Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 13, 2011 FBO #3549
DOCUMENT

D -- Off Premise Software as a Service (Saas) Cloud Based Collaborative Tool - Attachment

Notice Date
8/11/2011
 
Notice Type
Attachment
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Veterans Affairs;Office of Acquisition and Logistics;Technology Acquisition Center;260 Industrial Way West;Eatontown NJ 07724
 
ZIP Code
07724
 
Solicitation Number
VA11811RI0618
 
Response Due
9/9/2011
 
Archive Date
11/8/2011
 
Point of Contact
Matthew Truex
 
E-Mail Address
0-9650<br
 
Small Business Set-Aside
N/A
 
Description
Request For Information (RFI) DEPARTMENT OF VETERAN AFFAIRS Office of Information Technology (OIT) Enterprise Systems Engineering (ESE) Off Premises SaaS Cloud Based Collaborative Tool Date: 8/10/2011 TAC-11-03057 RFI Version Number: 1.04 ? 1Purpose of this RFI3 2Background3 3Project Description4 4Service Level Agreements (SLA)5 5Answers VA Is Looking For:5 6How to Respond11 Appendix A - Acronym List12 Appendix B - SaaS Data Flow and Security Architecture DRAFT13 ? 1Purpose of this RFI This Request for Information (RFI) is to solicit preliminary information from vendors who wish to work in partnership with the Department of Veterans Affairs (VA) to add VA users to the vendors established/existing Cloud SaaS Collaborative Tool solution for the VA, which will integrate with existing VA systems (Exchange Calendaring, SharePoint, Active Directory, etc), and holds, at a minimum, Federal Information Security Management Act (FISMA) Moderate Certification. Specifically to meet a critical need: The impetus to look at this type of product is to determine if a deployment of a Cloud SaaS based set of Collaborative Tools will fill the need for such collaborative tools as has been documented by VHA's Health Alliance. The Health Alliance Report concluded that VA's doctors need a new effective and intuitive collaborative tool, to improve communications, while also reducing data breaches. By implementing a pilot of Cloud SaaS based Collaborative Tools the VA would be able demonstrate how collaborative tools will improve veteran care, reduce the amount of time the VA's doctor's spend on collaboration, and prevent further data breaches which have been caused, in part, due to the lack of a VA approved collaborative tool. Our plan is to pilot the Cloud SaaS based solution to VA staff physicians and residents. Up to 5,000 will participate in the pilot and if successful, and approved, the Cloud solution has the potential to be expanded to a total of 134,000 VA medical personal (17,000 staff physicians, 36,000 residents, and 81,000 others). 2Background The mission of VA is to provide benefits and services to Veterans of the United States. In meeting these goals, Office of Information and Technology (OIT) strives to provide high quality, effective, and efficient Information Technology (IT) services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of VA in an effective, timely and compassionate manner. VA depends on Information Management/Information Technology (IM/IT) systems to meet mission goals. In order support VA's medical staff with an intuitive Cloud SaaS Collaborative Tools solution, VA is considering the integration of a commercially available SaaS set of tools which can be deployed in a seamless fashion which results in superior care to the veteran through improved physician collaboration and cost efficiencies. Based on recent Office of Management and Budget (OMB) guidance, VA is evaluating Cloud based tools, as opposed to developing and hosting its' own applications for collaboration for use across VA enterprise and possibly outside VA's enterprise. 3Project Description VA would like to receive industry recommendation for, or against the possibility of providing Federal Cloud SaaS collaborative tools solution to VA. These tools should include the sharing of documents and calendars once authenticated to the VA network with the vendor's Cloud SaaS environment. VA intends to consider the options from different vendors in order to provide collaborative tools to our staff physicians and residents initially, and others in the future if the Cloud SaaS solution is determined to be successful by VA Senior Executives. The collaborative sharing solution shall allow VA personnel at VA facilities and off-site to collaborate seamlessly via the onsite LAN, and offsite VA VPN or VA's Citrix Access Gateway (CAG). The Cloud SaaS environment must be able to synchronize with existing VA Outlook calendars. Please provide details on what functionally compared to an Outlook user connected to an Exchange 2007 server you can or cannot perform with your proposed solution. This potential project entails the design, implementation, testing, and training of the proposed Cloud SaaS Collaboration Tools which will address the following use case scenarios: Use Case 1: Sharing of sensitive (PII/PHI) and non-sensitive patient information from one VA physician to another (to include, but not limited to, documents and calendar sharing). Please note there are two sets of users for sensitive (PII/PHI) and non-sensitive patient information: (1) Users would be at a VA facility using the VA network and possibly the Citrix Access Gateway (CAG), and (2) Users would be off-site, but would go through the VA's CAG, once logged into the CAG all data is seen as coming and going from the VA's network. oThis is the initial trial being launched due to the urgent need. Use Case 2: Sharing of non-sensitive health related information on education, published and un-published, non-patient specific research, policy and similar document developmental collaboration. Please note there are three sets of users for sharing of non sensitive information: (1) Users would be at a VA facility using the VA network and possibly the CAG, and (2) Users would be off-site, but would go through the VA's CAG, once logged into the CAG all data is seen as coming and going from the VA's network; (3) The third possible set of users would be outside VA and would have access from their organizations version of the Cloud based collaborative tool. They would be able to collaborate on non-sensitive information. oThis is the next most critical need in order to support the five centers of excellence that VHA has for health education. Use Case 3: Use of Cloud SaaS tools as a substitute for the VA's standard Outlook Exchange Email and for interconnection with the VA's existing emails systems for sharing of sensitive and non-sensitive general VA Collaboration. Please note there are two sets of users for sharing of sensitive and non-sensitive general VA Collaboration: (1) Users would be at a VA facility using the VA network and possibly the CAG, and (2) Users would be off-site, but would go through the VA's CAG, once logged into the CAG, all data is seen as coming and going from the VA's network. Use Case 4: Sharing of sensitive patient information between VA and DoD Please provide a description of how your solution could meet these use cases. 