Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF OCTOBER 19, 2018 FBO #6174
DOCUMENT

R -- Secure Document Destruction Services - Attachment

Notice Date
10/17/2018
 
Notice Type
Attachment
 
NAICS
561210 — Facilities Support Services
 
Contracting Office
Department of Veterans Affairs;Network Contracting Office 20;1495 Wilmington Drive, Suite 360;DuPont WA 98327
 
ZIP Code
98327
 
Solicitation Number
36C26019Q0017
 
Response Due
10/23/2018
 
Archive Date
10/28/2018
 
Point of Contact
Laura Davis, laura.davis5@va.gov
 
E-Mail Address
laura.davis5@va.gov
(laura.davis5@va.gov)
 
Small Business Set-Aside
N/A
 
Description
THIS IS A SOURCES SOUGHT NOTICE ONLY. This is not a solicitation for bids, proposals, proposal abstracts, or quotations. The purpose of this Sources Sought Notice is to obtain information regarding the availability and capability of all qualified sources to perform a potential requirement. The responses received from interested contractors will assist the Government in determining the appropriate acquisition method. The Department of Veterans Affairs (VA), Network Contracting Office (NCO) 20, is conducting market research to identify potential sources which can provide the services as listed below. Small businesses must comply with FAR 52.219-14 Limitations on Subcontracting. Potential candidates having the capabilities necessary to provide the below stated services are invited to respond to this Sources Sought Notice via e-mail to Laura Davis at laura.davis5@va.gov no later than October 23, 2018 6AM PDT. No telephone inquiries will be accepted. RESPONSES SHOULD INCLUDE THE FOLLOWING INFORMATION: company name, address, and business size; point of contact name, phone number, and e-mail address information regarding the ability to provide these services either via Open market or FSS/GSA contract. NAICS Code 561210 is applicable to determine business size standard. Any questions or concerns may also be directed to Laura Davis via e-mail. Disclaimer and Important Notes: This Sources Sought Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. The Government will treat any information received as proprietary and will not share such information with other companies. Any organization responding to this Sources Sought Notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization's qualifications to perform the work. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. The Government may or may not issue a solicitation as a result of this announcement. There is no solicitation available at this time. Document Destruction Services for various Alaska VA Medical Center/CBOC: The contractor shall provide all labor, personnel, equipment, supplies, secured vehicles, materials, supervision and other related services necessary to provide on-site commercial document destruction services for the Alaska VA Healthcare System, CBOC s and administrative facilities in accordance with VA regulations listed in Section 20 of the Statement of Work. 1. Main Clinic -1201 North Muldoon, Anchorage, AK 99504 2. Domiciliary - 3001 C Street, Anchorage, AK 99503 3. JBER Bldg. 604, 604 Richardson Drive, JBER, AK 99506 4. Matsu CBOC 865 N. Seward Meridian Parkway, Suite 105, Wasilla, AK 99654 5. Juneau CBOC 709 W. 9th Street, Suite 150, Juneau, AK 6. Kenai CBOC 11312 Kenai Spur Highway, Suite 39, Kenai, AK 99611 No guarantees are made as to the estimated pick-up and delivery frequencies or volumes, or the quantities of bulk containers. The estimate information provided in the scope of work is based on historical data. The locations for the bulk containers are subject to change by the Government. The Government shall notify the contractor of location changes within five working days of any changes. GREEN ENVIRONMENTAL MANAGEMENT SYSTEM (GEMS) VISN 20 VA Medical Centers have a Green Environmental Management System (GEMS). The Medical Center is committed to protecting and improving the environment. Our goals are: Taking a leadership role in environmental stewardship by providing a clean and safe environment in our community Conserving natural resources and supporting their sustainability by upgrading our environmental systems Reducing the use of hazardous products and the generation of wastes Purchasing renewable, reusable, recyclable and recycled products Working to constantly improve the immediate and long term environmental impacts of the products, services and processes used by the Alaska VA Healthcare System. The Contractor will follow the GEMS guidelines provided by the Medical Center GEMS coordinator. SCOPE OF WORK The Contractor shall provide both onsite interim document destruction and final destruction services, to ensure to meet the standard of the record is not readable or reconstruct able. for Government provided documents containing classified, sensitive, confidential, and medical records within the Alaska VA Healthcare System. The contractor shall provide secured lockable collection containers in a variety of sizes and quantities specific to each