Years Of Business Experience In The Philippines. 7.8.3.3. The Manufacturer / Distributor Must Have Certified Engineers. 7.8.4. Manufacturer’s / Distributor Certificate Stating That The Equipment Supplied Is Not Obsolete Or Shortly To Be Phased Out Of Production. 7.8.5. Warranty Certificates Of All Supplied Equipment And Devices, Stating The Warranty Coverage 7.8.6. The Bidder Should Have Iso 9001:2015 Quality Management Systems. In The Case Of A Joint Venture (jv), Each Of The Parties Forming The Jv Must Possess The Iso Certifications As Stated Herein. Total Php 1,000,000,000.00 Delivery Of The Goods Is Required Within Three (3) Calendar Day After Receipt Of Notice To Proceed. Bidders Should Have Completed, Within Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Cebu Normal University And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 30, 2024 To July 22, 2024 From The Given Address And Website(s) And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Seventy-five Thousand Pesos (₱ 75,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees If It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. 6. The Cebu Normal University Will Hold A Pre-bid Conference On July 8, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City On Or Before July 22, 2024 @ 1:00 P.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On July 22, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Cebu Normal University Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Ma. Jodelle C. Badilla Bac Secretariat Office Cebu Normal University Osmeña Boulevard, Cebu City 6000 Philippines Cnubacsec@gmail.com (+63 32) 254 1452 Local 141 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.philgeps.gov.ph Www.cnu.edu.ph June 28, 2024 Dr. Joseph Elvir C. Tubilan Bac Chairperson
Closing Date22 Jul 2024
Tender AmountPHP 1 Billion (USD 17.1 Million)
Adela Serra Ty Memorial Medical Center Tender
Laboratory Equipment and Services
Philippines
Details: Description Republic Of The Philippines Department Of Health Adela Serra Ty Memorial Medical Center Capitol Hills, Telaje, Tandag City, Surigao Del Sur E-mail Add: Astmmcprocurement@gmail.com Bids And Awards Committee Office Procurement Of Laboratory Reagents (tie-up Basis) For Immuno-serology, Clinical Microscopy And Microbiology Sections Ib No. 2024-06-05 (25) 1. The Adela Serra Ty Memorial Medical Center, Using A Single Year Framework Agreement, Through The Astmmc Fund Intends To Apply The Sum Thirty-one Million Three Hundred Fifty Eight Thousand Four Hundred Fifty Pesos Only [php 31,358,450.00], Being The Abc To Payments Under The Contract For Each Item. Bids Received In Excess Of Abc Shall Be Automatically Rejected. 2. The Adela Serra Ty Memorial Medical Center Now Invites Bids For The Procurement Laboratory Reagents (tie-up Basis) For Immuno-serology, Clinical Microscopy And Microbiology Sections. Delivery Of The Goods Is Required Within 15 Calendar Days After Issuance Of A Call-off. Bidders Should Have Completed, Within 5 Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non- Discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Adela Serra Ty Memorial Medical Center And Inspect The Bidding Documents At The Address Given Below During 8:00am To 5:00pm, Monday Thru Friday. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On May 16, 2024 To June 5, 2024 From The Given Address Below And Upon Payment Of The Applicable Fee For The Bidding Documents In The Amount Of Twenty Five Thousand Pesos Only [php 25,000.00]. The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment In Person. 6. The Adela Serra Ty Memorial Medical Center Will Hold A Pre-bid Conference1 On May 24, 2024; 10:30 Am At Bac Conference Room, Opd Bldg, Astmmc, Tandag 1 May Be Deleted In Case The Abc Is Less Than One Million Pesos (php1,000,000) Where The Procuring Entity May Not Hold A Pre-bid Conference. City And Or Through Video Conferencing Or Webcasting Via Meet.google.com/rbu-snjw-vga Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Office Address Indicated Below, On Or Before 10:30 Am; June 5, 2024. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On 10:31 Am; June 5, 2024 At Bac Conference Room, Opd Bldg, Astmmc, Tandag City And Or Through Video Conferencing Or Webcasting Via Meet.google.com/rbu-snjw-vga Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Adela Serra Ty Memorial Medical Center Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Bac Office, 2nd Floor Opd Bldg. Astmmc, Tandag City, Sds, 8300 Tel No. 086-211-4306 Astmmcprocurement@gmail.com 12. For Downloading Of Bidding Documents, You May Visit: Philgeps.gov.ph May 16, 2024 Date Issued Dominador B. Toral, Rn, Md, Dpbohns Hbac Chairman Lot/ Item Number Unit Description Quantity Unit Price Total Delivered, Weeks/months Immuno-serology Section Lot No. 1 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Immunology Analyzer For Free Of Use."if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage > Must Provide At Least 3 Consecutive Excellent Neqas Result For The Past 3 Years > Must Strictly Provide And Installed A Back-up Machine Utilizing The Same Reagents In Case Of Machine Breaks Down To Avoid Delay Release Of Results That Will Affects The Turnaround Time Of Testing. >service Engineer Must Be Knowledgeable Of Their Machine And Responds To Any Of The End-users' Problems Or Concerns Immediately. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. > Supplier Must Shoulder The Main And Back Up Machine's Lis Connectivity Fee/charges Services And Coordinate With Astmmc Lis Provider For The Connection. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Our Objective Which Is Our Turnaround Time (tat) To Release Our Result After 2 Hours And Can Run All Tests 24 Hours A Day, 7 Days A Week > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Possess A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Analyzer Should Be Delivered Complete With Its Accessories (ups 3kva, Keyboard, Printer, Avr 3kva, Safety Breaker And Etc.) >must Provide And Free Of Charge (foc): - All Consumable Needed For The Machine To Function Like Calibrators, Controls, Cuvettes/sample Cups, Rv, Pre-trigger, Disposable Tips, Deionized / Distilled Water, Wash Buffer, System Cleaning Solution And Etc. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Electrochemiluminescence (eclia) Immunoassay Technology Or Chemiluminescence Immunoassay (clia) > Throughput: At Least 75 Tests/hr > Test Mode: Routine/random, Batch > Stat Assay Turnaround Time: <15mins > Non-stat Assay Turnaround Time: <25mins > Sample Volume: 10-50ul Per Test > 2-point Calibration Per Reagent Lot > Sample-clot Detection > Liquid-level Detection > Sensitivity : >99% > Specificity : >99% > Accuracy :> 99% >sample Type: Serum, Plasma, Whole Blood >reagent Type: Liquid, Ready To Use/no Mixing Reagent Pack / Cartridge >on-board Reagent Integrity/stability Control >automatic Inventory Tracking And Updating As To Number Of Tests And Remaining Test Available >program For Calibration Tracker And Validity >machine Quality Assurance: Autocalibration, Auto-qc, Auto Westgard Rules/levy Jennings Plotting Of Real Time Qc >machine Diagnostics System & Services: Online/remote Access >barcode Reader/scanner For Easy Samples And Reagents Identification And Tracking >lis Ready >with Buit-in Touch Screen Monitor >user-friendly, Easy To Use >if Water Is Needed, Buit-in Water System Or Distilled Water Must Be Provided For Free Of Charge >provide Computer/software System To Store Results For Accessibility And Result Management >sturdy Floor-type Machine Box T3 (100's/box) 4 46,000.00 184,000.00 15 Calendar Days After Issuance Of A Call-off Box T4 (100's/box) 4 46,000.00 184,000.00 15 Calendar Days After Issuance Of A Call-off Box Tsh (100's/box) 13 46,000.00 598,000.00 15 Calendar Days After Issuance Of A Call-off Box Ft3 (100's/box) 6 46,000.00 276,000.00 15 Calendar Days After Issuance Of A Call-off Box Ft4 (100's/box) 10 46,000.00 460,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbs (100's/box) 9 46,000.00 414,000.00 15 Calendar Days After Issuance Of A Call-off Box Total Psa (100's/box) 5 84,000.00 420,000.00 15 Calendar Days After Issuance Of A Call-off Box Ca-125 (100's/box) 2 40,000.00 80,000.00 15 Calendar Days After Issuance Of A Call-off Box Beta-hcg (100's/box) 10 21,000.00 210,000.00 15 Calendar Days After Issuance Of A Call-off Box Hbsag Quantitative (100's/box) 2 20,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Hbeag (100's/box) 1 40,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbe (100's/box) 1 40,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off Box Ana (anti-nuclear Antibody) (100's/box) 1 80,000.00 80,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-hbc (100's/box) 1 32,000.00 32,000.00 15 Calendar Days After Issuance Of A Call-off Box Serum C3 (100's/box) 1 140,000.00 140,000.00 15 Calendar Days After Issuance Of A Call-off Box Pro-bnp (100's/box) 2 148,000.00 296,000.00 15 Calendar Days After Issuance Of A Call-off Box Rf ( Rheumatoid Factor) (100's/box) 1 24,000.00 24,000.00 15 Calendar Days After Issuance Of A Call-off Box Anti-dsdna (100's/box) 1 96,000.00 96,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 3,614,000.00 Lot No. 2 Winning Bidder Responsibilities: > Winning Bidder Must Provide For Free An Iso-certified, Semi-automated Machine And Its Consumables, Calibrators And Controls For The Analysis Of C-reactive Protein, D-dimer, Ferritin And Procalcitonin. > Analytical Principle/system Description: Fluorescense Immunoassay (fia) > Provide Accessories For Effective And Uninterrupted Operation Like Ups, Avr, Computer Set And Printer. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. > Prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down > Expenses Incurred For Send Out Of Tests Due To Failure Of The Machine And/or Poor Supplier Performance Shall Be Charged To The Winning Bidder. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > A Framework Agreement For A 1-year Contract Shall Be Made. Box D-dimer(100's/box) 2 80,000 160,000.00 15 Calendar Days After Issuance Of A Call-off Box Aso (anti-streptolysin O) Titer (100's/box) 2 28,000 56,000.00 15 Calendar Days After Issuance Of A Call-off Box Ferritin (100's/box) 2 80,000 160,000.00 15 Calendar Days After Issuance Of A Call-off Box C-reactive Protein (25's/box) 28 21,000 588,000.00 15 Calendar Days After Issuance Of A Call-off Box Procalcitonin (10's/box) 20 15,000 300,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 1,264,000.00 Lot No. 3 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Quantitative Troponin I Analyzer For Free Of Use. "if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage >service Engineer Must Be Knowledgeable Of Their Machine And Responds To Any Of The End-users' Problems Or Concerns Immediately. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services And Coordinate With Astmmc Lis Provider For The Lis Connection. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Laboratory Objective Of The Test Turnaround Time (tat) To Release Our Result Within 1 Hour And Can Run All Tests 24 Hours A Day, 7 Days A Week > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Analyzer Should Be Delivered Complete With Its Accessories (ups 3kva, Keyboard, Printer, Avr 3kva, Etc.) >must Provide And Free Of Charge (foc): - All Consumable Needed For The Machine To Function Like Calibrators, Controls, Cuvettes/sample Cups, Reaction Vessels, Pre-trigger, Disposable Tips, Deionized / Distilled Water, Wash Buffer, System Cleaning Solution And Etc. - Computer Sets, Ups, Avr, Printer - Calibration And Preventive Maintenance - Any Parts Or Accessories Of The Machine > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Lateral Flow Chromatography (immunofluorescence) >sample Type: Whole Blood/serum/plasma/urine/fingertip Blood >sample Position: At Least 40 Samples Per Run, 120 Tests/hr >continuous Loading Of Different Test Items >user-friendly Interface Diversified Test Modes: Random, Batch, Stat >fully-automatic Sample Adding System Disposable Tips With Filter Elements, Which Avoid Cross-contamination Automatic Calibration, Dilution And Sample Loading Fully-automatic Quality Control >touch Screen >automatic Barcode Scanning Of Test Items >automatic Recognition Of Reagents >bench-type Box Troponin-i Quantitative (48's/box) 20 40,000.00 800,000.00 15 Calendar Days After Issuance Of A Call-off Clinical Microscopy Section Lot No. 4 Winning Bidder Responsibilities: >must Provide And Install An Iso Certified Fully Automated Urine Analyzer For Free Of Use."if It's Not Brand New Machine, It Must Have Been Used For Not More Than Three (3) Years." Provide Certificate Of Machine Purchase And Any Proof From Its Usage > Must Provide At Least 3 Consecutive Excellent Neqas Result For The Past 3 Years > Must Strictly Provide And Installed A Back-up Machine Utilizing The Same Reagents In Case Of Machine Breaks Down To Avoid Delay Release Of Resulted That Will Affects The Turnaround Time Of Testing. >must Provide Complete Set Of Reagents, Controls, Calibrators, Distilled Water, Test Tubes And Other Consumables Needed To Generate A Fully Automated Accurate Urinalysis Result. > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive 24/7 To Any Machine's Problems Or Concerns. Conduct Regular Monthly Machine's Calibration And Preventive Maintenance Or As Needed > Supplier Must Shoulder The Main And Back Up Machine's Lis Connectivity Fee/charges Services And Coordinate With Astmmc Lis Provider For The Connection. >prompt Replacement Of Another Unit Of Machine/analyzer Or Defective Parts In Case Of Breakdown Shall Be Done Not Later Than 48 Hours From When It Bugged Down. >failure Of Machine's Effective Functionality And Supplier's Performance Which May Result To Unavailability Of Test Requests Maybe Send Out To Other Laboratories. Expenses Incurred Shall Be Charged To The Supplier. >meet Our Objective Which Is Our Turnaround Time (tat) To Release Our Result After 2 Hours And Can Run All Tests 24 Hours A Day, 7 Days A Week >analyzer Should Be Delivered Complete With Its Accessories (ups 6kva, Keyboard, Printer, Avr 3kva, Safety Breaker And Etc.) > Supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > With At Least Two (2) Installations To Tertiary Laboratories In Mindanao Area. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. Machine Specifications: >analytical Principle/system Description: Urine Flow Cytometry/flow Imaging Technique, Photoelectric Colorimetry. > Throughput: At Least 100 Samples/hour > With Autoloader > Sample Volume: At Least 3 Ml > Built-in Reagent Strip Reader/ Chemical Testing And Visual Urine Sediment Reader In One Machine. >user Friendly Design, Simple Operation And Convenient Maintenance. >urine Strip Bottle Must Have Color Reaction Comparator For Manual Method >reagent Strip Parameters/chemical Testing (at Least 12 Parameters): 1. Urobilinogen 2. Bilirubin 3. Ketone 4. Creatinine 5. Blood 6. Microalbumin 7. Nitrite 8. Leukocyte 9. Glucose 10. Specific Gravity 11. Ph 12. Protein >microscopic Testing / Urine Sediment Visual Reading: 1. Rbc 2. Wbc 3. Non-squamous Epithelial Cells 4. Squamos Epithelial Cells 5. Bacteria 6. Mucus 7. Urine Crystals 8. Casts 9. Yeast Cells Bottle Urine Strips, At Least 12 Parameters (100's/bot) 240 19,750.00 4,740,000.00 15 Calendar Days After Issuance Of A Call-off Micrpbiology Section Lot No. 5 Winning Bidder Responsibilities: > Must Provide For Free An Iso-certified Fully Automated Blood Culture Machine That Utilizes Comprehensive Detection Technology > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >should Have At Least 2 Installation Within Mindanao Area >excellent Eqas Result For The Past 2 Years > Machine Should Be Delivered Complete With A Heavy Duty Accessories (ups 6 Kva, Avr,keyboard, Printer And Any Other Needed Accesories, Safety Breaker And Etc.) > Supplier Must Provide Back-up Machine That Is Also Ready To Use. > Two Machine Provided Must Be Lis Ready. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services For Two Machine And Coordinate With Astmmc Lis Provider For The Lis Connection. > Capable Of A Prompt Replacement Of Defective Parts In Case Of Breakdown (not Later Than 48 Hours From Bug Down) >supplier Must Have Technical Engineer Readily Available Within The Region. > Supplier Must Have A Regular Personnel With A Certfificate Of Traning Capable In Troubleshooting The Machine They Intent To Bid >supplier Must Posses A Certificate Of Exclusive Distributorship ( Ced ) For The Security Of The Laboratory's Uninterrupted Operation > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. Machine Specifications: > Has Colorimetric Technology And Specialized Liquid Emulsion Sensors (les) At The Bottom Of Each Culture Bottle > Offers A Comprehensive Range Of Media Bottles To Ensure The Recovery Of A Wide Variety Of Microorganisms Including Bacteria, Mycobacteria, And Fungi > Can Provide Graph Analysis > Blood Culture Bottles Must Be Plastic And Color Coded For Pediatric And Adult Patients > Bottles With Direct Draw > With Agitation Technology > With Built-in Quality Control > With Immediate Bottle Recognition > With Rapid Response Time And Greater Accuracy.faster Time To Detection (9-25 Hours) > At Least 60 Cells Or Capacity Per Drawer > Could Fit Shatter-proof Plastic Culture Bottles > Preferably With Ard (antimicrobial Removal Device) Blood Culture System,to Increase The Sensitivity Of Isolation Of Pathogenic Microorganisms In Bacteremic Patients Who Are Already On Antibiotic. Box Pedia Culture Bottles For Automated Isolation Of Aerobic Microorganisms In Sterile Samples 50's/box 40 35,000.00 1,400,000.00 15 Calendar Days After Issuance Of A Call-off Box Adult Culture Bottles For Automated Isolation Of Aerobic Microorganisms In Sterile Samples 50's/box 60 35,000.00 2,100,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 3,500,000.00 Lot No. 6 Winning Bidder Responsibilities: > Must Provide For Free An Iso-certified Fully Automated Machine For The Identification And Susceptibility Of All Bacteria And Yeast > Free Of Charge Technical Services Of Company Engineer Which Must Be Available And Responsive To Any Of The Problems Or Concerns Of The Machine 24/7, Conduct Regular Monthly Machine's Calibration And Preventive Maintenance. >should Have At Least 2 Installation Within Mindanao Area >excellent Eqas Result For The Past 2 Years > Machine Should Be Delivered Complete With A Heavy Duty Accessories (ups, Avr,keyboard,printer And Any Other Needed Accesories Etc.) >preferrably With Remote Connectivity For Updates And Fast Troubleshooting > Supplier Must Provide Back-up Machine That Is Also Ready To Use. > Capable Of A Prompt Replacement Of Defective Parts In Case Of Breakdown (not Later Than 48 Hours From Bug Down) > Two Machine Provided Must Be Lis Ready. > Supplier Must Shoulder Connectivity Fee/charges For Lis Services For Two Machine And Coordinate With Astmmc Lis Provider For The Lis Connection. >supplier Must Provide A Free Of Charge Consumables Like Reagents Of Machine Needed To Operate And To Generate Result,turbidimeter To Ensure Correct Macfarland Standard,calibrators,calibrated Pipettes, And Other Consumables For Ast Suspencion > Quantity Of Reagents Must Be Delivered Based On Nefa Or Notice To Execute Framework Agreement Or Staggered Scheme Or Upon The Request Of The End-user. > Payments Will Be Issued Per Delivery Of Reagents. > A Framework Agreement For A 1-year Contract Shall Be Made. > Reagents Delivered Must Be 18 Months From The Expiration Date, A Guarantee Letter Of Replacement May Be Issued For Less Than 18 Months Reagents And Supplies. >reagent Or Supplies With Shelf Life Of Less Than 5 Months Must Submit A Certificate Of Option To Return (otr),if Not Consumed Within The Expiry Date And It Must Be Replaced. Machine Specifications: > Automated Bacterial Identification And Susceptibility Testing System That Uses Fluorescence-based Technology.with Gold-standard Accuracy For Microorganism Identification And Susceptibility > Delivers Accurate Emerging Resistance Detection For The Toughes Pathogens, Including Visa, Vrsa, Mrsa,icr And Rapid Detection Of Esbl Production And Confirmation. > Processes Rapid And Specialty Id Panels For Reduced Turnaround Time.could Generate Results As Little As 5 To 8 Hours > Utilizes Closed Tests Card And Cassettes For Id And Ast > Allows Consolidation Of Data From Multiple Testing Systems On Epidemiology Reports > Lis-who Net Configuration And Connection Ready.has Remote Support Feature In Instrument Monitoring And Lis Connectivity >with Built-in Barcode Scanner And Scan Card And Isolate Barcodes To Establish Traceability > Has Rapid Result Searches By Patient, Date Tested, Organism, Technician And Accession Number > Allow Remote Access By Multiple Users And Real-time Connectivity To Our Existing Lis > Updated Clsi Guidelines Compliant Ast Interpretation/formulations Available Producing Mic's Based On Reference Clsi And Iso Mic Methods Box Gram Positive Combo Panel 20's 100 30,000.00 3,000,000.00 15 Calendar Days After Issuance Of A Call-off Box Gram Negative Combo Panel 20s 120 30,000.00 3,600,000.00 15 Calendar Days After Issuance Of A Call-off Box Rapid Yeast Combo Panel 20s 30 30,000.00 900,000.00 15 Calendar Days After Issuance Of A Call-off Box Haemophilus And Neisseria Combo Panel 20s 30 30,000.00 900,000.00 15 Calendar Days After Issuance Of A Call-off Sub Total 8,400,000.00 Stock Or Property No. Unit Item Description Quantity Unit Cost Total Cost 1 Carts Ciprofloxacin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 2 Carts Trimethoprim-sulfamethoxazole Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 3 Carts Piperacillin-tazobactam Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 4 Carts Amikacin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 5 Carts Ampicillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 6 Carts Ampicillin-sulbactam Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 7 Carts Azithromycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 8 Carts Cefixime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 9 Carts Cefotaxime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 10 Carts Clindamycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 11 Carts Cefuroxime Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 12 Carts Chloramphenicol Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 13 Carts Erythromycin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 14 Carts Levofloxacin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 15 Carts Norfloxacin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 16 Carts Oxacillin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 17 Carts Aztreonam Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 18 Carts Ceftazidime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 19 Carts Cefazolin Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 20 Carts Cefifime Disc(50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 21 Carts Trimethoprim Dics (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 22 Carts Gentamicin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 23 Carts Imipenem Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 24 Carts Meropenenm Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 25 Carts Nitrofurantoin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 26 Carts Penicillin G Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 27 Carts Tetracycline Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 28 Carts Tobramycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 29 Carts Vancomycin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 30 Carts Cefoxitin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 31 Carts Piperacillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 32 Carts Cephalexin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 33 Carts Ticarcillin Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 34 Carts Linezolid Disc (50's) 10 800.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 35 Carts Taxo P (optochin) 50's 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 36 Carts Taxo A (bacitracin) 50's 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 37 Carts V Factor Disc (50's) 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 38 Carts X Factor Disc (50's) 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 39 Carts Xv Factor Disk (50"s) 1 5,000.00 5,000.00 15 Calendar Days After Issuance Of A Call-off 40 Carts Oxidase Disc/strip (50's) 10 5,000.00 50,000.00 15 Calendar Days After Issuance Of A Call-off 41 Vial Atcc Control Strains (pae 27853) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 42 Vial Atcc Control Strains (eco 25922) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 43 Vial Atcc Control Strains (eco 35218) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 44 Vial Atcc Control Strains (sau 25923) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 45 Vial Atcc Control Strains (spn 49619) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 46 Vial Atcc Control Strains (hin 29427) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 47 Vial Atcc Control Strains (ngo 49226) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 48 Plate Sheep Blood Agar (commercially Prepared) 10s 5000 200.00 1,000,000.00 15 Calendar Days After Issuance Of A Call-off 49 Plate Chocolate Agar (commercially Prepared) 10's 3000 215.00 645,000.00 15 Calendar Days After Issuance Of A Call-off 50 Plate Mueller Hinton Agar (commercially Prepared) 10s 500 210.00 105,000.00 15 Calendar Days After Issuance Of A Call-off 51 Plate Gba Commercially Prepared (10's) 1000 300.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 52 Plate Bacitracin Chocoolate Agar Commercially Prepared (10's) 1000 300.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 53 Bot Alkaline Peptone Water Agar (500g) 2 7,000.00 14,000.00 15 Calendar Days After Issuance Of A Call-off 54 Bot Salmonella Shigela Agar (500g) 2 13,600.00 27,200.00 15 Calendar Days After Issuance Of A Call-off 55 Bot Selenite F (500g) 2 15,000.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 56 Bot Tcbs (500g) 2 10,000.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 57 Bot Mueller Hinton Agar (500g) 10 10,000.00 100,000.00 15 Calendar Days After Issuance Of A Call-off 58 Bot Mac Conkey Agar Powder (500g) 15 9,000.00 135,000.00 15 Calendar Days After Issuance Of A Call-off 59 Bot Nutrient Agar Powder (500g) 3 3,000.00 9,000.00 15 Calendar Days After Issuance Of A Call-off 60 Bot Sabouraud Dextrose Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 61 Bot Fluid Thioglycolate Medium Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 62 Bot Tsb Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 63 Bot Gc Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 64 Bot Tsi Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 65 Bot Lysine Iron Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 66 Bot Simmon Citrate Agar Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 67 Bot Urea (christensen) Agar Base (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 68 Bot Simmon Citrate Agar Powder (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 69 Bot Sim Medium (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 70 Bot Lim Medium (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 71 Bot Sodium Chloride Agar (500g) 5 8,000.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 72 Bot Bile Esculin Agar (500g) 4 8,000.00 32,000.00 15 Calendar Days After Issuance Of A Call-off 73 Bot Dnase Agar (500g) 1 8,000.00 8,000.00 15 Calendar Days After Issuance Of A Call-off 74 Bot Soluble Hemoglobin Powder (400g) 5 15,000.00 75,000.00 15 Calendar Days After Issuance Of A Call-off 75 Box Iso Vitalex Supplement (10's) 2 5,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 76 Box Vcnt Supplement (10"s) 2 5,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 77 Box Coagulase Rabbit Plasma (10's) 10 20,000.00 200,000.00 15 Calendar Days After Issuance Of A Call-off 78 Bot 0.9 % Normal Saline Solution 1l 100 100.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 79 Set Gram Stain Set 10 3,000.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 80 Bot Kovac's Reagent (100ml) 2 11,000.00 22,000.00 15 Calendar Days After Issuance Of A Call-off 81 Bot 10% Koh Solution (500ml) 3 8,000.00 24,000.00 15 Calendar Days After Issuance Of A Call-off 82 Bot India Ink (100 Ml) 1 10,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 83 Box Disposable Sterile Loop 10ul+1ul Calibration(100's) 20 5,000.00 100,000.00 15 Calendar Days After Issuance Of A Call-off 84 Pc Wire Loop 5 300.00 1,500.00 15 Calendar Days After Issuance Of A Call-off 85 Pc Wire Needle 5 300.00 1,500.00 15 Calendar Days After Issuance Of A Call-off 86 Box Sterile Cotton Swab (100's) 50 800.00 40,000.00 15 Calendar Days After Issuance Of A Call-off 87 Box Betadine Cotton Swab (25's) 100 200.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 88 Bot Povidone Iodine Bottle (500ml) 10 600.00 6,000.00 15 Calendar Days After Issuance Of A Call-off 89 Pc Sterile Bottle Container Individually Pack 50 Ml 3000 15.00 45,000.00 15 Calendar Days After Issuance Of A Call-off 90 Pc Petri Dish (big) 2000 40.00 80,000.00 15 Calendar Days After Issuance Of A Call-off 91 Pc Petri Dish (small Single Plate) 1000 10.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 92 Box Glass Tubes (100's) 13x75mm 10 1,000.00 10,000.00 15 Calendar Days After Issuance Of A Call-off 93 Pc Petri Dish(small Biplate) 1000 30.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 94 Pack Sterile Transfer Pipettes (100s) 20 1,500.00 30,000.00 15 Calendar Days After Issuance Of A Call-off 95 Pc Glass Beaker 500ml 5 1,000.00 5,000.00 15 Calendar Days After Issuance Of A Call-off 96 Pc Glass Beaker 1000ml 5 1,500.00 7,500.00 15 Calendar Days After Issuance Of A Call-off 97 Pc Erlenmeyer Flask With Cap 500 Ml 5 3,500.00 17,500.00 15 Calendar Days After Issuance Of A Call-off 98 Pc Erlenmeyer Flask With Cap 1000ml 5 5,000.00 25,000.00 15 Calendar Days After Issuance Of A Call-off 99 Pc Glass Stirrer 10 100.00 1,000.00 15 Calendar Days After Issuance Of A Call-off 100 Set Autoclave Bags (200's) 5 4,000.00 20,000.00 15 Calendar Days After Issuance Of A Call-off 101 Pc Aluminum Foil (30x150) 5 250.00 1,250.00 15 Calendar Days After Issuance Of A Call-off 102 Pc Autoclave Tape 10 200.00 2,000.00 15 Calendar Days After Issuance Of A Call-off 103 Box Disposable Sterile Loop 10ul+needle Calibration(100's) 10 5,000.00 50,000.00 15 Calendar Days After Issuance Of A Call-off 104 Pc Autoclavable Culture Tube With Screw Cap 13x100mm 1000 62.00 62,000.00 15 Calendar Days After Issuance Of A Call-off 105 Pc Big Test Tube Rack (autoclavable) 2 3,000.00 6,000.00 15 Calendar Days After Issuance Of A Call-off 106 Pc Small Test Rack (autoclavable) 5 3,000.00 15,000.00 15 Calendar Days After Issuance Of A Call-off 107 Box H. Pylori Ab Rt (20's/box) 30 6,500.00 195,000.00 15 Calendar Days After Issuance Of A Call-off 108 Box Typhidot Ab Duo Rt (25's/box) 14 13,000.00 182,000.00 15 Calendar Days After Issuance Of A Call-off 109 Box Leptospira Ab Rt (10's/box) 15 14,000.00 210,000.00 15 Calendar Days After Issuance Of A Call-off 110 Box Dengue Ns1 (25's/box) 80 9,000.00 720,000.00 15 Calendar Days After Issuance Of A Call-off 111 Box Dengue Ab Duo Rt (40's/box) 60 12,000.00 720,000.00 15 Calendar Days After Issuance Of A Call-off 112 Box Hcv Rt (100's/box) 8 20,000.00 160,000.00 15 Calendar Days After Issuance Of A Call-off 113 Box Hbsag Rt (30's/box) 270 6,000.00 1,620,000.00 15 Calendar Days After Issuance Of A Call-off 114 Box Hav Rt (25's/box) 25 12,000.00 300,000.00 15 Calendar Days After Issuance Of A Call-off 115 Box Syphilis Rt (100's/box) 30 9,600.00 288,000.00 15 Calendar Days After Issuance Of A Call-off
Closing Date5 Jun 2024
Tender AmountPHP 31.3 Million (USD 536.3 K)
IQS Group as Tender
Electrical and Electronics
Corrigendum : Closing Date Modified
Czech Republic
Details: The subject of the performance of this order is the delivery of the performance expected in the framework of the subsidy project "innovation of the production of optical security elements for the security of polycarbonate documents". The technical parameters are as follows, with the fact that the client allows their modification while maintaining the principle that performance and range parameters are set as minimum and power, size and weight parameters as maximum, unless something else is stated for a specific parameter, with a tolerance so that the device It Could Be Installed In The Location For This Equipment. This contract also includes transportation, assembly, and commissioning at the place designated by the client. The selected supplier is responsible for ensuring that the order will be delivered complete and will contain all parts necessary for trouble-free operation. Only Original (non-refurbished) Components Will Be Used For Production. The Technical Specification Establishes the Basis of Minimum Requirements for Function, Performance, Lifetime, Etc. If Zd or its Annexes contain specific trade names or brands, this is only a definition of the required standard, and the client also allows other technically and qualitatively comparable solutions. The Inspection Equipment Must Meet The Specifications And Requirements That Are Listed Below: General Description: The Equipment Must Be Capable Of Checking The Quality Of Pressed Holographic (dovid) Elements In A Polymer Substrate Formed By Pressing From Nickel Plates On A Pressing Machine Operating In R2r Mode In Real Time. The device must be able to inspect the high-resolution details inside the holographic motifs (dovid). Dovid elements are created in Max. 254,000 Dpi And The Required Inspection System Must Be Able To Optically Process Such Complex Structures And Deal With Unwanted Reflections. Must Use Appropriate Light Sources, Detect Defects In Molded Structures Even In An Intact Substrate With A Minimum Size Of 50 Microns, Must Monitor Transverse And Longitudinal Stretching Of The Substrate During The Pressing Process, Must Monitor And Monitor The Diffraction Efficiency Of Dovid Elements. Must Have Appropriate Software Capable of Creating a Scalable Log of the Inspection Performed. Required Technical Parameters: Material: Polycarbonate Film 50 to 175 Μm, One Side Glossy, One Side Matte, Dovid elements are always pressed on the glossy side. Controlled Width: Up to 500 Mm Repeat Length: Up to 850 Mm Maximum Speed: 50 M/min Optical Resolution: Min. 50 X 50 Μm Configuration: Due to the Specific Polymeric Substrate Used (glossy/matte), it is Necessary to Use a Two-Channel Solution with Light Sources Working on the Principle of Both Specular Reflection and Scattering in Combination with an Appropriate Number of Cameras for Line Scanning with Sufficient Resolution. Workstation: Sufficiently Powerful Computer Data Storage: Minimum 4 Tb Capacity for Data Storage Network: Option to Connect to a Local Ethernet Network Required System Features: The System Must Detect Different Types of Defects (such as Scratches, Dust Particles, Paint/Oil Splashes, Smudges, etc. .) Inside the Relief Element Dovid And On The Surface And In The Mass Of The Intact Polycarbonate Substrate. System Must Continuously Monitor Diffraction Efficiency. The system must be capable of tracking the brightness of light diffraction at an unlimited number of locations within each iteration. These Tracking Points Must Be Freely Definable by the User. Brightness Must Be Measured On 100% Viewed Points At 100% Repetition - No Sampling. The Diffraction Efficiencies Determined At Each Monitored Location, After Each Revolution, Must Be Visualized As A Scalable Graph That Shows The Brightness Level In Percentage Of The Reference Value. In the graph, the lines representing individual monitoring locations must be color distinguishable. The System Must Continuously Monitor Transverse And Longitudinal Stretching (As A Result Of The Pulls And Temperature Used During Pressing) Of The Substrate. The system must continuously monitor the repetitive length and width of the material and graphically represent their progress in time and place. The System Must Display Deviations From Target Values In Appropriate Units (mm, %). The system must support the visualization of multiple control channels on one workstation (displays). The system must have suitable software capable of creating a scalable report on the performed inspection. The order is not divided into parts. The contracting authority does not intend to discuss offers with the participants within the meaning of Art. 5.4 of the Rules.
