Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 20, 2008 FBO #2581
SOLICITATION NOTICE

R -- Emergency Notification System

Notice Date
12/18/2008
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of Justice, Justice Management Division, Executive Office for the United States Attorneys-EOUSA, 600 E Street, Suite 2400, Washington, District of Columbia, 20530
 
ZIP Code
20530
 
Solicitation Number
DOJ-EOA02-9-0059
 
Archive Date
1/15/2009
 
Point of Contact
Tony Russell,, , Stacy Joannes,,
 
E-Mail Address
tony.russell@usdoj.gov, stacy.joannes@usdoj.gov
 
Small Business Set-Aside
N/A
 
Description
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. The Executive Office for United States of Attorney’s (EOUSA) invites contractors to submit a proposal for services described in the attached statement of work, under the authority of Part 12 of the Federal Acquisition Regulation. Enclosed you will find a Statement of Work for an Emergency Notification Systems Services. No later than 4:00 PM on Wednesday, December 31, 2008, please provide this office with a price and technical proposal, to include proposed personnel resumes, to accomplish the work described in the attached Statement of Work. Please provide labor categories for the respective work and service to be performed as described in the Statement of Work. Please ensure that your proposal contains the following information: oA detailed plan of how the contractor will design, implement and deliver the requirements as outline in the statement of work oAn outline of the offeror’s plan for staffing, organization, timing and quality control for this effort oA discussion of the roles and responsibilities of all significant key personnel, the percentage and specialization of effort dedicated to the project by the prime and proposed subcontractors (if any) •Detailed budget. Cost proposal shall be in accordance with the basic award. The cost proposal should consist of a detailed cost breakdown with an explanation of the basis for each of the cost proposed. •Discounts to GSA established rates are expected. The selection will be a Best Value approach whereas the evaluation factors other than cost, when combined, are significantly more important than cost. The selection will be based upon the following factors that are listed in descending order of importance: Proposed Solution The proposed approach shall be consistent with the design specifications of the statement of work, is feasible and will produce the required results in the proposed time frame. The proposed solution shall meet or exceeds the hardware, software, design, installation and maintenance specifications. Proposed solution should promote quality and reliability. The proposed solution shall be technically and managerially sound, and adequately staffed. The proposed solution should address technology risks and the viability of the technology going forward. The proposed solution shall include the ability of the system to encompass expansion without replacement of existing proposed solution. Technical/Management Capability The offeror’s response to the statement of work requirements and specifications shall address its ability to meet the delivery timelines; design and configuration requirements; quality control, inspection and acceptance procedures; shipping and packaging; proposed warranties; proposed key personnel designations. The offeror’s response shall demonstrate in-depth understanding of the Government’s requirements and the desired results. Offeror shall also include any performance risk and the viability of the offeror going forward. Key Personnel The offeror shall propose key personnel whose technical qualifications and experience is relevant and recent. The proposed key personnel must have knowledge, skills and abilities in the subject matter. Key personnel resumes must demonstrate skills, knowledge of the subject matter experience, list training and certifications, in addition to any security clearance levels. Past Performance Demonstrated performance and success in implementing similar projects. Experience in providing same or similar solutions and services under contract vehicles similar (or larger) in size and scope to this statement of work. Provide up to three (3) references for commensurate projects that are in progress or were completed within the last three (3) years. If a Contractor will be using a subcontractor, up to three (3) references must be provided for the subcontractor as well. References may be from commercial and federal/state Government contracts; however, similar support services performed for Federal Government customers generally will be considered more relevant than those done for commercial or state government customers. The Government reserves the right to check other references not provided by the Offeror. The following information is required for each reference: (A) Customer name and address (B) Point of contact (name, telephone number) for contractual/administrative matters and technical performance. (C) Period of contract performance (D) Description of work performed Price The proposed price shall include a detailed budget for all equipment and services (initial setup, installation, maintenance, etc.). Price shall also include the cost of the all the equipment and services for the option periods. The selection process will consist of a Best Value source selection based on organizational past performance, organizational experience, key personnel and price. Under a Best Value source selection, non-price evaluation factors, when combined are significantly more important than price. However, EOUSA