designated location throughout the hospital, clinic or facility for collection and storage of confidential documents until such time the shredding takes place. (1) Containers shall be available in the following sizes: (a) Small approximately 10 to 15 gallons, 20 to 25-pound capacity, suitable for desk side, (b) Medium approximately 25 to 32 gallons, 75 to 80-pound capacity, (c) Large approximately 90 to 100 gallons, 250 pounds plus capacity. (2) Containers shall have locking mechanisms that are keyed alike with a master key that will open all containers. A total of ten (15) master keys will be provided to the point of contact (POC) (3) Numbers of containers provided and frequency of collection/shredding are listed in the table below: AVAHS Location Frequency Small Medium large a. 1201 North Muldoon Road, Anchorage, AK 1 time per every other week 10 52 14 b. VA Domiciliary 1 time per every other week 20 c. 604 Richardson Drive, JBER, AK 99506 Once a month 12 d. Matsu CBOC 10 e. Juneau CBOC Once a month 6 f. Kenai CBOC Changes to quantities at each facility may change during the course of the contract to accommodate remodeling, construction or expansion of current VA facilities. (4) The Government reserves the right to modify the contract as needed to increase or decrease numbers of containers, as required due to changes in needs of the facilities. (5) Specific room locations within each facility will be provided at the orientation/walkthrough, prior to contract start. b. The contractor shall ensure: (1) That any container used to transport documents from the indoor containers to the shredding location is locked and attended at all times while being moved. (2) The task of document destruction for all containers is conducted from start to finish on-site at each facility on the scheduled service day. c. The contractor shall provide: (1) Sufficient labor and equipment necessary to transport the collected documents from the indoor designated container locations to an outdoor designated location where shredding will take place. (2) Sufficient labor and sufficient mobile shredding vehicles capable of performing on-site shredding and destruction of approximately 400,000 to 500,000 pounds of confidential documents per year utilizing mobile shredding vehicles at government facilities where the confidential documents are collected. (3) The contractor shall provide equipment that has the capability of shredding large volumes of documents per hour to reduce the time the contractor s equipment utilizes government facilities limited parking spaces. (4) Equipment that is capable of shredding large volumes of documents per hour that will produce crosscut shred articles within a 1 x 5 millimeter, pulped for recycling and provides a certificate of destruction per the National Association of Information Destruction (NAID) standards for mobile units. Contractor will provide a Certificate of Destruction at the completion of shredding. Information will include: Company Name: Location: Date: Type of Service: Scheduled / Unscheduled Number of Containers Shredded: Start Time: Finish Time: Total Weight Shredded: Comments: Contractor representative: Date: VA representative: Date: Existing contractor certification of destruction can be used if it contains the above information. (5) Sufficient labor, equipment and transportation necessary to transport the shredded materials in locked vehicles to paper mills for pulping and recycling. (6) A written schedule of the days and times service will be performed at each facility. The contractor shall perform services on day agreed upon by both VA facility point of contact (POC) and the contractor. Strict adherence to the schedule is expected. Any changes to the schedule shall be approved in advance by the POC. (7) A contingency plan for instances where: (a) Equipment malfunction occurs during the shredding process (b) When a mobile shredding vehicle breaks down en-route to a VA location for scheduled services or en-route to a pulping and recycling site. (c) Equipment malfunction on VA property results in release of some type of hazardous waste (i.e. hydraulic oil, diesel fuel, etc.) d. All shredding shall be witnessed by a contractor employee authorized to witness destruction of confidential documents or a VA government employee authorized to witness destruction of confidential documents. The authorized witness shall complete a certificate of destruction at the completion of each shredding/destruction service. e. All shredding shall be performed in accordance with Department of Veterans Affairs handbook 6300, records and information management, referenced in paragraph 7 below. f. Upon arrival at each facility, the contractor shall report to the meeting location designated by the POC prior to performance of scheduled pick-up/shredding service. DAYS AND HOURS OF OPERATION Monday Friday, 8:00 am 4:30 pm, excluding Federal holidays (New Year s Day, Martin Luther King Jr. Day, President s Day, Memorial Day, Fourth of July, Labor Day, Columbus