Closing Date6 May 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
United States
Details: This Is A Sources Sought Notice Only. This Is Not A Request For Quotes And No Contract Will Be
awarded From This Announcement. The Government Will Not Provide Any Reimbursement
for Responses Submitted In Response To This Source Sought Notice. Respondents Will Not Be
notified Of The Results Of The Evaluation.
the Purpose Of This Announcement Is To Perform Market Research To Gain Knowledge Of Potential
qualified Sources And Their Size Classification Relative To Naics 541330, (engineering Services)
with A Size Standard $25.5million. The Department Of Veterans Affairs (va), Network
contracting Office 1 (nco 1) Is Seeking To Identify Any Vendor Capable Of
providing A Boundary Survey Per The Requirements Below. Refer To The Statement Of
work Below For The Requested Requirement Description. The Standard Shall Be Of Quality; Meeting
or Exceeding Those Outlined In The Statement Of Work.
this Sources Sought Notice Provides An Opportunity For Respondents To Submit Their Capability
and Availability To Provide The Requirement Described Below. Vendors Are Being Invited To Submit
information Relative To Their Potential To Fulfill This Requirement, In The Form Of A Capability
response That Addresses The Specific Requirement Identified In This Sources Sought. Information
received From This Sources Sought Shall Be Utilized To Facilitate The Contracting Officer S Review
of The Market Base, For Acquisition Planning, Size Determination, And Procurement Strategy.
submission Instructions: Interested Parties Who Consider Themselves Qualified To Perform
boundary Surveys Are Invited To Submit A Response To This Sources Sought Notice By 7-17-2024.
all Responses Under This Sources Sought Notice Must Be Emailed To Carissa.sarazin@va.gov.
telephone Inquiries Will Not Be Accepted Or Acknowledged, And No Feedback Or Evaluations Will
be Provided To Companies Regarding Their Submissions.
interested Parties Should Complete The Attached Sources Sought Worksheet. Parties May Submit
additional Information Related To Their Capabilities, Provided It Contains All The Requirements
contained In The Sources Sought Worksheet. Responses To This Sources Sought Shall Not Exceed 8
pages. In Addition, All Submissions Should Be Provided Electronically In A Microsoft Word Or
adobe Pdf Format.
sam: Interested Parties Shall Be Register In The System For Award Management (sam) As
prescribed In Far Clause 52.232-33. Sam Information Can Be Obtained By Accessing The Internet
at Www.sam.gov Or By Calling 1-866-606-8220. Interested Parties Not Registered In Sam Will Be
ineligible To Receive A Government Contract, Should A Solicitation Be Issued Resulting From This
sources Sought.
vista: The Va Utilizes Vista To Issue A Purchase Order And Liquidate Invoices. Failure To
register In Vista May Result In Exclusion From The Issuance Of A Va Contract, Should A
solicitation Be Issued Resulting From This Sources Sought.
attachment 1
sources Sought Worksheet
qualification Information:
company / Institute Name: _______________________________________________________
address: ______________________________________________________________________
phone Number: ________________________________________________________________
point Of Contact: _______________________________________________________________
e-mail Address: ________________________________________________________________
unique Entity Identifier (uei) #: ___________________________________________________
cage Code: __________________________________________________________________
other Available Contract Vehicles (gsa/fss/nasa Sewp/etc): ________________________
_____________________________________________________________________________
_____________________________________________________________________________
socio-economic Status:
vip Verified Sdvosb: (y / N)
vip Verified Vosb: (y / N)
8(a): (y / N)
hubzone: (y / N)
economically Disadvantaged Women-owned Small Business: (y / N)
women-owned Small Business: (y / N)
small Business: (y / N)
note: Respondent Claiming Sdvosb And Vosb Status Shall Be Registered And Center For
veterans Enterprise (cve) Verified In Vetbiz Registry Www.vetbiz.gov.
based On The Responses To This Sources Sought Notice/market
research, This Requirement May Be Set-aside For Sdvosb, Vosb, Small
businesses Or Procured Through Full And Open Competition.
capability Statement:
provide A Brief Capability And Interest In Providing The Supply Of Shower Repairs As Listed In
attachment 2 Statement Of Work With Enough Information To Determine If Your Company Can
meet The Requirement. The Capabilities Statement For This Sources Sought Is Not A Request For
quotation, Request For Proposal Or Invitation For Bid, Nor Does It Restrict The Government To An
ultimate Acquisition Approach, But Rather The Government Is Requesting A Short Statement
regarding The Company S Ability To Provide The Services Outlined In The Sow. Any Commercial
brochures Or Currently Existing Marketing Material May Also Be Submitted With The Capabilities
statement. This Synopsis Is For Information And Planning Purposes Only And Is Not To Be Construed
as A Commitment By The Government. The Government Will Not Pay For Information Solicited.
respondents Will Not Be Notified Of The Results Of The Evaluation.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
attachment 2
performance Work Statement
department Of Veterans Affairs (va)
medical Center, Leeds Ma
boundary Survey Of The Edward P. Boland Campus
1. General
the Va Central Western Mass. Edward P Boland Campus In Leeds, Ma Requires Survey Confirmation Of The Property Owned By The Va. The Original Tract Was Approximately 280 Acres And Is Now Approximately 105. The Va Has Records Of Agreements/conveyances That May Or May Not Have Occurred/been Recorded Over The And Is
looking For Confirmation Of The Property Owned By The Va Through A Alta/nsps Land Title Survey.
the Edward P. Boland Campus Also Has A Lot Of Construction Going On And Needs A Survey Control Network Installed To Standardized And Coordinate Construction And Records Throughout The Campus. A Traverse Through The Control Points Installed Is Required And Shall Be Submitted With The Control Point Coordinates. The Control Network Shall Use The Massachusetts State Plane Coordinate System.
place Of Performance:
421 N. Main St, Leeds Ma
2. Project Scope Of Work
item 1 Conduct An Alta/nsps Land Title Survey 1 Lump Sum
see Attachment 1 Alta/nsps Land Title Survey Table A
alta Deliverables:
plat Hard Copy (min 24 X36 )
plat Digital Copy
plat Does Not Have To Be Recorded.
provide Copies Of All Recorded Conveyances, Plats And Deeds For 1922 To Present.
item 2 Install Survey Control Monument 15 Each
furnish And Install Precast Concrete Monument 6 X6 X36 With 2.5 Minimum Bronze Marker.
markers Will Be Placed At Locations Agreed To With The Cor.
include Costs To Traverse And Balance The Control Point Network.
see Attachment 2 - Example Marker.
item 3 Install Survey Control Disk 10 Each
furnish And Install A 2.5 Minimum Bronze Marker On Either A Rebar Base Or In Existing Concrete.
rebar Shall Be A Minimum Of 2 Long #5 Bar.
concrete Install Will Be Drilled And Grouted Into Existing Concrete.
include Costs To Traverse And Balance The Control Point Network.
see Attachment 2 - Example Marker.
item 4 Topographic Survey Of Property 1 Lump Sum
this Item Is An Add Alternate For Items 5 And 15 Of Alta/nsps Land Title Survey Table A. Perform A
topographic Survey Of The Property, Survey Drones Would Be Permitted For This Task.
1/24/2024
3. The Performance Period For This Work Is 120 Days From Time Of Award, Unless Other Time Frames
are Approved In Writing By The Contracting Office With No Options To Renew.
a) Services Will Be Performed During Business Hours 7:00am 4:30 Pm. If Work Needs To Be Done
off Hours, It Must Be Coordinated With The Cor.
b) There Will Be No Unscheduled Work During Federal Holidays.
vha Supplemental Contract Requirements For Combatting Covid-19
1. Contractor Employees Who Work In Or Travel To Vha Locations Must Comply With The Following:
a. Documentation Requirements:
1) If Fully Vaccinated, Contractors Shall Show Proof Of Vaccination.
i. Note: Acceptable Proof Of Vaccination Includes A Signed Record Of Immunization From A Health
care Provider Or Pharmacy, A Copy Of The Covid-19 Vaccination Record Card (cdc Form Mls-
319813_r, Published On September 3, 2020), Or A Copy Of Medical Records Documenting The
vaccination.
2) If Unvaccinated, Contractors Shall Show Negative Covid-19 Test Results Dated Within Three Calendar
days Prior To Desired Entry Date. Test Must Be Approved By The Food And Drug Administration (fda)
for Emergency Use Or Full Approval. This Includes Tests Available By A Doctor S Order Or An Fda
approved Over-the-counter Test That Includes An Affiliated Telehealth Service.
3) Documentation Cited In This Section Shall Be Digitally Or Physically Maintained On Each Contractor
employee While In A Va Facility And Is Subject To Inspection Prior To Entry To Va Facilities And After
entry For Spot Inspections By Contracting Officer Representatives (cors) Or Other Hospital Personnel.
4) Documentation Will Not Be Collected By The Va; Contractors Shall, At All Times, Adhere To And Ensure
compliance With Federal Laws Designed To Protect Contractor Employee Health Information And
personally Identifiable Information.
2. Contractor Employees Are Subject To Daily Screening For Covid-19 And May Be Denied Entry To Va Facilities
if They Fail To Pass Screening Protocols. As Part Of The Screening Process Contractors May Be Asked
screening Questions Found On The Covid-19 Screening Tool. Check Regularly For Updates.
a. Contractor Employees Who Work Away From Va Locations, But Who Will Have Direct Contact With Va
patients Shall Self-screen Utilizing The Covid-19 Screening Tool, In Advance, Each Day That They Will Have
direct Patient Contact And In Accordance With Their Person Or Persons Who Coordinate Covid-19
workplace Safety Efforts At Covered Contractor Workplaces. Contractors Shall, At All Times, Adhere To And
ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And
personally Identifiable Information.
3. Contractor Must Immediately Notify Their Cor Or Contracting Officer If Contract Performance Is
jeopardized Due To Contractor Employees Being Denied Entry Into Va Facilities.
1/24/2024
4. For Indefinite Delivery Contracts: Contractor Agrees To Comply With Vha Supplemental Contract
requirements For Any Task Or Delivery Orders Issued Prior To This Modification When Performance Has
already Commenced.
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 1 Of 10
american Land Title Association And
national Society Of Professional Surveyors
minimum Standard Detail Requirements For
alta/nsps Land Title Surveys
(effective February 23, 2021)
1. Purpose - Members Of The American Land Title Associationâ® (alta) Have Specific Needs,
unique To Title Insurance Matters, When Asked To Insure Title To Land Without Exception As To The
many Matters Which Might Be Discoverable From Survey And Inspection, And Which Are Not
evidenced By The Public Records.
for A Survey Of Real Property, And The Plat, Map Or Record Of Such Survey, To Be Acceptable To A Title
insurance Company For The Purpose Of Insuring Title To Said Real Property Free And Clear Of Survey Matters
(except Those Matters Disclosed By The Survey And Indicated On The Plat Or Map), Certain Specific And
pertinent Information Must Be Presented For The Distinct And Clear Understanding Between The Insured, The
client (if Different From The Insured), The Title Insurance Company (insurer), The Lender, And The Surveyor
professionally Responsible For The Survey.
in Order To Meet Such Needs, Clients, Insurers, Insureds, And Lenders Are Entitled To Rely On Surveyors To
conduct Surveys And Prepare Associated Plats Or Maps That Are Of A Professional Quality And Appropriately
uniform, Complete, And Accurate. To That End, And In The Interests Of The General Public, The Surveying
profession, Title Insurers, And Abstracters, The Alta And The Nsps Jointly Promulgate The Within Details
and Criteria Setting Forth A Minimum Standard Of Performance For Alta/nsps Land Title Surveys. A
complete 2021 Alta/nsps Land Title Survey Includes:
(i) The On-site Fieldwork Required Pursuant To Section 5,
(ii) The Preparation Of A Plat Or Map Pursuant To Section 6 Showing The Results Of The Fieldwork
and Its Relationship To Documents Provided To Or Obtained By The Surveyor Pursuant To Section
4,
(iii) Any Information From Table A Items Requested By The Client, And
(iv) The Certification Outlined In Section 7.
2. Request For Survey - The Client Shall Request The Survey, Or Arrange For The Survey To Be
requested, And Shall Provide A Written Authorization To Proceed From The Person Or Entity Responsible For
paying For The Survey. Unless Specifically Authorized In Writing By The Insurer, The Insurer Shall Not Be
responsible For Any Costs Associated With The Preparation Of The Survey. The Request Must Specify That An
"alta/nsps Land Title Survey" Is Required And Which Of The Optional Items Listed In Table A, If Any,
are To Be Incorporated. Certain Properties Or Interests In Real Properties May Present Issues Outside Those
normally Encountered On An Alta/nsps Land Title Survey (e.g., Marinas, Campgrounds, Mobile Home
parks, Easements, Leases, Mineral Interests, Other Non-fee Simple Interests). The Scope Of Work Related To
surveys Of Such Properties Or Interests In Real Properties Should Be Discussed With The Client, Lender, And
insurer, And Agreed Upon In Writing Prior To Commencing Work On The Survey. When Required, The Client
shall Secure Permission For The Surveyor To Enter Upon The Property To Be Surveyed, Adjoining Properties,
or Offsite Easements.
3. Surveying Standards And Standards Of Care
a. Effective Date - The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title
surveys Are Effective February 23, 2021. As Of That Date, All Previous Versions Of The Minimum
standard Detail Requirements For Alta/acsm Or Alta/nsps Land Title Surveys Are
superseded By These Standards.
b. Other Requirements And Standards Of Practice - Many States And Some Local Jurisdictions
have Adopted Statutes, Administrative Rules, And/or Ordinances That Set Out Standards Regulating
the Practice Of Surveying Within Their Jurisdictions. In Addition To The Standards Set Forth Herein,
surveyors Must Also Conduct Their Surveys In Accordance With Applicable Jurisdictional Survey
requirements And Standards Of Practice. Where Conflicts Between The Standards Set Forth Herein
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 2 Of 10
american Land Title Association And
national Society Of Professional Surveyors
and Any Such Jurisdictional Requirements And Standards Of Practice Occur, The More Stringent Must
apply.
c. The Normal Standard Of Care - Surveyors Should Recognize That There May Be Unwritten Local,
state, And/or Regional Standards Of Care Defined By The Practice Of The Prudent Surveyor In Those
locales.
d. Boundary - The Boundary Lines And Corners Of Any Property Or Interest In Real Property Being
surveyed (hereafter, The Surveyed Property Or Property To Be Surveyed ) As Part Of An
alta/nsps Land Title Survey Must Be Established And/or Retraced In Accordance With
appropriate Boundary Law Principles Governed By The Set Of Facts And Evidence Found In The
course Of Performing The Research And Fieldwork.
e. Measurement Standards - The Following Measurement Standards Address Relative Positional
precision For The Monuments Or Witnesses Marking The Corners Of The Surveyed Property.
i. Relative Positional Precision Means The Length Of The Semi-major Axis, Expressed In Meters
or Feet, Of The Error Ellipse Representing The Uncertainty In The Position Of The Monument Or
witness Marking Any Boundary Corner Of The Surveyed Property Relative To The Position Of The
monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The Surveyed
property Resulting From Random Errors In The Measurements Made In Determining Those
positions At The 95 Percent Confidence Level. Relative Positional Precision Can Be Estimated
by The Results Of A Correctly Weighted Least Squares Adjustment Of The Survey. Alternatively,
relative Positional Precision Can Be Estimated By The Standard Deviation Of The Distance
between The Monument Or Witness Marking Any Boundary Corner Of The Surveyed Property
and The Monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The
surveyed Property (called Local Accuracy) That Can Be Computed Using The Full Covariance
matrix Of The Coordinate Inverse Between Any Given Pair Of Points, Understanding That Relative
positional Precision Is Based On The 95 Percent Confidence Level, Or Approximately 2 Standard
deviations.
ii. Any Boundary Lines And Corners Established Or Retraced May Have Uncertainties In Location
resulting From (1) The Availability, Condition, History And Integrity Of Reference Or Controlling
monuments, (2) Ambiguities In The Record Descriptions Or Plats Of The Surveyed Property Or Its
adjoiners, (3) Occupation Or Possession Lines As They May Differ From The Written Title Lines, Or
(4) Relative Positional Precision. Of These Four Sources Of Uncertainty, Only Relative
positional Precision Is Controllable, Although, Due To The Inherent Errors In Any Measurement,
it Cannot Be Eliminated. The Magnitude Of The First Three Uncertainties Can Be Projected Based
on Evidence; Relative Positional Precision Is Estimated Using Statistical Means (see Section
3.e.i. Above And Section 3.e.v. Below).
iii. The First Three Of These Sources Of Uncertainty Must Be Weighed As Part Of The Evidence In The
determination Of Where, In The Surveyor S Opinion, The Boundary Lines And Corners Of The
surveyed Property Should Be Located (see Section 3.d. Above). Relative Positional Precision
is A Measure Of How Precisely The Surveyor Is Able To Monument And Report Those Positions; It
is Not A Substitute For The Application Of Proper Boundary Law Principles. A Boundary Corner Or
line May Have A Small Relative Positional Precision Because The Survey Measurements Were
precise, Yet Still Be In The Wrong Position (i.e., Inaccurate) If It Was Established Or Retraced
using Faulty Or Improper Application Of Boundary Law Principles.
iv. For Any Measurement Technology Or Procedure Used On An Alta/nsps Land Title Survey,
the Surveyor Must (1) Use Appropriately Trained Personnel, (2) Compensate For Systematic
errors, Including Those Associated With Instrument Calibration, And (3) Use Appropriate Error
propagation And Measurement Design Theory (selecting The Proper Instruments, Geometric
layouts, And Field And Computational Procedures) To Control Random Errors Such That The
maximum Allowable Relative Positional Precision Outlined In Section 3.e.v. Below Is Not
exceeded.
v. The Maximum Allowable Relative Positional Precision For An Alta/nsps Land Title Survey Is
2 Cm (0.07 Feet) Plus 50 Parts Per Million (based On The Direct Distance Between The Two
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 3 Of 10
american Land Title Association And
national Society Of Professional Surveyors
corners Being Tested). It Is Recognized That In Certain Circumstances, The Size Or Configuration
of The Surveyed Property, Or The Relief, Vegetation, Or Improvements On The Surveyed Property,
will Result In Survey Measurements For Which The Maximum Allowable Relative Positional
precision May Be Exceeded In Which Case The Reason Shall Be Noted Pursuant To Section
6.b.x. Below.