4Service Level Agreements (SLA) In Cloud SaaS based collaborative tools solution the vendor will have the administrative rights to all of the Cloud based systems necessary to provide VA with the Cloud SaaS. VA will maintain internal help desk staff to provide end user support, training, creating and deleting accounts via Active Directory, and administering some portion of authentication, depending on the solution model offered. Activities that require administrative access include, but are not limited to, OS/Application patching, backup restores, disaster recovery, and network outage recovery will be handled by the Contractor's administrative staff. Interconnections between the Contractor's network to VA's network will be jointly worked with each entity troubleshooting up to their respective demark. Please provide sample SLA documents with your RFI submission. 5Answers VA Is Looking For: 1.Does industry recommend Cloud Software as a Service (SaaS) based applications (as defined in DRAFT NIST SP 800-145) for use in VA to replace or augment its existing collaboration and office application suite (SharePoint 2007, SharePoint 2010, JIVE, Wiki's, Web sites, File shares, etc.)? Please provide supporting rationale including advantages and disadvantages? 2.Please provide cost estimates for services initiation, customization and establishment of an authentication model which allows VA to control the authentication process, and will also integrate with existing on-premises and potential web-based applications (e.g., Microsoft email, calendar, and documents). 3.What is your recommended connection strategy and options for an agency the size of VA. (Please note VA has 4 existing demarks for Internet communications) 4.Are there yearly recurring costs for administrative support, over and above the cost of licenses? If so, please provide estimates. 5.In a SaaS environment, does industry recommend the primary interface and data interconnection between our agency and a SaaS provider to be across the Internet, via a point-to-point link, or intra data center interconnection? Please provide supporting rationale? 6.Can VA reasonably expect vendors to provide existing SaaS Collaborative Tools certified at the FISMA High level today? If not, what FISMA level is currently available and when could VA expect a SaaS environment certified at the FISMA High level? 7.If a SaaS offering is made which is not FISMA High, would additional mitigating controls be implemented to provide the necessary additional controls and security that are required to upgrade to a FISMA High certification? 8.Can the vendor describe and document that all controls are monitored for deviation from standards and audited for compliance with relevant standards? 9.At what frequency can VA expect to see reports and audits of monitoring and logging of the Cloud Service Providers (CSP) systems and service? 10.What type of SLA can the VA expect industry to provide in a cloud SaaS environment? 11.What is the order of magnitude difference in cost for an SLA of 99.99 vs. 99.999%? 12.Will vendor provide VA access to their Risk Assessment and System Security Plan used for their FISMA Certification? 13.How will the vendor provide authentication for a restricted, public accessible environment? 14.Can the vendor ensure VA data storage be restricted to locations within the continental US? 15.Can the vendor provide a Cloud SaaS collaboration tool which will only be accessible after a user authenticates through VA's Active Directory (AD) Single Sign-On (SSO) solution? Please see Appendix B for more information 16.Can the vendor meet all existing VA polices in the hosted cloud, including obtaining a high Federal Information Processing Standards (FIPS) 199 categorization for Security during the system Certification and Accreditation (C&A) process, before obtaining an Authority To Operate (ATO). 17.Can the vendor provide training for VA administrators, support personnel, and users? 18.Can the vendor provide an order of magnitude of cost for web based training for the following groups: "Web based end-user training - (Pilot: 2,000 to 5,000; possibly later 134,000+) "Administrator training - (2 per medical center, and 10 others (FSS, SD&E, OIS others) 358 in total "Help Desk Training - (20 people) "Train the trainer - (2 per VISN) 42 total 19.What type of continuing support can the vendor provide, after an award is made and at what cost? 20.How will the Contractor provide VA with incident response and forensic investigation data for incidents, data breaches, and service interruptions when requested by VA? 21.Can the vendor provide an integrated/joint incident response plan for specific VA designated data breaches? 22.Can the Contractor ensure proper destruction of all failed drives? Proper destruction includes, but is not limited to: returning the drive to VA, Contractor destruction supervised by VA personnel, or if authorized by VA, failed drives may be destroyed by the Contractor and the Contractor will provide certification of their destruction. 23.Can the Contractor provide 24x7x365 support for all Cloud SaaS services implemented in the solution? 24.Can the Contractor provide a Cloud SaaS Solution in two, VA designated, commercial data centers to interconnect to VA's infrastructure with two or more 1 Gbps point-to-point connections, at each site, between VA's network and the vendor's network for the purposes of interconnecting? 25.Will the Cloud SaaS solution work seamlessly via a CAG? 26.Can the vendor provide for Internet Protocol (IP) address filtering so only a connection coming from specific VA IP addresses will be allowed access to the vendor's Cloud based SaaS service? 27.Can the vendor provide a means which allows VA Cloud based SaaS administrators to control calendar sharing, and have the ability to control the level of detail, and turn on and off calendar text alerts to cell phones? 28.Can the vendor provide a means which allows VA Cloud based SaaS administrators to designate which documents can be shared and provide a control mechanism which will allow administrators to control sharing within and outside of the VA's AD Domain? 29. At the end of a contract to provide cloud services how would VA receive its information back if it chooses to cancel offering a cloud solution, switch to a different provider, or move to an internal solution? 30.Is there a mechanism to migrate existing SharePoint Site collections, SharePoint Sites, or general web sites to the cloud provider? 31.If VA procured an internal e-discovery, archiving, or records management solution how would we interface with and control the data in the cloud solution? Do you have examples of companies doing this today with your solution? 32.How would an internal VA Search system crawl the content in the cloud system to make it searchable along with internal VA content? 33.If there was top secret information accidentally stored in the cloud system how would the eradication of that information and physical drive destruction be handled? 34.Please provide information regarding your ability to be 508 compliant. 35.Please provide information on the different options to provide access control to VA information with and without the use of 3rd party software such as Citrix type VPN solution on a mobile or non Government Furnished Equipment (GFE) device. 36.Does the cloud solution include the native ability to control file downloads or prevent the copying of data to non GFE devices? 37.Does the cloud solution include a workflow capability? 38.Does the cloud solution include an alerting capability? For example can the solution send an email to a user when a list or document changes? 39.Does the cloud solution include the ability to receive external email and store them along with their attachments in a site 40.As users are hired and leave VA how are user license accounted for? For example is there a total # of users that VA pays for and any users up to that # can use the system, or is each individually named user counted as using a license and if so, will VA continue to pay for the user license as long as it retains that users data even though they are no longer employed by VA? 41.What are the storage limits and are they controlled by the user, site owner or at a higher level? 42.How are those storage limits measured? Is the storage use measured as a combined total for VA or is it on an individual user basis? What happens if the limits are exceeded? Is there an additional cost, if so, what is it? Can VA limit the storage at some level so it can't be exceeded by an individual user and thus incur an additional cost? Basically what options does VA have to control storage cost? 43.If a user deletes a file or an entire site, or some higher level can that be restored and is there a charge for that restoration? Is there a SLA for that restoration? 44.Do you provide presence information for users that are online? Can that be connected to VA's internal Office Communication server presence information? 45.Please provide a breakdown of each cost of your service. 46.Please provide a redacted sample/actual contract, costs, and monthly/yearly bill for another government agency that has contracted with your service 47.What are the impacts if email, instance messaging, and (Web Meeting/Live Meeting/desktop sharing functionally) were not enabled or migrated to your service? 48.Would there need to be any special services (hardware, software, cost) involved concerning the use of Blackberry mobile devices managed by the VA's Blackberry enterprise server and your system? 49.Would there need to be any special services (hardware, software, cost) involved concerning the use of any other mobile device and your system? 6How to Respond THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. This RFI is issued solely for information and planning purposes - it does not constitute a solicitation nor does it restrict the Government as to the ultimate acquisition approach. In accordance with FAR 15.201(e), responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Any contract that might be awarded based on information received or derived from this market research will be the outcome of a competitive process. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI. All costs associated with responding to this RFI will be solely at the interested vendor's expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. The formal closing date for this RFI and for the submission of responses is September 9, 2011. All responses should be submitted electronically using PDF, HTML, MS Word or PowerPoint formats to the following Email address with subject "RFI VA118-11-RI-0618": matthew.truex@va.gov *Total e-mail file limit size is restricted to 5MB. Files exceeding this threshold shall be submitted over multiple messages, and be identified as "Message #x of #x". The official VA contacts for this RFI to whom all requests and communications should be addressed are: Contracting Officer (CO): Anne Marie Vasconcelos, anne.vasconcelos@va.gov (732) 440-9658 Contract Specialist (CS): Matthew Truex, matthew.truex@va.gov (732) 440-9650 ? Appendix A - Acronym List See Attached: NIST IR 7298, rev. 1, Glossary of Key Information Security Terms, February 2011. ? Appendix B - SaaS Data Flow and Security Architecture DRAFT
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/51cc7530f693db28d322a6881ddec135)
 
Document(s)
Attachment
 
File Name: VA118-11-RI-0618 VA118-11-RI-0618.doc (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=230991&FileName=VA118-11-RI-0618-000.doc)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=230991&FileName=VA118-11-RI-0618-000.doc

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN02531325-W 20110813/110812000206-51cc7530f693db28d322a6881ddec135 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.