Loren Data's SAM Daily™

FBO DAILY ISSUE OF SEPTEMBER 08, 2012 FBO #3941
SOLICITATION NOTICE

70 -- GRC/RM Software Tool

Notice Date

9/6/2012
 

Notice Type

Combined Synopsis/Solicitation
 

NAICS

541519 — Other Computer Related Services
 

Contracting Office

Defense Logistics Agency, DLA Acquisition Locations, DLA Contracting Services Office - Philadelphia, 700 Robbins Avenue, Philadelphia, Pennsylvania, 19111-5096, United States
 

ZIP Code

19111-5096
 

Solicitation Number

SP4701-12-R-0029
 

Archive Date

10/6/2012
 

Point of Contact

Terry Schoen, Phone: 2157376117
 

E-Mail Address

Terry.Schoen@DLA.MIL
(Terry.Schoen@DLA.MIL)
 

Small Business Set-Aside

Total Small Business
 

Description

COMBINED SYNOPSIS/SOLICITATION REQUEST FOR PROPOSAL SP4701-12-R-0029 •(1) Action Code: N/A •(2) Date: 6 September 2012 •(3) Year: 2012 •(4) Contracting Office Zip Code: 19111 •(5) Classification Code: 541519 •(6) Contracting Office Address: DLA Contracting Services Office Philadelphia 700 Robbins Avenue Philadelphia, PA 19111 •(7) Subject: GRC/RM Software Tool •(8) Proposed Solicitation Number: SP4701-12-R-0029 •(9) Closing Response Date: 21 September 2012 at 3:00 PM Eastern Time. •(10) Contact Point: Terry Schoen: Terry.Schoen@DLA.MIL 215-737-6117 •(11) Contract Award: TBD •(12) Contract Award Dollar Amount: TBD •(13) Contract Line Item Number: See section (16) below •(14) Contract Award Date: TBD •(15) Contractor TBD •(16) Description: •(i) This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. •(ii) Solicitation Number: SP4701-12-R-0029 •(iii) This solicitation is issued as a Request for Proposal •(iv) This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-58. •(v) The North American Industrial Classification System (NAICS) code for this acquisition is 541519 - Other Computer Related Services. •(vi) Contract Line Item Number (CLIN) breakdown Item DESCRIPTION QTY DLA PRICE DLA Extended Price 1 GRC/RM (inclusive) Software Configuration Support Services (Enable CAC Cards, Enable DLA Naming Conventions, System Installation on DLA Servers) Program Management (Report Related, Demonstrations to DLA Leadership) See Pages 12-15 1 Item DESCRIPTION QTY DLA PRICE DLA Extended Price 2 Licenses 300-500 Users See Page 15 1 Item DESCRIPTION QTY DLA PRICE DLA Extended Price 3 Training & Other Initiatives Optional item I.A.W. See Page 16 1 PERFORMANCE WORK STATEMENT DLA Governance, Risk, and Compliance / Risk Management (GRC/RM) Solution 1. BACKGROUND In 2007, the Office of Management and Budget (OMB) began an Internal Controls testing effort on the Defense Logistics Agency (DLA) Enterprise Business System (EBS) financial processes. The test involved examination of the documentation associated with the EBS internal controls (test of design), and testing of the internal controls. Testing was stopped due to incomplete and inadequate EBS controls documentation. The recent increase of auditability and regulatory compliance pressures and budget constraints within the Department of Defense has made it necessary for the DLA to obtain a solution for risk management, regulatory compliance, understanding of policy and procedure linkages enabling a full view of DLA's risk and compliance posture. The DLA requires capability on three levels: Strategic, Operational, and Tactical. The Strategic dimension enables risk and enterprise governance through Dashboards and Reports for Senior Leadership and forums. Operational capabilities provide continuous control monitoring capabilities within business processes and units. The Tactical provides enterprise or sub-organization and business unit capabilities to define governance structure, risks, and compliance needs. This includes creation and definition of risk and compliance frameworks and automated control assessments and analysis enabling statements of assurance. As a result, DLA is in search of an application that can interface with existing DLA tools and information libraries to capture, track, and report on various monitoring initiatives, control frameworks and training programs providing DLA with the ability to link risk and controls to internal and external regulations; correlate laws and regulations relevant to DLA with internal policies, procedures, and compliance activities; and enable risk management and minimize operational complexity. 2. SCOPE OF WORK DLA GRC/RM is intended to be an enterprise software tool used by all management practitioners at DLA installations for records management of governance, risk, compliance, and active risk management. The tool shall have audit capability to track all data changes. The lack of a standard records management system limits enterprise-wide management visibility of operational capabilities. DLA Strategic Plans and Policy (J5) is responsible for overseeing DLA risk management activities. Each site has several personnel responsible for risk management, governance, policy, and compliance documentation. J5 estimates GRC/RM will have 350-500 users on the system. Each DLA site will have users with two or possibly three sets of permissions, each DLA site will only be able to see their own data, and J5 will have administrators with full permissions across the enterprise and will be able to see data individually or aggregated. Accounts with read-only capability will be required. No non-DLA users are anticipated. 3. REQUIREMENTS AND TASKS The vendor shall be directly responsible for ensuring the accuracy, timeliness and completion of all requirements and tasks under this PWS. The vendor shall provide direct support to designated DLA technical and functional representatives. Vendor shall provide options for implementing the identified capabilities: •1. Risk Identification, Assessment, and Analysis •2. Control Design and Analysis •3. Regulatory, Policy, and Compliance Management •4. Business Process and Workflow Management •5. Internal and Management Review Oversight and Execution •6. Findings/Recommendation Management and Resolution 3.1 REQUIREMENTS DLA seeks a GRC/RM solution providing Agency-wide integration of policies, processes, controls, systems, and data which would provide a more effective and efficient way to manage risk and compliance. There are three main GRC/RM requirement categories: Strategic, Tactical, and Operational. The Strategic category contains the executive monitoring capabilities. This includes the creation of dashboards and reports. The Tactical category contains the policy management, and repository of policies, risk, and controls capabilities. The requirements necessary to meet dynamic stewardship process repository requirements primarily fall under the tactical category. The Operational category contains the capability to continuously monitor controls within business processes. The complete list of requirements is shown in the table below, but at a minimum the process library must be searchable by Business Cycle Team (BCT) business process, process/policy names, and responsible organization; and be accessible by all DLA organizations. The GRC/RM solution shall be in accordance with the DLA BCT frameworks and preserve and maintain linkages with the existing DLA tools: ARIS, EBS Workbench, e Workplace, etc. The GRC/RM solution shall provide a suite of products that work on an integrated platform enabling every application to freely exchange data and provide integrated services. It will support DLA compliance management with multiple regulations, policies, and quality standards. It will enable deployment of consistent GRC and quality management processes across the DLA Enterprise and enable the DLA Enterprise to gain a clear vision of and into these processes. The GRC/RM solution will have the ability to deliver regulation-specific functionality based on industry best practices. It shall provide a framework and approach that meets industry regulatory guidelines (i.e. OMB A-123); and has the ability to provide solutions with incorporated best practice templates, and integration of business processes. The GRC/RM solution shall have integrated functionality with process modeling systems to include upload of Visio process models, as well as create work-flows within the tool and tie work-flows to controls, risks, and policies. The GRC/RM solution shall support the complex organization of the DLA containing with multi-site operations. It shall have capabilities for work-flow management, document management, email based delivery of alerts and notification, and real-time reporting and analytics. The GRC/RM solution shall provide role-based security. Each DLA site will have users with two or possibly three sets of permissions, each DLA site will only be able to see their own data, and J5 will have administrators with full permissions across the enterprise and will be able to see data individually or aggregated. Accounts with read-only capability will be required. No non-DLA users are anticipated. The GRC/RM solution shall be licensed through modular functionality enabling staggered product release and incorporation throughout the DLA Enterprise. J5 estimates GRC/RM will have 350-500 users on the system. The GRC/RM solution shall contain training options to address all users, training options shall include onsite/offsite user training, onsite/offsite administrator training, and train the trainer. The GRC/RM solution shall be a single platform with a common data model providing capabilities for integration of various GRC areas. It shall provide the DLA access to a wide suite of products that will allow compliance management with multiple regulations, policies, and quality standards. It shall have the capability to search risk and controls within the application. It will have access regulation specific functionality based on industry best practices. It will have the ability to create solutions with embedded best practices templates and integrate business processes. It will be capable to have work-flow management, document management, email based delivery of alerts and notification, and real-time reporting and analytics. The GRC/RM solution shall enable DLA to capture, track, and report on various monitoring initiatives, control frameworks and training programs. The GRC/RM solution will provide DLA with the ability to link risk and controls to internal and external regulations; as well as correlate laws and regulations relevant to DLA with internal policies, procedures, and compliance activities for such areas as Quality Management, Regulatory Compliance, Risk Management, Corporate Governance, and Sustainable Environment. The GRC/RM solution shall be compatible with SAP, as well as with other systems within DLA. The following table summarizes the top GRC/RM technical requirements. System Requirements Operational Level Description Tactical The tool shall have the capability to support the development, maintenance and communication of policies and procedures across the organization. Tactical The tool shall have ability for mapping monitoring rules and other source requirements to policies, and the mapping of policies to risk and control objectives. Tactical The tool shall allow for policies, procedures and standards to be developed and managed. Tactical The tool shall have the capability for Laws, Regulations & Policies (LRP) traceability. Tactical The tool shall have the capability to support Service Level Management (SLM) business processes. Tactical The tool shall have the capability to map all data to the IT Framework. Tactical The tool shall have the capability to map business process at the transactional level. Tactical The tool shall have the ability to link to ARIS, which can map business process at the transactional level. Tactical The tool shall have the ability to link to ProSight to pull the current systems list; the systems list shall be available via a drop-down box. Tactical The tool shall provide alignment with the Department of Defense Architecture Framework (DoDAF) requirements. Tactical The tool shall have the ability to pull in all non-compliant controls from the eMass scorecard. Tactical The tool shall have the ability to assign a unique ID to any information that gets pulled into the tool. Tactical The tool shall be Section 508 compliant. Tactical The tool platform shall have the ability to support the assessment process for risk, control and compliance, to allow the organization to manage the assessment of controls for compliance as well as management monitoring purposes. Tactical The tool shall have the functionality to easily adapt the documentation of processes, accounts and locations to company structure changes. Tactical The tool shall contain a module for documenting process flows and narratives to support process walk-throughs. Tactical The tool shall document, quantify and rank risks by significance. Tactical The tool shall enable relationships between processes, accounts, controls, risks and business entities to be captured and viewed. Tactical The tool shall support the COSO model framework and other multiple frameworks/models (e.g. COSO, CobIT, etc.). Tactical The tool shall include the expanded COSO library (with objectives, risks and controls) based on IIA, AICPA & COSO definitions and information. It is possible to point per control a relation to the applicable element of COSO/CobIT. Tactical The tool shall have an automated control documentation process with flexibility to include existing reference documents. Tactical The tool shall perform automated control assessments with configurable criteria. Tactical The tool shall support complex audit testing workflows. Tactical The tool shall have automated assertions, sub assertions by process or account. Tactical The tool shall support separate internal control frameworks per unit (using central framework as reference). Tactical The tool shall contain ERM functionality or integration with ERM tools. Tactical The tool shall allow for test results to be automatically compared with thresholds. Tactical The tool shall allow for the ability to record the risks which threaten the process objectives. Tactical The tool shall have the ability for the monitor to indicate whether a control is effective or ineffective/weakness. Tactical The tool shall allow the monitor to indicate the impact on risk in the case of an ineffective control (high, medium, low). Tactical The tool monitor can indicate whether a control is mitigated. Tactical The tool allows for creation of a control matrix showing sub-processes, objectives, risks, controls, effectiveness, mitigation, test steps and owners. Tactical The tool allows for creation of an overview with testing status for reviewer and tool monitor: per Business Group, process, risk, control. Tactical The tool allows for automatic escalation (if tests are not performed or controls are ineffective). Tactical The tool shall have the ability to support both internal and external compliance