4. Records Research - It Is Recognized That For The Performance Of An Alta/nsps Land Title
survey, The Surveyor Will Be Provided With Appropriate And, When Possible, Legible Data That Can
be Relied Upon In The Preparation Of The Survey. In Order To Complete An Alta/nsps Land Title
survey, The Surveyor Must Be Provided With The Following:
a. The Current Record Description Of The Real Property To Be Surveyed Or, In The Case Of An
original Survey Prepared For Purposes Of Locating And Describing Real Property That Has Not
been Previously Separately Described In Documents Conveying An Interest In The Real Property,
the Current Record Description Of The Parent Parcel That Contains The Property To Be Surveyed;
b. Complete Copies Of The Most Recent Title Commitment Or, If A Title Commitment Is Not Available,
other Title Evidence Satisfactory To The Title Insurer;
c. The Following Documents From Records Established Under State Statutes For The Purpose Of
imparting Constructive Notice Of Matters Relating To Real Property (public Records):
i. The Current Record Descriptions Of Any Adjoiners To The Property To Be Surveyed, Except
where Such Adjoiners Are Lots In Platted, Recorded Subdivisions;
ii. Any Recorded Easements Benefitting The Property To Be Surveyed; And
iii. Any Recorded Easements, Servitudes, Or Covenants Burdening The Property To Be
surveyed; And
d. If Desired By The Client, Any Unrecorded Documents Affecting The Property To Be Surveyed And
containing Information To Which The Survey Shall Make Reference.
except, However, If The Documents Outlined In This Section Are Not Provided To The Surveyor Or If Non-public
or Quasi-public Documents Are Otherwise Required To Complete The Survey, The Surveyor Must Conduct That
research Which Is Required Pursuant To The Statutory Or Administrative Requirements Of The Jurisdiction
where The Surveyed Property Is Located And That Research (if Any) Which Is Negotiated And Outlined In The
terms Of The Contract Between The Surveyor And The Client.
5. Fieldwork - The Survey Must Be Performed On The Ground (except As May Be Otherwise
negotiated Pursuant To Table A, Item 15 Below). Except As Related To The Precision Of The Boundary, Which
is Addressed In Section 3.e. Above, Features Located During The Fieldwork Shall Be Located To What Is, In The
surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The
surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) The Existing
use, If The Planned Use Is Not So Reported. The Fieldwork Shall Include The Following:
a. Monuments
i. The Location, Size, Character, And Type Of Any Monuments Found During The Fieldwork.
ii. The Location, Size, Character, And Type Of Any Monuments Set During The Fieldwork, If Item 1 Of
table A Was Selected Or If Otherwise Required By Applicable Jurisdictional Requirements And/or
standards Of Practice.
iii. The Location, Description, And Character Of Any Lines That Control The Boundaries Of The
surveyed Property.
b. Rights Of Way And Access
i. The Distance From The Appropriate Corner Or Corners Of The Surveyed Property To The Nearest
right Of Way Line, If The Surveyed Property Does Not Abut A Right Of Way.
ii. The Name Of Any Street, Highway, Or Other Public Or Private Way Abutting The Surveyed
property, Together With The Width Of The Travelled Way And The Location Of Each Edge Of The
travelled Way Including On Divided Streets And Highways. If The Documents Provided To Or
obtained By The Surveyor Pursuant To Section 4 Indicate No Access From The Surveyed
property To The Abutting Street Or Highway, The Width And Location Of The Travelled Way Need
not Be Located.
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 4 Of 10
american Land Title Association And
national Society Of Professional Surveyors
iii. Visible Evidence Of Physical Access (e.g., Curb Cuts, Driveways) To Any Abutting Streets,
highways, Or Other Public Or Private Ways.
iv. The Location And Character Of Vehicular, Pedestrian, Or Other Forms Of Access By Other Than
the Apparent Occupants Of The Surveyed Property To Or Across The Surveyed Property Observed
in The Process Of Conducting The Fieldwork (e.g., Driveways, Alleys, Private Roads, Railroads,
railroad Sidings And Spurs, Sidewalks, Footpaths).
v. Without Expressing A Legal Opinion As To Ownership Or Nature, The Location And Extent Of Any
potentially Encroaching Driveways, Alleys, And Other Ways Of Access From Adjoining Properties
onto The Surveyed Property Observed In The Process Of Conducting The Fieldwork.
vi. Where Documentation Of The Location Of Any Street, Road, Or Highway Right Of Way Abutting, On,
or Crossing The Surveyed Property Was Not Disclosed In Documents Provided To Or Obtained By
the Surveyor, Or Was Not Otherwise Available From The Controlling Jurisdiction (see Section
6.c.iv. Below), The Evidence And Location Of Parcel Corners On The Same Side Of The Street As
the Surveyed Property Recovered In The Process Of Conducting The Fieldwork Which May
indicate The Location Of Such Right Of Way Lines (e.g., Lines Of Occupation, Survey Monuments).
vii. Evidence Of Access To And From Waters Adjoining The Surveyed Property Observed In The
process Of Conducting The Fieldwork (e.g., Paths, Boat Slips, Launches, Piers, Docks).
c. Lines Of Possession And Improvements Along The Boundaries
i. The Character And Location Of Evidence Of Possession Or Occupation Along The Perimeter Of
the Surveyed Property, Both By The Occupants Of The Surveyed Property And By Adjoiners,
observed In The Process Of Conducting The Fieldwork.
ii. Unless Physical Access Is Restricted, The Character And Location Of All Walls, Buildings, Fences,
and Other Improvements Within Five Feet Of Each Side Of The Boundary Lines Observed In The
process Of Conducting The Fieldwork (see Section 5.e.iv. Regarding Utility Poles). Trees,
bushes, Shrubs, And Other Vegetation Need Not Be Located Other Than As Specified In The
contract, Unless They Are Deemed By The Surveyor To Be Evidence Of Possession Or Occupation
pursuant To Section 5.c.i.
iii. Without Expressing A Legal Opinion As To The Ownership Or Nature Of The Potential
encroachment, The Evidence, Location, And Extent Of Potentially Encroaching Structural
appurtenances And Projections Observed In The Process Of Conducting The Fieldwork (e.g., Fire
escapes, Bay Windows, Windows And Doors That Open Out, Flue Pipes, Stoops, Eaves, Cornices,
areaways, Steps, Trim) By Or Onto Adjoining Property, Or Onto Rights Of Way, Easements, Or
setback Lines Disclosed In Documents Provided To Or Obtained By The Surveyor.
d. Buildings
the Location Of Buildings On The Surveyed Property Observed In The Process Of Conducting The
fieldwork.
e. Easements And Servitudes
i. Evidence Of Any Easements Or Servitudes Burdening The Surveyed Property As Disclosed In
the Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 And Observed In
the Process Of Conducting The Fieldwork.
ii. Evidence Of Easements, Servitudes, Or Other Uses By Other Than The Apparent Occupants Of
the Surveyed Property Not Disclosed In The Documents Provided To Or Obtained By The Surveyor
pursuant To Section 4, But Observed In The Process Of Conducting The Fieldwork If They Are On
or Across The Surveyed Property (e.g., Roads, Drives, Sidewalks, Paths And Other Ways Of
access, Utility Service Lines, Utility Locate Markings (including The Source Of The Markings, With
a Note If Unknown), Water Courses, Ditches, Drains, Telephone Lines, Fiber Optic Lines, Electric
lines, Water Lines, Sewer Lines, Oil Pipelines, Gas Pipelines).
iii. Surface Indications Of Underground Easements Or Servitudes On Or Across The Surveyed
property Observed In The Process Of Conducting The Fieldwork (e.g., Utility Cuts, Vent Pipes,
filler Pipes, Utility Locate Markings (including The Source Of The Markings, With A Note If
unknown)).
iv. Evidence On Or Above The Surface Of The Surveyed Property Observed In The Process Of
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 5 Of 10
american Land Title Association And
national Society Of Professional Surveyors
conducting The Fieldwork, Which Evidence May Indicate Utilities Located On, Over, Or Beneath
the Surveyed Property. Examples Of Such Evidence Include Pipeline Markers, Utility Locate
markings (including The Source Of The Markings, With A Note If Unknown), Manholes, Valves,
meters, Transformers, Pedestals, Clean-outs, Overhead Lines, Guy Wires, And Utility Poles On Or
within Ten Feet Of The Surveyed Property. Without Expressing A Legal Opinion As To The
ownership Or Nature Of The Potential Encroachment, The Extent Of All Encroaching Utility Pole
crossmembers Or Overhangs.
f. Cemeteries
as Accurately As The Evidence Permits, The Perimeter Of Cemeteries And Burial Grounds, And The
location Of Isolated Gravesites Not Within A Cemetery Or Burial Ground, (i) Disclosed In The
documents Provided To Or Obtained By The Surveyor, Or (ii) Observed In The Process Of Conducting
the Fieldwork.
g. Water Features
i. The Location Of Springs, Ponds, Lakes, Streams, Rivers, Canals, Ditches, Marshes, And Swamps
on, Running Through, Or Outside, But Within Five Feet Of, The Perimeter Boundary Of The Surveyed
property And Observed During The Process Of Conducting The Fieldwork.
ii. The Location Of Any Water Feature Forming A Boundary Of The Surveyed Property. The
attribute(s) Of The Water Feature Located (e.g., Top Of Bank, Edge Of Water, High Water Mark)
should Be Congruent With The Boundary As Described In The Record Description Or, In The Case
of An Original Survey, In The New Description (see Section 6.b.vi. Below).
6. Plat Or Map - A Plat Or Map Of An Alta/nsps Land Title Survey Shall Show The Following
information. Where Dimensioning Is Appropriate, Dimensions Shall Be Annotated To What Is, In The
surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The
surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) Existing Use,
if The Planned Use Is Not So Reported.
a. Field Locations. The Evidence And Locations Gathered, And The Monuments And Lines Located
during The Fieldwork Pursuant To Section 5 Above, With Accompanying Notes If Deemed Necessary
by The Surveyor Or As Otherwise Required As Specified Below.
b. Boundary, Descriptions, Dimensions, And Closures
i. (a) The Current Record Description Of The Surveyed Property, Or
(b) In The Case Of An Original Survey, The Current Record Document Number Of The Parent Tract
that Contains The Surveyed Property.
ii. Any New Description Of The Surveyed Property That Was Prepared In Conjunction With The
survey, Including A Statement Explaining Why The New Description Was Prepared. Except In The
case Of An Original Survey, Preparation Of A New Description Should Be Avoided Unless
deemed Necessary Or Appropriate By The Surveyor And Insurer. Preparation Of A New
description Should Also Generally Be Avoided When The Record Description Is A Lot Or Block In A
platted, Recorded Subdivision. Except In The Case Of An Original Survey, If A New Description Is
prepared, A Note Must Be Provided Stating (a) That The New Description Describes The Same
real Estate As The Record Description Or, (b) If It Does Not, How The New Description Differs From
the Record Description.
iii. The Point Of Beginning, The Remote Point Of Beginning Or Point Of Commencement (if
applicable) And All Distances And Directions Identified In The Record Description Of The
surveyed Property (and In The New Description, If One Was Prepared). Where A Measured Or
calculated Dimension Differs From The Record By An Amount Deemed Significant By The
surveyor, Such Dimension Must Be Shown In Addition To, And Differentiated From, The
corresponding Record Dimension. All Dimensions Shown On The Survey And Contained In Any
new Description Must Be Horizontal Ground Dimensions Unless Otherwise Noted.
iv. The Direction, Distance, And Curve Data Necessary To Compute A Mathematical Closure Of The
surveyed Boundary. A Note If The Record Description Does Not Mathematically Close. The Basis
of Bearings And, Where It Differs From The Record Basis, The Difference.
v. The Remainder Of Any Recorded Lot Or Existing Parcel, When The Surveyed Property Is
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 6 Of 10
american Land Title Association And
national Society Of Professional Surveyors
composed Of Only A Portion Of Such Lot Or Parcel, Shall Be Graphically Depicted. Such
remainder Need Not Be Included As Part Of The Actual Survey, Except To The Extent Necessary
to Locate The Lines And Corners Of The Surveyed Property, And It Need Not Be Fully Dimensioned
or Drawn At The Same Scale As The Surveyed Property.
vi. When The Surveyed Property Includes A Title Line Defined By A Water Boundary, A Note On The
face Of The Plat Or Map Noting The Date The Boundary Was Measured, Which Attribute(s) Of The
water Feature Was/were Located, And The Caveat That The Boundary Is Subject To Change Due To
natural Causes And That It May Or May Not Represent The Actual Location Of The Limit Of Title.
when The Surveyor Is Aware Of Natural Or Artificial Realignments Or Changes In Such
boundaries, The Extent Of Those Changes And Facts Shall Be Shown Or Explained.
vii. The Relationship Of The Boundaries Of The Surveyed Property To Its Adjoiners (e.g., Contiguity,
gaps, Overlaps) Where Ascertainable From Documents Provided To Or Obtained By The Surveyor
pursuant To Section 4 And/or From Field Evidence Gathered During The Process Of Conducting
the Fieldwork. If The Surveyed Property Is Composed Of Multiple Parcels, The Extent Of Any Gaps
or Overlaps Between Those Parcels Must Be Identified. Where Gaps Or Overlaps Are Identified,
the Surveyor Must, Prior To Or Upon Delivery Of The Final Plat Or Map, Disclose This To The Insurer
and Client.
viii. When, In The Opinion Of The Surveyor, The Results Of The Survey Differ Significantly From The
record, Or If A Fundamental Decision Related To The Boundary Resolution Is Not Clearly Reflected
on The Plat Or Map, The Surveyor Must Explain This Information With Notes On The Face Of The
plat Or Map.
ix. The Location Of Buildings On The Surveyed Property Dimensioned Perpendicular To Those
perimeter Boundary Lines That The Surveyor Deems Appropriate (i.e., Where Potentially
impacted By A Setback Line) And/or As Requested By The Client, Lender Or Insurer.
x. A Note On The Face Of The Plat Or Map Explaining The Site Conditions That Resulted In A Relative
positional Precision That Exceeds The Maximum Allowed Pursuant To Section 3.e.v.
xi. A Note On The Face Of The Plat Or Map Identifying Areas, If Any, On The Boundaries Of The
surveyed Property, To Which Physical Access Within Five Feet Was Restricted (see Section
5.c.ii.).
xii. A Note On The Face Of The Plat Or Map Identifying The Source Of The Title Commitment Or Other
title Evidence Provided Pursuant To Section 4, And The Effective Date And The Name Of The
insurer Of Same.
c. Easements, Servitudes, Rights Of Way, Access, And Documents
i. The Location, Width, And Recording Information Of All Plottable Rights Of Way, Easements, And
servitudes Burdening And Benefitting The Surveyed Property, As Evidenced By Documents
provided To Or Obtained By The Surveyor Pursuant To Section 4.
ii. A Summary Of All Rights Of Way, Easements, And Other Survey-related Matters Burdening The
surveyed Property And Identified In The Title Evidence Provided To Or Obtained By The Surveyor
pursuant To Section 4. Such Summary Must Include The Record Information Of Each Such Right
of Way, Easement, Or Other Survey-related Matter, A Statement Indicating Whether It Lies Within
or Crosses The Surveyed Property, And A Related Note If:
(a) Its Location Is Shown;
(b) Its Location Cannot Be Determined From The Record Document;
(c) There Was No Observed Evidence At The Time Of The Fieldwork;
(d) It Is A Blanket Easement;
(e) It Is Not On, Does Not Touch, And/or Based On The Description Contained In The Record
document Does Not Affect, The Surveyed Property;
(f) It Limits Access To An Otherwise Abutting Right Of Way;
(g) The Documents Are Illegible; Or
(h) The Surveyor Has Information Indicating That It May Have Been Released Or Otherwise
terminated.
in Cases Where The Surveyed Property Is Composed Of Multiple Parcels, Indicate Which Of Such
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 7 Of 10
american Land Title Association And
national Society Of Professional Surveyors
parcels The Various Rights Of Way, Easements, And Other Survey-related Matters Cross Or
touch.
iii. A Note If No Physical Access To An Abutting Street, Highway, Or Other Public Or Private Way Was
observed In The Process Of Conducting The Fieldwork.
iv. The Locations And Widths Of Rights Of Way Abutting Or Crossing The Surveyed Property And The
source Of Such Information (a) Where Available From The Controlling Jurisdiction, Or (b) Where
disclosed In Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4.
v. The Identifying Titles Of All Recorded Plats, Filed Maps, Right Of Way Maps, Or Similar Documents
that The Survey Represents, Wholly Or In Part, With Their Recording Or Filing Data.
vi. For Non-platted Adjoining Land, Recording Data And, Where Available, Tax Parcel Number,
identifying Adjoining Tracts According To Current Public Records. For Platted Adjoining Land, The
recording Data Of The Subdivision Plat.
vii. Platted Setback Or Building Restriction Lines That Appear On Recorded Subdivision Plats Or That
were Disclosed In Documents Provided To, Or Obtained By, The Surveyor.
viii. If In The Process Of Preparing The Survey The Surveyor Becomes Aware Of A Recorded
easement Not Otherwise Listed In The Title Evidence Provided, The Surveyor Must Advise The
insurer Prior To Delivery Of The Plat Or Map And, Unless The Insurer Provides Evidence Of A
release Of That Easement, Show Or Otherwise Explain It On The Face Of The Plat Or Map, With A
note That The Insurer Has Been Advised.
d. Presentation
i. The Plat Or Map Must Be Drawn On A Sheet Of Not Less Than 8 ½ By 11 Inches In Size At A
legible, Standard Engineering Scale, With That Scale Clearly Indicated In Words Or Numbers And
with A Graphic Scale.
ii. The Plat Or Map Must Include:
(a) The Boundary Of The Surveyed Property Drawn In A Manner That Distinguishes It From Other
lines On The Plat Or Map.
(b) If No Buildings Were Observed On The Surveyed Property In The Process Of Conducting The
fieldwork, A Note Stating No Buildings Observed.
(c) A North Arrow (with North To The Top Of The Drawing When Practicable).
(d) A Legend Of Symbols And Abbreviations.
(e) A Vicinity Map Showing The Surveyed Property In Reference To Nearby Highway(s) Or Major
street Intersection(s).
(f) Supplementary Or Detail Diagrams When Necessary.
(g) Notes Explaining Any Modifications To Table A Items And The Nature Of Any Additional
table A Items (e.g., 20(a), 20(b), 20(c)) That Were Negotiated Between The Surveyor And
client.
(h) The Surveyor S Project Number (if Any), And The Name, Registration Or License Number,
signature, Seal, Street Address, Telephone Number, Company Website, And Email Address
(if Any) Of The Surveyor Who Performed The Survey.
(i) The Date(s) Of Any Revisions Made By The Surveyor Who Performed The Survey.
(j) Sheet Numbers Where The Plat Or Map Is Composed Of More Than One Sheet.
(k) The Caption Alta/nsps Land Title Survey.
iii. When Recordation Or Filing Of A Plat Or Map Is Required By State Statutes Or Local Ordinances,
such Plat Or Map Shall Be Produced In The Required Form.
7. Certification - The Plat Or Map Of An Alta/nsps Land Title Survey Must Bear Only The Following
unaltered Certification Except As May Be Required Pursuant To Section 3.b. Above:
to (name Of Insured, If Known), (name Of Lender, If Known), (name Of Insurer, If Known), (names Of
others As Negotiated With The Client):
this Is To Certify That This Map Or Plat And The Survey On Which It Is Based Were Made In
accordance With The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 8 Of 10
american Land Title Association And
national Society Of Professional Surveyors
surveys, Jointly Established And Adopted By Alta And Nsps, And Includes Items ___________
of Table A Thereof. The Fieldwork Was Completed On ___________ [date].
date Of Plat Or Map: ___________ (surveyor S Signature, Printed Name And Seal With
registration/license Number)
8. Deliverables - The Surveyor Shall Furnish Copies Of The Plat Or Map Of Survey To The Insurer And
client And As Otherwise Negotiated With The Client. Hard Copies Shall Be On Durable And Dimensionally
stable Material Of A Quality Standard Acceptable To The Insurer. A Digital Image Of The Plat Or Map May Be
provided In Addition To, Or In Lieu Of, Hard Copies Pursuant To The Terms Of The Contract. If The Surveyor Is
required To Record Or File A Plat Or Map Pursuant To State Statute Or Local Ordinance It Shall Be So Recorded
or Filed.
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 9 Of 10
american Land Title Association And
national Society Of Professional Surveyors
table A
optional Survey Responsibilities And Specifications
note: Whether Any Of The Nineteen (19) Items Of Table A Are To Be Selected, And The Exact Wording Of
and Fee For Any Selected Item, May Be Negotiated Between The Surveyor And Client. Any Additional Items
negotiated Between The Surveyor And Client Must Be Identified As 20(a), 20(b), Etc. Any Additional Items
negotiated Between The Surveyor And Client, And Any Negotiated Changes To The Wording Of A Table A
item, Must Be Explained Pursuant To Section 6.d.ii.(g). Notwithstanding Table A Items 5 And 11, If An
engineering Design Survey Is Desired As Part Of An Alta/nsps Land Title Survey, Such Services Should
be Negotiated Under Table A, Item 20.
if Checked, The Following Optional Items Are To Be Included In The Alta/nsps Land Title Survey,
except As Otherwise Qualified (see Note Above):
1. ___x__ Monuments Placed (or A Reference Monument Or Witness To The Corner) At All Major
corners Of The Boundary Of The Surveyed Property, Unless Already Marked Or Referenced By Existing
monuments Or Witnesses In Close Proximity To The Corner.
2. _____ Address(es) Of The Surveyed Property If Disclosed In Documents Provided To Or Obtained
by The Surveyor, Or Observed While Conducting The Fieldwork.
3. _____ Flood Zone Classification (with Proper Annotation Based On Federal Flood Insurance Rate
maps Or The State Or Local Equivalent) Depicted By Scaled Map Location And Graphic Plotting Only.
4. __ X __ Gross Land Area (and Other Areas If Specified By The Client).
5. __#5__ Vertical Relief With The Source Of Information (e.g., Ground Survey, Aerial Map), Contour
interval, Datum, With Originating Benchmark, When Appropriate.
6. _____ (a) If The Current Zoning Classification, Setback Requirements, The Height And Floor Space
area Restrictions, And Parking Requirements Specific To The Surveyed Property Are Set Forth In A Zoning
report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, List The
above Items On The Plat Or Map And Identify The Date And Source Of The Report Or Letter.
_____ (b) If The Zoning Setback Requirements Specific To The Surveyed Property Are Set Forth In A
zoning Report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative,
and If Those Requirements Do Not Require An Interpretation By The Surveyor, Graphically Depict Those
requirements On The Plat Or Map And Identify The Date And Source Of The Report Or Letter.
7. __ X __ (a) Exterior Dimensions Of All Buildings At Ground Level.
(b) Square Footage Of:
__ X __ (1) Exterior Footprint Of All Buildings At Ground Level.
_____ (2) Other Areas As Specified By The Client.
_____ (c) Measured Height Of All Buildings Above Grade At A Location Specified By The Client. If No
location Is Specified, The Point Of Measurement Shall Be Identified.
8. _____ Substantial Features Observed In The Process Of Conducting The Fieldwork (in Addition To
the Improvements And Features Required Pursuant To Section 5 Above) (e.g., Parking Lots, Billboards,
signs, Swimming Pools, Landscaped Areas, Substantial Areas Of Refuse).
9. _____ Number And Type (e.g., Disabled, Motorcycle, Regular, And Other Marked Specialized
types) Of Clearly Identifiable Parking Spaces On Surface Parking Areas, Lots, And In Parking Structures.
striping Of Clearly Identifiable Parking Spaces On Surface Parking Areas And Lots.
american Land Title Associationâ® (alta) Minimum Standard Detail Requirements
national Society Of Professional Surveyors (nsps) For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved. Page 10 Of 10
american Land Title Association And
national Society Of Professional Surveyors
10. _____ As Designated By The Client, A Determination Of The Relationship And Location Of Certain
division Or Party Walls With Respect To Adjoining Properties.
11. Evidence Of Underground Utilities Existing On Or Serving The Surveyed Property (in Addition To The
observed Evidence Of Utilities Required Pursuant To Section 5.e.iv.) As Determined By:
_____ (a) Plans And/or Reports Provided By Client (with Reference As To The Sources Of Information)
_____ (b) Markings Coordinated By The Surveyor Pursuant To A Private Utility Locate Request.
note To The Client, Insurer, And Lender With Regard To Table A, Item 11, Information From The Sources
checked Above Will Be Combined With Observed Evidence Of Utilities Pursuant To Section 5.e.iv. To
develop A View Of The Underground Utilities. However, Lacking Excavation, The Exact Location Of
underground Features Cannot Be Accurately, Completely, And Reliably Depicted. In Addition, In Some
jurisdictions, 811 Or Other Similar Utility Locate Requests From Surveyors May Be Ignored Or Result In An
incomplete Response, In Which Case The Surveyor Shall Note On The Plat Or Map How This Affected The
surveyor S Assessment Of The Location Of The Utilities. Where Additional Or More Detailed Information Is
required, The Client Is Advised That Excavation May Be Necessary.
12. __ X __ As Specified By The Client, Governmental Agency Survey-related Requirements (e.g., Hud
surveys, Surveys For Leases On Bureau Of Land Management Managed Lands). The Relevant Survey
requirements Are To Be Provided By The Client Or Client S Designated Representative.
13. _____ Names Of Adjoining Owners According To Current Tax Records. If More Than One Owner,
identify The First Owner S Name Listed In The Tax Records Followed By Et Al.
14. _____ As Specified By The Client, Distance To The Nearest Intersecting Street.
15. _#5__ Rectified Orthophotography, Photogrammetric Mapping, Remote Sensing, Airborne/mobile
laser Scanning And Other Similar Products, Tools Or Technologies As The Basis For Showing The Location Of
certain Features (excluding Boundaries) Where Ground Measurements Are Not Otherwise Necessary To
locate Those Features To An Appropriate And Acceptable Accuracy Relative To A Nearby Boundary. The
surveyor Must (a) Discuss The Ramifications Of Such Methodologies (e.g., The Potential Precision And
completeness Of The Data Gathered Thereby) With The Insurer, Lender, And Client Prior To The Performance
of The Survey, And (b) Place A Note On The Face Of The Survey Explaining The Source, Date, Precision, And
other Relevant Qualifications Of Any Such Data.
16. _____ Evidence Of Recent Earth Moving Work, Building Construction, Or Building Additions
observed In The Process Of Conducting The Fieldwork.
17. _____ Proposed Changes In Street Right Of Way Lines, If Such Information Is Made Available To The
surveyor By The Controlling Jurisdiction. Evidence Of Recent Street Or Sidewalk Construction Or Repairs
observed In The Process Of Conducting The Fieldwork.
18. __x__ Pursuant To Sections 5 And 6 (and Applicable Selected Table A Items, Excluding Table A
item 1), Include As Part Of The Survey Any Plottable Offsite (i.e., Appurtenant) Easements Disclosed In
documents Provided To Or Obtained By The Surveyor.