Day, Veteran s Day, Thanksgiving Day, Christmas Day) INTERMITTENT/EMERGENCY ORDERS In the event that additional onsite shredding is needed, the contractor shall be available within 48 hours notice to respond for unscheduled service and prices shall be in accordance with the location fee that is listed in the contract schedule. CONTROL OF SECURITY WASTE The Contractor shall be responsible for management, oversight, security, and control of all classified, sensitive, confidential documents and documents containing medical records stored in the locked containers, prior to and until completion of shredding or destruction of the documents. DOCUMENT DESTRUCTION The contractor must carry out destruction in accordance with VA Directive 6371 appendix A or be certified by the National Association for Information Destruction (NAID). SECURITY WASTE COLLECTION CONTAINERS The contractor shall deliver the required number of secured lockable collection containers in a variety of sizes and quantities specific to each designated location throughout the clinic or facility CBOCs for collection and storage of confidential documents until such time the shredding takes The containers shall be placed at the designated locations directed by the POC and tracked by location, bin number, and room number. The containers shall be kept locked at all times. The contractor shall provide two sets of keys for each bulk container. One set of keys shall remain in the possession of the contractor or his employees at all times while at the Government site. The second set of keys shall be provided to the medical facility s POC. The Contractor is responsible for maintaining all bulk containers in a clean, safe, damage free, and odor-free condition. CERTIFICATION OF DESTRUCTION The Contractor shall prepare and submit to the medical facility s POC an original signed Certificate of Destruction the interim destruction conducted at each pick up for each site within three (3) working days of each pick up. The contractor shall maintain proper records concerning each Certificate of Destruction issued. The Certificate of Destruction shall as a minimum contain the following: Pick-up/Delivery Location Pick-up/Delivery Date Name of Government POC at Pick-up Location Amount of shredded waste (number and type of containers picked up and pounds shredded) Destruction Certification Document Number Destruction Certification Date Any other information as determined necessary by the Information Security Officer The VA will delegate the final destruction to the NAID vendor contractor employee, however a certificate of final destruction shall be required within 30 days of the original pickup. ACTIVITY LOGS/REPORTS The Contractor shall maintain an Activity Log of shredding/destruction services accomplished at each site. One copy of the Activity Log shall be provided to the facility POC after all documents have been shredded. CONTRACTOR PERSONNEL The Contractor shall provide qualified employees. The Contractor shall be required to comply with all VA security requirements. The Contractor shall be responsible for coordinating with the facility POC and providing all information required of employees for performance of work. All security requirements must be met and employees cleared prior to the contractor performing work under the contract. Employees that cannot meet the security and clearance requirements shall not be allowed to perform work under this contract. A VA employee shall be designated to escort the contractor to all areas until all documents are shredded to the proper dimension. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS: a. Contractor employees shall be pre-authorized to witness destruction of confidential documents, i.e. Low-Level Background investigations (See Section 9.0, special requirements). b. Contractor employees found reading any of the VA materials/documents shall be promptly POC involved shall not be allowed to return for any future document destruction services. c. The contractor shall adhere to the VA policies applicable to all record destruction as outlines in handbook 6300. These guidelines are designed to protect sensitive and private information from being disclosed to unauthorized parties and adhere to the Privacy Act and the HIPPA Privacy Rules and regulations. Examples of sensitive information include but are not limited to: individually identifiable medical, benefits, and personal information; financial, budgetary, research, quality assurance, confidential commercial, critical infrastructure, investigatory and law enforcement information. d. Subject to criminal prosecution, contractor employees shall comply with all manner of confidentiality when engaging in the destruction of any and all Department of Veterans Affairs records. e. Contractor employees shall wear a uniform with the company name and logo and wear a badge in plain view above the waist bearing the company name, logo and employee s name at all time they are on Department of Veterans Affairs property. Regularly assigned