personnel with the documentation, workflow, reporting and visualization of control objectives, controls, associated risks and self-assessments. Tactical The tool has flexible field values for executor, reviewer, monitor, review instructions, evidence definitions per control (the field value can be changed by individual units). Tactical The tool can attach a review / monitor instruction per control. Tactical The tool allows the ability to test one control for multiple control frameworks. Tactical The tool allows for test scripts to be documented in the application. Tactical The tool can manage all steps of the compliance process and project. Tactical The tool enables archiving and versioning of compliance content. Tactical The tool can produce an audit trail for logging changes made to controls and test documentation. Tactical The tool is run on an integrated compliance software platform. Tactical The tool offers personalized views: my monitor/my review (status, to do, in progress, overdue). Tactical The tool offers the ability to record test results by different field entry types (free format, formatted). Tactical The tool will have the following fields available for test results: test date, status, and risk. Tactical The tool will have the following specific fields available when the control is ineffective: deficiency, implication, corrective action, target date, responsible manager. Tactical The tool allows for evidence to be easily uploaded in the tool, saved per assessment. Tactical The tool supports explicit sign-off per monitor (date, person). Tactical The tool can produce an audit trail for compliance information (adjustment in application, person, and time). Tactical The tool shall have the capability to assign responsibility or accountability for a deficiency, test failure, or incident to a team for identifying corrective action, tracking the status, reporting the steps taken, and final corrective action. Tactical The tool offers issue management and remediation. Tactical The tool allows for the control deficiency and consequence for each ineffective control to be recorded (free format text). Tactical The tool allows for remediation planning and tracking. Tactical The tool can produce reports regarding ineffective controls: prioritized sequence on impact, number of ineffective controls per impact category. Tactical The tool has the capability to certify that personnel have read the policies and have received training to appropriately understand and acknowledge their accountability and responsibility with respect to policies and controls. Tactical The tool is able to generate automated 302 certifications, sub certifications and representation letters. Tactical The tool shall have the capability to certify that controls within DLA are compliant with standards such as OMB A-123 and the Laws, Regulations & Policies (LRP) matrix. Tactical The tool shall be compliant with NIST 800-53, FISCAM, FFMIA, FISMA, DIACAP, and BEA. Strategic The tool shall have the ability to assess and measure the impact and likelihood of risks, and provide capabilities to correlate, analyze and visualize them, by the use of model what-if scenarios. Strategic The tool shall support a Top Down Risk Assessment Approach. Strategic The tool shall support several hierarchies (company levels, objectives, (sub) processes, controls, and activities). Strategic The tool shall enable quick, efficient, and secure communication between compliance stakeholders. Strategic The tool shall offer an option to assess the control efficiency (in relation to continuous improvement). Strategic The tool shall have the built-in reporting capability that provides compliance and risk data in reporting formats that are acceptable to auditors, examiners, assessors, and the board. Strategic The tool shall support the following levels of reporting (e.g., Corporate, Business Group, Business Unit, Reporting Unit). Strategic The tool shall show an overall status of financial controls for the CFO. Strategic The tool shall show an overall status of technical controls for the CIO. Strategic The tool shall offer a reporting interface / transport to Word, Excel or other applications. Strategic The tool shall offer personalized reports (manually selected controls, risk area, all controls of one monitor). Strategic The tool shall offer different viewpoints on different periods (actual status + month end). Strategic The tool shall allow/enable easy comparisons between reporting of the same controls in different reporting areas. Strategic The tool shall offer standard reports for internal and external auditors. Strategic The tool shall have the capability to visually publish formal, web-based reports (dashboards) with intuitive displays of information, including dials, gauges and traffic lights, which would indicate the state of risk and compliance metrics, compared with a target value. Strategic The tool shall allow the status of the control environment and activities to be viewed via business reports and flexible management dashboards. Operational The tool can perform automated risk assessments with configurable criteria. Operational The tool allows for key compliance tasks for review to be automated with advanced scheduling. Operational The tool shall monitor if conflicting privileges were used for transactions, within a financial system. Operational The tool shall have the capability to monitor temporary system ID's with high privileges within a financial system, often used for making emergency or short term system fixes. Operational The tool shall have the ability to perform "what-if" modeling scenarios for user and role assignments within a system. Operational The tool offers access control based on roles. Operational Access control is implemented in the tool (e.g., own access control / linked to Active Directory). Operational The tool shall provide the workflow support necessary to collect and manage attestations by business unit process owners that users have the privileges they need and that they are authorized (e.g., automated handling of user requests, approval of user requests, and provisioning of tool access based on approved requests). Operational The tool shall have the ability to perform Operational functions with "Out of the Box" software. Operational The tool shall have the ability to automate the checking of controls and compliance rules for any business process to ensure activity is conducted according to policy, procedure, or prescribed process as defined by DLA, leading practices, or regulation. Operational The tool shall have Business Process management functionality or shall facilitate interaction with other BPM tools. Operational The tool shall have the ability to mine, dissect and analyze large volumes of data using business rules, to identify any transaction anomalies with respect to adherence to policy, procedures or standards, or to detect and prevent fraud. Operational The tool facilitates automatic fact-finding from an ERP system. 3.2 Contract Line Item Description The delivery requirements of specific tasks are detailed in the "DELIVERABLE/DELIVERY SCHEDULE ". The contractor shall provide support through the following tasks. Item 1 - GRC/RM Implementation This item includes any Software, Software Configuration, Support Services, Knowledge Transfer, and Program Management for implementation of the system. Within two (2) working days of contract award, the contractor shall contact the COR/ACOR to arrange a kick-off meeting to review the details of the contract and the start date. The meeting shall be within five (5) working days from contract award. GRC/RM System Software - The contractor shall provide a COTS GRC/RM system which meets all mandatory requirements above. A deliverable under this contract must meet the following requirements to be accepted by the COR/ACOR: a. System requirements are fully met; b. System passes testing; c. System passes IA scans; d. Approval by a variety of policy boards and reviews. *If a deliverable fails one or more of the above requirements, the contractor shall resubmit the product until it is found acceptable, i.e., until it meets all of the above requirements. A deliverable will not be accepted if it has a critical, high or medium IA findings or category 1 or 2 severity codes. "Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) definition states: E2.1.66. Severity Code. Indicates the Certification Authority (CA) assessment of the likelihood of system-wide IA consequences, given a single or multiple findings. The Severity Code is assigned to a system IA security weakness by a CA as part of a certification analysis to indicate (1) the risk level associated with the IA security weakness and (2) the urgency with which the corrective action must be completed. Severity codes are expressed as "CAT I, CAT II, CAT III," where CAT I is the indicator of greatest risk and urgency. E2.1.66.1. CAT I Severity Code. Assigned to findings that allow primary security protections to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privileges, and usually cannot be mitigated. E2.1.66.2. CAT II Severity Code. Assigned to findings that have a potential to lead to unauthorized system access or activity. CAT II findings can usually be mitigated and will not prevent an ATO from being granted. E2.1.66.3. CAT III Severity Code. Assigned to recommendations that will improve IA posture but are not required for an authorization to operate. Vulnerability definitions are listed below. Critical, high, and medium findings must be resolved before final approval is granted: Critical - a vulnerability wherein an attacker might have the ability to execute commands on the server or retrieve and modify private information. High - the ability to view source code, files out of the web root, and sensitive error messages. Medium - indicates non-HTML errors or issues that could be sensitive. Low - interesting issues or issues that could potentially become higher ones. Contractor deliverables shall conform to Federal, DoD and DLA life-cycle process policy. The contractor has a vital role in ensuring that projects follow these guidelines and can be moved into production on government web servers. The contractor shall apply its best-efforts to identify non-conformance issues prior to submitting its COTS product. If the deliverable is disapproved due to nonconformance, the contractor shall bring the deliverable into conformance without additional cost to the government and will be held to the deliverable dates. The deliverable is not considered received until non-conformance issues have been resolved. If a contractor has recurring non-conformance issues during performance under this contract, the contractor may not be considered for future contract awards. J6 uses a software development life-cycle model called the Internet Development Life-Cycle (iDLC). The iDLC model mirrors an industry best practice called Capability Maturity Model Integrated (CMMI). The contractor will follow iDLC processes such as testing, configuration management, and release management procedures. For example, when the contractor is required to participate in testing, documented test results shall be provided to the government. System specification and architecture documentation will be required. The contractor may be required to provide assistance with development of user guides, including installation instruction and conducting training classes. The contractor shall provide system documentation as directed before the contract will be considered complete and final payment provided. Examples of system documentation are a System Specification and user guide. The contractor shall diagnose and resolve errors and meet deadlines as assigned by COR/ACOR. The contractor shall conduct daily reviews to insure that the work performed is high quality and that products are delivered according to schedule. The contractor shall support security Certification and Accreditation (C&A) requirements on new and existing GRC/RM components. C&A requirements may include but are not limited to: security, test and evaluation deficiencies; platform certification reviews; CERT Taskings and Advisories; and Migration related issues. The contractor shall participate in Information Assurance (IA) activities (e.g. investigation of incidents of unauthorized access/disclosure and security adjustments) and shall provide documentation, as necessary, to complete the remediation process. Contractor shall produce documentation in the system accreditation process, as directed by the TO and the COR/ACOR. The contractor shall develop or change COTS products to be compliant with all appropriate Security Technical Information Guides (STIGs). The contractor shall ensure the rigorous application of information security/information assurance policies, principles and practices. Software Configuration - contractor may be required to develop minimal custom components or modules such as a dashboard development or CAC-enable a COTS product. Each software component or module must be developed in accordance with all requirements outlined in this performance statement such as software development life-cycle processes and accreditation/security requirements. Support Services - contractor must provide support services such as initial system installation, configuration, and implementation support. Support services will also include support for functional users, technical support resolving system issues, and system administration. DLA will provide all hardware required to host the GRC/RM system, but the contractor will serve as the application administrator. The contractor will train site administrators to maintain their local users and site data. The contractor shall provide training and/or user manuals for the GRC/RM Solution. Program Management - contractor must provide a program manager who will maintain oversight of company support and GRC/RM system performance. The contractor program manager will work closely with the COR/ACOR to resolve all system issues in a timely manner. The contractor program manager will also work with the COR/ACOR on all contract administration matters. The contractor shall provide proposals, reports, presentations, other documentation and training to the government as outlined below: The contractor's proposals shall include all of the costs and delivery dates, documentation, and travel. The contractor shall provide knowledge transfer in the last two months of the task or as directed by an appropriate government contract representative. This will include a complete package on disc of all the pertinent documentation, data, knowledge, files and at least 3 knowledge sharing sessions, to facilitate the continuity of operations. In these situations, the contractor shall transfer project knowledge, files, and other pertinent information to guarantee a seamless transition in