19. _____ Professional Liability Insurance Policy Obtained By The Surveyor In The Minimum Amount Of
$____________ To Be In Effect Throughout The Contract Term. Certificate Of Insurance To Be Furnished
upon Request, But This Item Shall Not Be Addressed On The Face Of The Plat Or Map.
20. _____ ___________________________________________________________________
adopted By The American Land Title Association On October 1, 2020. More At: Www.alta.org.
adopted By The National Society Of Professional Surveyors On October 30, 2020. More At: Www.nsps.us.com.
11/16/2023
attachment 2 - Example Survey Marker
2.5 Minimum Diameter
bronze
mountable On New Precast Monument, Existing Concrete Or Rebar Pin
Closing Date17 Jul 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
United States
Details: 1/24/2024
combined Synopsis Solicitation Northampton Vamc Boundary Survey
(i) This Is A Combined Synopsis/solicitation For Commercial Items Prepared In Accordance With The Format In Subpart 12.6, As Supplemented With Additional Information Included In This Notice. This Announcement Constitutes The Only Solicitation; Proposals Are Being Requested And A Written Solicitation Will Not Be Issued.
(ii) The Solicitation Number Is 36c24124q0795 And The Solicitation Is Issued As A Request For Quotation (rfq).
(iii) A Statement That The Solicitation Document And Incorporated Provisions And Clauses Are Those In Effect Through Federal Acquisition Circular 2023-01.
(iv) This Requirement Is Being Issued As An Open Market, Sdvosb Set-aside. The Associated Naics 541330 And Small Business Size Standard Is $25.5 Million.
(v) The Government Intends To Award A Firm-fixed Price Award To Perform A Boundary Survey At The Northampton Vamc. Please See The Attached Performance Work Statement For Full Requirement Details. Please Complete The Price Schedule Below And Submit With The Quote Submission.
(vi) The Contractor Shall Provide All Resources Necessary To Perform The Boundary Survey Iaw The Attached (performance Work Statement). Please See The Attached Pws For Full Requirement Details.
(vii) The Place Of Performance Is Northampton, Massachusetts As Described Per The (performance Work Statement).
(viii) Provision At 52.212-1, Instructions To Offerors -- Commercial, Applies To This Acquisition In Addition To The Following Addenda S To The Provision: 52.252-1 Solicitation Provisions Incorporated By Reference (feb 1998); 52.204-7 System For Award Management (oct 2018); 52.204-16 Commercial And Government Entity Code Reporting (jul 2016); 52.217-5 Evaluation Of Options (jul 1990); 852.252-70 Solicitation Provisions Or Clauses Incorporated By Reference (jan 2008)
(ix) Provision At 52.212-2, Evaluation -- Commercial Items, Applies To This Requirement.
submission Of Quotes:
(1) Quotes Shall Be Received On Or Before The Date And Time Specified In Section (xv) Of This Solicitation. Note: Offers Received After The Due Date And Time Shall Not Be Considered.
(2) Offerors Shall Submit Their Quotes Electronically Via Email To Carissa.sarazin@va.gov.
(3) Quote Format: The Submission Should Be Clearly Indexed And Logically Assembled In Order Of The Evaluation Criteria Below. All Pages Of The Quote Shall Be Appropriately Numbered And Identified By The Complete Company Name, Date And Solicitation Number In The Header And/or Footer.
evaluation Process:
award Shall Be Made To The Best Value, As Determined To Be The Most Beneficial To The Government. Please Read Each Section Below Carefully For The Submittals And Information Required As Part Of The Evaluation. Failure To Provide The Requested Information Below Shall Be Considered Non-compliant And Your Quote Could Be Removed From The Evaluation Process.
offeror Quotes Shall Be Evaluated Under Far Part 13.106-2(b) -- Evaluation Of Quotations Or Offers. Therefore, The Government Is Not Obligated To Determine A Competitive Range, Conduct Discussions With All Contractors, Solicit Final Revised Quotes, And Use Other Techniques Associated With Far Part 15.
the Government Shall Award A Contract Resulting From This Solicitation To The Responsible Offeror Whose Offer Conforming To The Solicitation Shall Be Most Advantageous To The Government, Price And Other Factors Considered. The Following Factors Shall Be Used To Evaluate Offers:â
price (follow These Instructions):
offeror Shall Complete Attachment 1 - Price Schedule, With Offerors Proposed Contract Line Item Prices Inserted In Appropriate Spaces.â
past Performance:
offeror Shall Utilize Attachment 2 Past Performance Worksheet To Provide At Least One (1) But No More Than (3) References Of Work, Similar In Scope And Size With The Requirement Detailed In The (performance Work Statement). References May Be Checked By The Contracting Officer To Ensure Your Company Is Capable Of Performing The Statement Of Work.â The Government Also Reserves The Right To Obtain Information For Use In The Evaluation Of Past Performance From Any And All Sources.
questions:
questions Shall Be Submitted To The Contracting Officer In Writing Via E-mail. Oral Questions Are Not Acceptable Due To The Possibility Of Misunderstanding Or Misinterpretation. The Cut-off Date And Time For Receipt Of Questions Is 05-aug- 2024 By 4:00 Pm Est. Questions Received After This Date And Time May Not Be Answered. Questions Shall Be Answered In A Formal Amendment To The Solicitation So All Interested Parties Can See The Answers.
technical: The Offeror S Quote Shall Be Evaluated To Determine If The Organization Has The Experience And Capabilities To Provide The Requested Services Iaw The (performance Work Statement) In A Timely Efficient Manner.â
contractor Shall Demonstrate Their Corporate Experience And Approach To Meet All Requirements Stated In The (performance Work Statement).
contractor Shall Demonstrate That Their Technicians Meet The Qualification Standards Stated In The (performance Work Statement).
if You Are Planning To Sub-contract Some Or All Of This Work, Please Provide The Name And Address(s) Of All Subcontractor(s) (if Applicable) And A Description Of Their Planned Subcontracting Effort.
sam: Interested Parties Shall Be Registered In System For Award Management (sam) As Prescribed In Far Clause 52.232-33. Sam Information Can Be Obtained By Accessing The Internet At Www.sam.gov Or By Calling 1-866-606-8220. Interested Parties Not Registered In Sam In Sufficient Time To Meet The Va S Requirement Will Be Ineligible To Receive A Government Contract. This Determination Will Be At The Discretion Of The Contracting Officer.
vista: The Va Utilizes Vista To Issue A Purchase Order And Liquidate Invoices. Failure To Register In Vista May Result In Exclusion From The Issuance Of A Va Contract. This Determination Will Be At The Discretion Of The Contracting Officer. Interested Parties With No Prior Va Contracts Can Request A Form 10091 At Any Time.
(x) Please Include A Completed Copy Of The Provision At 52.212-3, Offeror Representations And Certifications -- Commercial Items, With Your Offer Via The Sam.gov Website Or A Written Copy.
(xi) Clause 52.212-4, Contract Terms And Conditions -- Commercial Items (oct 2018), Applies To This Acquisition In Addition To The Following Addenda S To The Clause: 52.204-16 Commercial And Government Entity Code Maintenance (jul 2016); 52.219-6 Notice Of Total Small Business Set-aside; 52.232-40 Providing Accelerated Payments To Small Business Subcontractors (dec 2013); 852.203-70 Commercial Advertising (may 2008); 852.232-72 Electronic Submission Of Payment Requests (nov 2018)
subcontracting Commitments - Monitoring And Compliance
this Solicitation Includes Vaar 852.215-70, Service-disabled Veteran-owned And Veteran-owned Small Business Evaluation Factors, And Vaar 852.215-71, Evaluation Factor Commitments. Accordingly, Any Contract Resulting From This Solicitation Will Include These Clauses. The Contractor Is Advised In Performing Contract Administration Functions, The Co May Use The Services Of A Support Contractor(s) To Assist In Assessing Contractor Compliance With The Subcontracting Commitments Incorporated Into The Information Protection And Non-disclosure And Disclosure Of Conflicts Of Interest Agreement To Ensure The Contractor's Business Records Or Other Proprietary Data Reviewed Or Obtained In The Course Of Assisting The Co In Assessing The Contractor For Compliance Are Protected To Ensure Information Or Data Is Not Improperly Disclosed Or Other Impropriety Occurs. Furthermore, If Va Determines Any Services The Support Contractor(s) Will Perform In Assessing Compliance Are Advisory And Assistance Services As Defined In Far 2.101, Definitions, The Support Contractor(s) Must Also Enter Into An Agreement With The Contractor To Protect Proprietary Information As Required By Far 9.505-4, Obtaining Access To Proprietary Information, Paragraph (b). The Contractor Is Required To Cooperate Fully And Make Available Any Records As May Be Required To Enable The Co To Assess The Contractor Compliance With The Subcontracting Commitments.
(xii) Clause At 52.212-5, Contract Terms And Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items, Applies To This Acquisition And In Addition To The Following Far Clauses Cited, Which Are Also Applicable To The Acquisition: 52.204-10, 52.209-6, 52.219-6, 52.219-28, 52.222-3, 52.222-21, 52.222-26, 52.222-36, 52.222-50, 52.223-18, 52.232-33, 52.222-41, 52.222-43 (wage Determination Applicable (manchester 2015-4019 Rev 23 Posted On Beta.sam.gov)
(xiii) All Contract Requirement(s) And/or Terms And Conditions Are Stated Above.
(xiv) The Defense Priorities And Allocations System (dpas) And Assigned Rating Are Not Applicable To This Requirement.
(xv) Rfq Responses Are Due 12-aug- 2024 By 4:00 Pm Est. Rfq Responses Must Be Submitted Via Email To: Carissa.sarazin@va.gov. Hand Deliveries Shall Not Be Accepted.
(xvi) The Poc Of This Solicitation Is Carissa.sarazin@va.gov)
attachment 1
price Schedule
item Number
description Of Supplies/services
quantity
unit
unit Price
amount
0001
0002
0003
0004
alta/nsps Land Title Survey
install Survey Control Monument
install Survey Control Disk
topographic Survey
1.00
15.00
10.00
1
jb
ea
ea
jb
__________________
__________________
__________________
__________________
__________________
__________________
__________________
__________________
grand Total
__________________
attachment 2
past Performance Worksheet
1. Name Of Contracting Activity, Government Agency, Commercial Firm Or Other Organization:
2. Contracting Activity Address:
3. Contract Number:
4. Date Of Contract Award:
5. Beginning Date Of Contract:
6. Completion Date Of Contract:
7. Contract Value:
8. Type Of Contract:
9a. Technical Point Of Contact:
9b. Contracting Point Of Contact:
name:
name:
title:
title:
address:
address:
telephone:
telephone:
email:
email:
10. Place Of Performance:
11. Description Of Work (use A Continuation Sheet If Necessary):
12. List Any Commendations Or Awards Received:
13. List Of Major Subcontractors:
statement Of Work
performance Work Statement Department Of Veterans Affairs (va) Medical Center, Leeds Ma
boundary Survey Of The Edward P. Boland Campus
general
the Va Central Western Mass. Edward P Boland Campus In Leeds, Ma Requires Survey Confirmation Of The Property Owned By The Va. The Original Tract Was Approximately 280 Acres And Is Now Approximately 105. The Va Has Records Of Agreements/conveyances That May Or May Not Have Occurred/been Recorded Over The And Is Looking For Confirmation Of The Property Owned By The Va Through A Alta/nsps Land Title Survey.
the Edward P. Boland Campus Also Has A Lot Of Construction Going On And Needs A Survey Control Network Installed To Standardized And Coordinate Construction And Records Throughout The Campus. A Traverse Through The Control Points Installed Is Required And Shall Be Submitted With The Control Point Coordinates. The Control Network Shall Use The Massachusetts State Plane Coordinate System.
place Of Performance:
421 N. Main St, Leeds Ma
project Scope Of Work
item 1 Conduct An Alta/nsps Land Title Survey 1 Lump Sum
see Attachment 1 Alta/nsps Land Title Survey Table A Alta Deliverables:
plat Hard Copy (min 24 X36 ) Plat Digital Copy
plat Does Not Have To Be Recorded.
provide Copies Of All Recorded Conveyances, Plats And Deeds For 1922 To Present.
item 2 Install Survey Control Monument 15 Each
furnish And Install Precast Concrete Monument 6 X6 X36 With 2.5 Minimum Bronze Marker.
markers Will Be Placed At Locations Agreed To With The Cor. Include Costs To Traverse And Balance The Control Point Network. See Attachment 2 - Example Marker.
item 3 Install Survey Control Disk 10 Each
furnish And Install A 2.5 Minimum Bronze Marker On Either A Rebar Base Or In Existing Concrete.
rebar Shall Be A Minimum Of 2 Long #5 Bar.
concrete Install Will Be Drilled And Grouted Into Existing Concrete. Include Costs To Traverse And Balance The Control Point Network. See Attachment 2 - Example Marker.
item 4 Topographic Survey Of Property 1 Lump Sum This Item Is An Add Alternate For Items 5 And 15 Of Alta/nsps Land Title Survey Table A. Perform A Topographic Survey Of The Property, Survey Drones Would Be Permitted For This Task.
the Performance Period For This Work Is 120 Days From Time Of Award, Unless Other Time Frames Are Approved In Writing By The Contracting Office With No Options To Renew.
services Will Be Performed During Business Hours 7:00am 4:30 Pm. If Work Needs To Be Done Off Hours, It Must Be Coordinated With The Cor.
there Will Be No Unscheduled Work During Federal Holidays.
vha Supplemental Contract Requirements For Combatting Covid-19
contractor Employees Who Work In Or Travel To Vha Locations Must Comply With The Following:
documentation Requirements:
if Fully Vaccinated, Contractors Shall Show Proof Of Vaccination.
note: Acceptable Proof Of Vaccination Includes A Signed Record Of Immunization From A Health Care Provider Or Pharmacy, A Copy Of The Covid-19 Vaccination Record Card (cdc Form Mls- 319813_r, Published On September 3, 2020), Or A Copy Of Medical Records Documenting The Vaccination.
if Unvaccinated, Contractors Shall Show Negative Covid-19 Test Results Dated Within Three Calendar Days Prior To Desired Entry Date. Test Must Be Approved By The Food And Drug Administration (fda) For Emergency Use Or Full Approval. This Includes Tests Available By A Doctor S Order Or An Fda Approved Over-the-counter Test That Includes An Affiliated Telehealth Service.
documentation Cited In This Section Shall Be Digitally Or Physically Maintained On Each Contractor Employee While In A Va Facility And Is Subject To Inspection Prior To Entry To Va Facilities And After Entry For Spot Inspections By Contracting Officer Representatives (cors) Or Other Hospital Personnel.
documentation Will Not Be Collected By The Va; Contractors Shall, At All Times, Adhere To And Ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And Personally Identifiable Information.
contractor Employees Are Subject To Daily Screening For Covid-19 And May Be Denied Entry To Va Facilities If They Fail To Pass Screening Protocols. As Part Of The Screening Process Contractors May Be Asked Screening Questions Found On The Covid-19 Screening Tool. Check Regularly For Updates.
contractor Employees Who Work Away From Va Locations, But Who Will Have Direct Contact With Va Patients Shall Self-screen Utilizing The Covid-19 Screening Tool, In Advance, Each Day That They Will Have Direct Patient Contact And In Accordance With Their Person Or Persons Who Coordinate Covid-19 Workplace Safety Efforts At Covered Contractor Workplaces. Contractors Shall, At All Times, Adhere To And Ensure Compliance With Federal Laws Designed To Protect Contractor Employee Health Information And Personally Identifiable Information.
contractor Must Immediately Notify Their Cor Or Contracting Officer If Contract Performance Is Jeopardized Due To Contractor Employees Being Denied Entry Into Va Facilities.
for Indefinite Delivery Contracts: Contractor Agrees To Comply With Vha Supplemental Contract Requirements For Any Task Or Delivery Orders Issued Prior To This Modification When Performance Has Already Commenced.
american Land Title Associationâ® (alta)
national Society Of Professional Surveyors (nsps)
minimum Standard Detail Requirements For Alta/nsps Land Title Surveys
copyright 2021. All Rights Reserved.
american Land Title Association And National Society Of Professional Surveyors
page 10 Of 10
minimum Standard Detail Requirements For Alta/nsps Land Title Surveys
(effective February 23, 2021)
purpose - Members Of The American Land Title Associationâ® (alta) Have Specific Needs, Unique To Title Insurance Matters, When Asked To Insure Title To Land Without Exception As To The Many Matters Which Might Be Discoverable From Survey And Inspection, And Which Are Not Evidenced By The Public Records.
for A Survey Of Real Property, And The Plat, Map Or Record Of Such Survey, To Be Acceptable To A Title Insurance Company For The Purpose Of Insuring Title To Said Real Property Free And Clear Of Survey Matters (except Those Matters Disclosed By The Survey And Indicated On The Plat Or Map), Certain Specific And Pertinent Information Must Be Presented For The Distinct And Clear Understanding Between The Insured, The Client (if Different From The Insured), The Title Insurance Company (insurer), The Lender, And The Surveyor Professionally Responsible For The Survey.
in Order To Meet Such Needs, Clients, Insurers, Insureds, And Lenders Are Entitled To Rely On Surveyors To Conduct Surveys And Prepare Associated Plats Or Maps That Are Of A Professional Quality And Appropriately Uniform, Complete, And Accurate. To That End, And In The Interests Of The General Public, The Surveying Profession, Title Insurers, And Abstracters, The Alta And The Nsps Jointly Promulgate The Within Details And Criteria Setting Forth A Minimum Standard Of Performance For Alta/nsps Land Title Surveys. A Complete 2021 Alta/nsps Land Title Survey Includes:
the On-site Fieldwork Required Pursuant To Section 5,
the Preparation Of A Plat Or Map Pursuant To Section 6 Showing The Results Of The Fieldwork And Its Relationship To Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4,
any Information From Table A Items Requested By The Client, And
the Certification Outlined In Section 7.
request For Survey - The Client Shall Request The Survey, Or Arrange For The Survey To Be Requested, And Shall Provide A Written Authorization To Proceed From The Person Or Entity Responsible For Paying For The Survey. Unless Specifically Authorized In Writing By The Insurer, The Insurer Shall Not Be Responsible For Any Costs Associated With The Preparation Of The Survey. The Request Must Specify That An "alta/nsps Land Title Survey" Is Required And Which Of The Optional Items Listed In Table A, If Any, Are To Be Incorporated. Certain Properties Or Interests In Real Properties May Present Issues Outside Those Normally Encountered On An Alta/nsps Land Title Survey (e.g., Marinas, Campgrounds, Mobile Home Parks, Easements, Leases, Mineral Interests, Other Non-fee Simple Interests). The Scope Of Work Related To Surveys Of Such Properties Or Interests In Real Properties Should Be Discussed With The Client, Lender, And Insurer, And Agreed Upon In Writing Prior To Commencing Work On The Survey. When Required, The Client Shall Secure Permission For The Surveyor To Enter Upon The Property To Be Surveyed, Adjoining Properties, Or Offsite Easements.
surveying Standards And Standards Of Care
effective Date - The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title Surveys Are Effective February 23, 2021. As Of That Date, All Previous Versions Of The Minimum Standard Detail Requirements For Alta/acsm Or Alta/nsps Land Title Surveys Are Superseded By These Standards.
other Requirements And Standards Of Practice - Many States And Some Local Jurisdictions Have Adopted Statutes, Administrative Rules, And/or Ordinances That Set Out Standards Regulating The Practice Of Surveying Within Their Jurisdictions. In Addition To The Standards Set Forth Herein, Surveyors Must Also Conduct Their Surveys In Accordance With Applicable Jurisdictional Survey Requirements And Standards Of Practice. Where Conflicts Between The Standards Set Forth Herein
and Any Such Jurisdictional Requirements And Standards Of Practice Occur, The More Stringent Must Apply.
the Normal Standard Of Care - Surveyors Should Recognize That There May Be Unwritten Local, State, And/or Regional Standards Of Care Defined By The Practice Of The Prudent Surveyor In Those Locales.
boundary - The Boundary Lines And Corners Of Any Property Or Interest In Real Property Being Surveyed (hereafter, The Surveyed Property Or Property To Be Surveyed ) As Part Of An Alta/nsps Land Title Survey Must Be Established And/or Retraced In Accordance With Appropriate Boundary Law Principles Governed By The Set Of Facts And Evidence Found In The Course Of Performing The Research And Fieldwork.
measurement Standards - The Following Measurement Standards Address Relative Positional Precision For The Monuments Or Witnesses Marking The Corners Of The Surveyed Property.
Relative Positional Precision Means The Length Of The Semi-major Axis, Expressed In Meters Or Feet, Of The Error Ellipse Representing The Uncertainty In The Position Of The Monument Or Witness Marking Any Boundary Corner Of The Surveyed Property Relative To The Position Of The Monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The Surveyed Property Resulting From Random Errors In The Measurements Made In Determining Those Positions At The 95 Percent Confidence Level. Relative Positional Precision Can Be Estimated By The Results Of A Correctly Weighted Least Squares Adjustment Of The Survey. Alternatively, Relative Positional Precision Can Be Estimated By The Standard Deviation Of The Distance Between The Monument Or Witness Marking Any Boundary Corner Of The Surveyed Property And The Monument Or Witness Marking An Immediately Adjacent Boundary Corner Of The Surveyed Property (called Local Accuracy) That Can Be Computed Using The Full Covariance Matrix Of The Coordinate Inverse Between Any Given Pair Of Points, Understanding That Relative Positional Precision Is Based On The 95 Percent Confidence Level, Or Approximately 2 Standard Deviations.
any Boundary Lines And Corners Established Or Retraced May Have Uncertainties In Location Resulting From (1) The Availability, Condition, History And Integrity Of Reference Or Controlling Monuments, (2) Ambiguities In The Record Descriptions Or Plats Of The Surveyed Property Or Its Adjoiners, (3) Occupation Or Possession Lines As They May Differ From The Written Title Lines, Or
(4) Relative Positional Precision. Of These Four Sources Of Uncertainty, Only Relative Positional Precision Is Controllable, Although, Due To The Inherent Errors In Any Measurement, It Cannot Be Eliminated. The Magnitude Of The First Three Uncertainties Can Be Projected Based On Evidence; Relative Positional Precision Is Estimated Using Statistical Means (see Section 3.e.i. Above And Section 3.e.v. Below).
the First Three Of These Sources Of Uncertainty Must Be Weighed As Part Of The Evidence In The Determination Of Where, In The Surveyor S Opinion, The Boundary Lines And Corners Of The Surveyed Property Should Be Located (see Section 3.d. Above). Relative Positional Precision Is A Measure Of How Precisely The Surveyor Is Able To Monument And Report Those Positions; It Is Not A Substitute For The Application Of Proper Boundary Law Principles. A Boundary Corner Or Line May Have A Small Relative Positional Precision Because The Survey Measurements Were Precise, Yet Still Be In The Wrong Position (i.e., Inaccurate) If It Was Established Or Retraced Using Faulty Or Improper Application Of Boundary Law Principles.
for Any Measurement Technology Or Procedure Used On An Alta/nsps Land Title Survey, The Surveyor Must (1) Use Appropriately Trained Personnel, (2) Compensate For Systematic Errors, Including Those Associated With Instrument Calibration, And (3) Use Appropriate Error Propagation And Measurement Design Theory (selecting The Proper Instruments, Geometric Layouts, And Field And Computational Procedures) To Control Random Errors Such That The Maximum Allowable Relative Positional Precision Outlined In Section 3.e.v. Below Is Not Exceeded.
the Maximum Allowable Relative Positional Precision For An Alta/nsps Land Title Survey Is 2 Cm (0.07 Feet) Plus 50 Parts Per Million (based On The Direct Distance Between The Two
corners Being Tested). It Is Recognized That In Certain Circumstances, The Size Or Configuration Of The Surveyed Property, Or The Relief, Vegetation, Or Improvements On The Surveyed Property, Will Result In Survey Measurements For Which The Maximum Allowable Relative Positional Precision May Be Exceeded In Which Case The Reason Shall Be Noted Pursuant To Section
6.b.x. Below.
records Research - It Is Recognized That For The Performance Of An Alta/nsps Land Title Survey, The Surveyor Will Be Provided With Appropriate And, When Possible, Legible Data That Can Be Relied Upon In The Preparation Of The Survey. In Order To Complete An Alta/nsps Land Title Survey, The Surveyor Must Be Provided With The Following:
the Current Record Description Of The Real Property To Be Surveyed Or, In The Case Of An Original Survey Prepared For Purposes Of Locating And Describing Real Property That Has Not Been Previously Separately Described In Documents Conveying An Interest In The Real Property, The Current Record Description Of The Parent Parcel That Contains The Property To Be Surveyed;
complete Copies Of The Most Recent Title Commitment Or, If A Title Commitment Is Not Available, Other Title Evidence Satisfactory To The Title Insurer;
the Following Documents From Records Established Under State Statutes For The Purpose Of Imparting Constructive Notice Of Matters Relating To Real Property (public Records):
the Current Record Descriptions Of Any Adjoiners To The Property To Be Surveyed, Except Where Such Adjoiners Are Lots In Platted, Recorded Subdivisions;
any Recorded Easements Benefitting The Property To Be Surveyed; And
any Recorded Easements, Servitudes, Or Covenants Burdening The Property To Be Surveyed; And
if Desired By The Client, Any Unrecorded Documents Affecting The Property To Be Surveyed And Containing Information To Which The Survey Shall Make Reference.
except, However, If The Documents Outlined In This Section Are Not Provided To The Surveyor Or If Non-public Or Quasi-public Documents Are Otherwise Required To Complete The Survey, The Surveyor Must Conduct That Research Which Is Required Pursuant To The Statutory Or Administrative Requirements Of The Jurisdiction Where The Surveyed Property Is Located And That Research (if Any) Which Is Negotiated And Outlined In The Terms Of The Contract Between The Surveyor And The Client.
fieldwork - The Survey Must Be Performed On The Ground (except As May Be Otherwise Negotiated Pursuant To Table A, Item 15 Below). Except As Related To The Precision Of The Boundary, Which Is Addressed In Section 3.e. Above, Features Located During The Fieldwork Shall Be Located To What Is, In The Surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The Surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) The Existing Use, If The Planned Use Is Not So Reported. The Fieldwork Shall Include The Following:
monuments
the Location, Size, Character, And Type Of Any Monuments Found During The Fieldwork.
the Location, Size, Character, And Type Of Any Monuments Set During The Fieldwork, If Item 1 Of Table A Was Selected Or If Otherwise Required By Applicable Jurisdictional Requirements And/or Standards Of Practice.
the Location, Description, And Character Of Any Lines That Control The Boundaries Of The Surveyed Property.