contractor employees will be required to complete the application process to receive a Department of Veterans Affairs Contractor Personnel Identification Verification (PIV) Card. f. The contractor shall maintain a current listing of employees performing services under this contract. The list shall include the employee s name, address, phone number, social security number, level of security and position. The list shall be validated and signed by the company facility security officer and provided to the contracting office and contracting officer s representative. An updated listing shall be provided when an employee s status or information changes. The contractor has 24 hours to inform the contracting office and POC that an employee s status has changed unless it is a pick-up day. On pick up days, the contractor shall immediately inform the POC. g. The contractor and employees shall comply with homeland Security Presidential Directive 12 (HSPD-12), NIST 800-53, Office of Management and Budget (OMB) guidance M-05-24, as amended, and Federal Information Processing Standards Publication (FIPS PUB) Number 201, as amended. Contractor and Staff shall comply with the Privacy Act, VA Security requirements and HIPPA. h. The contractor shall report to the contracting officer and the POC any information or circumstances which they are aware of that may pose a threat to the security of the Department of Veterans Affairs personnel, contractor employees, resources and classified and unclassified information. i. Contractor employees are prohibited from possessing weapons, firearms or ammunition, on themselves or their contractor-owned or privately-owned vehicle while on the property of the designated VA locations listed in paragraph 4. j. If the contracting officer finds it in the best interest of the Government, he/she may at any time during the performance of this contract order the contractor to remove any of his/her personnel from further performance under this contract for reasons of their moral character, unethical conduct, security reasons and violation of on-site building rules. In the event it is necessary to replace any contractor employee for any of the above reasons, all costs, including the costs of removal and replacement of the employee will be borne by the contractor. k. The contractor shall not hold any discussions or release any information relating to the contents of this contract to anyone not having a direct interest in the performance of this contract, without written consent of the contracting officer. All inquiries shall be directed to the VA Public Affairs Officer. m. The contractor shall not advertise information about projects performed for this contract without Government review and approval. Advertisement is considered but not limited to promotional brochures, posters, tradeshow handouts, web pages, magazines, newspapers and similar promotions. n. The contractor shall ensure the electronic access badge provide under this contract for building access is kept securely so as not to compromise building access. The contractor shall immediately report to the POC if the badge is lost. o. The contractor is required to comply with all security and personnel identification procedures at each facility. SPECIAL REQUIREMENTS All Contractor vehicles utilized in this contract shall be insured and maintain current state vehicle registration. All Contractor employees shall possess a valid State Driver s license and be insurable. The Contractor or his/her employees while performing under this contract shall use no personal vehicles. Contractor Registration: Contractor shall be a legally registered business in the state of Alaska. Contractor Vehicles: all vehicles used in the performance of this contract for the destruction of documents shall have the applicable government licensing and inspections for road worthiness on file. HIPAA Responsibility: Contractor agrees to comply with the requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Notwithstanding anything to the contrary in this contract, all individually identifiable health information shall be treated as confidential by the parties in accordance with all applicable federal, state, or local laws and regulations governing the confidentiality and privacy of individually identifiable health information, including but without limitation, HIPAA and any regulations and official guidance promulgated there under, and the parties agree to take such additional steps and/or to negotiate such amendments to this contract as may be required to ensure that the parties are and remain in compliance with the HIPAA regulations and official guidance. HIPAA Compliance Health Insurance Portability and Accountability Act of 1996: the successful contractor shall be required to be in compliance with HIPAA requirements and will be required to sign a Business Associate Agreement with the VA. A copy will be maintained in the contract file and with the Privacy Officer. Security Requirements: The contractor and their