COTS development support. If required documentation has not been created, the contractor shall be responsible to develop the documentation (i.e., system specification) and to assist the knowledge transfer to the new developer and the COTR. Project transition may be to government personnel of a different contractor and success is required in either situation. The contractor shall prepare, present, or assist in the presentation of assigned reports, demonstrations, and briefings in accordance with applicable standards and guidelines and shall be suitable for presentation to J6 management or to customers, as directed by the COR/ACOR. Reports, demonstrations, and briefings may include automated or manual materials and may be presented at DLA headquarters or customer locations. The contractor shall produce written monthly and on request project status reports. The reports will cover such things as specific accomplishments for the reporting period; problems/issues resolved; new problems/issues identified; resources utilized; anticipated resources to be utilized; status updates on each assigned project task, progress to be made in the upcoming reporting period. The monthly status reports will cover the entire month. The monthly status reports shall be delivered no more than five (5) working days after the month ends and at least five (5) working days before any invoice for that period are submitted for payment. The as requested status reports will cover the period of time indicated by the COR/ACOR and will be due on the day and time indicated by the COR/ACOR. The format for these status reports will be provided upon contract award and modified as needed and directed by the COR/ACOR. The contractor shall at times present this information in any meetings called on the projects. In addition, the contractor is responsible to provide seamless transfer of knowledge from outgoing personnel to the new personnel in his staff. The contractor shall not allow change in personnel to affect productivity and timely receipt of deliverables. The contractor shall participate in J6, J5, or DLA planning and status meetings, as requested, to provide information overviews, support DLA personnel, and/or report progress and status of assigned tasks. The contractor shall provide the government accurate written ad-hoc status updates for individual project tasks and documentation when requested. These updates will be due by 1800 hours on the date specified by COR/ACOR. Item 2 - Licenses The contractor shall provide DLA all enterprise licenses required for a COTS GRC/RM system which meets all mandatory requirements above. The GRC/RM solution shall be licensed through modular functionality enabling staggered product release and incorporation throughout the DLA Enterprise. J5 estimates GRC/RM will have 350-500 users on the system. The GRC/RM solution shall contain training options to address all users, training options shall include onsite/offsite user training, onsite/offsite administrator training, and train the trainer. Item 3 - Training and Other Initiatives The contractor shall provide Training to DLA GRC/RM Solution users. J5 estimates GRC/RM will have 350-500 users on the system. The GRC/RM solution shall contain training options as identified in the table below. Training options shall include user training, administrator training, and train-the-trainer. Training options shall identify: approximate and maximum class size, duration (i.e. 4 hours, 3 days, etc.), and special requirements (i.e. projector, computer lab, etc.). DLA shall select training option(s) and location(s) based upon final user count and location, funding, and the best interest of the Government. Selections may be in any combination and quantity. In all training options, the contractor shall provide a copy of all completed training courses, materials, documentation, courseware, concept papers, functional and technical reports, demonstrations, briefings, and other documents and materials to the J6 team leader. Training Type Location Maximum Class Size Duration Requirements Training Unit Price Administrator Training Ft Belvoir, VA Train-the-Trainer Ft Belvoir, VA User training Ft Belvoir, VA User training Richmond, VA User training Columbus, OH User training Philadelphia, PA User training New Cumberland, PA User training Battle Creek, MI Note: The Government reserves the right to have training done at the sites above on an optional basis for DLA Richmond, Columbus, Philadelphia, New Cumberland and Battle Creek based upon final user count and location, funding, and the best interest of the Government. Training at Fort Belvoir will be provided as a mandatory requirement. DELIVERABLE/DELIVERY SCHEDULE : Event Intent Date Contract Award Meeting •· Contract Review and Start Date Five (5) Business Days after Award Project Planning Meeting •· Identify key project members •· Set mutual expectations & responsibilities •· Confirm assumptions •· Set schedule NLT Twenty Five (25) Business Days after Award Deep Dive Workshop •· Develop customer business requirements TBD Iteration 1: Pilot - 1 •· Review initial configuration set: Updated Forms; Alerts •· Validation point; capture change requests; design issues TBD Iteration 2: Pilot - 2 •· Review additional configuration set: Reports, Dashboard •· Initial quality feedback TBD User Acceptance Testing •· Final go-live candidate •· Capture and correct last bugs TBD Provisioning •· User training & roll-out planning NLT ten (10) months after contract award Go Live •· Active use by all identified DLA users NLT twelve (12) months after contract award Steady State •· Handoff to Support TBD • • 4.0 GENERAL INFORMATION: • • 4.1 GOVERNMENT REMEDIES: The Contracting Officer shall follow FAR 52.212-4, "Contract Terms and Conditions-Commercial Items" or 52.246-4, Inspection of Services-Fixed Price" for contractor's failure to perform satisfactory services or failure to correct non-conforming service issues. • 4.2 CONTRACTOR ALTERNATE WORKSITE AUTHORIZATION If requested by the contractor, authorization to work at an alternate worksite under the subject task order/contract can only be approved by the Contracting Officer. Authorization will state when the contractor can begin working at the alternate worksite and indicate whether all or some of the contractor employees will be impacted by the authorization. Existing contract performance outcomes/ metrics, deliverables and all contract term and conditions will remain in effect except for the principal place of performance. Working at an alternate worksite shall only be authorized if the Contracting Officer can adequately determine that the following conditions exist for the Contractor: The Contractor shall be able to complete the task(s) without the use of any Government Furnished Equipment (i.e., laptops, cell phones, etc.). There must be a predefined need, in keeping with the organization's mission, for the Contractor to work at an alternate worksite. For example, in case of inclement weather or Federal Government closure, contractor employees may be authorized to perform tasks under this contract from their alternate worksite. •a. If the Contractor needs remote access to DLA or DOD networks, systems, applications, or databases, the Contractor shall establish remote access through the DLA approved remote access system using Contractor Furnished Equipment (CFE) that meets the DLA IA computer standards specified in paragraph 2.12.3 CONTRACTOR ALTERNATE WORKSITE REMOTE ACCESS REQUIREMENTS. •b. The contractor shall provide the Contract Officer Representative (COR) a status report summarizing any issues encountered in meeting task order/contract performance outcomes/metrics due to the change in location to the alternate worksite. The report must be provided within 5 days from the date the contractor begins working at the alternate worksite and be included in the monthly status report as a separate item. •c. The Contractor must have an approved Corporate Alternate Worksite plan on file with the COR/ACOR and Contracting Officer prior to any work being performed at the Contractors alternate worksite. • • 4.3 CONTRACTOR COOP ALTERNATE WORKSITE AUTHORIZATION The Contractor may be authorized to perform tasks under this contract task order/s at a Contractor alternate worksite, upon declaration of a COOP or Pandemic situation by the Director of the Defense Logistics Agency. •a. Authorization for the contractor to work at an alternate worksite under the contract task order/s will be provided by the Contracting Officer. Authorization will state when the contractor can begin working at the alternate worksite and indicate whether all or some of the contractor employees will be impacted by the authorization. Existing contract performance outcomes/ metrics, deliverables and all contract terms and conditions will remain in effect except for the principal place of performance. •b. The principal place of performance is the Government facilities outlined in this contract. •c. The Government will not issue Government Furnished Equipment (GFE) for performance of this contract at a contractor alternate worksite. The Government shall not incur any additional cost nor provide additional equipment for contract performance as a result of the Contractor's implementation of an alternative worksite plan. •d. The Contractor shall use Contractor Furnished Equipment (CFE) that meets the DLA Government Furnished Equipment (GFE) Information Assurance (IA) approved computer standards for access to DLA networks, systems, and databases to perform the tasks of this contract from the contractor alternate worksite, as specified in paragraph 2.12.3 CONTRACTOR ALTERNATE WORKSITE REMOTE ACCESS REQUIREMENTS. •e. Alternate worksites may be authorized by the Contracting Officer, upon declaration of a COOP or Pandemic situation by the DLA Director. An alternative worksite can be a contractor facility, personal residence, or a telecommuting center. A telecommuting center is a geographically convenient office setting established as an alternative to an employee's main office, or residence. •f. Regardless of work location, all contract terms and conditions, including security requirements and labor laws, remain in effect. • • 4. 4 CONTRACTOR ALTERNATE WORKSITE REMOTE ACCESS REQUIREMENTS The Contractor shall ensure that all CFE (hardware and software) employed to access DLA networks, systems, applications, and databases meet the following minimum DLA IA requirements and provide periodic certification of compliance as a pre-requisite to being granted network access: Utilize only those operating systems (OS) capable of joining an Active Directory domain (e.g., Windows XP Professional). Employment of "home use" operating systems is prohibited; •a. Operating systems, databases, and applications must be configured for compliance with the DISA Gold Disk and the applicable Security Technical Implementation Guides (STIGs) / checklists. The DLA Information Assurance Manager (IAM) will provide a listing of applicable STIGS upon request; •b. Employ DoD approved Anti-virus and Anti-Spyware software must be installed and signatures must be updated in accordance with DLA IA policy. Updates must be pushed from a trusted source using a centrally managed server; •c. Install a DoD approved PC-based firewall with it configured to permit traffic by exception only, and dropping all other traffic. If the host-based firewall provides intrusion detection or prevention; the signatures or rules must be updated at the same intervals as the anti-virus software and pushed from a trusted source; •d. Computers must be scanned by the contractor with the appropriate DLA vulnerability scanner (or current approved DoD scanner solution) at a minimum of every 30 days. All vulnerabilities must be remediated and reported to the cognizant IAM; •e. Ensure Contractor employees possess a current Government issued Common Access Card (CAC) and install Government approved CAC readers and middleware, provided their assignments require access to Government networks; •f. Contractor shall verify compliance with the above requirements and provide this information on a monthly basis to the IAM and COR/ACOR; •g. Install Government approved Juniper VPN or CITRIX clients from a trusted source; •h. The Contractor shall coordinate with the cognizant IAM for establishment of employee Active Directory (AD) Group membership; •i. Network access accounts for Contractors using CFE who have not had verified scans performed within the past 30 days will be disabled until the required scans and remediation is performed; •j. Full Disk Encryption: Employ DoD approved disk encryption software on all mobile computing devices and removable storage media. Product must be NIST FIPS 140-2 compliant and NIAP certified. •k. The Government is not responsible for any costs associated with meeting the above requirements. • • 4.5 PLACE OF PERFORMANCE: COTS development and sustainment support will be accomplished at an off-site contractor facility. No matter the primary place of work, the contractor shall be required to come to the HQ DLA Complex building at Fort Belvoir, VA, or DISA hosting centers for meetings and other purposes as directed by J6. • 4.6 NON-DISCLOSURE AND PRIVACY ACT REQUIREMENTS: Performance of this contract may require the Contractor and, perhaps, sub-contractor to access data and information proprietary to the Government agency or of such a nature that its dissemination or use, other than in performance of this Performance Based Work Statement (PWS), would be adverse to the interest of the Government or others. The Contractor shall not divulge or release data or information developed or obtained in performance of this PWS. The Contractor shall not use, disclose, or reproduce proprietary data, which bears a restrictive legend, other than as required in the performance of this PWS. The limitations above do not apply to data or information made public by the Government. Further, this provision does not preclude the use of any data independently acquired by the Contractor without such limitations or prohibit an agreement at no cost to the Government between the Contractor and the data owner that provides for greater rights to the Contractor. Contract personnel visiting any Government facility in execution of this contract shall be subject to the Standards of Conduct applicable to Government employees. Site-specific regulations regarding access to classified or sensitive materials, computer facility access, issue of security badges, etc. will be provided as required. All products, partial products, and associated work papers produced in the course of fulfilling orders placed under this contract will be considered the property of the DLA. • 4.7 WORK HOURS: • Core duty hours are between 0600 and 1800 Monday through Friday, contractor support as defined within this contract shall normally