rights Of Way And Access
the Distance From The Appropriate Corner Or Corners Of The Surveyed Property To The Nearest Right Of Way Line, If The Surveyed Property Does Not Abut A Right Of Way.
the Name Of Any Street, Highway, Or Other Public Or Private Way Abutting The Surveyed Property, Together With The Width Of The Travelled Way And The Location Of Each Edge Of The Travelled Way Including On Divided Streets And Highways. If The Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 Indicate No Access From The Surveyed Property To The Abutting Street Or Highway, The Width And Location Of The Travelled Way Need Not Be Located.
visible Evidence Of Physical Access (e.g., Curb Cuts, Driveways) To Any Abutting Streets, Highways, Or Other Public Or Private Ways.
the Location And Character Of Vehicular, Pedestrian, Or Other Forms Of Access By Other Than The Apparent Occupants Of The Surveyed Property To Or Across The Surveyed Property Observed In The Process Of Conducting The Fieldwork (e.g., Driveways, Alleys, Private Roads, Railroads, Railroad Sidings And Spurs, Sidewalks, Footpaths).
without Expressing A Legal Opinion As To Ownership Or Nature, The Location And Extent Of Any Potentially Encroaching Driveways, Alleys, And Other Ways Of Access From Adjoining Properties Onto The Surveyed Property Observed In The Process Of Conducting The Fieldwork.
where Documentation Of The Location Of Any Street, Road, Or Highway Right Of Way Abutting, On, Or Crossing The Surveyed Property Was Not Disclosed In Documents Provided To Or Obtained By The Surveyor, Or Was Not Otherwise Available From The Controlling Jurisdiction (see Section 6.c.iv. Below), The Evidence And Location Of Parcel Corners On The Same Side Of The Street As The Surveyed Property Recovered In The Process Of Conducting The Fieldwork Which May Indicate The Location Of Such Right Of Way Lines (e.g., Lines Of Occupation, Survey Monuments).
evidence Of Access To And From Waters Adjoining The Surveyed Property Observed In The Process Of Conducting The Fieldwork (e.g., Paths, Boat Slips, Launches, Piers, Docks).
lines Of Possession And Improvements Along The Boundaries
the Character And Location Of Evidence Of Possession Or Occupation Along The Perimeter Of The Surveyed Property, Both By The Occupants Of The Surveyed Property And By Adjoiners, Observed In The Process Of Conducting The Fieldwork.
unless Physical Access Is Restricted, The Character And Location Of All Walls, Buildings, Fences, And Other Improvements Within Five Feet Of Each Side Of The Boundary Lines Observed In The Process Of Conducting The Fieldwork (see Section 5.e.iv. Regarding Utility Poles). Trees, Bushes, Shrubs, And Other Vegetation Need Not Be Located Other Than As Specified In The Contract, Unless They Are Deemed By The Surveyor To Be Evidence Of Possession Or Occupation Pursuant To Section 5.c.i.
without Expressing A Legal Opinion As To The Ownership Or Nature Of The Potential Encroachment, The Evidence, Location, And Extent Of Potentially Encroaching Structural Appurtenances And Projections Observed In The Process Of Conducting The Fieldwork (e.g., Fire Escapes, Bay Windows, Windows And Doors That Open Out, Flue Pipes, Stoops, Eaves, Cornices, Areaways, Steps, Trim) By Or Onto Adjoining Property, Or Onto Rights Of Way, Easements, Or Setback Lines Disclosed In Documents Provided To Or Obtained By The Surveyor.
buildings
the Location Of Buildings On The Surveyed Property Observed In The Process Of Conducting The Fieldwork.
easements And Servitudes
evidence Of Any Easements Or Servitudes Burdening The Surveyed Property As Disclosed In The Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 And Observed In The Process Of Conducting The Fieldwork.
evidence Of Easements, Servitudes, Or Other Uses By Other Than The Apparent Occupants Of The Surveyed Property Not Disclosed In The Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4, But Observed In The Process Of Conducting The Fieldwork If They Are On Or Across The Surveyed Property (e.g., Roads, Drives, Sidewalks, Paths And Other Ways Of Access, Utility Service Lines, Utility Locate Markings (including The Source Of The Markings, With A Note If Unknown), Water Courses, Ditches, Drains, Telephone Lines, Fiber Optic Lines, Electric Lines, Water Lines, Sewer Lines, Oil Pipelines, Gas Pipelines).
surface Indications Of Underground Easements Or Servitudes On Or Across The Surveyed Property Observed In The Process Of Conducting The Fieldwork (e.g., Utility Cuts, Vent Pipes, Filler Pipes, Utility Locate Markings (including The Source Of The Markings, With A Note If Unknown)).
evidence On Or Above The Surface Of The Surveyed Property Observed In The Process Of
conducting The Fieldwork, Which Evidence May Indicate Utilities Located On, Over, Or Beneath The Surveyed Property. Examples Of Such Evidence Include Pipeline Markers, Utility Locate Markings (including The Source Of The Markings, With A Note If Unknown), Manholes, Valves, Meters, Transformers, Pedestals, Clean-outs, Overhead Lines, Guy Wires, And Utility Poles On Or Within Ten Feet Of The Surveyed Property. Without Expressing A Legal Opinion As To The Ownership Or Nature Of The Potential Encroachment, The Extent Of All Encroaching Utility Pole Crossmembers Or Overhangs.
cemeteries
as Accurately As The Evidence Permits, The Perimeter Of Cemeteries And Burial Grounds, And The Location Of Isolated Gravesites Not Within A Cemetery Or Burial Ground, (i) Disclosed In The Documents Provided To Or Obtained By The Surveyor, Or (ii) Observed In The Process Of Conducting The Fieldwork.
water Features
the Location Of Springs, Ponds, Lakes, Streams, Rivers, Canals, Ditches, Marshes, And Swamps On, Running Through, Or Outside, But Within Five Feet Of, The Perimeter Boundary Of The Surveyed Property And Observed During The Process Of Conducting The Fieldwork.
the Location Of Any Water Feature Forming A Boundary Of The Surveyed Property. The Attribute(s) Of The Water Feature Located (e.g., Top Of Bank, Edge Of Water, High Water Mark) Should Be Congruent With The Boundary As Described In The Record Description Or, In The Case Of An Original Survey, In The New Description (see Section 6.b.vi. Below).
plat Or Map - A Plat Or Map Of An Alta/nsps Land Title Survey Shall Show The Following Information. Where Dimensioning Is Appropriate, Dimensions Shall Be Annotated To What Is, In The Surveyor S Professional Opinion, The Appropriate Degree Of Precision Based On (a) The Planned Use Of The Surveyed Property, If Reported In Writing To The Surveyor By The Client, Lender, Or Insurer, Or (b) Existing Use, If The Planned Use Is Not So Reported.
field Locations. The Evidence And Locations Gathered, And The Monuments And Lines Located During The Fieldwork Pursuant To Section 5 Above, With Accompanying Notes If Deemed Necessary By The Surveyor Or As Otherwise Required As Specified Below.
boundary, Descriptions, Dimensions, And Closures
(a) The Current Record Description Of The Surveyed Property, Or
(b) In The Case Of An Original Survey, The Current Record Document Number Of The Parent Tract That Contains The Surveyed Property.
any New Description Of The Surveyed Property That Was Prepared In Conjunction With The Survey, Including A Statement Explaining Why The New Description Was Prepared. Except In The Case Of An Original Survey, Preparation Of A New Description Should Be Avoided Unless Deemed Necessary Or Appropriate By The Surveyor And Insurer. Preparation Of A New Description Should Also Generally Be Avoided When The Record Description Is A Lot Or Block In A Platted, Recorded Subdivision. Except In The Case Of An Original Survey, If A New Description Is Prepared, A Note Must Be Provided Stating (a) That The New Description Describes The Same Real Estate As The Record Description Or, (b) If It Does Not, How The New Description Differs From The Record Description.
the Point Of Beginning, The Remote Point Of Beginning Or Point Of Commencement (if Applicable) And All Distances And Directions Identified In The Record Description Of The Surveyed Property (and In The New Description, If One Was Prepared). Where A Measured Or Calculated Dimension Differs From The Record By An Amount Deemed Significant By The Surveyor, Such Dimension Must Be Shown In Addition To, And Differentiated From, The Corresponding Record Dimension. All Dimensions Shown On The Survey And Contained In Any New Description Must Be Horizontal Ground Dimensions Unless Otherwise Noted.
the Direction, Distance, And Curve Data Necessary To Compute A Mathematical Closure Of The Surveyed Boundary. A Note If The Record Description Does Not Mathematically Close. The Basis Of Bearings And, Where It Differs From The Record Basis, The Difference.
the Remainder Of Any Recorded Lot Or Existing Parcel, When The Surveyed Property Is
composed Of Only A Portion Of Such Lot Or Parcel, Shall Be Graphically Depicted. Such Remainder Need Not Be Included As Part Of The Actual Survey, Except To The Extent Necessary To Locate The Lines And Corners Of The Surveyed Property, And It Need Not Be Fully Dimensioned Or Drawn At The Same Scale As The Surveyed Property.
when The Surveyed Property Includes A Title Line Defined By A Water Boundary, A Note On The Face Of The Plat Or Map Noting The Date The Boundary Was Measured, Which Attribute(s) Of The Water Feature Was/were Located, And The Caveat That The Boundary Is Subject To Change Due To Natural Causes And That It May Or May Not Represent The Actual Location Of The Limit Of Title. When The Surveyor Is Aware Of Natural Or Artificial Realignments Or Changes In Such Boundaries, The Extent Of Those Changes And Facts Shall Be Shown Or Explained.
the Relationship Of The Boundaries Of The Surveyed Property To Its Adjoiners (e.g., Contiguity, Gaps, Overlaps) Where Ascertainable From Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4 And/or From Field Evidence Gathered During The Process Of Conducting The Fieldwork. If The Surveyed Property Is Composed Of Multiple Parcels, The Extent Of Any Gaps Or Overlaps Between Those Parcels Must Be Identified. Where Gaps Or Overlaps Are Identified, The Surveyor Must, Prior To Or Upon Delivery Of The Final Plat Or Map, Disclose This To The Insurer And Client.
when, In The Opinion Of The Surveyor, The Results Of The Survey Differ Significantly From The Record, Or If A Fundamental Decision Related To The Boundary Resolution Is Not Clearly Reflected On The Plat Or Map, The Surveyor Must Explain This Information With Notes On The Face Of The Plat Or Map.
the Location Of Buildings On The Surveyed Property Dimensioned Perpendicular To Those Perimeter Boundary Lines That The Surveyor Deems Appropriate (i.e., Where Potentially Impacted By A Setback Line) And/or As Requested By The Client, Lender Or Insurer.
a Note On The Face Of The Plat Or Map Explaining The Site Conditions That Resulted In A Relative Positional Precision That Exceeds The Maximum Allowed Pursuant To Section 3.e.v.
a Note On The Face Of The Plat Or Map Identifying Areas, If Any, On The Boundaries Of The Surveyed Property, To Which Physical Access Within Five Feet Was Restricted (see Section 5.c.ii.).
a Note On The Face Of The Plat Or Map Identifying The Source Of The Title Commitment Or Other Title Evidence Provided Pursuant To Section 4, And The Effective Date And The Name Of The Insurer Of Same.
easements, Servitudes, Rights Of Way, Access, And Documents
the Location, Width, And Recording Information Of All Plottable Rights Of Way, Easements, And Servitudes Burdening And Benefitting The Surveyed Property, As Evidenced By Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4.
a Summary Of All Rights Of Way, Easements, And Other Survey-related Matters Burdening The Surveyed Property And Identified In The Title Evidence Provided To Or Obtained By The Surveyor Pursuant To Section 4. Such Summary Must Include The Record Information Of Each Such Right Of Way, Easement, Or Other Survey-related Matter, A Statement Indicating Whether It Lies Within Or Crosses The Surveyed Property, And A Related Note If:
its Location Is Shown;
its Location Cannot Be Determined From The Record Document;
there Was No Observed Evidence At The Time Of The Fieldwork;
it Is A Blanket Easement;
it Is Not On, Does Not Touch, And/or Based On The Description Contained In The Record Document Does Not Affect, The Surveyed Property;
it Limits Access To An Otherwise Abutting Right Of Way;
the Documents Are Illegible; Or
the Surveyor Has Information Indicating That It May Have Been Released Or Otherwise Terminated.
in Cases Where The Surveyed Property Is Composed Of Multiple Parcels, Indicate Which Of Such
parcels The Various Rights Of Way, Easements, And Other Survey-related Matters Cross Or Touch.
a Note If No Physical Access To An Abutting Street, Highway, Or Other Public Or Private Way Was Observed In The Process Of Conducting The Fieldwork.
the Locations And Widths Of Rights Of Way Abutting Or Crossing The Surveyed Property And The Source Of Such Information (a) Where Available From The Controlling Jurisdiction, Or (b) Where Disclosed In Documents Provided To Or Obtained By The Surveyor Pursuant To Section 4.
the Identifying Titles Of All Recorded Plats, Filed Maps, Right Of Way Maps, Or Similar Documents That The Survey Represents, Wholly Or In Part, With Their Recording Or Filing Data.
for Non-platted Adjoining Land, Recording Data And, Where Available, Tax Parcel Number, Identifying Adjoining Tracts According To Current Public Records. For Platted Adjoining Land, The Recording Data Of The Subdivision Plat.
platted Setback Or Building Restriction Lines That Appear On Recorded Subdivision Plats Or That Were Disclosed In Documents Provided To, Or Obtained By, The Surveyor.
If In The Process Of Preparing The Survey The Surveyor Becomes Aware Of A Recorded Easement Not Otherwise Listed In The Title Evidence Provided, The Surveyor Must Advise The Insurer Prior To Delivery Of The Plat Or Map And, Unless The Insurer Provides Evidence Of A Release Of That Easement, Show Or Otherwise Explain It On The Face Of The Plat Or Map, With A Note That The Insurer Has Been Advised.
presentation
the Plat Or Map Must Be Drawn On A Sheet Of Not Less Than 8 ½ By 11 Inches In Size At A Legible, Standard Engineering Scale, With That Scale Clearly Indicated In Words Or Numbers And With A Graphic Scale.
the Plat Or Map Must Include:
the Boundary Of The Surveyed Property Drawn In A Manner That Distinguishes It From Other Lines On The Plat Or Map.
if No Buildings Were Observed On The Surveyed Property In The Process Of Conducting The Fieldwork, A Note Stating No Buildings Observed.
a North Arrow (with North To The Top Of The Drawing When Practicable).
a Legend Of Symbols And Abbreviations.
a Vicinity Map Showing The Surveyed Property In Reference To Nearby Highway(s) Or Major Street Intersection(s).
supplementary Or Detail Diagrams When Necessary.
notes Explaining Any Modifications To Table A Items And The Nature Of Any Additional Table A Items (e.g., 20(a), 20(b), 20(c)) That Were Negotiated Between The Surveyor And Client.
the Surveyor S Project Number (if Any), And The Name, Registration Or License Number, Signature, Seal, Street Address, Telephone Number, Company Website, And Email Address (if Any) Of The Surveyor Who Performed The Survey.
the Date(s) Of Any Revisions Made By The Surveyor Who Performed The Survey.
sheet Numbers Where The Plat Or Map Is Composed Of More Than One Sheet.
the Caption Alta/nsps Land Title Survey.
when Recordation Or Filing Of A Plat Or Map Is Required By State Statutes Or Local Ordinances, Such Plat Or Map Shall Be Produced In The Required Form.
certification - The Plat Or Map Of An Alta/nsps Land Title Survey Must Bear Only The Following Unaltered Certification Except As May Be Required Pursuant To Section 3.b. Above:
to (name Of Insured, If Known), (name Of Lender, If Known), (name Of Insurer, If Known), (names Of Others As Negotiated With The Client):
this Is To Certify That This Map Or Plat And The Survey On Which It Is Based Were Made In Accordance With The 2021 Minimum Standard Detail Requirements For Alta/nsps Land Title
surveys, Jointly Established And Adopted By Alta And Nsps, And Includes Items Of Table A Thereof. The Fieldwork Was Completed On [date].
date Of Plat Or Map: (surveyor S Signature, Printed Name And Seal With Registration/license Number)
deliverables - The Surveyor Shall Furnish Copies Of The Plat Or Map Of Survey To The Insurer And Client And As Otherwise Negotiated With The Client. Hard Copies Shall Be On Durable And Dimensionally Stable Material Of A Quality Standard Acceptable To The Insurer. A Digital Image Of The Plat Or Map May Be Provided In Addition To, Or In Lieu Of, Hard Copies Pursuant To The Terms Of The Contract. If The Surveyor Is Required To Record Or File A Plat Or Map Pursuant To State Statute Or Local Ordinance It Shall Be So Recorded Or Filed.
Table A
optional Survey Responsibilities And Specifications
note: Whether Any Of The Nineteen (19) Items Of Table A Are To Be Selected, And The Exact Wording Of And Fee For Any Selected Item, May Be Negotiated Between The Surveyor And Client. Any Additional Items Negotiated Between The Surveyor And Client Must Be Identified As 20(a), 20(b), Etc. Any Additional Items Negotiated Between The Surveyor And Client, And Any Negotiated Changes To The Wording Of A Table A Item, Must Be Explained Pursuant To Section 6.d.ii.(g). Notwithstanding Table A Items 5 And 11, If An Engineering Design Survey Is Desired As Part Of An Alta/nsps Land Title Survey, Such Services Should Be Negotiated Under Table A, Item 20.
if Checked, The Following Optional Items Are To Be Included In The Alta/nsps Land Title Survey, Except As Otherwise Qualified (see Note Above):
X Monuments Placed (or A Reference Monument Or Witness To The Corner) At All Major Corners Of The Boundary Of The Surveyed Property, Unless Already Marked Or Referenced By Existing Monuments Or Witnesses In Close Proximity To The Corner.
Address(es) Of The Surveyed Property If Disclosed In Documents Provided To Or Obtained By The Surveyor, Or Observed While Conducting The Fieldwork.
Flood Zone Classification (with Proper Annotation Based On Federal Flood Insurance Rate Maps Or The State Or Local Equivalent) Depicted By Scaled Map Location And Graphic Plotting Only.
X Gross Land Area (and Other Areas If Specified By The Client).
#5 Vertical Relief With The Source Of Information (e.g., Ground Survey, Aerial Map), Contour Interval, Datum, With Originating Benchmark, When Appropriate.
(a) If The Current Zoning Classification, Setback Requirements, The Height And Floor Space Area Restrictions, And Parking Requirements Specific To The Surveyed Property Are Set Forth In A Zoning Report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, List The Above Items On The Plat Or Map And Identify The Date And Source Of The Report Or Letter.
(b) If The Zoning Setback Requirements Specific To The Surveyed Property Are Set Forth In A Zoning Report Or Letter Provided To The Surveyor By The Client Or The Client S Designated Representative, And If Those Requirements Do Not Require An Interpretation By The Surveyor, Graphically Depict Those Requirements On The Plat Or Map And Identify The Date And Source Of The Report Or Letter.
X (a) Exterior Dimensions Of All Buildings At Ground Level.
(b) Square Footage Of:
X (1) Exterior Footprint Of All Buildings At Ground Level.
(2) Other Areas As Specified By The Client.
(c) Measured Height Of All Buildings Above Grade At A Location Specified By The Client. If No Location Is Specified, The Point Of Measurement Shall Be Identified.
Substantial Features Observed In The Process Of Conducting The Fieldwork (in Addition To The Improvements And Features Required Pursuant To Section 5 Above) (e.g., Parking Lots, Billboards, Signs, Swimming Pools, Landscaped Areas, Substantial Areas Of Refuse).
Number And Type (e.g., Disabled, Motorcycle, Regular, And Other Marked Specialized Types) Of Clearly Identifiable Parking Spaces On Surface Parking Areas, Lots, And In Parking Structures. Striping Of Clearly Identifiable Parking Spaces On Surface Parking Areas And Lots.
As Designated By The Client, A Determination Of The Relationship And Location Of Certain Division Or Party Walls With Respect To Adjoining Properties.
evidence Of Underground Utilities Existing On Or Serving The Surveyed Property (in Addition To The Observed Evidence Of Utilities Required Pursuant To Section 5.e.iv.) As Determined By:
(a) Plans And/or Reports Provided By Client (with Reference As To The Sources Of Information)
(b) Markings Coordinated By The Surveyor Pursuant To A Private Utility Locate Request.
note To The Client, Insurer, And Lender With Regard To Table A, Item 11, Information From The Sources Checked Above Will Be Combined With Observed Evidence Of Utilities Pursuant To Section 5.e.iv. To Develop A View Of The Underground Utilities. However, Lacking Excavation, The Exact Location Of Underground Features Cannot Be Accurately, Completely, And Reliably Depicted. In Addition, In Some Jurisdictions, 811 Or Other Similar Utility Locate Requests From Surveyors May Be Ignored Or Result In An Incomplete Response, In Which Case The Surveyor Shall Note On The Plat Or Map How This Affected The Surveyor S Assessment Of The Location Of The Utilities. Where Additional Or More Detailed Information Is Required, The Client Is Advised That Excavation May Be Necessary.
X As Specified By The Client, Governmental Agency Survey-related Requirements (e.g., Hud Surveys, Surveys For Leases On Bureau Of Land Management Managed Lands). The Relevant Survey Requirements Are To Be Provided By The Client Or Client S Designated Representative.
Names Of Adjoining Owners According To Current Tax Records. If More Than One Owner, Identify The First Owner S Name Listed In The Tax Records Followed By Et Al.
As Specified By The Client, Distance To The Nearest Intersecting Street.
_#5 Rectified Orthophotography, Photogrammetric Mapping, Remote Sensing, Airborne/mobile Laser Scanning And Other Similar Products, Tools Or Technologies As The Basis For Showing The Location Of Certain Features (excluding Boundaries) Where Ground Measurements Are Not Otherwise Necessary To Locate Those Features To An Appropriate And Acceptable Accuracy Relative To A Nearby Boundary. The Surveyor Must (a) Discuss The Ramifications Of Such Methodologies (e.g., The Potential Precision And Completeness Of The Data Gathered Thereby) With The Insurer, Lender, And Client Prior To The Performance Of The Survey, And (b) Place A Note On The Face Of The Survey Explaining The Source, Date, Precision, And Other Relevant Qualifications Of Any Such Data.
Evidence Of Recent Earth Moving Work, Building Construction, Or Building Additions Observed In The Process Of Conducting The Fieldwork.
Proposed Changes In Street Right Of Way Lines, If Such Information Is Made Available To The Surveyor By The Controlling Jurisdiction. Evidence Of Recent Street Or Sidewalk Construction Or Repairs Observed In The Process Of Conducting The Fieldwork.
X Pursuant To Sections 5 And 6 (and Applicable Selected Table A Items, Excluding Table A Item 1), Include As Part Of The Survey Any Plottable Offsite (i.e., Appurtenant) Easements Disclosed In Documents Provided To Or Obtained By The Surveyor.
Professional Liability Insurance Policy Obtained By The Surveyor In The Minimum Amount Of
$ To Be In Effect Throughout The Contract Term. Certificate Of Insurance To Be Furnished Upon Request, But This Item Shall Not Be Addressed On The Face Of The Plat Or Map.
adopted By The American Land Title Association On October 1, 2020. More At: Www.alta.org.
adopted By The National Society Of Professional Surveyors On October 30, 2020. More At: Www.nsps.us.com.
attachment 2 - Example Survey Marker
2.5 Minimum Diameter Bronze
mountable On New Precast Monument, Existing Concrete Or Rebar Pin
Closing Date12 Aug 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
Software and IT Solutions
United States
Details: This Is A Sources Sought Notice Only. This Is Not A Solicitation For Bids, Proposals, Proposal Abstracts, Or Quotations. The Purpose Of This Sources Sought Notice Is To Obtain Information Regarding The Availability And Capability Of All Qualified Sources To Perform A Potential Requirement. The Responses Received From Interested Contractors Will Assist The Government In Determining The Appropriate Acquisition Method.
the Department Of Veterans Affairs (va), Network Contracting Office (nco) 20, Is Conducting Market Research To Identify Potential Sources Which Can Provide The Following Services:
the Department Of Veterans Affairs Visn 20 Facilities Located In The States Of Oregon Washington Idaho And Alaska Requires Service Of Existing And Additional Point Of Use (pou) Weight Based Supply Systems To Automate Inventory Management Processes In Open Shelf Distribution Points (or Supply Closets ) Brand Name Or Equal To Par Excellence.
b.2 Statement Of Work (sow)
1. Contract Title
purchase, Install, And Set-up Of Weight-based Inventory Management Systems And Support Services For Commodity Inventory Points Throughout All Facilities Within Visn 20.
2. Background
historically, Visn 20 Has Used A Cabinet Based, Point Of Use (pou) System For Inventory Management. Visn 20 Has Recently Deployed A Program For A Weight-based Inventory Supply System. The Weight-based System Has Been Implemented Over The Past 5 Years Successfully Improving Inventory Control.
3. Scope
to Install Weight-based Inventory Management Systems At Various Facilities Throughout Visn 20, (identified In Section 4. Specific Tasks) Ensure System Is Fully Operational, Ensure System Communications Are Intact, And Fully Train Staff To Be Knowledgeable On The Use Of The System.