will not select an offeror for award on the basis of a superior capability without consideration of the amount of its price. In order to select the winning proposal, EOUSA will rank each offeror by making a series of paired comparisons between them, trading off the marginal differences in capability with the marginal difference in price. The Government estimated value of this contract is $40,000.00 for base year and three (3) option years. The precise period of performance will be determined at the time of award. All proposals shall be in ONE document in PDF format, multiple documents will not be accepted. Proposals submitted in response to this RFP will be received in the following manner: via regular mail, hand carried, and email. Proposal may also be forwarded by Courier or Overnight Mail Service to the attention of the undersigned at EOUSA. Hand-Carried and Mailing Address: Executive Office for the United States Attorney’s Office 600 E Street, NW, Suite 2400 Washington, DC 20530 Attention: Tony Russell Email Address: tony.russell@usdoj.gov Proposals that are faxed will not be accepted. Proposals must be received by the closing date and time stated above. Please refer any questions concerning this request to Tony Russell email at tony.russell@usdoj.gov or Stacy Joannes e-mail stacy.joannes@usdoj.gov STATEMENT OF WORK Emergency Notification System Executive Office for the U.S. Attorneys BACKGROUND The Executive Office for U.S. Attorneys (EOUSA) is seeking a comprehensive enterprise-wide Emergency Notification System (ENS) to notify United States Attorneys’ offices and EOUSA employees of emergency and contingency situations. Notifications shall include alerts as well as management responses and expectations during affected periods. The system shall provide notifications via multiple means to the United States Attorneys’ community. In addition, the system shall provide an interactive response capability such that notified employees can respond to various inquiries including health and welfare status. The system shall support alert initiation via the public telephone network and the Internet. Minimally, the system shall be able to transmit alert messages via conventional and mobile telephone, pagers, electronic mail, and Short Message Service (SMS) text. The system shall be able to confirm notification delivery to personnel, and successively attempt delivery using all available methods until notification is confirmed. SCOPE OF WORK The Contractor shall provide all necessary infrastructure to implement ENS services. The ENS shall provide comprehensive methods to broadcast information to pre-defined groups of personnel. The system shall support local (district) groups as well as system-wide administrator-defined groups. The Contractor shall certify and accredit the system in accordance with Federal and Department of Justice (DOJ) standards. The initiation process shall start from a web site or telephone by authorized broadcasters. The authorized broadcaster selects predefined groups/scenarios that contain information such as phone and E-Mail addresses. The broadcaster initiates emergency notifications via one or multiple methods to notify users. The application attempts to contact the predefined groups by all possible selected means. The status of the broadcast can be seen realtime on screen or via report detailed by user and medium used. There will also be exception reports to ensure that those not notified can be traced via other methods in the event normal notification is not possible. The ENS must be capable of notifying U.S. Attorneys’ Offices and the Executive Office for U.S. Attorneys in locations throughout the United States and United States’ territories, including the Virgin Islands, Puerto Rico, Guam, and the Northern Mariana Islands. Specific tasks are described below: 1.General Requirements. a.The Contractor shall provide an Emergency Notification System (ENS) to the Government that will provide telephone, e-mail, and SMS notifications. b.The system shall support no less than 20,000 USAO and EOUSA personnel. c.The system shall be available and function 24 hours per day, 7 days per week. d.The Government configuration and administration interface shall be web-based, enforce 128-bit SSL, provide for authentication of authorized Government users, and support a minimum of Internet Explorer 6. 2.Certification and Accreditation. a.The Government requires that the systems storing, processing, and transmitting information provided by the EOUSA possess a current Department of Justice Certification and Accreditation (C&A). If a DOJ C&A is extant, the contractor shall revise it to include EOUSA information. If a DOJ C&A is not extant, the contractor shall perform a C&A in accordance with the requirements delineated below (i through ix): i.The contractor shall provide that the system meets all applicable Federal and Department of Justice (DOJ) security regulations and policies. The contractor shall designate a developmental Information Systems Security Officer (ISSO) to serve as lead contractor security point-of-contact for the duration of the period of performance. The ISSO shall report directly to the contractor Program Manager. ii.The contractor shall perform a National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 199 categorization using NIST Special Publication 800-60 levels of concern. The contractor shall document the categorization using the DOJ Cyber Security Assessment and Management (CSAM) utility. iii.Based on the categorization results of the FIPS 199 assessment, the contractor shall implement all applicable