be conducted during these times. On rare occasions, support is required outside normal duty hours to reduce downtime or disruption to the user community. Contractor will be available in emergencies for any given task. The contractor shall provide an avenue for communication and quick response, especially during core work hours. On rare occasions, non-core work hour support may be required. • 4.8 TRAVEL: Travel is anticipated to the HQ DLA Complex building at Fort Belvoir, VA, or DISA hosting centers for meetings and other purposes as stated in this document and directed by J6. Other travel (e.g. to DLA Primary Field Level Activities) may be required and will be paid for by the Government subject to the Federal Acquisition Regulation, Joint Travel Regulation, and other applicable regulations. Contractor shall only travel when it is pre‑approved by J6 COR/ACOR or KO and money must be available/obligated for each order in anticipation of the travel. Travel shall be followed by a trip report and an expense report if the government is to reimburse the contractor for travel. • 4.9 SECURITY: At time of award and prior to new personnel starting work, the Contractor's personnel must possess the required IT Level 1 and 2 Information Technology Security credentials as outlined below: a. Positions responsible for systems design, operation, testing, maintenance or monitoring which is under technical review of an IT-1 (Computer Analyst, Programmers, Operators) b. Positions responsible for lower level security administration functions (i.e. password resets, help desk personnel) NOTE: The above definitions can be found in the personnel security regulation in the DLA Personnel Security Program One Book Chapter. The One Book Chapter will be provided upon request. Contractor personnel performing under any resultant contract shall maintain IT Level 2 credentials throughout the performance period. Each Contractor employee shall be required to fill out an Electronic Personnel Security Questionnaire (ESPQ) which is the Government's security background check; Standard Form 85P (National Agency Check (NAC)). The document can be downloaded to the Contractor's PC. The EPSW must be electronically submitted to the DLA Personnel Security Office prior to the COR/ACOR signing off on the Badge and ID Request Form (DLAH 1728). A hardcopy of the EPSQ questionnaire must be attached to the DLAH 1728 Form, to include the employee's signature, prior to submitting the package to the DASC Personnel Security Office. The employee must receive a favorable background investigation. If the background investigation findings show that the employee has a criminal or drug problem, HQ DLA CAAS (Command Security) will determine whether to allow the employee access to the DLA building. Once issued, the ID Badge must be displayed at all times while working in the DLA building. The Contractor may be exposed to information covered under the Privacy Act of 1974, and if so, the Contractor shall comply with all applicable safeguarding and handling requirements associated with Privacy Act data ( www.usdoj.gov ). Contractor personnel must have appropriate security clearances to access classified information. The government may accept an interim security clearance while a permanent clearance is pending. DOD 5200.2-R, DOD Personnel Security Program, requires DOD military and civilian personnel, as well as DOD consultants and contractor personnel, who perform work on sensitive automated information systems (AISs), to be assigned to positions which are designated at one of three sensitivity levels (IT-I, IT-­II, IT-III). These designations equate to Critical Sensitive, Non-critical Sensitive, and Non-sensitive. DLA has implemented the DOD policy in paragraph 3-101 of DLAR 5200.11, DLA Personnel Security Program. The Contractor shall assure that individuals assigned to the following sensitive positions, as determined by the Government, have completed the appropriate forms and attained IT-II clearance. For IT-I and IT-II positions, the required investigation shall be completed prior to the assignment of individuals to sensitive duties associated with the position. The Contractor shall forward their employee clearance information to Command Security Officer. The provisions outlined above apply to the prime contractor and any subcontractors the prime contractor may employ during the course of this contract. No contractor personnel performing sensitive duties will be allowed to commence work on this effort until his or her trustworthiness has been favorably adjudicated. DLA retains the right to request removal of contractor personnel, regardless of prior clearance or adjudication status, whose actions, while assigned to this contract, clearly conflict with the interest of the government. The reason for removal shall be fully documented in writing by the KO. The Contractor shall comply with all DLA security requirements pursuant to DLA Regulation 5200.17, Security Requirements for Automated Information and Telecommunications Systems. Contractor employees shall be required to meet all security and safety regulations pertinent to the work location and shall be required to undergo a National Agency Check (NACLC) at a minimum. Sensitive Information. All contractor personnel, with the exception of certain administrative and management personnel, will have access to customer Sensitive Information. Contractors shall have designated IT-1 in accordance with DODD 8500.1, Information Assurance (IA), October 24, 2002. All personnel must have a within scope Single Scope Background Investigation (SSBI). Contractor Generated Documents. Contract personnel will generate or handle documents that contain FOUO information, at both Government and contractor facilities. Contractor shall have access to, generate and handle classified material only at government facilities. All contract deliverables shall be marked at a minimum "For Official Use Only" (FOUO), unless otherwise directed by the Government. The contractor shall comply with the provisions of the DOD Industrial Security Manual for handling classified material and producing deliverables. Security Procedures. All contractor personnel working on or managing this effort shall strictly adhere to DLA and DOD security policy guidelines. Information Security. Information given to the Contractor during the life of this task order shall only be used for the purpose of carrying out the provisions of this task order. Agency information marked "For Official Use Only' or bearing other sensitivity markings shall be handled in accordance with Agency information security program regulations and shall not be divulged or disclosed without Agency permission. Requests for disclosure shall be addressed to the COR/ACOR. • • 4.10 CONTRACT OFFICER REPRESENTATIVES: The Contract Officer Representative (COR): To be provided at award The Alternate Contract Officer Representative (ACOR): To be provided at award 5. RESTRICTIONS : The contractor shall not go directly to J6 customer to create requirements. At all times, conflicts of interest shall be avoided by vendors, subcontractors, or associated companies. Contractors shall comply with all laws and regulations governing contract conflicts of interest. Contractors shall not gain, share or make use of information on potential projects, plans, project requirements, evaluation criteria, policies, or internal policies in order to compete for work in DLA. They shall make the government aware of any relationship that may appear suspect. Because of the nature of the work to be performed under this contract, a provision setting forth an obligation to prevent and report any potential organizational conflicts of interests (OCIs) and to protect from disclosure of proprietary and sensitive information is applied to this contract. The contractor shall acknowledge this obligation before beginning performance of work under this contract. This acknowledgement will be provided in writing at the kick off meeting. 6. INVOICES : The contractor shall provide e-mail and hard copy invoices to the COR or ACOR, and a designated contracting POC for each month worked. The invoice is considered received when the COR/ACOR is able to open and review e-mail submission and has physically seen the hard copy invoice. It is not to be considered received on the weekend or holidays. The contractor may be required to submit invoices into Wide Area Work Flow (WAWF). Trip reports, expense reports and status reports are due five (5) working days prior to invoice submission. The contractor shall provide e-mail and hard copies of all status reports for that month, trip reports, trip expense reports, and a write up of expected contractor absences for the coming month, with any invoice submitted for payment. Additionally, the Contractor shall use this mechanism as a formal forum to raise issues of concern. The monthly status report format will be provided at Contract award. The government (J6) does not pay for the time and effort to write a proposal and cost estimate, nor its submission. Any and all deliverables/reports shall not be separately invoiced above and beyond the FFP under the contract. Only following the successful project completion, will the final contractor's invoice will be certified for payment. This means the project must: meet the requirements given; pass our J6 (and their agents) review; conform to Federal, DoD DLA Policy; follow the life cycle process; pass the necessary board reviews and be accepted by the COR/ACOR. So, the last invoice will not be paid until all requirements have been met. 7. CONTRACT TYPE: The type of contractual vehicle will be a Fixed Firm Price (FFP). •8. BASIS FOR AWARD: The basis of award will be through Low Price Technically Acceptable analysis. Technical acceptability shall be evaluated from offers capable of meeting 100% of the capability and system requirements, implementation, and licenses as presented in Section 3 of the PWS. Total price will be evaluated based on all three items including mandatory training and optional training. 9. PERFORMANCE MEASURES : 9.1 PURPOSES OF MEASURES: Performance measures will be used to assess the contractor's performance under specific CLINs in this contract. These measures will determine whether the Contractor is performing at acceptable levels to contract payments. The Government will make objective and subjective assessments of the Contractor's performance to determine whether contract performance is acceptable. The Contractor is expected to perform all functions in a professional manner and prepare accurate and timely documentation. Progress will be tracked based on the milestone event when the Contractor receives a specific tasking. Performance may vary with the complexity of the acquisition and/or technical document. It is expected that the deliverables will comply with all major regulatory and process requirements, as well as, DLA agency policies and procedures. 9.2 PERFORMANCE MEASUREMENTS: The performance measurements for specific CLINs under this contract shall be based on timeliness and quality of the work and deliverables provided by the Contractor. These measurements are defined as: a. Timeliness - The completion of tasks and/or the submission of deliverables within the schedule set forth by the government during the performance of the task. b. Quality - The quality of work completed under the resulting tasks will be measured based on the Government's determination of the validity, accuracy, clarity and usefulness of a deliverable or if the work performance met the expected outcomes as was communicated to the Contractor by the government. 9.3 FIXED FIRM PRICE PERFORMANCE EVALUATION: The following performance evaluation will be applied to each task in specific CLINs under this contract: a. The contractor shall submit an invoice for 100% amount for each CLIN. As part of the COR/ACOR certification process, the COR/ACOR will indicate on the invoice submitted the amounts authorized for payment for each CLIN based on the performance measures described herein. b. The determination for payment will be made in accordance with the procedures set forth below. c. The COR/ACOR will advise the contractor of what the authorized amount of payment will be within 10 working days of submittal of the invoice. If the COR/ACOR does not come to a determination or certify the invoice within 10 working days than the contractor will be provided 100% of their invoiced amount. The Contractor may direct questions on any withholding of an incentive payment to the Contracting Officer. If the contractor demonstrates that the firm's inability to meet performance requirements was due to a failure in Government procedure (i.e. miscommunication of facts, failure to provide the Contractor with information or devices necessary to complete tasks, etc.), the KO may determine the incentive payment, or some part of the incentive payment, be released to the contractor in a future invoicing period. 9.4 PERFORMANCE REVIEW: Below are the Performance Standards that will be used in evaluating performance on a monthly basis and in determining the amount of the payment owed to the vendor. Performance standards and ratings are designed to determine if performance exceeds, meets, or does not meet a given metric and acceptable quality level. Note: The application of these performance ratings or failure of the Government to apply these performance ratings does not waive any of the Government's rights to damages under this contract. The following ratings shall be used: Good - Performance meets or exceeds contract requirements in terms of timeliness and quality. COR will make a determination to pay the contract 100% of the invoice amount. Fair - Performance meets contract requirements with either only minor performance issues or minor timeliness issues. The performance and/or timeliness issues do not adversely impact the mission of the Agency. The COR will make a determination to pay the contractor 90% of the invoice amount. Poor - Performance narrowly meets contract requirements by at least one of the following: bordering on unacceptability in terms of or quality of performance, bordering on unacceptability in terms of timeliness, or adverse impact on the mission of the Agency is possible. The COR will make a determination to pay the contractor 80% of the invoice amount. Unacceptable - Performance hasbeen at a less than acceptable level in terms of timeliness or quality. Possible issues include, but are not limited to: missed milestones, low quality documents requiring multiple reviews and rewrites, significant or serious complaints submitted by the customers, documents that do not comply with acquisition or policy regulations, or one or more cure notices have been issued. Payment will be withheld pending resolution of cure notice(s). Termination for default or cause may result. The ratings, as described in the table above, will be based on the performance of the contractor on the timeliness and quality of the services provided using the rating scale for each criterion as shown below. Timeliness Good Meets or exceeds contract requirements in terms of timeliness of delivery. Fair Minor timeliness issues that do not adversely impact the mission of the Agency. Poor Timeliness issues that are not minor and/or borders on unacceptability. Adverse impact on the mission of the Agency is possible. Unacceptable Contractor failed to meet the timeliness requirements. Possible issues include, but are not limited to; one or more deliverables not submitted on time or missed milestones. One or more cure notices may have been issued by the Contracting Officer. Quality Good Meets or exceeds contract requirements in terms of quality of work performed. Fair Performance meets contract requirements with only minor issues and the issues do not adversely impact the mission of the Agency. Poor Performance narrowly meets contract requirements and either borders on unacceptability in terms of quality, or adverse impact on the mission of the Agency is possible. Unacceptable Quality of performance has been at a less than acceptable level. Possible issues include, but are not limited to: low quality documents requiring multiple reviews and rewrites, significant or serious complaints submitted by the customers, documents that did not comply with acquisition or policy regulations or one or more cure notices have been issued by the Contracting Officer. 