4. Specific Tasks
task 1 - Installation. To Stage And Install Scales, Cabinets, Controllers, And Bins As Required For Specific Projects At Visn 20 Facilities. Installation Shall Include:
Staging, Wiring, Calibrating, And Registering Scales
building Graphical Walls And Rows In The System Application Based On Room Layout That Will Allow For Item Identification And Location By The User
Assembling Third Party Equipment As Needed For A Project
coordinate The Installation Of Wall Mounted Louvers Upon Written Approval From Local Facilities Management Service (fms), As Applicable
confirmation Of Installed Controllers Connecting And Communicating With The Par Excellence Server
installation Is Not Considered Complete Unless All Tasks Identified Above At Minimum Are Performed
the Specific Locations For Identified Projects Will Be At The Discretion Of The Facility Chief Supply Chain Officer. The Location Can Be On Site At The Main Facility Campus Or At A Remote Location, I.e., Community Based Outpatient Clinic (cboc).
visn 20 Facilities
facility
location
address
distance From Main Campus
anchorage
muldoon Clinic
1201 North Muldoon Road, Anchorage, Ak 99504
domiciliary
3001 C Street, Anchorage, Ak
from Muldoon: 6 Miles
transitional
housing Units
3 Each
932 E. 12th Avenue
944 E. 12th Avenue
709 N. Hoyt Street Anchorage, Ak
the Transitional Housing Units On 12th Avenue Are 5 Miles From Muldoon.
the Hoyt Street Unit Is 3 Miles.
cboc Mat-su
865 North Seward Meridian Parkway, Wasilla, Ak 99654
from Anchorage: 38 Miles
cboc Kenai
240 Hospital Place, Suite 105 Â Soldotna, Ak 99669
from Anchorage: 152 Miles
cboc Fairbanks
building 4076, Neeley Road, Room 1j101, Fort Wainwright, Ak 99703
from Anchorage: 358 Miles
cboc Juneau
709 W 9th St #150, Juneau, Ak 99801
843 Miles From 1201 North
muldoon, Anchorage, Ak
99504
anchorage Vet Center
4201 Tudor Centre Drive, Suite 115,
anchorage, Ak 99508
from Muldoon: 6 Miles
wasilla Vet Center
851 E. West Point Drive Suite 111,
wasilla, Ak 99654
from Anchorage: 38 Miles
kenai Vet Center
building F, Suite 4 Red Diamond
center, 43335 Kalifornsky Beach
road, Soldotna, Ak 99701
from Anchorage: 163
fairbanks Vet Center
540 4th Avenue, Suite 100, Fairbanks, Ak 99701
from Anchorage: 358
ft. Richardson
national
cemetery
building 58-512, Davis Highway, P. O.
box 5-498, Fort Richardson, Ak 99505
from Muldoon: 2 Miles
Boise
main Campus To Include All Buildings
500 W. Fort Street, Boise, Id 83702
cboc Caldwell
4521 Thomas Jefferson Street
caldwell, Id 83605-5100
32miles
cboc Mt. Home
815 N. 6th East, Mt. Home, Id 83647
44 Miles
cboc Twin
falls
260 2nd Avenue East, Twin Falls, Id 83301
128 Miles
cboc Salmon
705 Lena Street, Salmon, Id 83467
249 Miles
eastern Oregon Va Clinic
635 Highway 20 North, Suite 4
hines, Or 97738-9462
191 Miles
outreach Center
2424 Bank Drive Boise, Id 83702
3 Miles
vmoc
1289 Boeing Street, Boise, Id 83705
4.6 Miles
contracting Office
960 Broadway
boise, Id 83706
1 Mile
portland
portland Campus To Include All Buildings And Oregon Health
science
university
3710 Sw Us Veterans Hospital Road,
portland, Or 97239
vancouver Campus To Include All
buildings On Campus
1601 E. 4th Plain Boulevard, Vancouver, Wa 98661
from Portland: 12 Miles
cboc Hillsboro
1925 North East Stucki Avenue, Suite 300
hillsboro, Or 97006-6945
from Portland: 13 Miles
cboc Salem
1750 Mcgilchrist St Se #130, Salem, Or 97302
from Portland: 49 Miles
salem Vet Center
2645 Portland Road Ne, Suite 250 Salem Or 97301
from Portland: 53 Miles
cboc Fairview
1800 Ne Market Drive Fairview, Or 97024
from Portland: 17 Miles
cboc West Linn
1750 Sw Blankenship Road, Suite 300, West Linn, Or 97068
from Portland: 18 Miles
cboc Camp
rilea
91400 N. Neacoxie Street, Building
7315, Warrenton, Or 97146
from Portland: 86 Miles
cboc Bend
bend Va Clinic, 2650 Ne Courtney Dr, Bend, Or 97701
from Portland: 174 Miles
central Oregon Vet Center
1645 Ne Forbes Rd. Suite 105
bend Or 97701
from Portland: 177 Miles
outreach Clinic The Dalles
704 Veterans Drive, The Dalles, Or
97058
from Portland: 87 Miles
community
outreach &
referral Center
308 Sw 1st Ave.
portland, Or 97204
from Portland: 3 Miles
portland Vet Center
1505 Ne 122nd Ave.
portland Or 97230
from Portland: 13 Miles
willamette
national
cemetery
11800 Se Mt. Scott Boulevard,
portland, Or 97086
from Portland: 15 Miles
veterans Benefit Administration
100 Sw Main Street, Floor 2, Portland,
or 97204
from Portland: 3 Miles
roseburg
main Campus To Include All Buildings
913 Nw Garden Valley Boulevard,
roseburg, Or 97471
cboc Eugene
1255 Pearl Street, Suite 200, Eugene, Or 97401
71 Miles
cboc North Bend
2191 Marion Street, North Bend, Or
97459
85 Miles
cboc Brookings
555 5th Street, Suite 1, Brookings, Or 97415
165 Miles
cboc Crescent
city
1575 Railroad Avenue, Crescent City,
ca 95531
151 Miles
cboc Bandon
1010 First Street, Suite 100, Bandon, Or 97411
85 Miles
seattle
seattle Campus To
include All Buildings On Campus
address
community
reintegration
services
9245 Lakeside Way, Tacoma, Wa
98493
from Tacoma: 2 Miles
american Lake Campus To Include All Buildings On Campus
9600 Veterans Drive, Tacoma, Wa
98493
from Seattle: 42 Miles
cboc
silverdale
9177 Ridgetop Boulevard Nw
silverdale, Wa 98383-8519
from Tacoma: 48 Miles
cboc Port Angeles
1005 Georgiana Street, Port Angeles,
wa 98362
from Seattle: 110 Miles
cboc Mt. Vernon
307 S. 13th Street, Suite #200, Mt. Vernon, Wa 98273
from Seattle: 65 Miles
north Seattle
cboc (valor)
12360 Lake City Way Ne, Suite 200
seattle, Wa 98125
from Seattle: 14 Miles
cboc Bellevue
(valor)
13033 Bel-red Road Suite 210
bellevue, Wa 98005
from Seattle: 15 Miles
federal Way
cboc (valor)
34617 11th Place S
suite 301
federal Way, Wa 98003
from Seattle: 23 Miles
south Sound
cboc (sterling)
151 Ne Hampe Way Chehalis, Wa 98532
from Tacoma: 50 Miles
bellingham Vet
center
3800 Byron Ave
suite 124
bellingham Wa 98229
from Seattle: 90 Miles
puyallup Va Clinic
11216 Sunrise Boulevard East, Suite 209, Building 3
puyallup, Wa 98374-8848
from Tacoma: 20 Miles
everett Vet
center
3311 Wetmore Ave
everett Wa 98201
from Seattle: 32 Miles
federal Way
vet Center
32020 32nd Ave South Suite 110
federal Way Wa 98001
from Seattle: 23 Miles
seattle Vet
center
4735 E Marginal Way S, Room 1102
seattle Wa 98134
from Seattle: 3 Miles
tacoma Vet
center
4916 Center St. Suite E
tacoma Wa 98409
from Tacoma: 50 Miles
oxbow
4735 East Marginal Way, Seattle, Wa
98134
on The Federal Center South Campus
from Seattle: 5 Miles
va Homeless
veterans Program
419 S 2nd St Renton, Wa 98057
from Seattle: 10 Miles
university Of
wa
(harborview)
325 9th Ave, Seattle, Wa 98104
from Seattle: 4 Miles
university Of
wa
t-334, Health Sciences Building, 1959 Ne Pacific Street, Seattle, Wa 98195
from Seattle: 7 Miles
seattle Regional
benefit Office
jackson Federal Building 915 2nd Ave.
seattle, Wa 98174
from Seattle: 4 Miles
tahoma National Cemetery
18600 Southwest 240th Street, Kent, Wa 98042
from Seattle: 24 Miles
va Nco Office
1495 Wilmington Dr
dupont, Wa
from Tacoma: 9 Miles
spokane
main Campus To Include All Buildings On Campus
n. 4815 Assembly Street, Spokane,
wa 99205
cboc Coeur D Alene
915 West Emma Avenue
coeur D'alene, Id 83814-2531
36 Miles
cboc
wenatchee
2530 Chester Kimm Road, Wenatchee,
wa 98801
175 Miles
mayfair
6002 N. Mayfair, Spokane Wa
4.5 Miles
homeless Center
705 W. 2nd Ave., Spokane Wa
5.2 Miles
Libby Va Clinic
211 East 2nd Street
libby, Mt 59923-2047
160 Miles
walla
walla
main Campus To Include All Buildings
77 Wainwright Drive, Walla Walla,
wa 99362
cboc Lewiston
1630 23rd Avenue, Suite 2, Lewiston, Id 83501
101 Miles
cboc Richland
825 Jadwin Avenue, Suite 250, Richland, Wa 99352
69 Miles
cboc Yakima
1211 Ahtanum Ridge Drive
union Gap, Wa 98903
128 Miles
cboc Lagrande
202 12th Street, La Grande, Or 97850
75 Miles
Wallowa County Va Clinic
401 Northeast 1st Street, Suite A
enterprise, Or 97828-1186
103 Miles
morrow County Va Clinic
2 Marine Drive, Suite 103
boardman, Or 97818
81 Miles
sorcc
(white
city)
main Campus To Include All Buildings
8495 Crater Lake Highway, White
city, Or 97503
cboc Klamath
falls
2819 Dahlia Street, Klamath Falls, Or
97601
miles From Va Sorrc:
71 Miles
cboc Grants Pass West
1877 Williams Hwy, Grants Pass, Or
97527
miles From Va Sorrc:
31 Miles
veterans Center (grants Pass)
211 Se 10th Grants Pass, Or 97526
miles From Va Sorrc:
31 Miles
eagle Point
national
cemetery
2763 Riley Rd., Eagle Point, Or 97524
miles From Va Sorrc:
5 Miles
installed Equipment Shall Have A One-year Full Equipment Replacement For Defects Or Damage Not Caused By Va Personnel. Install Does Not Include Disassembly Of Existing Storage Devices.
hardware And Software
install: Install The Program And Software Packages Used To Add, Delete, And Edit Items Stored In The Bins/platforms On Va Owned Desktops Or Laptop Computers At Each Designated Facility. Install Software On 1 (one At Minimum) Va Owned Laptop For System Set-up And Installation. Install And Prepare Va Owned Server For Transmission Of Information Between Contractor And Va For Maintenance And Monitoring Of Equipment In Use.
access: Grant Accesses And Train Va Employees For The Web-based Program That Shall Have Unlimited User Access And Provide Reports And Data Mining Capability Of Current Inventory Including But Not Limited To Current Stock Levels, Recommended Order Levels, And Average Usage Levels. The System Shall Be Capable Of Producing Reports In Excel Or Text Delimited Format Using Commercially Available Software. Training Includes But Is Not Limited To:
adding Items
removing Items
assigning Items
weighing Items
calibrating Scales
order Management
user Admin Management
troubleshooting Errors
editing Items
troubleshooting
reporting Functions
running Interactive Jobs
locating Items Graphically From The System
5. Capabilities: The Inventory Management System Shall Produce An Accurate Real-time Reading Of Quantities On-hand Accessible By Web-based Program And Provide Data Mining Capabilities That Shall Include At A Minimum, Current Stock Levels, Recommended Order Points, Average Usage Levels Per Item And Ability To Track Medical Supply Usage Per Patient Treated At The Va Facilities Listed Above.
the Weight-based System Will Be Interfaced With Gip (generic Inventory Package) And/or Va Approved Supply Inventory System, For Example Dmlss (defense Medical Logistics Standard Support). The Primary Purpose Of The Interface Is To Identify Out Of Balance On-hand Quantities And Values Between Gip And/or Supply Inventory System And The Weight-based System.
the Weight-based System Will Identify Any Out Of Balance On Hand Quantities And Values, Accounting For Any Due Out Or Due Ins. If The Out Of Balance Condition Is Caused By A Pending Due In Or Due Out, It Will Be Displayed Separately To Easily Identify. Vendor System Due-ins And Due-outs Are To Be Automatically Removed When Gip And/or Supply Inventory System Due-in And Due-outs Are Cleared , Or Orders Are Closed.
The Functionality Of The Weight Bin System Is Listed Below.
Equipment Status
communication About System Status Including System Failures
Materials Management Status
open Orders
emergency/critical Item Levels
Negative Quantities On-hand
Item Locator
Customer Item Requisition
Par Level Analysis
current Levels
level Recommendations By Cost And Usage Demand Sku (stock Keeping Unit) Reduction Recommendations
items Over Par Level
stock Outs And Critical Hits Par Level Value Over Time
Consumption
average Monthly Usage
consumption Analysis Including Time
consumption Deviation
consumption Over Time
Reports
activity Detail (sales, Receipts, Adjustments, Etc.) To Include Time Inventory On Hand Changed
quantity On-hand Discrepant Inventory Alerts
value On-hand
department Transactions
cycle Count Sheet
out Of Balance With Gip - On Hand Due-ins
due-outs
issue Multiple Discrepancy Between Gip And Par Bin Emergency Levels
Orders
existing Orders
order Preview
Items
item Master Item History
item Classification Reconciliation History
most Recent Recon Per Item
Compatibility
communication With Current Existing System
adaptable To Be An Open Bin System Or Secured System
compatible With Existing Web-based System
compliant With Vista Pou Manual And Oit S 508 Compliance
6. Licensing
per Far 12.212, Commercial Computer Software Or Commercial Computer Software Documentation Shall Be Acquired Under Licenses Customarily Provided To The Public To The Extent Such Licenses Are Consistent With Federal Law And Otherwise Satisfy The Government S Needs. Please See The Attachment In Section D., Regarding Governing Law, For More Details.
7. Support
support To Include Continuous Monitoring By Means Of A Minimum Of 4 Remote Checks Of Equipment Functionality By Contractor Personnel Every 24 Hours. Notification And Maintenance Support From Contractor Personnel In The Event Of A Problem With Equipment Or Software. Contractor Personnel Shall Respond To Service Calls No Later Than 24 Hours After Being Notified Of A Problem With Either Equipment Or Installed Software. Equipment And Related Hardware To Be Replaced Within 48 Hours Of Notification Of A Problem If User Is Not At Fault For Damage Or Defect. Pou Weight Based System Must Maintain An Integrated Relationship To Existing Va Systems. Must Be Able To Script Configurable Interfaces That Enable Functional Connection To A System On The Va Lan Network. Specifically, Compatibility With Veterans Data Integration And Federation (vdif) Health-connect Is Required. Pou Weight Based System Also Must Interface With Va S Legacy (and Current) Inventory System - Gip.
8. Performance Monitoring
completion Of The Install Will Be Verified By The Contracting Officer Representative (cor) Or Designated Personnel. Functionality And Accuracy Of The Installed Equipment Will Be Continuously Monitored By Supply Chain Staff To Ensure Equipment Is Functioning Properly And Providing Accurate And Timely Information For Inventory And Reordering Purposes. Installed Equipment And Software Is Monitored By Contractor Employees By Daily Check-ins That Shall Occur Remotely At Least 4 Times Every 24 Hours. Contractor Support To Be Provided For Any Defects Or Functionality Problems By Contacting Contractor Via Email Or Telephone Within Applicable Time Frames. The Contractor Will Meet (e.g., In Person, Telephone, Etc.) With The Cor Monthly To Address Any Unresolved Issues. Any Unresolved And/or Continuous Issues Will Be Addressed To The Contracting Officer For Corrective Action.
9. Security Requirements
vendor Owned Software And/or Application Is To Be Installed On Va Owned Server, Laptop And Desktop Computer. Va Sensitive Information Is Not Being Transmitted, Only Scale Numbers And Supply Quantification Information.
contractor Personnel Performing Installation May Be Required To Complete The Department Of Veterans Affairs Security Screening. General Contractor S Employees Shall Not Enter The Work Area Without The Appropriate Badge. They Must Present Themselves To The Facility Va Police For A Contractor S Badge To Be Worn During The Set-up Of The System. They May Be Subject To Inspection Of Their Personal Effects When Entering Or Leaving The Work Area.
10. Government-furnished Equipment (gfe)/government-furnished Information (gfi)
va Visn 20 Facilities Will Furnish A Server, Laptop, And Desktop Computer For Installation Of Vendor Owned Software And Related Programs Need To Make The Installed Equipment Operational.
11. Other Pertinent Information Or Special Considerations
identification Of Possible Follow-on Work. Support Services Will Be Maintained And Purchased After Initial 1-year Warranty Is No Longer Effective.
12. Risk Control
employees Of Contractor Responsible For Installation And Setup Will Have Background Check Completed Or Show Proof Of Background Check Completed No Longer Than One (1) Year Ago, From Date Of Award Including Fingerprint Analysis. Contractor Employees Shall Always Obtain Va Badge And Wear On Their Person Above Their Waist And Visible.
contractor Will Be Installing A Supply Storage And Tracking System In An Area Under Construction. Workers Will Need To Be Cognizant Of Staff Movements, Equipment, And A Plethora Of Activity During Certain Periods Of The Workday. Installation Staff Shall Have No Patient Contact Or Access To Sensitive Patient Information. Cor Will Be Available For Risk Intervention Should The Need Arise.
13. Period Of Performance
installation To Begin No Later Than 30 Days After Contract Award Date. Installation Will Be Phased By Facility And Will Be At The Discretion Of The Visn 20 Csco (chief Supply Chain Officer). The Fcsco (facility Chief Supply Chain Officer) At Each Facility Will Provide The Contractor A Deployment Plan, To Include Time And Location Of Installations. The Pricing Period For This Idiq Is From Date Of Award Through 5 Years.
b.3 Price/cost Schedule
please Reference The Par Excellence Visn 20 Price List, Within Section D For A Complete List Of Applicable Pricing Throughout The Life Of The Contract. The Guaranteed Minimum Award Amount For This Contract Is $3,500.00. The Maximum Aggregate Value Of Orders That Can Be Placed Under This Contract Is $25 Million. The Government Does Not Guarantee That It Will Place Any Orders Under This Contract In Excess Of The Guaranteed Minimum Award Amount. The Above Amounts Are Based On The Independent Government Estimate Individual Task Orders For Funding Will Be Issued By A Network Contracting Office (nco) 20 Contracting Officer To The Contractor As The Need Arises (bona Fide Need).
b.4 Attachment 1 - Va Handbook 6500.6 - Appendix B
va Acquisition Regulation Solicitation Provision And Contract Clause
note: This Clause Will Undergo Official Rule Making By The Office Of Acquisitions And Logistics. The Below Language Will Be Submitted For Public Review Through The Federal Register. The Final Wording Of The Clause May Be Changed From What Is Outlined Below Based On Public Review And Comment. Once Approved, The Final Language In The Clause Can Be Obtained From The Office Of Acquisitions And Logistics Programs And Policy.
1. Subpart 839.2 Information And Information Technology Security Requirements
839.201 Contract Clause For Information And Information Technology Security:
a. Due To The Threat Of Data Breach, Compromise Or Loss Of Information That Resides On
either Va-owned Or Contractor-owned Systems, And To Comply With Federal Laws And
regulations, Va Has Developed An Information And Information Technology Security Clause To
be Used When Va Sensitive Information Is Accessed, Used, Stored, Generated, Transmitted, Or
exchanged By And Between Va And A Contractor, Subcontractor Or A Third Party In Any Format
(e.g., Paper, Microfiche, Electronic Or Magnetic Portable Media).
b. In Solicitations And Contracts Where Va Sensitive Information Or Information Technology
will Be Accessed Or Utilized, The Co Shall Insert The Clause Found At 852.273-75, Security
requirements For Unclassified Information Technology Resources.
2. 852.273-75 - Security Requirements For Unclassified Information
technology Resources (interim- October 2008)
as Prescribed In 839.201, Insert The Following Clause:
the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws,
regulations, Standards, And Va Directives And Handbooks Regarding Information And Information System Security As Delineated In This Contract.
(end Of Clause)
b.5 Attachment 2 - Va Handbook 6500.6 Appendix C
va Information And Information System Security/privacy Language For Inclusion Into Contracts, As Appropriate
1. General
contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be
subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security.
2. Access To Va Information And Va Information Systems
a Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order.
all Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures.
c. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness.
d. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor.
e. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor S Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination.
3. Va Information Custodial Language
information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1).
va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor S Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va S Information Is Returned To The Va Or Destroyed In Accordance With Va S Sanitization Requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements.
prior To Termination Or Completion Of This Contract, Contractor/subcontractor Must Not Destroy Information Received From Va, Or Gathered/created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract.
the Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract.
the Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed.
if Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12.
if A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship.
the Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated.
the Contractor/subcontractor S Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va S Minimum Requirements. Va Configuration Guidelines Are Available Upon Request.
except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va S Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response.
notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response.
for Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cotr.
4. Information System Design And Development
a. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cotr, And Approved By The Va
privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment.
b. The Contractor/subcontractor Shall Certify To The Cotr That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required.
c. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default Program Files Directory And Silently Install And Uninstall.
d. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges.
e. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle.
f. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties.
g. The Contractor/subcontractor Agrees To:
(1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations
issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies:
(a) The Systems Of Records (sor); And
(b) The Design, Development, Or Operation Work That The Contractor/subcontractor Is To Perform;
(2) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And
(3) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor.
h. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency.
(1) Operation Of A System Of Records Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records.
(2) Record Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person S Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph.
(3) System Of Records Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual.
i. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And
technologies, Including Their Subcomponents (hereinafter Referred To As Systems ), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems.
j. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than ____ Days.
k. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within ____ Days.
l. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology.
5. Information System Hosting, Operation, Maintenance, Or Use
a. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerability Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor S Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cotr And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va S Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation.
b. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii.
c. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor S Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government-owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks.
d. The Contractor/subcontractor S System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va S Poa&m Management Process. The Contractor/subcontractor Must Use Va S Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be
reviewed, Retested And Re-authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary.
e. The Contractor/subcontractor Must Conduct An Annual Self-assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cotr. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost.
f. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/subcontractor Owned Equipment Or Software On Va S Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va Approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral
software And The Firewall On The Non-va Owned Oe.
g. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract.
h. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are:
(1) Vendor Must Accept The System Without The Drive;
(2) Va S Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or
(3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase.
(4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then;
(a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And
(b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Preapproved And Described In The Purchase Order Or Contract.
(c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation.
6. Security Incident Investigation
a. The Term Security Incident Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/subcontractor Shall Immediately Notify The Cotr And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/subcontractor Has Access.
b. To The Extent Known By The Contractor/subcontractor, The Contractor/subcontractor S Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant.
c. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement.
d. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive
relief Against Any Third Party Arising From, Or Related To, The Incident.
7. Liquidated Damages For Data Breach
a. Consistent With The Requirements Of 38 U.s.c. §5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract.
b. The Contractor/subcontractor Shall Provide Notice To Va Of A Security Incident As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination.
c. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following:
(1) Nature Of The Event (loss, Theft, Unauthorized Access);
(2) Description Of The Event, Including:
(a) Date Of Occurrence;
(b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code;
(3) Number Of Individuals Affected Or Potentially Affected;
(4) Names Of Individuals Or Groups Affected Or Potentially Affected;
(5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text;
(6) Amount Of Time The Data Has Been Out Of Va Control;
(7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons); (8) Known Misuses Of Data Containing Sensitive Personal Information, If Any;
(9) Assessment Of The Potential Harm To The Affected Individuals;
(10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And
(11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised.
d. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of $______ Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following:
(1) Notification;
(2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports;
(3) Data Breach Analysis;
(4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution;
(5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And
(6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs.
8. Security Controls Compliance Testing
on A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To
evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day S Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time.
9. Training
a. All Contractor Employees And Subcontractor Employees Requiring Access To Va
information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems:
(1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems;
(2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training;
(3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And
(4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.]
b. The Contractor Shall Provide To The Contracting Officer And/or The Cotr A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required.
c. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete.
potential Businesses Having The Capabilities Necessary To Provide The Above Stated Equipment Services Are Invited To Respond To This Sources Sought Notice Via E-mail To Gregory.watson2@va.gov No Later Than 06/21/24. No Telephone Inquiries Will Be Accepted.
responses Should Include The Following Information: Company Name, Address, And Business Size, Point Of Contact Name, Phone Number, And E-mail Address, Oem Certifications For Technicians To Provide The Services Must Be Included In The Response. Oem Documentation Confirming Access To All Required Oem Parts Must Be Included In The Response.
please Note Whether System Is Presently Offered On A Current Government Contract. Naics Code 541990 Is Applicable To Determine Business Size Standard. Any Questions Or Concerns May Also Be Directed To Gregory.watson2@va.gov Via E-mail.
disclaimer And Important Notes:
this Sources Sought Notice Does Not Obligate The Government To Award A Contract Or Otherwise Pay For The Information Provided In Response. The Government Reserves The Right To Use Information Provided By Respondents For Any Purpose Deemed Necessary And Legally Appropriate. The Government Will Treat Any Information Received As Proprietary And Will Not Share Such Information With Other Companies. Any Organization Responding To This Sources Sought Notice Should Ensure That Its Response Is Complete And Sufficiently Detailed To Allow The Government To Determine The Organization's Qualifications To Perform The Work. Respondents
Closing Date21 Jun 2024
Tender AmountRefer Documents
VETERANS AFFAIRS, DEPARTMENT OF USA Tender
Telecommunication Services
United States
Details: Page 1 Of
1. Requisition No.
2. Contract No.
3. Award/effective Date
4. Order No.
5. Solicitation Number
6. Solicitation Issue Date
a. Name
b. Telephone No. (no Collect Calls)
8. Offer Due Date/local
time
9. Issued By
code
10. This Acquisition Is
Unrestricted Or
set Aside:
% For:
small Business
hubzone Small
business
service-disabled
veteran-owned
small Business
women-owned Small Business
(wosb) Eligible Under The Women-owned
small Business Program
edwosb
8(a)
naics:
size Standard:
11. Delivery For Fob Destina-
tion Unless Block Is
marked
see Schedule
12. Discount Terms
13a. This Contract Is A
rated Order Under
dpas (15 Cfr 700)
13b. Rating
14. Method Of Solicitation
rfq
ifb
rfp
15. Deliver To
code
16. Administered By
code
17a. Contractor/offeror
code
facility Code
18a. Payment Will Be Made By
code
telephone No.
uei:
eft:
phone:
fax:
17b. Check If Remittance Is Different And Put Such Address In Offer
18b. Submit Invoices To Address Shown In Block 18a Unless Block Below Is Checked
see Addendum
19.
20.
21.
22.
23.
24.
item No.
schedule Of Supplies/services
quantity
unit
unit Price
amount
(use Reverse And/or Attach Additional Sheets As Necessary)
25. Accounting And Appropriation Data
26. Total Award Amount (for Govt. Use Only)
27a. Solicitation Incorporates By Reference Far 52.212-1, 52.212-4. Far 52.212-3 And 52.212-5 Are Attached. Addenda
are
are Not Attached.