personnel shall be subject to the same Federal laws, regulations, standards, and VA policies as VA personnel, regarding information and information system security. These include, but are not limited to Federal Information Security Management Act (FISMA), Appendix III of OMB Circular-A-130, and guidance and standards, available from the Department of Commerce s National Institute of Standards and Technology (NIST). Contractor Employee Security and HIPAA Training: Contractor must certify that all employees working on this contract have received VA Information Security Awareness and VHA Privacy Policy Training. This training can be accessed on line through the VA Talent Management System found at https://www.tms.va.gov. Proof of training is required via printed certification of completion and must be provided to the POC. The POC will provide the details required for obtaining the VHA Privacy Policy Training. In accordance with VHA Directive 6500.6, Appendix D, Contractor Rules of Behavior, each contractor must read and sign the VA National Rules of Behavior prior to gaining any access to VA information and/or information systems. Contractors must initial and date each page of the copy of the VA National Rules of Behavior, they must also provide the information requested on the last page, sign and date it. These requirements will be maintained in a contractor employee file by the POC for each contractor employee working on the contract. QUALITY ASSURANCE The Government may inspect each task as completed or increase the number of quality control inspections if deemed appropriate because of repeated failures discovered during quality control inspections. Likewise, the Government may decrease the number of quality control inspections if performance dictates. The Government will also receive and investigate complaints from various customers located at the business locations. 15. SECURITY REQUIREMENTS The Contractor shall be responsible for adhering to the following statements as they relate to this contract.   The Alaska VA Healthcare System sites in coordination with their site Information Security Officer (ISO) shall monitor the work performed by contractor personnel, including sub-contractors, on a periodic basis to make sure contractor personnel are following the stated security requirements. 16. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS (1)   Position Sensitivity The position sensitivity has been designated as Moderate Risk. (2)  Background Investigation - The level of background investigation commensurate with the required level of access is Minimum Background Investigation. (b) Contractor Responsibilities ADMINSTRATION: a. Facility Orientation: An initial orientation of the facilities will be conducted by the POC at the start of the contract. The contractor shall be responsible for conducting orientation for new employees thereafter. b. Accident Reporting: In the event of an accident on Department of Veterans Affairs property or involving Government personnel or property, the contractor shall contact the VA police immediately. A report shall be provided to the CO and POC in writing that shall include the following: (1) The time and date of occurrence (2) The place of occurrence (3) A list of personnel directly involved (4) A narrative or description of the accident to include chronological order of the events and circumstances (5) Corrective action to prevent future occurrences POINT OF CONTACT: The contractor shall provide the name, email, and telephone number of an individual to act as his representative and be responsible for coordination of the contract with the Government. 17. Invoicing: VA published the final rule requiring vendors to submit invoices electronically to the Financial Services Center (FSC) in the November 27, 2012 Federal Register. The rule became effective December 27, 2012. The rule includes a new contract clause to be inserted in all solicitations and contracts by the contracting officer (VAAR 852.232-72). Vendors can comply with the rule by using either of the two methods below: 1. The FSC uses a third-party contractor, Tungsten Network, to transition vendors from paper to electronic invoice submission. For information on Tungsten Network electronic invoicing set-up, vendors should call 1-877-489-6135, or email VA.Registration@Tungsten-Network.com. Vendors are required to register with Tungsten Network and submit invoices electronically as a condition of acceptance of this contract or order. For questions please refer to: http://www.tungsten-network.com/us/en/veterans-affairs/ Submittal of invoices are to be through http://www.tungsten-network.com/us/en/ If the company elects for a Web Form Account: Step 1: They do not require a Registration Key unless provided to them directly through Email. Step 5: Their Companies Tax Payer ID Number (TIN) is Required for VA-FSC. Step 6: Remittance Address Details are Required to Transact to VA-FSC. Please use: Department of Veterans Affairs FMS-VA-2(101) Financial Services Center PO Box 149971 Austin TX 78714-9971 Step 8: The Department of Veterans Affairs Tungsten Number is: AAA544240062 The current account and transaction fees associated with the Tungsten services are paid by the VA-FSC. Free transaction code (s) are not required. 2. A system that conforms to the X12 electronic data interchange (EDI) format established by the Accredited Standards Center. For FSC e-Invoicing information, please call 1-877-353-9791 or email vafsccshd@va.gov. FSC and VA s Office of Acquisition, Logistics and Construction (OALC) will assist existing commercial vendors in migrating to the electronic process. Until the transition to electronic format is complete, FSC will continue to process paper invoices for commercial vendors. The FSC s electronic invoicing system provides a variety of flexible solutions for all vendor types, including small businesses, and does not require any vendor transaction fees. More information on the FSC electronic invoicing process can be found at http://www.fsc.va.gov/einvoice.asp. A properly prepared invoice will contain: Invoice Number and Date Contractor s Name and Address Accurate Purchase Order Number Supply or Service provided Itemization of pounds shredded and disposed of, by location Price per pound or per service, as applicable Dates of Service performed Location of Service Performed Total amount due A consolidated invoice will be submitted monthly for all locations serviced that month. RECORDS MANAGEMENT LANGUAGE FOR CONTRACTS The following standard items relate to records generated in executing the contract and should be included in a typical Electronic Information Systems (EIS) procurement contract: Citations to pertinent laws, codes and regulations such as 44 U.S.C chapters 21, 29, 31 and 33; Freedom of Information Act (5 U.S.C. 552); Privacy Act (5 U.S.C. 552a); 36 CFR Part 1222 and Part 1228. Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government IT equipment and/or Government records. Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected by the Freedom of Information Act. Contractor shall not create or maintain any records containing any Government Agency records that are not specifically tied to or authorized by the contract. The Government Agency owns the rights to all data/records produced as part of this contract. The Government Agency owns the rights to all electronic information (electronic data, electronic information systems, electronic databases, etc.) and all supporting documentation created as part of this contract. Contractor must deliver sufficient technical documentation with all data deliverables to permit the agency to use the data. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of format [paper, electronic, etc.] or mode of transmission [e-mail, fax, etc.] or state of completion [draft, final, etc.]. No disposition of documents will be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records may not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules. Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE FOR INCLUSION INTO CONTRACTS, AS APPROPRIATE GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS to VA INFORMATION AND VA INFORMATION SYSTEMS A contractor/subcontractor shall request logical (technical) or physical accessto VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. SECURITY INCIDENT INVESTIGATION The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the POC and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. Quality Assurance Surveillance Plan (QASP): PERFORMANCE BASED TASK INDICATOR STANDARD QUALITY ASSURANCE DETERMINATION 1.Contractor will provide shredding services in accordance with SOW Competency Performs shredding on day indicated, unless alternative date is prescheduled with POC check of logsheets vendor will not bill for missed collection days 2.Contractor shreds all documents on site Security documents are shredded before leaving the facility random visual inspection, check of logsheets Contractor performance will be evaluated. The evaluation will be considered when future contract selections are made. 3.All collection bins are emptied Service Quality All collections bins are emptied on schedule random inspection, customer input (complaints) No more than 3% missed bins per visit 4.Contractor employees safety shred documents safety All contractor employees follow safety rules while shredding documents random inspection Contractor performance will be evaluated. te evaluation will be considered when future contract selections are made.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/SeVANC/VAPSHCS/36C26019Q0017/listing.html)
 
Document(s)
Attachment
 
File Name: 36C26019Q0017 36C26019Q0017.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4639863&FileName=36C26019Q0017-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4639863&FileName=36C26019Q0017-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN05127097-W 20181019/181017230450-cd5030e675a8e07bba8fae2feffae737 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.