10. DATA USE, DISCLOSURE OF INFORMATION AND HANDLING OF SENSITIVE INFORMATION: The Contractor shall maintain, transmit, retain in strictest confidence, and prevent the unauthorized duplication, use, and disclosure of information. The Contractor shall provide information only to employees, Contractors, and subcontractors having a need to know such information in the performance of their duties for this project. Information made available to the contractor by the Government for the performance or administration of this effort shall be used only for those purposes and shall not be used in any other way without the written agreement of the KO. Contractor personnel will be required to sign a non-disclosure statement. If proprietary information is provided to the contractor for use in performance or administration of this effort, the contractor except with the written permission of the KO may not use such information for any other purpose. If the contractor is uncertain about the availability or proposed use of information provided for the performance or administration of this effort, the contractor shall consult with the COR/ACOR regarding use of that information for other purposes. The contractor agrees to assume responsibility for protecting the confidentiality of Government records which are not public information. Each offeror or employee of the contractor to whom information may be made available or disclosed shall be notified in writing by the contractor that such information may be disclosed only for a purpose and to the extent authorized herein. Performance of this effort may require the Contractor to access and use data and information proprietary to a Government agency or Government Contractor which is of such a nature that its dissemination or use, other than in performance of this effort, would be adverse to the interests of the Government and/or others. Contractor and/or Contractor personnel shall not divulge or release data or information developed or obtained in performance of this effort, until made public by the Government, except to authorize Government personnel or upon written approval of the KO. The Contractor shall not use, disclose, or reproduce proprietary data that bears a restrictive legend, other than as required in the performance of this effort. Nothing herein shall preclude the use of any data independently acquired by the Contractor without such limitations or prohibit an agreement at no cost to the Government between the Contractor and the data owner that provides for greater rights to the Contractor. All data received, processed, evaluated, loaded, and/or created as a result of this delivery order shall remain the sole property of the Government unless specific exception is granted by the KO. •10. DATA RIGHTS Under the provisions of the Rights in Data General Clause (52.227-14), the Government reserves all rights, including copyrights, distribution rights, and other rights for all documents, data or software developed in the performance of this task. •11. INSPECTION AND ACCEPTANCE a. Final inspection and acceptance of all work, performance, reports and other deliverables shall be performed at the location specified in the PWS. The COR/ACOR are responsible for inspection and acceptance as well as the basis for acceptance. b. The basis for acceptance shall be in compliance with the requirements set forth in the PWS and other terms and conditions of the contract. Deliverable items rejected shall be corrected in accordance with applicable clauses. c. The Government requires a period not to exceed thirty (30) calendar days after receipt of final deliverable item(s) for inspection and acceptance or rejection, unless otherwise specified. Contract deliverables that receive neither a formal acceptance nor a formal rejection after thirty (30) calendar days post submission are considered to automatically be accepted. CONTRACT CLAUSES INCORPORATED BY REFERENCE: THE CLAUSES LISTED BELOW ARE INCORPORATED BY REFERENCE WITH THE SAME FORCE AND EFFECT AS IF THEY WERE GIVEN IN FULL TEXT. UPON REQUEST, THE CONTRACTING OFFICER WILL MAKE THEIR FULL TEXT AVAILABLE. A CLAUSE WITH AN AUTHORIZED DEVIATION IS SO MARKED AFTER THE DATE OF THE CLAUSE. (Also, the full text of solicitation clauses and provisions may be accessed electronically at the following websites): FAR, DFARS, DLAD, and DSCP Local Clauses - http://farsite.hill.af.mil/ CLAUSE NUMBER TITLE/DATE FAR 52.204-7 Central Contractor Registration (FEB 2012) FAR 52.204-9 Personal Identity Verification of Contractor (JAN 2011) FAR 52.209-6 Protecting the Government's Interests When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (DEC 2010) FAR 52.211-17 Delivery of Excess Quantities (SEP 1989) FAR 52.222-3 Convict Labor (JUN 2003) FAR 52.222-19 Child Labor - Cooperation with Authorities and Remedies (MAR 2012) FAR 52.222-21 Prohibition of Segregated Facilities (FEB 1999) FAR 52.222-24 Pre-Award On Site Equal Opportunity Compliance Evaluation (FEB 1999) FAR 52.222-26 Equal Opportunity (MAR 2007) FAR 52.222-40 Notification of Employee Rights Under the National Labor Relations Act (DEC 2010) FAR 52.222-41 Service Contract Act of 1965 (NOV 2007) FAR 52.222-42 Statement of Equivalent Rates for Federal Hires (MAY 1989) FAR 52.223-5 Pollution Prevention and Right-to-Know Information (MAY 2011) FAR 52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (Aug 2011) FAR 52.227-1 Authorization and Consent (DEC 2007) FAR 52.227-2 Notice and Assistance Regarding Patent and Copyright Infringement (DEC 2007) FAR 52.228-7 Insurance-Liability to Third Persons (MAR 1996) FAR 52.232-17 Interest (OCT 2008) FAR 52.232-20 Limitation of Cost (APR 1984) FAR 52.237-2 Protection of Government Buildings, Equipment, and Vegetation (APR 1984) FAR 52.237-3 Continuity of Services (JAN 1991) FAR 52.242-1 Notice of Intent to Disallow Costs (APR 1984) FAR 52.242-13 Bankruptcy (JULY 1995) FAR 52.242-15 Stop-Work Order (AUG 1989) FAR 52.243-5 Changes and Changed Conditions (APR 1984) FAR 52.246-1 Contractor Inspection Requirements (APR 1984) FAR 52.247-34 F.o.b. Destination (NOV 1991) FAR 52.249-2 Termination for Convenience of the Government (Fixed Price) (APR 2012) FAR 52.249-8 Default (Fixed-Price Supply and Service)(APR 1984) FAR 52.249-14 Excusable Delays (APR 1984) DFARS 252.201-7000 Contracting Officer's Representative (DEC 1991) DFARS 252.203-7002 Requirement to Inform Employees of Whistleblower Rights (JAN 2009) DFARS 252.204-7003 Control of Government Personnel Work Product (APR 1992) DFARS 252.204-7004 Alternate A, Central Contractor Registration (SEP 2007) DFARS 252.209-7004 Subcontracting with Firms That Are Owned or Controlled by the Government of a Terrorist Country (DEC 2006) DFARS 252.225-7002 Qualifying Country Sources as Subcontractors (APR 2003) DFARS 252.232-7003 Electronic Submission of Payment Requests and Receiving Reports (MAR 2008) DLAD 52.204-9000 Contractor Personnel Security (MAR 2012) DLAD 52.212-9001 Application of Fast Payment to Part 12 Acquisitions (NOV 2011) DLAD 52.212-9000 Changes-Military Readiness (NOV 2011) DLAD 52.213-9009 Fast Payment Procedure (NOV 2011) DLAD 52.233-9000 Agency Protests (NOV 2011) Clauses in Full Text 52.216-1 Type of Contract (APR 1984) The Government contemplates award of a Firm-Fixed Price contract resulting from this solicitation. 52.219-13 -- Notice of Set-Aside of Orders. Notice of Set-Aside of Orders (Nov 2011) The Contracting Officer will give notice of the order or orders, if any, to be set aside for small business concerns identified in 19.000(a)(3) and the applicable small business program. This notice, and its restrictions, will apply only to the specific orders that have been set aside for any of the small business concerns identified in 19.000(a)(3). 52.219-14 Limitations on Subcontracting. Limitations on Subcontracting (Dec 1996) (a) This clause does not apply to the unrestricted portion of a partial set-aside. (b) By submission of an offer and execution of a contract, the Offeror/Contractor agrees that in performance of the contract in the case of a contract for- (1) Services (except construction). At least 50 percent of the cost of contract performance incurred for personnel shall be expended for employees of the concern. (2) Supplies (other than procurement from a non-manufacturer of such supplies). The concern shall perform work for at least 50 percent of the cost of manufacturing the supplies, not including the cost of materials. (3) General construction. The concern will perform at least 15 percent of the cost of the contract, not including the cost of materials, with its own employees. (4) Construction by special trade contractors. The concern will perform at least 25 percent of the cost of the contract, not including the cost of materials, with its own employees. 1.29 NOTICE OF TOTAL SMALL BUSINESS SET-ASIDE 52.219-6 -- Notice of Total Small Business Set-Aside. Notice of Total Small Business Set-Aside (Nov 2011) (a) Definition. "Small business concern," as used in this clause, means a concern, including its affiliates, that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the size standards in this solicitation. (b) Applicability. This clause applies only to-- (1) Contracts that have been totally set aside or reserved for small business concerns; and (2) Orders set aside for small business concerns under multiple-award contracts as described in 8.405-5 and 16.505(b)(2)(i)(F).* (c) General. (1) Offers are solicited only from small business concerns. Offers received from concerns that are not small business concerns shall be considered nonresponsive and will be rejected. (2) Any award resulting from this solicitation will be made to a small business concern. (d) Agreement. A small business concern submitting an offer in its own name shall furnish, in performing the contract, only end items manufactured or produced by small business concerns in the United States or its outlying areas. If this procurement is processed under simplified acquisition procedures and the total amount of this contract does not exceed $25,000, a small business concern may furnish the product of any domestic firm. This paragraph does not apply to construction or service contracts. DFARS 252.232-70003 ELECTRONIC SUBMISSION OF PAYMENT REQUESTS (MAR 2007) (a) Definitions. As used in this clause- (1) "Contract financing payment" and "invoice payment" have the meanings given in section 32.001 of the Federal Acquisition Regulation. (2) "Electronic form" means any automated system that transmits information electronically from the initiating system to all affected systems. Facsimile, e-mail, and scanned documents are not acceptable electronic forms for submission of payment requests. However, scanned documents are acceptable when they are part of a submission of a payment request made using one of the electronic forms provided for in paragraph (b) of this clause. (3) "Payment request" means any request for contract financing payment or invoice payment submitted by the Contractor under this contract. (b) Except as provided in paragraph (c) of this clause, the Contractor shall submit payment requests using one of the following electronic forms: (1) Wide Area Work Flow-Receipt and Acceptance (WAWF-RA). Information regarding WAWF-RA is available on the Internet at https://wawf.eb.mil. (2) Web Invoicing System (WInS). Information regarding WInS is available on the Internet at https://ecweb.dfas.mil. (3) American National Standards Institute (ANSI) X.12 electronic data interchange (EDI) formats. (i) Information regarding EDI formats is available on the Internet at http://www.X12.org. (ii) EDI implementation guides are available on the Internet at http://www.dod.mil/dfas/contractorpay/electroniccommerce.html. (4) Another electronic form authorized by the Contracting Officer. (c) The Contractor may submit a payment request in non-electronic form only when- (1) DoD is unable to receive a payment request in electronic form; or (2) The Contracting Officer administering the contract for payment has determined, in writing, that electronic submission would be unduly burdensome to the Contractor. In such cases, the Contractor shall include a copy of the Contracting Officer's determination with each request for payment. (d) The Contractor shall submit any non-electronic payment requests using the method or methods specified in Section G of the contract. (e) In addition to the requirements of this clause, the Contractor shall meet the requirements of the appropriate payment clauses in this contract when submitting payment requests. INVOICES SHOULD BE SENT TO: Defense Logistics Agency (DLA) Information Operations (J-6) Enterprise Licensing (J-654) 8725 John J. Kingman Road Fort Belvoir, VA 22020-6220 POC: Peter Battaglia Telephone: (703) 767-3523 E-mail: Peter.Battaglia@DLA.MIL The DODAC for WAWF is SL4730. FAR 52.224-2, Privacy Act (Apr 1984) The Contractor agrees to: Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies: The systems or records; and The design, development or operation work that the Contractor is to perform •· Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the design, development or operation of a system of records on individuals that is subject to the Act; and Include the clauses, in the following three subparagraphs, in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For the purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. The term "operation of a system of records" as used in this clause, means the performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. The term "record" as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. The term "system of records on individuals" as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. DFARS 252.204-7008 Export-Controlled Items (a) Definition. "Export-controlled items," as used in this clause, means items subject to the Export Administration Regulations (EAR) (15 CFR Parts 730-774) or the International Traffic in Arms Regulations (ITAR) (22 CFR Parts 120-130). The term includes: (1) "Defense items," defined in the Arms Export Control Act, 22 U.S.C. 2778(j)(4)(A), as defense articles, defense services, and related technical data, and further defined in the ITAR, 22 CFR Part 120. (2) "Items," defined in the EAR as "commodities", "software", and "technology," terms that are also defined in the EAR, 15 CFR 772.1. (b) The Contractor shall comply with all applicable laws and regulations regarding export-controlled items, including, but not limited to, the requirement for contractors to register with the Department of State in accordance with the ITAR. The Contractor shall consult with the Department of State regarding any questions relating to compliance with the ITAR and shall consult with the Department of Commerce regarding any questions relating to compliance with the EAR. (c) The Contractor's responsibility to comply with all applicable laws and regulations regarding export-controlled items exists independent of, and is not established or limited by, the information provided by this clause. (d) Nothing in the terms of this contract adds, changes, supersedes, or waives any of the requirements of applicable Federal laws, Executive orders, and regulations, including but not limited to- (1) The Export Administration Act of 1979, as amended (50 U.S.C. App. 2401, et seq. ); (2) The Arms Export Control Act (22 U.S.C. 2751, et seq.); (3) The International Emergency Economic Powers Act (50 U.S.C. 1701, et seq.); (4) The Export Administration Regulations (15 CFR Parts 730-774); (5) The International Traffic in Arms Regulations (22 CFR Parts 120-130); and (6) Executive Order 13222, as extended; (e) The Contractor shall include the substance of this clause, including this paragraph (e), in all subcontracts. FAR 52.222-50 -- Combating Trafficking in Persons. (a) Definitions. As used in this clause- "Coercion" means- (1) Threats of serious harm to or physical restraint against any person; (2) Any scheme, plan, or pattern intended to cause a person to believe that failure to perform an act would result in serious harm to or physical restraint against any person; or (3) The abuse or threatened abuse of the legal process. "Commercial sex act" means any sex act on account of which anything of value is given to or received by any person. "Debt bondage" means the status or condition of a debtor arising from a pledge by the debtor of his or her personal services or of those of a person under his or her control as a security for debt, if the value of those services as reasonably assessed is not applied toward the liquidation of the debt or the length and nature of those services are not respectively limited and defined. "Employee" means an employee of the Contractor directly engaged in the performance of work under the contract who has other than a minimal impact or involvement in contract performance. "Forced labor" means knowingly providing or obtaining the labor or services of a person- (1) By threats of serious harm to, or physical restraint against, that person or another person; (2) By means of any scheme, plan, or pattern intended to cause the person to believe that, if the person did not perform such labor or services, that person or another person would suffer serious harm or physical restraint; or (3) By means of the abuse or threatened abuse of law or the legal process. "Involuntary servitude" includes a condition of servitude induced by means of- (1) Any scheme, plan, or pattern intended to cause a person to believe that, if the person did not enter into or continue in such conditions, that person or another person would suffer serious harm or physical restraint; or (2) The abuse or threatened abuse of the legal process. "Severe forms of trafficking in persons" means- (1) Sex trafficking in which a commercial sex act is induced by force, fraud, or coercion, or in which the person induced to perform such act has not attained 18 years of age; or (2) The recruitment, harboring, transportation, provision, or obtaining of a person for labor or services, through the use of force, fraud, or coercion for the purpose of subjection to involuntary servitude, peonage, debt bondage, or slavery. "Sex trafficking" means the recruitment, harboring, transportation, provision, or obtaining of a person for the purpose of a commercial sex act. (b) Policy. The United States Government has adopted a zero tolerance policy regarding trafficking in persons. Contractors and contractor employees shall not- (1) Engage in severe forms of trafficking in persons during the period of performance of the contract; (2) Procure commercial sex acts during the period of performance of the contract; or (3) Use forced labor in the performance of the contract. (c) Contractor requirements. The Contractor shall- (1) Notify its employees of- (i) The United States Government's zero tolerance policy described in paragraph (b) of this clause; and (ii) The actions that will be taken against employees for violations of this policy. Such actions may include, but are not limited to, removal from the contract, reduction in benefits, or termination of employment; and (2) Take appropriate action, up to and including termination, against employees or subcontractors that violate the policy in paragraph (b) of this clause. (d) Notification. The Contractor shall inform the Contracting Officer immediately of- (1) Any information it receives from any source (including host country law enforcement) that alleges a Contractor employee, subcontractor, or subcontractor employee has engaged in conduct that violates this policy; and (2) Any actions taken against Contractor employees, subcontractors, or subcontractor employees pursuant to this clause. (e) Remedies. In addition to other remedies available to the Government, the Contractor's failure to comply with the requirements of paragraphs (c), (d), or (f) of this clause may result in- (1) Requiring the Contractor to remove a Contractor employee or employees from the performance of the contract; (2) Requiring the Contractor to terminate a subcontract; (3) Suspension of contract payments; (4) Loss of award fee, consistent with the award fee plan, for the performance period in which the Government determined Contractor non-compliance; (5) Termination of the contract for default or cause, in accordance with the termination clause of this contract; or (6) Suspension or debarment. (f) Subcontracts. The Contractor shall include the substance of this clause, including this paragraph (f), in all subcontracts. (g) Mitigating Factor. The Contracting Officer may consider whether the Contactor had a Trafficking in Persons awareness program at the time of the violation as a mitigating factor when determining remedies. Additional information about Trafficking in Persons and examples of awareness programs can be found at the website for the Department of State's Office to Monitor and Combat Trafficking in Persons at http://www.state.gov/g/tip. NOTICE OF POTENTIAL ORGANIZATIONAL CONFLICTS OF INTEREST •(a) Notice. The Contracting Officer has determined that this acquisition may give rise to an organizational conflict of interest (OCI). Accordingly, the attention of prospective Offerors is invited to FAR Subpart 9.5 --Organizational Conflicts of Interest. The Contracting Officer shall not award a contract until the Government determines any conflict of interest is reasonably resolved. The Contracting Officer has the sole authority to determine whether an organizational conflict of interest exists and to determine whether the organizational conflict of interest has been reasonably resolved. The OCI plan will not be evaluated as part of mission suitability. However, before being eligible to receive an award, the Offeror shall submit an acceptable OCI plan (including mitigation plans for any identified OCIs). As such, the Government may communicate with any Offeror at any time during the evaluation process concerning its OCI plan. •(b) Description of Potential Conflict. The Contracting Officer is currently unaware of any existing OCIs. •(c) Responsibility of Offeror. •1) Applying the principles of FAR Subpart 9.5, each Offeror shall assess whether there is an organizational conflict of interest associated with the proposal it submits. The Offeror must explain the actions it intends to use to resolve any organizational conflicts of interest it finds in the Government's assessment and its own assessment. If its proposed resolution involves a proposed limitation on future contracting, the Offeror shall include the limitation in its proposal. If the proposed resolution involves use of mitigation techniques, the Offeror shall include the mitigation techniques in its proposal. Offerors may include the limitation of future contracting as well as a mitigation plan when their proposed resolution involves both techniques to address conflicts. •2) Offerors are encouraged to inform the Contracting Officer of any potential conflicts of interest, including those involving contracts with other Government organizations, in their proposal. The contracting officer will use this information to determine whether resolution of those conflicts will be required. •3) If the Offeror's proposed action to resolve an organizational conflict of interest is not acceptable, the Contracting Officer will notify the Offeror, providing the reasons why its proposed resolution is not considered acceptable and allow the Offeror a reasonable opportunity to respond before making a final decision on the organizational conflict of interest. •(d) Representation. By submission of its offer, the Offeror represents, to the best of its knowledge and belief, that - •1) there are no relevant facts that could give rise to an OCI, as defined in FAR Part 2; or •2) the Offeror has disclosed all relevant information regarding any actual or potential conflicts of interest. •(e) Termination for default. If the successful Offeror was aware, or should have been aware, of an OCI before award of this contract and did not fully disclose that conflict to the Contracting Officer, the Government may terminate the contract for default. •(f) Waiver. The agency reserves the right to waive the requirements of FAR 9.5, in accordance with FAR 9.503 DISCLOSURE OF ORGANIZATIONAL CONFLICT OF INTEREST AFTER CONTRACT AWARD (a) If the Contractor identifies an actual or potential organizational conflict of interest that has not already been adequately disclosed and resolved (or waived in accordance with FAR 9.503), the Contractor shall make a prompt and full disclosure in writing to the Contracting Officer. This disclosure shall include a description of the action the Contractor has taken or proposes to take in order or resolve the conflict. This reporting requirement also includes subcontractors' actual or potential organizational conflicts of interest not adequately disclosed and resolved prior to award. (b) Mitigation plan. If there is a mitigation plan in the contract, the Contractor shall periodically update the plan, based on changes such as changes to the legal entity, the overall structure of the organization, subcontractor arrangements, contractor management, ownership, ownership relationships, or modification of the work scope. LIMITATION OF FUTURE CONTRACTING (a) The Contracting Officer has determined that this acquisition may give rise to a potential organizational conflict of interest. Accordingly, the attention of prospective offerors is invited to FAR Subpart 9.5--Organizational Conflicts of Interest. (b) The Contracting Officer is unaware of any existing conflict. (c) The restrictions upon future contracting are as follows: (1) If the Contractor, under the terms of this contract, or through the performance of tasks pursuant to this contract, is required to develop specifications or statements of work that are to be incorporated into a solicitation, the Contractor shall be ineligible to perform the work described in that solicitation as a prime or first-tier subcontractor under an ensuing contract. This restriction shall remain in effect for a reasonable time, as agreed to by the Contracting Officer and the Contractor, sufficient to avoid unfair competitive advantage or potential bias (this time shall in no case be less than the duration of the initial production contract). The Government shall not unilaterally require the Contractor to prepare such specifications or statements of work under this contract. (2) To the extent that the work under this contract requires access to proprietary, business confidential, or financial data of other companies, and as long as these data remain proprietary or confidential, the Contractor shall protect these data from unauthorized use and disclosure and agrees not to use them to compete with those other companies. DLAD l 52.204-9000 Contractor Personnel Security Requirements. As prescribed in 4.1303-90, insert the following clause: CONTRACTOR PERSONNEL SECURITY REQUIREMENTS (MAR 2012) (a) Work to be performed under this contract or task order may, in full or in part, be performed at the Defense Logistics Agency (DLA) Headquarters (HQ) or other DLA field activity office(s), with physical access to a Federally-controlled facility. Prior to beginning work on a contract, DLA and its field activity offices require all contractor personnel working on the Federally-controlled facility to have a favorably adjudicated National Agency Check with Written Inquiries (NACI) or NACI equivalent. (b) Additionally, in accordance with Department of Defense (DoD) Regulation 5200.2-R, Personnel Security Programs, and DLA Issuance 4314, Personnel Security Program, all DoD Contractor personnel who have access to Federally-controlled information systems must be assigned to positions which are designated at one of three information technology (IT) levels, each requiring a certain level of investigation and clearance, as follows: (1) IT-I for an IT position requiring a Single Scope Background Investigation (SSBI) or SSBI equivalent; (2) IT-II for an IT position requiring a National Agency Check with Law and Credit (NACLC) or NACLC equivalent; and (3) IT-III for an IT position requiring a NACI or equivalent. Note: IT levels will be designated