27b. Contract/purchase Order Incorporates By Reference Far 52.212-4. Far 52.212-5 Is Attached. Addenda
are
are Not Attached
28. Contractor Is Required To Sign This Document And Return _______________
29. Award Of Contract: Ref. ___________________________________ Offer
copies To Issuing Office. Contractor Agrees To Furnish And
dated ________________________________. Your Offer On Solicitation
deliver All Items Set Forth Or Otherwise Identified Above And On Any
(block 5), Including Any Additions Or Changes Which Are
additional Sheets Subject To The Terms And Conditions Specified
set Forth Herein Is Accepted As To Items:
30a. Signature Of Offeror/contractor
31a. United States Of America (signature Of Contracting Officer)
30b. Name And Title Of Signer (type Or Print)
30c. Date Signed
31b. Name Of Contracting Officer (type Or Print)
31c. Date Signed
authorized For Local Reproduction
(rev. Nov 2021)
previous Edition Is Not Usable
prescribed By Gsa - Far (48 Cfr) 53.212
7. For Solicitation
information Call:
standard Form 1449
solicitation/contract/order For Commercial Products And Commercial Services
offeror To Complete Blocks 12, 17, 23, 24, & 30
23
36c26224q0541
01-30-2024
garrett Lyles
none
02-03-2024
12:00
mst
36c262
department Of Veterans Affairs
nco 22 - Network Contracting
3601 S. 6th Avenue
tucson Az 85723
x
811310
$12.5 Million
n/a
x
36c262
department Of Veterans Affairs
southern Arizona Va Healthcare System
3601 S. 6th Avenue
tucson Az 85723
36c262
department Of Veterans Affairs
nco 22 - Network Contracting
3601 S. 6th Avenue
tucson Az 85723
this Is Accomplished Through The
tungsten Network Located At:
http://www.fsc.va.gov/einvoice.asp
this Is Mandatory And The Sole Method
for Submitting Invoices.
see Continuation Page
to All Offerors:
procurement Of Sterilization Of Washer
refer To Statement Of Work
questions Can Be Directed To Garrett Lyles At
garrett.lyles@va.gov. Nlt 02/03/2024 At 12:00
pm Mst.
see Continuation Page
x
x
36c26224q0541
page 1 Of
page 2 Of 63
page 1 Of
table Of Contents
section A 1
a.1 Sf 1449 Solicitation/contract/order For Commercial Products And Commercial Services 1
section B - Continuation Of Sf 1449 Blocks 3
b.1 Contract Administration Data 3
b.2 It Contract Security 4
b.3 Price/cost Schedule 13
item Information 13
b.4 Delivery Schedule 14
section C - Contract Clauses 15
c.1 52.212-4 Contract Terms And Conditions Commercial Products And Commercial Services (nov 2023) 15
section D - Contract Documents, Exhibits, Or Attachments 21
36c26224q0541
page 1 Of
page 14 Of 63
page 1 Of
section B - Continuation Of Sf 1449 Blocks
b.1 Contract Administration Data
1. Contract Administration: All Contract Administration Matters Will Be Handled By The Following Individuals:
A. Contractor:
B. Government: Contracting Officer 36c262
department Of Veterans Affairs
nco 22 - Network Contracting
3601 S. 6th Avenue
tucson Az 85723
2. Contractor Remittance Address: All Payments By The Government To The Contractor Will Be Made In Accordance With:
[x]
52.232-33, Payment By Electronic Funds Transfer System For Award Management, Or
[]
52.232-36, Payment By Third Party
3. Invoices: Invoices Shall Be Submitted In Arrears:
A. Quarterly []
B. Semi-annually []
C. Other []
4. Government Invoice Address: All Invoices From The Contractor Shall Be Submitted Electronically In Accordance With Vaar Clause 852.232-72 Electronic Submission Of Payment Requests.
Acknowledgment Of Amendments: The Offeror Acknowledges Receipt Of Amendments To The Solicitation Numbered And Dated As Follows:
amendment No
date
b.2 It Contract Security
Va Information And Information System Security/privacy
1. General
Contractors, Contractor Personnel, Subcontractors, And Subcontractor Personnel Shall Be Subject To The Same Federal Laws, Regulations, Standards, And Va Directives And Handbooks As Va And Va Personnel Regarding Information And Information System Security.
2. Access To Va Information And Va Information Systems
A. A Contractor/subcontractor Shall Request Logical (technical) Or Physical Access To Va Information And Va Information Systems For Their Employees, Subcontractors, And Affiliates Only To The Extent Necessary To Perform The Services Specified In The Contract, Agreement, Or Task Order.
B. All Contractors, Subcontractors, And Third-party Servicers And Associates Working With Va Information Are Subject To The Same Investigative Requirements As Those Of Va Appointees Or Employees Who Have Access To The Same Types Of Information. The Level And Process Of Background Security Investigations For Contractors Must Be In Accordance With Va Directive And Handbook 0710, Personnel Suitability And Security Program. The Office For Operations, Security, And Preparedness Is Responsible For These Policies And Procedures.
C. Contract Personnel Who Require Access To National Security Programs Must Have A Valid Security Clearance. National Industrial Security Program (nisp) Was Established By Executive Order 12829 To Ensure That Cleared U.s. Defense Industry Contract Personnel Safeguard The Classified Information In Their Possession While Performing Work On Contracts, Programs, Bids, Or Research And Development Efforts. The Department Of Veterans Affairs Does Not Have A Memorandum Of Agreement With Defense Security Service (dss). Verification Of A Security Clearance Must Be Processed Through The Special Security Officer Located In The Planning And National Security Service Within The Office Of Operations, Security, And Preparedness.
D. Custom Software Development And Outsourced Operations Must Be Located In The U.s. To The Maximum Extent Practical. If Such Services Are Proposed To Be Performed Abroad And Are Not Disallowed By Other Va Policy Or Mandates, The Contractor/subcontractor Must State Where All Non-u.s. Services Are Provided And Detail A Security Plan, Deemed To Be Acceptable By Va, Specifically To Address Mitigation Of The Resulting Problems Of Communication, Control, Data Protection, And So Forth. Location Within The U.s. May Be An Evaluation Factor.
E. The Contractor Or Subcontractor Must Notify The Contracting Officer Immediately When An Employee Working On A Va System Or With Access To Va Information Is Reassigned Or Leaves The Contractor Or Subcontractor's Employ. The Contracting Officer Must Also Be Notified Immediately By The Contractor Or Subcontractor Prior To An Unfriendly Termination.
3. Va Information Custodial Language
A. Information Made Available To The Contractor Or Subcontractor By Va For The Performance Or Administration Of This Contract Or Information Developed By The Contractor/subcontractor In Performance Or Administration Of The Contract Shall Be Used Only For Those Purposes And Shall Not Be Used In Any Other Way Without The Prior Written Agreement Of The Va. This Clause Expressly Limits The Contractor/subcontractor's Rights To Use Data As Described In Rights In Data - General, Far 52.227-14(d) (1).
B. Va Information Should Not Be Co-mingled, If Possible, With Any Other Data On The Contractors/subcontractor's Information Systems Or Media Storage Systems In Order To Ensure Va Requirements Related To Data Protection And Media Sanitization Can Be Met. If Co-mingling Must Be Allowed To Meet The Requirements Of The Business Need, The Contractor Must Ensure That Va's Information Is Returned To The Va Or Destroyed In Accordance With Va's Sanitization Requirements. Va Reserves The Right To Conduct On Site Inspections Of Contractor And Subcontractor It Resources To Ensure Data Security Controls, Separation Of Data And Job Duties, And Destruction/media Sanitization Procedures Are In Compliance With Va Directive Requirements.
C. Prior To Termination Or Completion Of This Contract, Contractor/ Subcontractor Must Not Destroy Information Received From Va, Or Gathered/ Created By The Contractor In The Course Of Performing This Contract Without Prior Written Approval By The Va. Any Data Destruction Done On Behalf Of Va By A Contractor/subcontractor Must Be Done In Accordance With National Archives And Records Administration (nara) Requirements As Outlined In Va Directive 6300, Records And Information Management And Its Handbook 6300.1 Records Management Procedures, Applicable Va Records Control Schedules, And Va Handbook 6500.1, Electronic Media Sanitization. Self-certification By The Contractor That The Data Destruction Requirements Above Have Been Met Must Be Sent To The Va Contracting Officer Within 30 Days Of Termination Of The Contract.
D. The Contractor/subcontractor Must Receive, Gather, Store, Back Up, Maintain, Use, Disclose And Dispose Of Va Information Only In Compliance With The Terms Of The Contract And Applicable Federal And Va Information Confidentiality And Security Laws, Regulations And Policies. If Federal Or Va Information Confidentiality And Security Laws, Regulations And Policies Become Applicable To The Va Information Or Information Systems After Execution Of The Contract, Or If Nist Issues Or Updates Applicable Fips Or Special Publications (sp) After Execution Of This Contract, The Parties Agree To Negotiate In Good Faith To Implement The Information Confidentiality And Security Laws, Regulations And Policies In This Contract.
E. The Contractor/subcontractor Shall Not Make Copies Of Va Information Except As Authorized And Necessary To Perform The Terms Of The Agreement Or To Preserve Electronic Information Stored On Contractor/subcontractor Electronic Storage Media For Restoration In Case Any Electronic Equipment Or Data Used By The Contractor/subcontractor Needs To Be Restored To An Operating State. If Copies Are Made For Restoration Purposes, After The Restoration Is Complete, The Copies Must Be Appropriately Destroyed.
F. If Va Determines That The Contractor Has Violated Any Of The Information Confidentiality, Privacy, And Security Provisions Of The Contract, It Shall Be Sufficient Grounds For Va To Withhold Payment To The Contractor Or Third Party Or Terminate The Contract For Default Or Terminate For Cause Under Federal Acquisition Regulation (far) Part 12.
G. If A Vha Contract Is Terminated For Cause, The Associated Baa Must Also Be Terminated And Appropriate Actions Taken In Accordance With Vha Handbook 1600.01, Business Associate Agreements. Absent An Agreement To Use Or Disclose Protected Health Information, There Is No Business Associate Relationship.
H. The Contractor/subcontractor Must Store, Transport, Or Transmit Va Sensitive Information In An Encrypted Form, Using Va-approved Encryption Tools That Are, At A Minimum, Fips 140-2 Validated.
I. The Contractor/subcontractor's Firewall And Web Services Security Controls, If Applicable, Shall Meet Or Exceed Va's Minimum Requirements. Va Configuration Guidelines Are Available Upon Request.
J. Except For Uses And Disclosures Of Va Information Authorized By This Contract For Performance Of The Contract, The Contractor/subcontractor May Use And Disclose Va Information Only In Two Other Situations: (i) In Response To A Qualifying Order Of A Court Of Competent Jurisdiction, Or (ii) With Va's Prior Written Approval. The Contractor/subcontractor Must Refer All Requests For, Demands For Production Of, Or Inquiries About, Va Information And Information Systems To The Va Contracting Officer For Response.
K. Notwithstanding The Provision Above, The Contractor/subcontractor Shall Not Release Va Records Protected By Title 38 U.s.c. 5705, Confidentiality Of Medical Quality Assurance Records And/or Title 38 U.s.c. 7332, Confidentiality Of Certain Health Records Pertaining To Drug Addiction, Sickle Cell Anemia, Alcoholism Or Alcohol Abuse, Or Infection With Human Immunodeficiency Virus. If The Contractor/subcontractor Is In Receipt Of A Court Order Or Other Requests For The Above Mentioned Information, That Contractor/subcontractor Shall Immediately Refer Such Court Orders Or Other Requests To The Va Contracting Officer For Response.
L. For Service That Involves The Storage, Generating, Transmitting, Or Exchanging Of Va Sensitive Information But Does Not Require C&a Or An Mou-isa For System Interconnection, The Contractor/subcontractor Must Complete A Contractor Security Control Assessment (csca) On A Yearly Basis And Provide It To The Cor.
4. Information System Design And Development
A. Information Systems That Are Designed Or Developed For Or On Behalf Of Va At Non-va Facilities Shall Comply With All Va Directives Developed In Accordance With Fisma, Hipaa, Nist, And Related Va Security And Privacy Control Requirements For Federal Information Systems. This Includes Standards For The Protection Of Electronic Phi, Outlined In 45 C.f.r. Part 164, Subpart C, Information And System Security Categorization Level Designations In Accordance With Fips 199 And Fips 200 With Implementation Of All Baseline Security Controls Commensurate With The Fips 199 System Security Categorization (reference Appendix D Of Va Handbook 6500, Va Information Security Program). During The Development Cycle A Privacy Impact Assessment (pia) Must Be Completed, Provided To The Cor, And Approved By The Va Privacy Service In Accordance With Directive 6507, Va Privacy Impact Assessment.
B. The Contractor/subcontractor Shall Certify To The Cor That Applications Are Fully Functional And Operate Correctly As Intended On Systems Using The Va Federal Desktop Core Configuration (fdcc), And The Common Security Configuration Guidelines Provided By Nist Or The Va. This Includes Internet Explorer 7 Configured To Operate On Windows Xp And Vista (in Protected Mode On Vista) And Future Versions, As Required.
C. The Standard Installation, Operation, Maintenance, Updating, And Patching Of Software Shall Not Alter The Configuration Settings From The Va Approved And Fdcc Configuration. Information Technology Staff Must Also Use The Windows Installer Service For Installation To The Default "program Files" Directory And Silently Install And Uninstall.
D. Applications Designed For Normal End Users Shall Run In The Standard User Context Without Elevated System Administration Privileges.
E. The Security Controls Must Be Designed, Developed, Approved By Va, And Implemented In Accordance With The Provisions Of Va Security System Development Life Cycle As Outlined In Nist Special Publication 800-37, Guide For Applying The Risk Management Framework To Federal Information Systems, Va Handbook 6500, Information Security Program And Va Handbook 6500.5, Incorporating Security And Privacy In System Development Lifecycle.
F. The Contractor/subcontractor Is Required To Design, Develop, Or Operate A System Of Records Notice (sor) On Individuals To Accomplish An Agency Function Subject To The Privacy Act Of 1974, (as Amended), Public Law 93-579, December 31, 1974 (5 U.s.c. 552a) And Applicable Agency Regulations. Violation Of The Privacy Act May Involve The Imposition Of Criminal And Civil Penalties.
G. The Contractor/subcontractor Agrees To:
(1) Comply With The Privacy Act Of 1974 (the Act) And The Agency Rules And Regulations Issued Under The Act In The Design, Development, Or Operation Of Any System Of Records On Individuals To Accomplish An Agency Function When The Contract Specifically Identifies:
(a) The Systems Of Records (sor); And
(b) The Design, Development, Or Operation Work That The Contractor/ Subcontractor Is To Perform;
(1) Include The Privacy Act Notification Contained In This Contract In Every Solicitation And Resulting Subcontract And In Every Subcontract Awarded Without A Solicitation, When The Work Statement In The Proposed Subcontract Requires The Redesign, Development, Or Operation Of A Sor On Individuals That Is Subject To The Privacy Act; And
(2) Include This Privacy Act Clause, Including This Subparagraph (3), In All Subcontracts Awarded Under This Contract Which Requires The Design, Development, Or Operation Of Such A Sor.
H. In The Event Of Violations Of The Act, A Civil Action May Be Brought Against The Agency Involved When The Violation Concerns The Design, Development, Or Operation Of A Sor On Individuals To Accomplish An Agency Function, And Criminal Penalties May Be Imposed Upon The Officers Or Employees Of The Agency When The Violation Concerns The Operation Of A Sor On Individuals To Accomplish An Agency Function. For Purposes Of The Act, When The Contract Is For The Operation Of A Sor On Individuals To Accomplish An Agency Function, The Contractor/subcontractor Is Considered To Be An Employee Of The Agency.
(1) "operation Of A System Of Records" Means Performance Of Any Of The Activities Associated With Maintaining The Sor, Including The Collection, Use, Maintenance, And Dissemination Of Records.
(2) "record" Means Any Item, Collection, Or Grouping Of Information About An Individual That Is Maintained By An Agency, Including, But Not Limited To, Education, Financial Transactions, Medical History, And Criminal Or Employment History And Contains The Person's Name, Or Identifying Number, Symbol, Or Any Other Identifying Particular Assigned To The Individual, Such As A Fingerprint Or Voiceprint, Or A Photograph.
(3) "system Of Records" Means A Group Of Any Records Under The Control Of Any Agency From Which Information Is Retrieved By The Name Of The Individual Or By Some Identifying Number, Symbol, Or Other Identifying Particular Assigned To The Individual.
I. The Vendor Shall Ensure The Security Of All Procured Or Developed Systems And Technologies, Including Their Subcomponents (hereinafter Referred To As "systems"), Throughout The Life Of This Contract And Any Extension, Warranty, Or Maintenance Periods. This Includes, But Is Not Limited To Workarounds, Patches, Hotfixes, Upgrades, And Any Physical Components (hereafter Referred To As Security Fixes) Which May Be Necessary To Fix All Security Vulnerabilities Published Or Known To The Vendor Anywhere In The Systems, Including Operating Systems And Firmware. The Vendor Shall Ensure That Security Fixes Shall Not Negatively Impact The Systems.
J. The Vendor Shall Notify Va Within 24 Hours Of The Discovery Or Disclosure Of Successful Exploits Of The Vulnerability Which Can Compromise The Security Of The Systems (including The Confidentiality Or Integrity Of Its Data And Operations, Or The Availability Of The System). Such Issues Shall Be Remediated As Quickly As Is Practical, But In No Event Longer Than Days.
K. When The Security Fixes Involve Installing Third Party Patches (such As Microsoft Os Patches Or Adobe Acrobat), The Vendor Will Provide Written Notice To The Va That The Patch Has Been Validated As Not Affecting The Systems Within 10 Working Days. When The Vendor Is Responsible For Operations Or Maintenance Of The Systems, They Shall Apply The Security Fixes Within Days.
L. All Other Vulnerabilities Shall Be Remediated As Specified In This Paragraph In A Timely Manner Based On Risk, But Within 60 Days Of Discovery Or Disclosure. Exceptions To This Paragraph (e.g. For The Convenience Of Va) Shall Only Be Granted With Approval Of The Contracting Officer And The Va Assistant Secretary For Office Of Information And Technology.
5. Information System Hosting, Operation, Maintenance, Or Use
A. For Information Systems That Are Hosted, Operated, Maintained, Or Used On Behalf Of Va At Non-va Facilities, Contractors/subcontractors Are Fully Responsible And Accountable For Ensuring Compliance With All Hipaa, Privacy Act, Fisma, Nist, Fips, And Va Security And Privacy Directives And Handbooks. This Includes Conducting Compliant Risk Assessments, Routine Vulnerablity Scanning, System Patching And Change Management Procedures, And The Completion Of An Acceptable Contingency Plan For Each System. The Contractor's Security Control Procedures Must Be Equivalent, To Those Procedures Used To Secure Va Systems. A Privacy Impact Assessment (pia) Must Also Be Provided To The Cor And Approved By Va Privacy Service Prior To Operational Approval. All External Internet Connections To Va's Network Involving Va Information Must Be Reviewed And Approved By Va Prior To Implementation.
B. Adequate Security Controls For Collecting, Processing, Transmitting, And Storing Of Personally Identifiable Information (pii), As Determined By The Va Privacy Service, Must Be In Place, Tested, And Approved By Va Prior To Hosting, Operation, Maintenance, Or Use Of The Information System, Or Systems By Or On Behalf Of Va. These Security Controls Are To Be Assessed And Stated Within The Pia And If These Controls Are Determined Not To Be In Place, Or Inadequate, A Plan Of Action And Milestones (poa&m) Must Be Submitted And Approved Prior To The Collection Of Pii.
C. Outsourcing (contractor Facility, Contractor Equipment Or Contractor Staff) Of Systems Or Network Operations, Telecommunications Services, Or Other Managed Services Requires Certification And Accreditation (authorization) (c&a) Of The Contractor's Systems In Accordance With Va Handbook 6500.3, Certification And Accreditation And/or The Va Ocs Certification Program Office. Government- Owned (government Facility Or Government Equipment) Contractor-operated Systems, Third Party Or Business Partner Networks Require Memorandums Of Understanding And Interconnection Agreements (mou-isa) Which Detail What Data Types Are Shared, Who Has Access, And The Appropriate Level Of Security Controls For All Systems Connected To Va Networks.
D. The Contractor/subcontractor's System Must Adhere To All Fisma, Fips, And Nist Standards Related To The Annual Fisma Security Controls Assessment And Review And Update The Pia. Any Deficiencies Noted During This Assessment Must Be Provided To The Va Contracting Officer And The Iso For Entry Into Va's Poa&m Management Process. The Contractor/subcontractor Must Use Va's Poa&m Process To Document Planned Remedial Actions To Address Any Deficiencies In Information Security Policies, Procedures, And Practices, And The Completion Of Those Activities. Security Deficiencies Must Be Corrected Within The Timeframes Approved By The Government. Contractor/subcontractor Procedures Are Subject To Periodic, Unannounced Assessments By Va Officials, Including The Va Office Of Inspector General. The Physical Security Aspects Associated With Contractor/ Subcontractor Activities Must Also Be Subject To Such Assessments. If Major Changes To The System Occur That May Affect The Privacy Or Security Of The Data Or The System, The C&a Of The System May Need To Be Reviewed, Retested And Re- Authorized Per Va Handbook 6500.3. This May Require Reviewing And Updating All Of The Documentation (pia, System Security Plan, Contingency Plan). The Certification Program Office Can Provide Guidance On Whether A New C&a Would Be Necessary.
E. The Contractor/subcontractor Must Conduct An Annual Self Assessment On All Systems And Outsourced Services As Required. Both Hard Copy And Electronic Copies Of The Assessment Must Be Provided To The Cor. The Government Reserves The Right To Conduct Such An Assessment Using Government Personnel Or Another Contractor/subcontractor. The Contractor/subcontractor Must Take Appropriate And Timely Action (this Can Be Specified In The Contract) To Correct Or Mitigate Any Weaknesses Discovered During Such Testing, Generally At No Additional Cost.
F. Va Prohibits The Installation And Use Of Personally-owned Or Contractor/ Subcontractor-owned Equipment Or Software On Va's Network. If Non-va Owned Equipment Must Be Used To Fulfill The Requirements Of A Contract, It Must Be Stated In The Service Agreement, Sow Or Contract. All Of The Security Controls Required For Government Furnished Equipment (gfe) Must Be Utilized In Approved Other Equipment (oe) And Must Be Funded By The Owner Of The Equipment. All Remote Systems Must Be Equipped With, And Use, A Va-approved Antivirus (av) Software And A Personal (host-based Or Enclave Based) Firewall That Is Configured With A Va-approved Configuration. Software Must Be Kept Current, Including All Critical Updates And Patches. Owners Of Approved Oe Are Responsible For Providing And Maintaining The Anti-viral Software And The Firewall On The Non-va Owned Oe.
G. All Electronic Storage Media Used On Non-va Leased Or Non-va Owned It Equipment That Is Used To Store, Process, Or Access Va Information Must Be Handled In Adherence With Va Handbook 6500.1, Electronic Media Sanitization Upon: (i) Completion Or Termination Of The Contract Or (ii) Disposal Or Return Of The It Equipment By The Contractor/subcontractor Or Any Person Acting On Behalf Of The Contractor/subcontractor, Whichever Is Earlier. Media (hard Drives, Optical Disks, Cds, Back-up Tapes, Etc.) Used By The Contractors/ Subcontractors That Contain Va Information Must Be Returned To The Va For Sanitization Or Destruction Or The Contractor/subcontractor Must Self-certify That The Media Has Been Disposed Of Per 6500.1 Requirements. This Must Be Completed Within 30 Days Of Termination Of The Contract.
H. Bio-medical Devices And Other Equipment Or Systems Containing Media (hard Drives, Optical Disks, Etc.) With Va Sensitive Information Must Not Be Returned To The Vendor At The End Of Lease, For Trade-in, Or Other Purposes. The Options Are:
(1) Vendor Must Accept The System Without The Drive;
(2) Va's Initial Medical Device Purchase Includes A Spare Drive Which Must Be Installed In Place Of The Original Drive At Time Of Turn-in; Or
(3) Va Must Reimburse The Company For Media At A Reasonable Open Market Replacement Cost At Time Of Purchase.
(4) Due To The Highly Specialized And Sometimes Proprietary Hardware And Software Associated With Medical Equipment/systems, If It Is Not Possible For The Va To Retain The Hard Drive, Then;
(a) The Equipment Vendor Must Have An Existing Baa If The Device Being Traded In Has Sensitive Information Stored On It And Hard Drive(s) From The System Are Being Returned Physically Intact; And
(b) Any Fixed Hard Drive On The Device Must Be Non-destructively Sanitized To The Greatest Extent Possible Without Negatively Impacting System Operation. Selective Clearing Down To Patient Data Folder Level Is Recommended Using Va Approved And Validated Overwriting Technologies/methods/tools. Applicable Media Sanitization Specifications Need To Be Pre-approved And Described In The Purchase Order Or Contract.
(c) A Statement Needs To Be Signed By The Director (system Owner) That States That The Drive Could Not Be Removed And That (a) And (b) Controls Above Are In Place And Completed. The Iso Needs To Maintain The Documentation.
6. Security Incident Investigation
A. The Term "security Incident" Means An Event That Has, Or Could Have, Resulted In Unauthorized Access To, Loss Or Damage To Va Assets, Or Sensitive Information, Or An Action That Breaches Va Security Procedures. The Contractor/ Subcontractor Shall Immediately Notify The Cor And Simultaneously, The Designated Iso And Privacy Officer For The Contract Of Any Known Or Suspected Security/privacy Incidents, Or Any Unauthorized Disclosure Of Sensitive Information, Including That Contained In System(s) To Which The Contractor/ Subcontractor Has Access.
B. To The Extent Known By The Contractor/subcontractor, The Contractor/ Subcontractor's Notice To Va Shall Identify The Information Involved, The Circumstances Surrounding The Incident (including To Whom, How, When, And Where The Va Information Or Assets Were Placed At Risk Or Compromised), And Any Other Information That The Contractor/subcontractor Considers Relevant.
C. With Respect To Unsecured Protected Health Information, The Business Associate Is Deemed To Have Discovered A Data Breach When The Business Associate Knew Or Should Have Known Of A Breach Of Such Information. Upon Discovery, The Business Associate Must Notify The Covered Entity Of The Breach. Notifications Need To Be Made In Accordance With The Executed Business Associate Agreement.
D. In Instances Of Theft Or Break-in Or Other Criminal Activity, The Contractor/subcontractor Must Concurrently Report The Incident To The Appropriate Law Enforcement Entity (or Entities) Of Jurisdiction, Including The Va Oig And Security And Law Enforcement. The Contractor, Its Employees, And Its Subcontractors And Their Employees Shall Cooperate With Va And Any Law Enforcement Authority Responsible For The Investigation And Prosecution Of Any Possible Criminal Law Violation(s) Associated With Any Incident. The Contractor/subcontractor Shall Cooperate With Va In Any Civil Litigation To Recover Va Information, Obtain Monetary Or Other Compensation From A Third Party For Damages Arising From Any Incident, Or Obtain Injunctive Relief Against Any Third Party Arising From, Or Related To, The Incident.