NIST Special Publication 800-53 Revision 2 controls. The contractor shall document system security designs and control implementation using the DOJ CSAM utility. The contractor shall implement controls using satisfactory methods and processes, as adjudicated by the EOUSA Project Manager. iv.The contractor shall test and evaluate system configuration and controls, and document results and Plans-of-Action & Milestones (POA&Ms) using the DOJ CSAM utility. The contractor shall resolve weaknesses as adjudicated by the EOUSA Assistant Director for Information Systems Security. v.The contractor shall perform technical vulnerability assessments, including the following categories of assessment: Assessment TypeUtility NetworkMcAfee Foundstone HostLumension Scanner DatabaseAppDetective Web ApplicationHP WebInspect The contractor shall assess and correct vulnerabilities in successive iterations as necessary to achieve an acceptable level of residual risk, as adjudicated by the EOUSA Assistant Director for Information Systems Security. The contractor shall archive final assessment results using the DOJ CSAM utility. i.The contractor shall design and configure the system to meet or exceed DOJ minimum security configuration standards. The contractor shall audit compliance in successive iterations as necessary to achieve an acceptable level of residual risk, as adjudicated by the EOUSA Assistant Director for Information Systems Security. The contractor shall perform configuration audits using the following utility: Configuration AuditUtility Minimum Security ConfigurationSymantec Security Expressions The contractor shall archive final audit results using the DOJ CSAM utility. i.For any system interconnections, the contractor shall develop Interconnection Security Agreements and Memorandums of Understanding in accordance with NIST Special Publication 800-47 as necessary given final system design. The contractor shall archive ratified documents using the DOJ CSAM utility. ii.The contractor shall develop a System Security Plan in accordance with NIST Special Publication 800-18 and DOJ Information Technology Security Standard Certification, Accreditation, and Security Assessments and archive the accepted document using the DOJ CSAM utility. The contractor shall include a Risk Assessment as part of the System Security Plan. iii.The contractor shall develop a Contingency Plan in accordance with NIST Special Publication 800-34 and DOJ Information Technology Security Standard Contingency Planning and archive the accepted document using the DOJ CSAM utility. The contractor shall test the Contingency Plan with a simulated disaster scenario and archive test activities and results using the DOJ CSAM utility. 2.Data Center – requirements for the data center(s) that will house Government-provided data. a.Physical Security i.The data center(s) shall be staffed or guarded 24 hours per day, seven days per week. The facility shall be alarmed for intrusion; alarms shall be monitored on an around-the-clock basis. The intrusion alarm system shall automatically notify law enforcement or a commercial monitoring service of alarms. The facility shall have access controls for personnel; all visitors shall be identified, logged, and escorted. The facility shall have low-light video monitoring of all ingress/egress points and storage vault doors. The Contractor shall maintain video for no less than 48 hours prior to overwrite. ii.The data center(s) that host(s) the Government’s data shall provide protection of Government personally-identifiable information (PII) data. iii.Visitor logs shall be made available to the Government for inspection within 48 hours upon request. iv.The Contractor shall maintain data center access lists. These lists shall be made available to the Government within 48 hours upon request. v.The data center facilities shall have written incident response procedures. Personnel shall be trained on the procedures no less than annually. The Contractor shall test incident response procedures no less than annually. Training and contingency test records shall be made available to the Government for inspection within 48 hours upon request. The data center facilities shall have conspicuously placed emergency contact data. vi.The Contractor shall inform the Government of security incidents and suspected security incidents within 4 hours of detection. For any incident involving unauthorized use or disclosure of Personally Identifiable Information, the Contractor shall notify the Government within 30 minutes of detection. b.Personnel Security i.All data center personnel shall, at a minimum, be vetted with name and fingerprint check prior to using the system. ii.All data center personnel must be made aware of potential consequences of system misuse. c.Identification / Authentication i.All system users shall use unique identified and authenticated IDs. ii.Contractor shall have written procedures in place on how to report a security incident. d.Media Security i.The Contractor shall ensure that no data leaves the building without proper authorization. ii.Any data extracts to removable media shall be encrypted via a FIPS 140-2 validated cryptographic module. iii.Contractor systems that process or store Government information shall be in a locked cabinet or rack. Issuance of keys shall be limited to personnel explicitly assigned to support this task. Keys shall be tracked and controlled. The Contractor shall supply the Government with key inventory status within 48 hours upon request. iv.Contractor shall provide written procedures on data center security practices that