according to the criteria in DoD 5200.2-R. (c) Previously completed security investigations may be accepted by the Government in lieu of new investigations if determined by the DLA Intelligence Personnel Security Office to be essentially equivalent in scope to the contract requirements. The length of time elapsed since the previous investigation will also be considered in determining whether a new investigation is warranted. To assist the Government in making this determination, the Contractor must provide the following information to the respective DLA Personnel Security Office immediately upon receipt of the contract. This information must be provided for each Contractor employee who will perform work on a Federally-controlled facility and/or will require access to Federally-controlled information systems: (1) Full name, with middle name, as applicable, with social security number; (2) Citizenship status with date and place of birth; (3) Proof of the individual's favorably adjudicated background investigation or NACI, consisting of identification of the type of investigation performed, date of the favorable adjudication, and name of the agency that performed the investigation; (4) Company name, address, phone and fax numbers with email address; (5) Location of on-site workstation or phone number if off-site (if known by the time of award); and (6) Delivery order or contract number and expiration date; and name of the Contracting Officer. (d) The Contracting Officer will ensure that the contractor is notified as soon as a determination is made by the assigned or cognizant DLA Personnel Security Office regarding acceptance of the previous investigation and clearance level. (1) If a new investigation is deemed necessary, the Contractor and Contracting Officer will be notified by the respective DLA Personnel Security Office after appropriate checks in DoD databases have been made. (2) If the Contractor employee requires access to classified information and currently does not have the appropriate clearance level and/or an active security clearance, the DLA Personnel Security Office will relay this information to the Contractor and Contracting Officer for further action. (3) The Contracting Officer will ensure that the respective DLA Personnel Security Office initiates the investigation for the required clearance level(s) of the Contractor personnel. (4) It is the Contractor's responsibility to ensure that adequate information is provided and that each Contractor employee completes the appropriate paperwork, as required either by the Contracting Officer or the DLA Personnel Security Office, in order to begin the investigation process for the required clearance level. (e) The Contractor is responsible for ensuring that each Contractor employee assigned to the position has the appropriate security clearance level. (f) The Contractor shall submit each request for IT access and investigation through the contracting officer to the assigned or cognizant DLA Personnel Security Office. Requests shall include the following information and/or documentation: (1) Standard Form (SF) 85, Questionnaire for Non-Sensitive Positions, or the SF 86, Questionnaire for National Security Positions (see note below); (2) Proof of citizenship (i.e., an original or a certified copy of a birth certificate, passport, or naturalization certificate); and (3) Form FD-258, fingerprint card (however, fingerprinting can be performed by the cognizant DLA Personnel Security Office). (Note to (f)(1) above: An investigation request is facilitated through use of the SF 85 or the SF 86. These forms with instructions as well as the Optional Form (OF) 306, Declaration for Federal Employment, which is required with submission of the SF85 or SF 86, are available at the Office of Personnel Management's (OPM) system called Electronic -Questionnaires for Investigations Processing (e-QIP). Hard copies of the SF85 and SF86 are available at OPM's web-site, www.opm.gov, but hard copies of the forms are not accepted.) (g) Required documentation, listed above in paragraphs (f) (1) through (3), must be provided by the Contractor as directed by the Contracting Officer to the cognizant DLA Personnel Security Office at the time of fingerprinting or prior to the DLA Security Office releasing the investigation to the Office of Personnel Management. (h) Upon completion of the NACI, NACLC, SSBI, or other sufficient, appropriate investigation, the results of the investigation will be forwarded by the office performing the investigation to either the appropriate adjudication facility for eligibility determination or the DLA Intelligence Security Division for review and determination regarding the applicant's suitability to occupy an unescorted entry position in performance of the DLA contract. Contractor personnel shall not commence work on this effort until the investigation has been favorably adjudicated or has been waived into the position pending completion of adjudication. The DLA Intelligence Personnel Security Office will ensure that results of investigations will be sent by the office performing the investigation to the Defense Industrial Security Clearance Office (DISCO) or DLA Intelligence Personnel Security Office. (i) A waiver for an IT-I or IT-II position to allow assignment of an individual Contractor employee to commence work prior to completion of the investigation may be granted in emergency situations when it is determined that a delay would be harmful to national security. A request for waiver will be considered only after the Government is in receipt of the individual Contractor employee's completed forms. The request for a waiver must be approved by the Commander/Director or an authorized representative of the site. The cognizant DLA Personnel Security Office reserves the right to determine whether a waiver request will be forwarded for processing, however, there will be no waiver for an IT-III position. The individual Contractor employee for which the waiver is being requested may not be assigned to a position, that is, physically work at the Federally-controlled facility and/or be granted access to Federally-controlled information systems, until the waiver has been approved. (j) The requirements of this clause apply to the prime Contractor and any subcontractors the prime Contractor may employ during the course of this contract, as well as any temporary employees that may be hired by the Contractor. The Government retains the right to request removal of Contractor personnel, regardless of prior clearance or adjudication status whose actions, while assigned to this contract, who are determined by the Contracting Officer to conflict with the interests of the Government. If such removal occurs, the Contractor shall assign qualified personnel, with the required investigation, to any vacancy. (k) All Contractor personnel who are granted access to Government and/or Federally-controlled information systems shall observe all local automated information system (AIS) security policies and procedures as provided by the DLA site Information Systems Security Officer. Violations of local AIS security policy, such as password sharing, performing personal work, file access violations, or browsing files outside the scope of the contract, will result in removal of the Contractor employee from Government property and referral to the Contractor for appropriate disciplinary action. Actions taken by the Contractor in response to a violation will be evaluated and will be reflected in the Contractor's performance assessment for use in making future source selection decisions. In addition, based on the nature and extent of any violations of AIS security policy, the Government will consider whether it needs to pursue any other actions under the contract such as a possible termination. (l) The Contractor is also required to obtain a common access card (CAC) for each contractor employee in accordance with procedures established at the DLA HQ or field activity office. When a CAC is required, the Contracting Officer will ensure that the contractor follows the requirements of Homeland Security Presidential Directive 12. (m) Contractor personnel must additionally receive operations security (OPSEC) and information security (INFOSEC) awareness training. The DLA annual OPSEC refresher training and DLA annual INFOSEC training will satisfy these requirements and are available through the DLA Intelligence Office. (n) When a Contractor employee who has been granted a clearance is removed from the contract, the Contractor shall provide an appropriately trained substitute who has met or will meet the investigative requirements of this clause. The substitute may not begin work on the contract without written documentation, signed by the Contracting Officer, stating that the new Contractor employee has met one of the criteria set forth in paragraphs (c), (d), or (i) of this clause, (i.e., acceptance of a previously completed security investigation, satisfactory completion of a new investigation, or a waiver allowing work to begin pending completion of an investigation). Contractor individual employees removed from this contract as a result of a violation of local AIS security policy are removed for the duration of the contract. (o) The Contractor shall notify the contracting officer in writing, within 12 hours, when a Contractor employee working on this contract resigns, is reassigned, terminated or no longer requires admittance to the Federally-controlled facility or access to Federally-controlled information systems. When the Contractor employee departs, the Contractor will relay departure information to the cognizant DLA Security Office so appropriate databases can be updated. The Contractor will ensure each departed employee has completed the DLA J6 Out-Processing Checklist, when applicable, for the necessary security briefing, has returned any Government-furnished equipment, returned the DoD CAC and DLA (or equivalent) badge, returned any DoD or DLA vehicle decal, and requested deletion of local area network account with a prepared Department of Defense (DD) form 2875. The Contractor will be responsible for any costs involved for failure to complete the out-processing, including recovery of Government property and investigation involved. (p) These Contractor security requirements do not excuse the Contractor from meeting the delivery schedule set forth in the contract, or waive the delivery schedule in any way. The Contractor shall meet the required delivery schedule unless the contracting officer grants a waiver or extension. (q) The Contractor shall not bill for personnel, who are not working on the contract while that Contractor employee's clearance investigation is pending. DLAD 52.215-9023 - Reverse Auction (Nov 2011) The Contracting Officer may utilize on-line reverse auctioning as a means of conducting price discussions under this solicitation. If the Contracting Officer does not conduct a reverse auction, award may be made on the basis of initial offers or following discussions not using reverse auctioning as a pricing technique. If the Contracting Officer decides to use on-line reverse auctioning to conduct price negotiations, the Contracting Officer will notify offerors of this decision and the following provisions will apply. (a) The award decision will be made in accordance with the evaluation factors as set forth in the solicitation. The reverse on-line auction will be used as a pricing technique during discussions to establish the final offered prices from each offeror. These prices will be used in conjunction with the evaluation factors stated elsewhere in the solicitation in order to make the award decision in accordance with the basis for award stated in the solicitation. (b) Following the decision to conduct discussions using on-line reverse auctioning as a pricing technique, the Contracting Officer or his/her representative will provide offerors determined to be in the competitive range with information concerning the on-line auction process. The Government intends to use a commercial web-based product to conduct the reverse auction. (c) Prior to or simultaneously with conducting the on-line reverse auction, the Contracting Officer may hold discussions with the offerors concerning matters appropriate for discussion, such as issues involving technical proposals or unbalanced pricing. (d) The lowest offeror's price(s) for each round of the reverse auction will be disclosed to other offerors and anyone else having authorized access to the on-line auction. This disclosure is anonymous, meaning that each offeror's identity will be concealed from other offerors (although it will be known to the Government; only a generic identifier will be used for each offeror's proposed pricing, such as "Offeror A" or "lowest-priced offeror"). By submitting a proposal in response to the solicitation, offerors agree to participate in the reverse auction and that their prices may be disclosed, including to other offerors, during the reverse auction. (e) An offeror's final auction price at the close of the reverse auction will be considered its final proposal revision. No price revisions will be accepted after the close of the reverse auction, unless the Contracting Officer decides that further discussions are needed and final proposal revisions are again requested in accordance with Federal Acquisition Regulation (FAR) 15.307. (f) The following information is provided regarding the procedures to be followed if a reverse auction is conducted. (1) Each offeror identified by the Contracting Officer as a participant in the reverse auction will be contacted by Defense Logistic Agency's commercial reverse auction service provider to advise the offeror of the event and to provide an explanation of the process. (2) In order for an Offeror to participate in the reverse auction, such offeror must agree with terms and conditions of the entire solicitation, including this provision, and agree to the commercial reverse auction service provider's terms and conditions for using its service. Information concerning the reverse auction process and the commercial service provider's terms and conditions is available at [https://govauctions.sourcing.procuri.com]. (3) Offerors shall secure the passwords and other confidential materials provided by the commercial reverse auction service provider or the Government and ensure they are used only for purposes of participation in the reverse auction. Offerors shall keep their own and other offerors' pricing in confidence until after contract award. (4) Any offeror unable to enter pricing through the commercial reverse auction service provider's system during a reverse auction must notify the Contracting Officer or designated representative [insert name and contact information for designated representative] immediately. The Contracting