7. Liquidated Damages For Data Breach
A. Consistent With The Requirements Of 38 U.s.c. 5725, A Contract May Require Access To Sensitive Personal Information. If So, The Contractor Is Liable To Va For Liquidated Damages In The Event Of A Data Breach Or Privacy Incident Involving Any Spi The Contractor/subcontractor Processes Or Maintains Under This Contract.
B. The Contractor/subcontractor Shall Provide Notice To Va Of A "security Incident" As Set Forth In The Security Incident Investigation Section Above. Upon Such Notification, Va Must Secure From A Non-department Entity Or The Va Office Of Inspector General An Independent Risk Analysis Of The Data Breach To Determine The Level Of Risk Associated With The Data Breach For The Potential Misuse Of Any Sensitive Personal Information Involved In The Data Breach. The Term 'data Breach' Means The Loss, Theft, Or Other Unauthorized Access, Or Any Access Other Than That Incidental To The Scope Of Employment, To Data Containing Sensitive Personal Information, In Electronic Or Printed Form, That Results In The Potential Compromise Of The Confidentiality Or Integrity Of The Data. Contractor Shall Fully Cooperate With The Entity Performing The Risk Analysis. Failure To Cooperate May Be Deemed A Material Breach And Grounds For Contract Termination.
C. Each Risk Analysis Shall Address All Relevant Information Concerning The Data Breach, Including The Following:
(1) Nature Of The Event (loss, Theft, Unauthorized Access);
(2) Description Of The Event, Including:
(a) Date Of Occurrence;
(b) Data Elements Involved, Including Any Pii, Such As Full Name, Social Security Number, Date Of Birth, Home Address, Account Number, Disability Code;
(3) Number Of Individuals Affected Or Potentially Affected;
(4) Names Of Individuals Or Groups Affected Or Potentially Affected;
(5) Ease Of Logical Data Access To The Lost, Stolen Or Improperly Accessed Data In Light Of The Degree Of Protection For The Data, E.g., Unencrypted, Plain Text;
(6) Amount Of Time The Data Has Been Out Of Va Control;
(7) The Likelihood That The Sensitive Personal Information Will Or Has Been Compromised (made Accessible To And Usable By Unauthorized Persons);
(8) Known Misuses Of Data Containing Sensitive Personal Information, If Any;
(9) Assessment Of The Potential Harm To The Affected Individuals;
(10) Data Breach Analysis As Outlined In 6500.2 Handbook, Management Of Security And Privacy Incidents, As Appropriate; And
(11) Whether Credit Protection Services May Assist Record Subjects In Avoiding Or Mitigating The Results Of Identity Theft Based On The Sensitive Personal Information That May Have Been Compromised.
D. Based On The Determinations Of The Independent Risk Analysis, The Contractor Shall Be Responsible For Paying To The Va Liquidated Damages In The Amount Of Per Affected Individual To Cover The Cost Of Providing Credit Protection Services To Affected Individuals Consisting Of The Following:
(1) Notification;
(2) One Year Of Credit Monitoring Services Consisting Of Automatic Daily Monitoring Of At Least 3 Relevant Credit Bureau Reports;
(3) Data Breach Analysis;
(4) Fraud Resolution Services, Including Writing Dispute Letters, Initiating Fraud Alerts And Credit Freezes, To Assist Affected Individuals To Bring Matters To Resolution;
(5) One Year Of Identity Theft Insurance With $20,000.00 Coverage At $0 Deductible; And
(6) Necessary Legal Expenses The Subjects May Incur To Repair Falsified Or Damaged Credit Records, Histories, Or Financial Affairs.
8. Security Controls Compliance Testing
On A Periodic Basis, Va, Including The Office Of Inspector General, Reserves The Right To Evaluate Any Or All Of The Security Controls And Privacy Practices Implemented By The Contractor Under The Clauses Contained Within The Contract. With 10 Working-day's Notice, At The Request Of The Government, The Contractor Must Fully Cooperate And Assist In A Government-sponsored Security Controls Assessment At Each Location Wherein Va Information Is Processed Or Stored, Or Information Systems Are Developed, Operated, Maintained, Or Used On Behalf Of Va, Including Those Initiated By The Office Of Inspector General. The Government May Conduct A Security Control Assessment On Shorter Notice (to Include Unannounced Assessments) As Determined By Va In The Event Of A Security Incident Or At Any Other Time.
9. Training
A. All Contractor Employees And Subcontractor Employees Requiring Access To Va Information And Va Information Systems Shall Complete The Following Before Being Granted Access To Va Information And Its Systems:
(1) Sign And Acknowledge (either Manually Or Electronically) Understanding Of And Responsibilities For Compliance With The Contractor Rules Of Behavior, Appendix E Relating To Access To Va Information And Information Systems;
(2) Successfully Complete The Va Cyber Security Awareness And Rules Of Behavior Training And Annually Complete Required Security Training;
(3) Successfully Complete The Appropriate Va Privacy Training And Annually Complete Required Privacy Training; And
(4) Successfully Complete Any Additional Cyber Security Or Privacy Training, As Required For Va Personnel With Equivalent Information System Access [to Be Defined By The Va Program Official And Provided To The Contracting Officer For Inclusion In The Solicitation Document - E.g., Any Role-based Information Security Training Required In Accordance With Nist Special Publication 800-16, Information Technology Security Training Requirements.]
B. The Contractor Shall Provide To The Contracting Officer And/or The Cor A Copy Of The Training Certificates And Certification Of Signing The Contractor Rules Of Behavior For Each Applicable Employee Within 1 Week Of The Initiation Of The Contract And Annually Thereafter, As Required.
C. Failure To Complete The Mandatory Annual Training And Sign The Rules Of Behavior Annually, Within The Timeframe Required, Is Grounds For Suspension Or Termination Of All Physical Or Electronic Access Privileges And Removal From Work On The Contract Until Such Time As The Training And Documents Are Complete.
(end Of Clause)
b.3 Price/cost Schedule
item Information
item Number
description Of Supplies/services
quantity
unit
unit Price
amount
0001
12.00
mo
__________________
__________________
equipment, Transportation: 1 Sterilizer Cleaning On A Monthly Basis For Washer 1 And Washer 2
contract Period: Base
pop Begin: 02-05-2024
pop End: 02-04-2025
principal Naics Code: 811310 - Commercial And Industrial Machinery And Equipment (except Automotive And Electronic) Repair And Maintenance
product/service Code: Q901 - Healthcare Environmental Cleaning
grand Total
__________________
b.4 Delivery Schedule
item Number
shipping Information
quantity
delivery Date
0001
ship To:
department Of Veteran Affairs
phoenix Va Health Care System
650 E. Indian School Rd
phoenix, Az 85012 1841
usa
12.00
02/05/2024-02/04/2025
mark For:
marnie Neilsen
602-277-5551 X7833
marnie.neilsen@va.gov
fob:
destination
36c26224q0541
page 1 Of
page 35 Of 63
page 1 Of
section C - Contract Clauses
c.1 52.212-4 Contract Terms And Conditions Commercial Products And Commercial Services (nov 2023)
(a) Inspection/acceptance. The Contractor Shall Only Tender For Acceptance Those Items That Conform To The Requirements Of This Contract. The Government Reserves The Right To Inspect Or Test Any Supplies Or Services That Have Been Tendered For Acceptance. The Government May Require Repair Or Replacement Of Nonconforming Supplies Or Reperformance Of Nonconforming Services At No Increase In Contract Price. If Repair/replacement Or Reperformance Will Not Correct The Defects Or Is Not Possible, The Government May Seek An Equitable Price Reduction Or Adequate Consideration For Acceptance Of Nonconforming Supplies Or Services. The Government Must Exercise Its Post-acceptance Rights
(1) Within A Reasonable Time After The Defect Was Discovered Or Should Have Been Discovered; And
(2) Before Any Substantial Change Occurs In The Condition Of The Item, Unless The Change Is Due To The Defect In The Item.
(b) Assignment. The Contractor Or Its Assignee May Assign Its Rights To Receive Payment Due As A Result Of Performance Of This Contract To A Bank, Trust Company, Or Other Financing Institution, Including Any Federal Lending Agency In Accordance With The Assignment Of Claims Act (31 U.s.c. 3727). However, When A Third Party Makes Payment (e.g., Use Of The Governmentwide Commercial Purchase Card), The Contractor May Not Assign Its Rights To Receive Payment Under This Contract.
(c) Changes. Changes In The Terms And Conditions Of This Contract May Be Made Only By Written Agreement Of The Parties.
(d) Disputes. This Contract Is Subject To 41 U.s.c. Chapter 71, Contract Disputes. Failure Of The Parties To This Contract To Reach Agreement On Any Request For Equitable Adjustment, Claim, Appeal Or Action Arising Under Or Relating To This Contract Shall Be A Dispute To Be Resolved In Accordance With The Clause At Federal Acquisition Regulation (far) 52.233-1, Disputes, Which Is Incorporated Herein By Reference. The Contractor Shall Proceed Diligently With Performance Of This Contract, Pending Final Resolution Of Any Dispute Arising Under The Contract.
(e) Definitions. The Clause At Far 52.202-1, Definitions, Is Incorporated Herein By Reference.
(f) Excusable Delays. The Contractor Shall Be Liable For Default Unless Nonperformance Is Caused By An Occurrence Beyond The Reasonable Control Of The Contractor And Without Its Fault Or Negligence Such As, Acts Of God Or The Public Enemy, Acts Of The Government In Either Its Sovereign Or Contractual Capacity, Fires, Floods, Epidemics, Quarantine Restrictions, Strikes, Unusually Severe Weather, And Delays Of Common Carriers. The Contractor Shall Notify The Contracting Officer In Writing As Soon As It Is Reasonably Possible After The Commencement Of Any Excusable Delay, Setting Forth The Full Particulars In Connection Therewith, Shall Remedy Such Occurrence With All Reasonable Dispatch, And Shall Promptly Give Written Notice To The Contracting Officer Of The Cessation Of Such Occurrence.
(g) Invoice.
(1) The Contractor Shall Submit An Original Invoice And Three Copies (or Electronic Invoice, If Authorized) To The Address Designated In The Contract To Receive Invoices. An Invoice Must Include
(i) Name And Address Of The Contractor;
(ii) Invoice Date And Number;
(iii) Contract Number, Line Item Number And, If Applicable, The Order Number;
(iv) Description, Quantity, Unit Of Measure, Unit Price And Extended Price Of The Items Delivered;
(v) Shipping Number And Date Of Shipment, Including The Bill Of Lading Number And Weight Of Shipment If Shipped On Government Bill Of Lading;
(vi) Terms Of Any Discount For Prompt Payment Offered;
(vii) Name And Address Of Official To Whom Payment Is To Be Sent;
(viii) Name, Title, And Phone Number Of Person To Notify In Event Of Defective Invoice; And
(ix) Taxpayer Identification Number (tin). The Contractor Shall Include Its Tin On The Invoice Only If Required Elsewhere In This Contract.
(x) Electronic Funds Transfer (eft) Banking Information.
(a) The Contractor Shall Include Eft Banking Information On The Invoice Only If Required Elsewhere In This Contract.
(b) If Eft Banking Information Is Not Required To Be On The Invoice, In Order For The Invoice To Be A Proper Invoice, The Contractor Shall Have Submitted Correct Eft Banking Information In Accordance With The Applicable Solicitation Provision, Contract Clause (e.g., 52.232-33, Payment By Electronic Funds Transfer System For Award Management, Or 52.232-34, Payment By Electronic Funds Transfer Other Than System For Award Management), Or Applicable Agency Procedures.
(c) Eft Banking Information Is Not Required If The Government Waived The Requirement To Pay By Eft.
(2) Invoices Will Be Handled In Accordance With The Prompt Payment Act (31 U.s.c. 3903) And Office Of Management And Budget (omb) Prompt Payment Regulations At 5 Cfr Part 1315.
(h) Patent Indemnity. The Contractor Shall Indemnify The Government And Its Officers, Employees And Agents Against Liability, Including Costs, For Actual Or Alleged Direct Or Contributory Infringement Of, Or Inducement To Infringe, Any United States Or Foreign Patent, Trademark Or Copyright, Arising Out Of The Performance Of This Contract, Provided The Contractor Is Reasonably Notified Of Such Claims And Proceedings.
(i) Payment.
(1) Items Accepted. Payment Shall Be Made For Items Accepted By The Government That Have Been Delivered To The Delivery Destinations Set Forth In This Contract.
(2) Prompt Payment. The Government Will Make Payment In Accordance With The Prompt Payment Act (31 U.s.c. 3903) And Prompt Payment Regulations At 5 Cfr Part 1315.
(3) Electronic Funds Transfer (eft). If The Government Makes Payment By Eft, See 52.212-5(b) For The Appropriate Eft Clause.
(4) Discount. In Connection With Any Discount Offered For Early Payment, Time Shall Be Computed From The Date Of The Invoice. For The Purpose Of Computing The Discount Earned, Payment Shall Be Considered To Have Been Made On The Date Which Appears On The Payment Check Or The Specified Payment Date If An Electronic Funds Transfer Payment Is Made.
(5) Overpayments. If The Contractor Becomes Aware Of A Duplicate Contract Financing Or Invoice Payment Or That The Government Has Otherwise Overpaid On A Contract Financing Or Invoice Payment, The Contractor Shall
(i) Remit The Overpayment Amount To The Payment Office Cited In The Contract Along With A Description Of The Overpayment Including The
(a) Circumstances Of The Overpayment (e.g., Duplicate Payment, Erroneous Payment, Liquidation Errors, Date(s) Of Overpayment);
(b) Affected Contract Number And Delivery Order Number, If Applicable;
(c) Affected Line Item Or Subline Item, If Applicable; And
(d) Contractor Point Of Contact.
(ii) Provide A Copy Of The Remittance And Supporting Documentation To The Contracting Officer.
(6) Interest.
(i) All Amounts That Become Payable By The Contractor To The Government Under This Contract Shall Bear Simple Interest From The Date Due Until Paid Unless Paid Within 30 Days Of Becoming Due. The Interest Rate Shall Be The Interest Rate Established By The Secretary Of The Treasury As Provided In 41 U.s.c. 7109, Which Is Applicable To The Period In Which The Amount Becomes Due, As Provided In (i)(6)(v) Of This Clause, And Then At The Rate Applicable For Each Six-month Period As Fixed By The Secretary Until The Amount Is Paid.
(ii) The Government May Issue A Demand For Payment To The Contractor Upon Finding A Debt Is Due Under The Contract.
(iii) Final Decisions. The Contracting Officer Will Issue A Final Decision As Required By 33.211 If
(a) The Contracting Officer And The Contractor Are Unable To Reach Agreement On The Existence Or Amount Of A Debt Within 30 Days;
(b) The Contractor Fails To Liquidate A Debt Previously Demanded By The Contracting Officer Within The Timeline Specified In The Demand For Payment Unless The Amounts Were Not Repaid Because The Contractor Has Requested An Installment Payment Agreement; Or
(c) The Contractor Requests A Deferment Of Collection On A Debt Previously Demanded By The Contracting Officer (see 32.607-2).
(iv) If A Demand For Payment Was Previously Issued For The Debt, The Demand For Payment Included In The Final Decision Shall Identify The Same Due Date As The Original Demand For Payment.
(v) Amounts Shall Be Due At The Earliest Of The Following Dates:
(a) The Date Fixed Under This Contract.
(b) The Date Of The First Written Demand For Payment, Including Any Demand For Payment Resulting From A Default Termination.
(vi) The Interest Charge Shall Be Computed For The Actual Number Of Calendar Days Involved Beginning On The Due Date And Ending On
(a) The Date On Which The Designated Office Receives Payment From The Contractor;
(b) The Date Of Issuance Of A Government Check To The Contractor From Which An Amount Otherwise Payable Has Been Withheld As A Credit Against The Contract Debt; Or
(c) The Date On Which An Amount Withheld And Applied To The Contract Debt Would Otherwise Have Become Payable To The Contractor.
(vii) The Interest Charge Made Under This Clause May Be Reduced Under The Procedures Prescribed In Far 32.608-2 In Effect On The Date Of This Contract.
(j) Risk Of Loss. Unless The Contract Specifically Provides Otherwise, Risk Of Loss Or Damage To The Supplies Provided Under This Contract Shall Remain With The Contractor Until, And Shall Pass To The Government Upon:
(1) Delivery Of The Supplies To A Carrier, If Transportation Is F.o.b. Origin; Or
(2) Delivery Of The Supplies To The Government At The Destination Specified In The Contract, If Transportation Is F.o.b. Destination.
(k) Taxes. The Contract Price Includes All Applicable Federal, State, And Local Taxes And Duties.
(l) Termination For The Government's Convenience. The Government Reserves The Right To Terminate This Contract, Or Any Part Hereof, For Its Sole Convenience. In The Event Of Such Termination, The Contractor Shall Immediately Stop All Work Hereunder And Shall Immediately Cause Any And All Of Its Suppliers And Subcontractors To Cease Work. Subject To The Terms Of This Contract, The Contractor Shall Be Paid A Percentage Of The Contract Price Reflecting The Percentage Of The Work Performed Prior To The Notice Of Termination, Plus Reasonable Charges The Contractor Can Demonstrate To The Satisfaction Of The Government Using Its Standard Record Keeping System, Have Resulted From The Termination. The Contractor Shall Not Be Required To Comply With The Cost Accounting Standards Or Contract Cost Principles For This Purpose. This Paragraph Does Not Give The Government Any Right To Audit The Contractor's Records. The Contractor Shall Not Be Paid For Any Work Performed Or Costs Incurred Which Reasonably Could Have Been Avoided.
(m) Termination For Cause. The Government May Terminate This Contract, Or Any Part Hereof, For Cause In The Event Of Any Default By The Contractor, Or If The Contractor Fails To Comply With Any Contract Terms And Conditions, Or Fails To Provide The Government, Upon Request, With Adequate Assurances Of Future Performance. In The Event Of Termination For Cause, The Government Shall Not Be Liable To The Contractor For Any Amount For Supplies Or Services Not Accepted, And The Contractor Shall Be Liable To The Government For Any And All Rights And Remedies Provided By Law. If It Is Determined That The Government Improperly Terminated This Contract For Default, Such Termination Shall Be Deemed A Termination For Convenience.
(n) Title. Unless Specified Elsewhere In This Contract, Title To Items Furnished Under This Contract Shall Pass To The Government Upon Acceptance, Regardless Of When Or Where The Government Takes Physical Possession.
(o) Warranty. The Contractor Warrants And Implies That The Items Delivered Hereunder Are Merchantable And Fit For Use For The Particular Purpose Described In This Contract.
(p) Limitation Of Liability. Except As Otherwise Provided By An Express Warranty, The Contractor Will Not Be Liable To The Government For Consequential Damages Resulting From Any Defect Or Deficiencies In Accepted Items.
(q) Other Compliances. The Contractor Shall Comply With All Applicable Federal, State And Local Laws, Executive Orders, Rules And Regulations Applicable To Its Performance Under This Contract.
(r) Compliance With Laws Unique To Government Contracts. The Contractor Agrees To Comply With 31 U.s.c. 1352 Relating To Limitations On The Use Of Appropriated Funds To Influence Certain Federal Contracts; 18 U.s.c. 431 Relating To Officials Not To Benefit; 40 U.s.c. Chapter 37, Contract Work Hours And Safety Standards; 41 U.s.c. Chapter 87, Kickbacks; 49 U.s.c. 40118, Fly American; And 41 U.s.c. Chapter 21 Relating To Procurement Integrity.
(s) Order Of Precedence. Any Inconsistencies In This Solicitation Or Contract Shall Be Resolved By Giving Precedence In The Following Order:
(1) The Schedule Of Supplies/services.
(2) The Assignments, Disputes, Payments, Invoice, Other Compliances, Compliance With Laws Unique To Government Contracts, And Unauthorized Obligations Paragraphs Of This Clause;
(3) The Clause At 52.212-5.
(4) Addenda To This Solicitation Or Contract, Including Any License Agreements For Computer Software.
(5) Solicitation Provisions If This Is A Solicitation.
(6) Other Paragraphs Of This Clause.
(7) The Standard Form 1449.
(8) Other Documents, Exhibits, And Attachments
(9) The Specification.
(t) [reserved]
(u) Unauthorized Obligations.
(1) Except As Stated In Paragraph (u)(2) Of This Clause, When Any Supply Or Service Acquired Under This Contract Is Subject To Any End User License Agreement (eula), Terms Of Service (tos), Or Similar Legal Instrument Or Agreement, That Includes Any Clause Requiring The Government To Indemnify The Contractor Or Any Person Or Entity For Damages, Costs, Fees, Or Any Other Loss Or Liability That Would Create An Anti-deficiency Act Violation (31 U.s.c. 1341), The Following Shall Govern:
(i) Any Such Clause Is Unenforceable Against The Government.
(ii) Neither The Government Nor Any Government Authorized End User Shall Be Deemed To Have Agreed To Such Clause By Virtue Of It Appearing In The Eula, Tos, Or Similar Legal Instrument Or Agreement. If The Eula, Tos, Or Similar Legal Instrument Or Agreement Is Invoked Through An I Agree Click Box Or Other Comparable Mechanism (e.g., Click-wrap Or Browse-wrap Agreements), Execution Does Not Bind The Government Or Any Government Authorized End User To Such Clause.
(iii) Any Such Clause Is Deemed To Be Stricken From The Eula, Tos, Or Similar Legal Instrument Or Agreement.
(2) Paragraph (u)(1) Of This Clause Does Not Apply To Indemnification By The Government That Is Expressly Authorized By Statute And Specifically Authorized Under Applicable Agency Regulations And Procedures.
(v) Incorporation By Reference. The Contractor S Representations And Certifications, Including Those Completed Electronically Via The System For Award Management (sam), Are Incorporated By Reference Into The Contract.
(end Of Clause)
section D - Contract Documents, Exhibits, Or Attachments
general Objectives And Requirement
purpose: The Phoenix Va Health Care System (agency) Requires A Service Contract To Have The Sterile Processing Service For Washer #1 And #2 And Sterilizers Cleaned Monthly Due To Build Up That Causes Particles In Sterile Trays That Are Needed For Surgeries And Direct Patient Care.
background
for Several Months Sterile Processing Service Department Found Foreign Objects In Surgical And Operating Handpieces And Instrument Trays. In Order To Maintain A Sterile Environment, The Washer-sterilizers Need To Be Professorially Cleaned.
scope
monthly Cleaning Of Washer-sterilizer #1 And #2 Located In Building 1, Room 1426.
the Contractor Shall Provide All Parts, Travel, And Labor.
the Contractor Shall Coordinate All Services With The Contracting Officer S Representative.
the Contractor Shall Provide One-week Notice Prior To Coming On Site To Perform Services.
the Contractor Shall Check-in And Check-out With The Sterile Processing Service Located In Building 1, Room 1403.
the Contractor Shall Verify All Equipment Was Serviced Is Functional Before Leaving The Medical Facility.
the Contractor Shall Deliver A Hard Copy Or Electronic Copy Of A Field Service Report That Delineates The Service Performed And Results To Cor.
the Contract Shall Provide For The Addition And/or Removal Of Equipment And/or Services.
deliverables
filed Service Reports (fsr) Shall Be Provided For All Service Activities And Shall Contain The Following Information:
date(s) And Time Period Of Service.
complete Description Of Equipment Serviced Including Model Number And Serial Number.
complete Description Of Equipment Services Performed.
the Contractor Shall Submit A Copy Of The Fsr To The Cor
risk Control
n/a
performance Monitoring
The Agency Shall Oversee Work Done By The Vendor And Accept The Quality Of Work As Appropriate.
other Pertinent Information Or Special Considerations
inspection And Acceptance Criteria: The Agency Shall Sign Off On The Work Completed If Service Is Determined To Be Satisfactory.
the Agency Shall Provide Utilities Necessary For Contractor Equipment Used Under This Contract.
the Agency Shall Provide Physical Access To The Equipment.
the Agency And Contractor Will Coordinate Date And Time When Contract Is Awarded.
place Of Performance
phoenix Va Health Care System.
650 E. Indian School Road
phoenix, Az 85012
period Of Performance
02/05/2024 02/04/2025
security
in Reference To Vha Handbook 6500.6 Appendix A, Block 6, The Service Included In This Contract Does Not Involve Connection Of It Devices To A Va Network. Therefore, C&a, Sap, & The Following From Appendix C Do Not Apply.
in Reference To Vha Handbook 6500.6 Appendix A, Block 7, Service Does Not Involve Storing, Generating, Transmitting, Or Exchanging Va Sensitive Information.
the Contractor, Their Personnel, And Their Subcontractors Shall Be Subject To The Federal Laws, Regulations, Standards, And Va Directives And Handbooks Regarding Information Protection, Patient Privacy, And Information System Security As Delineated In This Contract.
during Contract Performance, Contractor Will Not Require Physical Access To Va Facility, Equipment, Information Systems, Or Sensitive Data; To Provide Services, Install, Train, Maintain Or Repair Equipment.
all Contracted Personnel Requiring Access To Va Facilities More Than Two Consecutive Days, Must Complete Vha Privacy Training, Course Va10203. All Service Agents Having Access To Protected Health Information (phi) In The Performance Of Their Official Duties Or Have Access To Va Systems (e.g. Cprs Or Vista Web) Must Provide Proof Of Training Upon Request. Va Privacy Training Is Available From The Tms Website At: Https://www.tms.va.gov.
all Hard Drives Or Other Data Storage Devices Will Be Removed, And If Done On-site Will Be Purged Of Data, Prior To Contractor Access.
upon Arrival At The Facility, All Contractor Personnel Shall Check-in With A Valid Driver License Or Company Id To The Sterile Processing Service Located In Building 1, Room 1403 During Normal Business Hours Monday Friday Local Time, Excluding Holidays, (holidays Work Schedules And Pay (opm.gov). Prior To Conducting Services, The Contractor Shall Be Issued A Visitor S Badge Which Shall Be Worn Above The Waist During The Contractor S Visit.
the Contractor Shall Return To The Same Location To Sign Out And Turn-in Issued Visitors Badge Along With The Documented Service Report For The Service Performed.
photography Is Prohibited At The Phoenix Va Health Care System.
36c26224q0541
page 1 Of
page 63 Of 63
page 1 Of
Closing Date3 Feb 2024
Tender AmountRefer Documents
6231-6240 of 6251 archived Tenders