involve Government data within 48 upon request. v.Contractor data center must have at least one fully redundant backup facility. e.Contingency & Disaster and Recovery Plansi. Contractor shall test backup facility operations quarterly and provide results to the Government within 48 hours upon request. ii.Contractor shall permit facility visits by Government security managers to all data center locations to assess practices and procedures within 48 hours upon request. iii.Contractor must maintain and provide a contingency and disaster recovery plan. 3.System Automation – The Government shall provide a complete data file with all contact / notification data on a daily basis. This file will change each day. Changes shall be reflected in the Contractor-hosted system within 2 hours of receipt. a.Once the Government supplies the CSV data file, the Contractor system shall have the capabilities to import the file and completely refresh the database on an ongoing daily basis. b.The Contractor system shall allow for a complete refresh of the notification database on a daily basis with no Government interaction. c.The Contractor system shall have ability to create groups based on a GUI interface for all imported fields. d.Once groups are created in the system, the system shall have the ability to recreate those groups automatically after each daily refresh of the database with no Government interaction. e.All groups created by the local administrator shall be automatically refreshed daily with no interaction by Government. f.The Contractor system shall provide secure file transfer of contact files to the data center(s). The file transfer protocol shall be the Security File Transfer Protocol (SFTP) or other mutually-acceptable protocol. g.The Contractor system must allow for mapping and remapping of data elements and importation of a minimum of five different phone numbers, two E-Mail addresses, complete name, district, department, title, and five Government-defined fields. 4.Scenarios (the ability to outline the actions that shall take place for specific emergency situations) – The Government must be able to create “scenarios” at the district level and top administration level. These scenarios must be available only to the local district administrator and primary system administrator. For example, the District of Washington must have the ability to create a “snow emergency” scenario that is seen only by the district. The Southern District of California must be able to create a “fire emergency” that is available only to the district. The District of Washington will not be able to see the other districts contacts or scenarios and vice versa. a.Scenarios shall be able to refresh automatically after nightly refresh of contact information. b.The local administrator shall be able to create and modify local scenarios. 5.Administration. a.The Government shall be able to create unlimited local (district) administrators. b.The Government shall be able to organize and administer data by district in a minimum of 125 groups which require separate administration. c.All data shall be contained in one system for top-level notification and administration. d.Local (district) administrators shall be allowed to view/administer only his/her district data. 6.Basic Functionality. a.Allow secure URL (https) web-based communication. b.A person using any phone/cell shall be able to trigger notifications that include existing groups and scenarios. c.Notifications shall be deliverable to phone, SMS, and E-Mail. d.System shall be able to specify order of notification. e.Notifications must have text to voice capability. 7.Video Training. a.Training shall consist of three distinct training sessions: 1) Overall system administration, 2) District system administration, 3) End user. b.Each training session shall be taped at the Government’s studio in Columbia, South Carolina. The training shall be given to camera in studio. Once the training is taped, it shall be edited at the Government’s expense to be distributed to EOUSA users. The Government shall have sole copyrights to the video. Three separate videos shall be produced as described below: i.Overall system administration shall consist of comprehensive training for the ENS system. After training, the viewers shall be able to administer all basic and complex workings of the system. Viewers shall also have a complete knowledge of the notification and receipt process. ii.District system administration shall give viewers an overview of administration with a focus on group creation, local scenario building, notifications, receipt of notifications, notification tracking, reporting and general district upkeep of the system. These viewers shall be the primary group sending out district alert notifications. iii.End user training shall give viewers a general overview of the system, with a focus on alert notifications. These viewers shall be the secondary group sending out alert notifications. c.A training manual shall be provided by the Contractor for each of the above-named classes. d.Video recording shall take place at the National Advocacy Center in Columbia, South Carolina, in accordance with Federal Travel Regulations. 8.System Setup. a.The Contractor shall provide initial setup of system that involves group creation, scenario creation, administer creation, SFTP, and system security setup. b.The Contractor shall collaborate with Government personnel to setup complete automation of import process. 9.Notification speed / receipt verification – It is vital that messages are sent and verified on a timely basis. a.System shall allow for immediate notification to SMS and e-mail. b.System shall support a minimum of 75 calls per minute based on a 1 minute message (150 calls per minute with 30 second message...). 10.Reporting. a.System shall have reporting capabilities that include, at a minimum, exception reports, real time monitoring, system groups, system users, scenarios, and system notification history. b.System shall provide real time emergency notification tracking that includes, at a minimum, attempts, successes, and exceptions. DELIVERABLES The Contractor shall provide the following deliverables: 1.A web/phone-based system as defined in the Scope of Work above. 2.Certification and Accreditation (C&A) a.C&A deliverables shall be made using the DOJ CSAM utility. b.Contractor shall provide Department of Justice C&A within 60 days of contract award. c.Weekly C&A status reports shall be delivered at weekly status meetings. 3.Contractor and designated EOUSA staff shall have kickoff meeting within 5 days of contract award. This meeting shall include the EOUSA Assistant Director for Information Systems Security and EOUSA Program Manager. Meetings shall be held weekly after kickoff meeting until C&A is complete. 4.System shall have full operational capability, with test data, within 10 business days of award of contract. 5.System shall have full operational capability, with live data, within 5 business days from achieving end of Certification and Accreditation. 6.Admin / end user training within 30 days of contract award. PERIOD OF PERFORMANCE The period of performance is as follows: from date of award PeriodBeginEnd Base Year Date of the awardDecember 31, 2009 Option Year 1 January 1, 2010December 31, 2010 Option Year 2 January 1, 2011December 31, 2011 Options Year 3 January 1, 2012December 31, 2012 The exercise of Option Year 1- 3 is at the sole discretion of the Government, and pending availability of funds. ACCEPTANCE CRITERIA The Government shall evaluate the work performed based on the degree to which the Contractor fulfills the objectives identified in the Scope of Work and adheres to their data center quality and security controls. Adherence to security of Government’s data is viewed as a major performance indicator for this initiative. If at any time during this task the primary COTR finds that the quality of service does not fulfill the requirements of this task, the Contracting Officer shall provide official written notification to the Contractor. If the cause of the performance problem spans the task and performance does not improve within two weeks of the Contracting Officer's notification, the primary COTR may choose to give the Contractor 30 days’ notice of its intent to cancel the task without cost impact over the amount obligated and incurred through the date of cancellation. DEFINITIONS CSV = Comma separated values C&A = Certification and Accreditation COTR = Contracting Officer’s Technical Representative CSAM = DOJ Cyber Security Assessment and Management ENS = Emergency Notification System EOUSA = Executive Office for United States Attorneys FAR = Federal Acquisition Regulations FIPS = Federal Information Processing Standard FISMA = Federal Information Security Management Act of 2002 FTP = File transfer protocol HTTPS = Hypertext Transfer Protocol over Secure Socket Layer NAC = National Advocacy Center, Columbia, South Carolina NIST = National Institute of Standards and Technology PII = Personally Identifiable Information SFTP = Secure File Transfer Protocol SSL = Secure Socket Layer USAO = United States Attorney’s office GOVERNMENT FURNISHED ITEMS 1. The Government shall provide employee contact data via an electronic CSV file on a daily basis using a mutually-acceptable secure file transfer protocol. The contact information provided to the Contractor will be subject to the Privacy Act of 1974, 5 U.S.C. § 552a, as amended. The Contractor shall not disclose any contact information except with prior written permission of the Government Contracting Officer. 2. The government shall supply access to the DOJ Cyber Security Assessment & Management (CSAM) utility. The government shall supply a laptop computer and remote network access for access to CSAM and associated C &A communications. The government shall supply licenses for vulnerability assessment utilities and configuration audit utilities. 3. The Government shall provide electronic copies of the Department of Justice Information Technology Security Standards.CONTACTS Stacy Joannes IT SpecialistCOTR608-250-5470 Ted Shelkey Assistant DirectorAlternate COTR, CISO202-616-1665 EVALUATION CRITERIA (a) The Government will award a commercial item purchase order resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers: Organizational Experience Organizational Past Performance Key Personnel Price Organizational Experience, Organizational Past Performance, and Key Personnel, when combined, are significantly more important than price. However, EOUSA will not select an offeror for award on the basis of a superior capability without consideration of the amount of its price. (b) Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s). (c) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer’s specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award.
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=05795a59ce204397b57c6118f96a4971&tab=core&_cview=1)
 
Place of Performance
Address: 600 E Street Room 7500, Washington,, District of Columbia, 20530, United States
Zip Code: 20530
 
Record
SN01721363-W 20081220/081218215700-05795a59ce204397b57c6118f96a4971 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.