Officer may, at his/her sole discretion, extend or re-open the reverse auction if the reason for the offeror's inability to enter pricing is determined to be without fault on the part of the offeror and outside the offeror's control. (5) The reverse auction will be conducted using the commercial reverse auction service provider's website: [ https://govauctions.sourcing.procuri.com]. Offerors shall be responsible for providing their own computer and Internet connection. (6) Training: (i) The commercial reverse auction service provider and/or a Government representative will provide familiarization training to offerors' employees; this training may be provided through written material, the commercial reverse auction service provider's website, and/or other means. (ii) An employee of an offeror who successfully completes the training shall be designated as a 'trained offeror.' Only trained offerors may participate in a reverse auction. The Contracting Officer reserves the right to request that offerors provide an alternate offeror employee to become a 'trained offeror.' The Contracting Officer also reserves the right to take away the 'trained offeror' designation from any trained offeror who fails to abide by the solicitation's or commercial reverse auction service provider's terms and conditions. •(vii) The FAR clause, 52.212-5, Contract Terms and Conditions Required To Implement Statutes Or Executive Orders - Commercial Items and DFARS 252.212-7001, applies to this acquisition and the following addenda are added. (a) The contractor shall comply with the following Federal Acquisition Regulations (FAR) clauses, which are incorporated in this contract by reference, to implement provisions of law or Executive orders applicable to acquisitions of commercial items: (1) 52.222-50, Combating Trafficking in Persons (FEB 2009) (22 U.S.C. 7104(g)). __ X __ Alternate I (AUG 2007) of 52.222-50 (22 U.S.C. 7104(g)). (2) 52.233-3, Protest After Award (AUG 1996) (31 U.S.C. 3553). (3) 52.233-4, Applicable Law for Breach of Contract Claim (OCT 2004) (Pub. L. 108-77, 108-78). (b) The Contractor shall comply with the FAR clauses in this paragraph (b) that the contracting officer has indicated as being incorporated in this contract by reference to implement provisions of law or Executive orders applicable to acquisitions of commercial items: _ X __ (1) 52.203-6, Restrictions on Subcontractor Sales to the Government (Sept 2006), with Alternate I (Oct 1995) (41 U.S.C. 253g and 10 U.S.C. 2402). _X__ (14) 52.219-8, Utilization of Small Business Concerns (Jan 2011) (15 U.S.C. 637(d)(2) and (3)). _X_ (15) (i) 52.219-9, Small Business Subcontracting Plan (Jan 2011) (15 U.S.C. 637 (d)(4).) _X__ (23) 52.219-28, Post Award Small Business Program Representation (Apr 2012) (15 U.S.C. 632(a)(2)). _X__ (26) 52.222-3, Convict Labor (June 2003) (E.O. 11755). __X_ (27) 52.222-19, Child Labor-Cooperation with Authorities and Remedies (Mar 2012) (E.O. 13126). _X__ (28) 52.222-21, Prohibition of Segregated Facilities (Feb 1999). _X__ (29) 52.222-26, Equal Opportunity (Mar 2007) (E.O. 11246). __X_ (30) 52.222-35, Equal Opportunity for Veterans (Sep 2010) (38 U.S.C. 4212). __X_ (31) 52.222-36, Affirmative Action for Workers with Disabilities (Oct 2010) (29 U.S.C. 793). _X__ (32) 52.222-37, Employment Reports on Veterans (Sep 2010) (38 U.S.C. 4212). _X__ (33) 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) (E.O. 13496). _X__ (34) 52.222-54, Employment Eligibility Verification (Jan 2009). (Executive Order 12989). (Not applicable to the acquisition of commercially available off-the-shelf items or certain other types of commercial items as prescribed in 22.1803.) _X__ (47) 52.232-33, Payment by Electronic Funds Transfer-Central Contractor Registration (Oct. 2003) (31 U.S.C. 3332). (c) The Contractor shall comply with the FAR clauses in this paragraph (c), applicable to commercial services, that the Contracting Officer has indicated as being incorporated in this contract by reference to implement provisions of law or executive orders applicable to acquisitions of commercial items: __X_ (1) 52.222-41, Service Contract Act of 1965 (Nov 2007) (41 U.S.C. 351, et seq. ). _X__ (4) 52.222-44, Fair Labor Standards Act and Service Contract Act -- Price Adjustment (Sep 2009) (29 U.S.C. 206 and 41 U.S.C. 351, et seq. ). (d) Comptroller General Examination of Record - The Contractor shall comply with the provisions of this paragraph (d) if this contract was awarded using other than sealed bid, is in excess of simplified acquisition threshold, and does not contain the clause at 52.215-2, Audit and Records - Negotiations. (1) The Comptroller General of the United States, or an authorized representative of the Comptroller General, shall have access to and right to examine any of the Contractor's directly pertinent records involving transactions related to this contract. (2) The Contractor shall make available at its offices at all reasonable times the records, materials, and other evidence for examination, audit, or reproduction, until 3 years after final payment under this contract or for any shorter period specified in FAR Subpart 4.7, Contractor Records Retention, of the other clauses of this contract. If this contract is completely or partially terminated, the records relating to the work terminated shall be made available for 3 years after any resulting final termination settlement. Records relating to appeals under the disputes clause or to litigation or the settlement of claims arising under or relating to this contract shall be made available until such appeals, litigation, or claims are finally resolved. (3) As used in this clause, records include books, documents, accounting procedures and practices, and other data, regardless of type and regardless of form. This does not require the Contractor to create or maintain any record that the Contractor does not maintain in the ordinary course of business or pursuant to a provision of law. (e) (1) Notwithstanding the requirements of the clauses in paragraphs (a), (b), (c) and (d) of this clause, the Contractor is not required to flow down any FAR clause, other than those in this paragraph (e)(1) in a subcontract for commercial items. Unless otherwise indicated below, the extent of the flow down shall be as required by the clause- (i) 52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010) (Pub. L. 110-252, Title VI, Chapter 1 (41 U.S.C. 251 note)). (ii) 52.219-8, Utilization of Small Business Concerns (Dec 2010) (15 U.S.C. 637(d)(2) and (3)), in all subcontracts that offer further subcontracting opportunities. If the subcontract (except subcontracts to small business concerns) exceeds $650,000 ($1.5 million for construction of any public facility), the subcontractor must include 52.219-8 in lower tier subcontracts that offer subcontracting opportunities. (iii) [Reserved] (iv) 52.222-26, Equal Opportunity (Mar 2007) (E.O. 11246). (v) 52.222-35, Equal Opportunity for Veterans (Sep 2010) (38 U.S.C. 4212). (vi) 52.222-36, Affirmative Action for Workers with Disabilities (Oct 2010) (29 U.S.C. 793). (vii) 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) (E.O. 13496). Flow down required in accordance with paragraph (f) of FAR clause 52.222-40. (viii) 52.222-41, Service Contract Act of 1965, (Nov 2007), (41 U.S.C. 351, et seq.) (ix) 52.222-50, Combating Trafficking in Persons (Feb 2009) (22 U.S.C. 7104(g)). ___ Alternate I (Aug 2007) of 52.222-50 (22 U.S.C. 7104(g)). (x) 52.222-51, Exemption from Application of the Service Contract Act to Contracts for Maintenance, Calibration, or Repair of Certain Equipment--Requirements (Nov 2007) (41 U.S.C. 351, et seq.) (xi) 52.222-53, Exemption from Application of the Service Contract Act to Contracts for Certain Services--Requirements (Feb 2009) (41 U.S.C. 351, et seq. ) (xii) 52.222-54, Employment Eligibility Verification (Jan 2009). (xiii) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations. (Mar 2009) (Pub. L. 110-247). Flow down required in accordance with paragraph (e) of FAR clause 52.226-6. (xiv) 52.247-64, Preference for Privately-Owned U.S. Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx 1241(b) and 10 U.S.C. 2631). Flow down required in accordance with paragraph (d) of FAR clause 52.247-64. (2) While not required, the contractor may include in its subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligations. DFARS 252.212-7001 Contract Terms and Conditions Required to Implement Statutes or Executive Orders Applicable to Defense Acquisitions of Commercial Items. (b) The Contractor agrees to comply with any clause that is checked on the following list of Defense FAR Supplement clauses which, if checked, is included in this contract by reference to implement provisions of law or Executive orders applicable to acquisitions of commercial items or components. (4) __X__ 252.219-7003, Small Business Subcontracting Plan (DoD Contracts) (SEP 2011) (15 U.S.C. 637). (21) __X__ 252.227-7015, Technical Data-Commercial Items (DEC 2011) (10 U.S.C. 2320). (23) __X__ 252.232-7003, Electronic Submission of Payment Requests and Receiving Reports (MAR 2008) (10 U.S.C. 2227). •(viii) Additional contract requirements or terms and conditions necessary for this acquisition and consistent with customary commercial practices. SECURITY AND PRIVACY ACT REQUIREMENTS All personnel will be required to obtain a Common Access Card (CAC). Contractor personnel must obtain a functioning CAC and current building badge that will provide access to the government's facility. The CAC will allow the holder to log onto the Local Area Network (LAN), access Public Key Infrastructure (PKI)-enabled websites, access.mil email, and send/receive digitally signed and encrypted emails. The CAC is not considered to be a badge. All contractor personnel requiring access to the Government work spaces will complete a National Agency Check (NAC). If an emergency situation exists, and the contractor requires access to the Government work space in advance of completing the NAC, the contractor employee may begin work with a waiver from the Task Manager. Completion of submission requirement for the NAC is required for waiver approval. All contractors shall be required to possess an Information Technology (IT) Level II Clearance at the time of proposal submission, or know of no impediments to receiving the clearance. Access to classified information will not be required for work performed under this PWS. The contractor shall appropriately safeguard FOUO information from public disclosure and shall use the FOUO material only for contract performance. SECTION 508 COMPLIANCE All development of Electronic and Information Technology products or services shall be compliant with Section 508 as imposed by 36 CFR 1194. Solutions implemented by the Contractor shall comply with the DLA One-Book DLA Directive (DLAD) 5025.30. When directed by the Government, the EC SI Contractor shall assist the Government in performing an assessment of EC to determine compliance with Section 508 and provide results to the Government. The EC SI Contractor shall assist the Government in developing a plan to meet these requirements or requesting appropriate exceptions. The EC SI Contractor shall support the Government in its compliance with Section 508 throughout the development and implementation of the work to be performed. Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. 794d) requires that when Federal agencies, develop, procure, maintain, or use electronic information technology, Federal employees with disabilities have access to and use of information and data that is comparable to the access and use by Federal employees who do not have disabilities, unless an undue burden would imposed on the agency. Section 508 also requires that individuals with disabilities, who are members of the public seeking information or services from a Federal agency, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency. Additional information on Section 508 can be found at: http://www.section508.gov/index.cfm?FuseAction=Content&ID=12 Section 508 Technical Standards and their reference numbers are as follows: 1194.21 Software applications and operating systems. 1194.22 Web-based intranet and internet information and applications. 1194.23 Telecommunications products. 1194.24 Video and multimedia products. 1194.25 Self contained, closed products. 1194.26 Desktop and portable computers. 1194.31 Functional Performance Criteria -- Solicitations for EIT should always refer to functional performance criteria, according to 36 CFR part 1194 Subpart C applied to all E&IT acquisition deliverables. 1194.41 Information, Documentation and Support -- Solicitations for EIT must identify whether or not information, documentation, and support requirements apply, according to 36 CFR part 1194 Subpart D applied to support documentation and services provided by agencies to end users of the acquired EIT. GSA's Guidance on Creating 508-Compliant IT Solicitations: http://buyaccessible.net/blog/wp-content/uploads/2011/01/Guidance-on-Creating-508Compliant-IT-Solicitations.pdf The U.S. Access Board's Standards for Accessibility: http://www.section508.gov/index.cfm?fuseAction=stdsdoc The Buy Accessible Wizard: https://app.buyaccessible.gov/baw/ •(ix) A Defense Priorities and Allocations System (DPAS) rating is not necessary for this requirement. Offer Due Date/Local Time: 2012, by 3:00 PM Eastern Time. Please mail hard copies (see page 15 for submission instructions) to the DLA Troop Support Business Opportunities Office at: DLA Troop Support Post Office Box 56667 Philadelphia, PA 19111-6667 Hand carried proposals should be delivered to: DLA Troop Support Business Opportunities Office Building 36, 2 nd Floor 700 Robbins Ave. Philadelphia, PA 19111-5092 Additionally, please forward a courtesy copy of your offer via email to Terry.Schoen@dla.mill. Note: Facsimile offers are not acceptable forms of transmission for submission of initial proposals or revisions to initial proposals submitted in response to this solicitation. As directed by the Contracting Officer, facsimile may be used during discussions/negotiations, if discussions/negotiations are held, for proposal revision(s), including Final Proposal revision(s). •(x) For questions or concerns regarding this solicitation, please contact Terry Schoen at Terry.Schoen@DLA.MIL 215-737-6117. Email is the preferred method of communication. •(17) Place of Contract Performance: DLA Headquarters 8725 John J Kingman Blvd Ft Belvoir, VA 22260-0221 •(18) Set-aside Status: 100% Small Business Set Aside
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/DLA/J3/DSCP-PB/SP4701-12-R-0029/listing.html)
 

Place of Performance

Address: See Solicitation, United States
 

Record

SN02870849-W 20120908/120907000616-85dc79867ca8335bc17f92a21b9607e5 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |