Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF OCTOBER 07, 2010 FBO #3239
SOLICITATION NOTICE

D -- IT Consultant - IT Services - Attachments

Notice Date
10/5/2010
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
Department of Health and Human Services, National Institutes of Health, Clinical Center/Office of Purchasing & Contracts, 6707 Democracy Blvd, Suite 106, MSC 5480, Bethesda, Maryland, 20892-5480
 
ZIP Code
20892-5480
 
Solicitation Number
P169345L
 
Archive Date
11/19/2010
 
Point of Contact
Brian J. Lind, Phone: 301-402-0735
 
E-Mail Address
LindBJ@cc.nih.gov
(LindBJ@cc.nih.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
Attachment No 8 - Representations and Certifications Attachment No 7 - SF1449 Attachment No 6 - Proposal Packaging Instructions Attachment No 5 - Invoicing Instructions Attachment No 3 - Past Performance Questionnaire Attachment No 2 - Proposal preperation Instructions Attachment No 1 - Statement of Work The National Institutes of Health (NIH), Clinical Center (CC) the Department of Clinical Research Informatics (DCRI) has a requirement to engage the services of a contract consultant to provide computer system support services for the following applications and databases as required. • PowerBuilder • Microsoft Active Server Pages • Microsoft.net • Sybase This is a Combined Synopsis for Commercial Services prepared in accordance with FAR Subpart 12.6 as supplemented with additional information included in this notice. This notice constitutes the only solicitation; a separate solicitation will not be issued. This solicitation P169345L includes all provisions and clauses in effect through Federal Acquisition Circular 2005-46 with amendments dated September 29, 2010. The acquisition will be made pursuant to the authority in FAR 13.5 to use simplified procedures for commercial requirements. The standard North American Industry Classification System (NAICS) code is 541511 and the size standard is 23 million dollars. This solicitation is being issued as a Request for Proposal and is a total small business set-aside. The scope of this Statement of Work is to acquire computer system support which maintains the current CC system but also includes development work for new systems at the request of the Government. The development of any new system will include the following activities: I. Planning II. Design III. Development IV. Testing V. Implementation VI. Operations and Maintenance Please refer to Section 3 Development Activities for New Systems in Attachment Number One Statement of Work for complete detail and specifications of requirements for each phase identified above. In addition to the development of new systems the contractor will perform maintenance on the following existing systems currently in use at the CC: I. Occurrence Reporting System II. Payment Tracker III. Patient Emergency Fund IV. Press Logs V. Pharmacology Class Registration VI. Rehabilitation Medicine Department Research Tracking VII. Spiritual Ministry VIII. Critical Care Tracking IX. Psychiatric Consult Tracking Please refer to section 4 System Maintenance in Attachment number one Statement of Work for complete detail and specifications of requirements for each of the systems identified above/   Please refer to the following attachments in preparing your proposal responding to this solicitation. Attachment No. 1: Statement of Work Attachment No. 2: Proposal Preparation Instructions (see information regarding page limitations) Attachment No. 3: Past Performance Questionnaire Attachment No. 4: Technical Evaluation Criteria Attachment No. 5: Invoice Instructions Attachment No. 6: Proposal Packaging and Delivery Requirements Attachment No. 7: SF 1449 (should be signed and submitted with technical/business proposals) Attachment No. 8: FAR 52.212-3-Offeror Representations and Certifications - Commercial Items (Aug 2009) (must be completed and submitted with your business proposal) The following Provisions and Clauses apply: FAR 52.212-1 Instruction to Offerors-/Commercial Items (Jun 2008)(see Attachment No. 2 for additional proposal preparation instructions), FAR 52.212-2 Evaluation - Commercial Items (Jan 1999) (Evaluation criteria set forth in Attachment 4), FAR 52.212-4 Contract Terms and Conditions Commercial Items (June 2010), FAR 52.223-6 Drug Free Workplace (May 2001), FAR Clause 52.227-14 RIGHTS IN DATA - General (Dec 2007), FAR 52.228-5 Insurance - Working On a Government Installation (JAN 1997). The following FAR clauses cited in paragraph (b) of the clause at FAR 52.212-5 are also applicable to this acquisition: 52.212-5 -- Contract Terms and Conditions Required to Implement Statutes or Executive Orders -- Commercial Items (Apr 2010) (a) The Contractor shall comply with the following Federal Acquisition Regulation (FAR) clauses, which are incorporated in this contract by reference, to implement provisions of law or Executive orders applicable to acquisitions of commercial items: (1) 52.222-50, Combating Trafficking in Persons (FEB 2009) (22 U.S.C. 7104(g)). ____ Alternate I (AUG 2007) of 52.222-50 (22 U.S.C. 7104(g)). (2) 52.233-3, Protest After Award (AUG 1996) (31 U.S.C. 3553). (3) 52.233-4, Applicable Law for Breach of Contract Claim (OCT 2004) (Pub. L. 108-77, 108-78). (b) The Contractor shall comply with the FAR clauses in this paragraph (b) that the contracting officer has indicated as being incorporated in this contract by reference to implement provisions of law or Executive orders applicable to acquisitions of commercial items: ___ (1) 52.203-6, Restrictions on Subcontractor Sales to the Government (Sept 2006), with Alternate I (Oct 1995) (41 U.S.C. 253g and 10 U.S.C. 2402). (2) 52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010) (Pub. L. 110-252, Title VI, Chapter 1 (41 U.S.C. 251 note)). _ _ (3) 52.203-15, Whistleblower Protections under the American Recovery and Reinvestment Act of 2009 (Mar 2009) (Section 1553 of Pub L. 111-5) (Applies to contracts funded by the American Recovery and Reinvestment Act of 2009). ___ (4) 52.204-11, American Recovery and Reinvestment Act-Reporting Requirements (Mar 2009) (Pub. L. 111-5). ___ (5) 52.219-3, Notice of Total HUB Zone Set-Aside (Jan 1999) (15 U.S.C. 657a). ___ (6) 52.219-4, Notice of Price Evaluation Preference for HUB Zone Small Business Concerns (Jul 2005) (if the offeror elects to waive the preference, it shall so indicate in its offer)(15 U.S.C. 657a). ___ (7) [Reserved] X (8) (i) 52.219-6, Notice of Total Small Business Aside (June 2003) (15 U.S.C. 644). ___ (ii) Alternate I (Oct 1995) of 52.219-6. ___ (iii) Alternate II (Mar 2004) of 52.219-6. ___ (9) (i) 52.219-7, Notice of Partial Small Business Set-Aside (June 2003) (15 U.S.C. 644). ___ (ii) Alternate I (Oct 1995) of 52.219-7. ___ (iii) Alternate II (Mar 2004) of 52.219-7. ___ (10) 52.219-8, Utilization of Small Business Concerns (May 2004) (15 U.S.C. 637(d)(2) and (3)). ___ (11) (i) 52.219-9, Small Business Subcontracting Plan (Apr 2008) (15 U.S.C. 637 (d)(4).) ___ (ii) Alternate I (Oct 2001) of 52.219-9. ___ (iii) Alternate II (Oct 2001) of 52.219-9. ___ (12) 52.219-14, Limitations on Subcontracting (Dec 1996) (15 U.S.C. 637(a)(14)). ___ (13) 52.219-16, Liquidated Damages-Subcontracting Plan (Jan 1999) (15 U.S.C. 637(d)(4)(F)(i)). ___ (14) (i) 52.219-23, Notice of Price Evaluation Adjustment for Small Disadvantaged Business Concerns (Oct 2008) (10 U.S.C. 2323) (if the offeror elects to waive the adjustment, it shall so indicate in its offer). ___ (ii) Alternate I (June 2003) of 52.219-23. ___ (15) 52.219-25, Small Disadvantaged Business Participation Program-Disadvantaged Status and Reporting (Apr 2008) (Pub. L. 103-355, section 7102, and 10 U.S.C. 2323). ___ (16) 52.219-26, Small Disadvantaged Business Participation Program-Incentive Subcontracting (Oct 2000) (Pub. L. 103-355, section 7102, and 10 U.S.C. 2323). ___ (17) 52.219-27, Notice of Total Service-Disabled Veteran-Owned Small Business Set-Aside (May 2004) (15 U.S.C. 657 f). X (18) 52.219-28, Post Award Small Business Program Re-representation (Apr 2009) (15 U.S.C. 632(a)(2)). X (19) 52.222-3, Convict Labor (June 2003) (E.O. 11755). X (20) 52.222-19, Child Labor-Cooperation with Authorities and Remedies (Aug 2009) (E.O. 13126). X (21) 52.222-21, Prohibition of Segregated Facilities (Feb 1999). X (22) 52.222-26, Equal Opportunity (Mar 2007) (E.O. 11246). X (23) 52.222-35, Equal Opportunity for Special Disabled Veterans, Veterans of the Vietnam Era, and Other Eligible Veterans (Sep 2006) (38 U.S.C. 4212). X (24) 52.222-36, Affirmative Action for Workers with Disabilities (Jun 1998) (29 U.S.C. 793). X (25) 52.222-37, Employment Reports on Special Disabled Veterans, Veterans of the Vietnam Era, and Other Eligible Veterans (Sep 2006) (38 U.S.C. 4212). ___ (26) 52.222-54, Employment Eligibility Verification (Jan 2009). (Executive Order 12989). (Not applicable to the acquisition of commercially available off-the-shelf items or certain other types of commercial items as prescribed in 22.1803.) ___ (27) (i) 52.223-9, Estimate of Percentage of Recovered Material Content for EPA-Designated Items (May 2008) (42 U.S.C. 6962(c)(3)(A)(ii)). (Not applicable to the acquisition of commercially available off-the-shelf items.) ___ (ii) Alternate I (May 2008) of 52.223-9 (42 U.S.C. 6962(i)(2)(C)). (Not applicable to the acquisition of commercially available off-the-shelf items.) ___ (28) 52.223-15, Energy Efficiency in Energy-Consuming Products (Dec 2007) (42 U.S.C. 8259b). ___ (29) (i) 52.223-16, IEEE 1680 Standard for the Environmental Assessment of Personal Computer Products (Dec 2007) (E.O. 13423). ___ (ii) Alternate I (Dec 2007) of 52.223-16. (30) 52.225-1, Buy American Act--Supplies (Feb 2009) (41 U.S.C. 10a-10d). ___ (31) (i) 52.225-3, Buy American Act -Free Trade Agreements - Israeli Trade Act (Jun 2009) (41 U.S.C. 10a-10d, 19 U.S.C. 3301 note, 19 U.S.C. 2112 note, 19 U.S.C. 3805 note, Pub. L. 108-77, 108-78, 108-286, 108-301, 109-53, 109-169, 109-283, and 110-138). ___ (ii) Alternate I (Jan 2004) of 52.225-3. ___ (iii) Alternate II (Jan 2004) of 52.225-3. ___ (32) 52.225-5, Trade Agreements (Aug 2009) (19 U.S.C. 2501, et seq., 19 U.S.C. 3301 note). ___ (33) 52.225-13, Restrictions on Certain Foreign Purchases (Jun 2008) (E.O.'s, proclamations, and statutes administered by the Office of Foreign Assets Control of the Department of the Treasury). ___ (34) 52.226-4, Notice of Disaster or Emergency Area Set-Aside (Nov 2007) (42 U.S.C. 5150). ___ (35) 52.226-5, Restrictions on Subcontracting Outside Disaster or Emergency Area (Nov 2007) (42 U.S.C. 5150). ___ (36) 52.232-29, Terms for Financing of Purchases of Commercial Items (Feb 2002) (41 U.S.C. 255(f), 10 U.S.C. 2307(f)). ___ (37) 52.232.30, Installment Payments for Commercial Items (Oct 1995) (41 U.S.C. 255(f), 10 U.S.C. 2307(f)). X (38) 52.232-33, Payment by Electronic Funds Transfer-Central Contractor Registration (Oct. 2003) (31 U.S.C. 3332). ___ (39) 52.232-34, Payment by Electronic Funds Transfer-Other Than Central Contractor Registration (May 1999) (31 U.S.C. 3332). ___ (40) 52.232-36, Payment by Third Party (Feb 2010) (31 U.S.C. 3332). ___ (41) 52.239-1, Privacy or Security Safeguards (Aug 1996) (5 U.S.C. 552a). ___ (42) (i) 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx 1241(b) and 10 U.S.C. 2631). ___ (ii) Alternate I (Apr 2003) of 52.247-64. (c) The Contractor shall comply with the FAR clauses in this paragraph (c), applicable to commercial services, that the Contracting Officer has indicated as being incorporated in this contract by reference to implement provisions of law or executive orders applicable to acquisitions of commercial items: X (1) 52.222-41, Service Contract Act of 1965 (Nov 2007) (41 U.S.C. 351, et seq.). ___ (2) 52.222-42, Statement of Equivalent Rates for Federal Hires (May 1989) (29 U.S.C. 206 and 41 U.S.C. 351, et seq.). ___ (3) 52.222-43, Fair Labor Standards Act and Service Contract Act -- Price Adjustment (Multiple Year and Option Contracts) (Sep 2009) (29 U.S.C.206 and 41 U.S.C. 351, et seq.). ___ (4) 52.222-44, Fair Labor Standards Act and Service Contract Act -- Price Adjustment (Sep 2009) (29 U.S.C. 206 and 41 U.S.C. 351, et seq.). (5) 52.222-51, Exemption from Application of the Service Contract Act to Contracts for Maintenance, Calibration, or Repair of Certain Equipment--Requirements (Nov 2007) (41 U.S.C. 351, et seq.). (6) 52.222-52, Exemption from Application of the Service Contract Act to Contracts for Certain Services-Certification (Nov 2007) ___ (6) 52.222-53, Exemption from Application of the Service Contract Act to Contracts for Certain Services--Requirements (Feb 2009) (41 U.S.C. 351, et seq.). ___ (7) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations. (Mar 2009) (Pub. L. 110-247). ___ (8) 52.237-11, Accepting and Dispensing of $1 Coin (Sep 2008) (31 U.S.C. 5112(p)(1)). (d) Comptroller General Examination of Record The Contractor shall comply with the provisions of this paragraph (d) if this contract was awarded using other than sealed bid, is in excess of the simplified acquisition threshold, and does not contain the clause at 52.215-2, Audit and Records -- Negotiation. (1) The Comptroller General of the United States, or an authorized representative of the Comptroller General, shall have access to and right to examine any of the Contractor's directly pertinent records involving transactions related to this contract. (2) The Contractor shall make available at its offices at all reasonable times the records, materials, and other evidence for examination, audit, or reproduction, until 3 years after final payment under this contract or for any shorter period specified in FAR Subpart 4.7, Contractor Records Retention, of the other clauses of this contract. If this contract is completely or partially terminated, the records relating to the work terminated shall be made available for 3 years after any resulting final termination settlement. Records relating to appeals under the disputes clause or to litigation or the settlement of claims arising under or relating to this contract shall be made available until such appeals, litigation, or claims are finally resolved. (3) As used in this clause, records include books, documents, accounting procedures and practices, and other data, regardless of type and regardless of form. This does not require the Contractor to create or maintain any record that the Contractor does not maintain in the ordinary course of business or pursuant to a provision of law. (e) (1) Notwithstanding the requirements of the clauses in paragraphs (a), (b), (c) and (d) of this clause, the Contractor is not required to flow down any FAR clause, other than those in this paragraph (e)(1) in a subcontract for commercial items. Unless otherwise indicated below, the extent of the flow down shall be as required by the clause- (i) 52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010) (Pub. L. 110-252, Title VI, Chapter 1 (41 U.S.C. 251 note)). (ii) 52.219-8, Utilization of Small Business Concerns (May 2004) (15 U.S.C. 637(d)(2) and (3)), in all subcontracts that offer further subcontracting opportunities. If the subcontract (except subcontracts to small business concerns) exceeds $550,000 ($1,000,000 for construction of any public facility), the subcontractor must include 52.219-8 in lower tier subcontracts that offer subcontracting opportunities. (iii) [Reserved] (iv) 52.222-26, Equal Opportunity (Mar 2007) (E.O. 11246). (v) 52.222-35, Equal Opportunity for Special Disabled Veterans, Veterans of the Vietnam Era, and Other Eligible Veterans (Sep 2006) (38 U.S.C. 4212). (vi) 52.222-36, Affirmative Action for Workers with Disabilities (June 1998) (29 U.S.C. 793). (vii) [Reserved] (viii) 52.222-41, Service Contract Act of 1965, (Nov 2007), (41 U.S.C. 351, et seq.) (ix) 52.222-50, Combating Trafficking in Persons (Feb 2009) (22 U.S.C. 7104(g)). ___ Alternate I (Aug 2007) of 52.222-50 (22 U.S.C. 7104(g)). (x) 52.222-51, Exemption from Application of the Service Contract Act to Contracts for Maintenance, Calibration, or Repair of Certain Equipment--Requirements (Nov 2007) (41 U.S.C. 351, et seq.) (xi) 52.222-53, Exemption from Application of the Service Contract Act to Contracts for Certain Services--Requirements (Feb 2009) (41 U.S.C. 351, et seq.) (xii) 52.222-54, Employment Eligibility Verification (Jan 2009). (xiii) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations. (Mar 2009) (Pub. L. 110-247). Flow down required in accordance with paragraph (e) of FAR clause 52.226-6. (xiv) 52.247-64, Preference for Privately-Owned U.S. Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx 1241(b) and 10 U.S.C. 2631). Flow down required in accordance with paragraph (d) of FAR clause 52.247-64. (2) While not required, the contractor may include in its subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligations. (End of Clause) The Contractor shall comply with the following Federal Acquisition Regulation (FAR) clauses, which are incorporated in this contract in full text, to implement provisions of law or Executive orders applicable to acquisitions of commercial items. FAR 52.204-9 (SEPT 2007) Personal Identity Verification of Contractor Personnel (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24 and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federally-controlled facility and/or routine access to a Federally- controlled information system. FAR 52.222-54 (JAN 2009) EMPLOYMENT ELIGIBILITY VERIFICATION (a) Definitions. As used in this clause- "Commercially available off-the-shelf (COTS) item"- (1) Means any item of supply that is- (i) A commercial item (as defined in paragraph (1) of the definition at 2.101); (ii) Sold in substantial quantities in the commercial marketplace; and (iii) Offered to the Government, without modification, in the same form in which it is sold in the commercial marketplace; and (2) Does not include bulk cargo, as defined in section 3 of the Shipping Act of 1984 (46 U.S.C. App. 1702), such as agricultural products and petroleum products. Per 46 CFR 525.1 (c)(2), "bulk cargo" means cargo that is loaded and carried in bulk onboard ship without mark or count, in a loose unpackaged form, having homogenous characteristics. Bulk cargo loaded into intermodal equipment, except LASH or Seabee barges, is subject to mark and count and, therefore, ceases to be bulk cargo. "Employee assigned to the contract" means an employee who was hired after November 6, 1986, who is directly performing work, in the United States, under a contract that is required to include the clause prescribed at 22.1803. An employee is not considered to be directly performing work under a contract if the employee- (1) Normally performs support work, such as indirect or overhead functions; and (2) Does not perform any substantial duties applicable to the contract. "Subcontract" means any contract, as defined in 2.101, entered into by a subcontractor to furnish supplies or services for performance of a prime contractor a subcontract. It includes but is not limited to purchase orders, and changes and modifications to purchase orders. "Subcontractor" means any supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime Contractor or another subcontractor. "United States", as defined in 8 U.S.C. 1101(a)(38), means the 50 States, the District of Columbia, Puerto Rico, Guam, and the U.S. Virgin Islands. (b) Enrollment and verification requirements. (1) If the Contractor is not enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall- (i) Enroll. Enroll as a Federal Contractor in the E-Verify program within 30 calendar days of contract award; (ii) Verify all new employees. Within 90 calendar days of enrollment in the E-Verify program, begin to use E-Verify to initiate verification of employment eligibility of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); and (iii) Verify employees assigned to the contract. For each employee assigned to the contract, initiate verification within 90 calendar days after date of enrollment or within 30 calendar days of the employee's assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (2) If the Contractor is enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall use E-Verify to initiate verification of employment eligibility of- (i) All new employees. (A) Enrolled 90 calendar days or more. The Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (B) Enrolled less than 90 calendar days. Within 90 calendar days after enrollment as a Federal Contractor in E-Verify, the Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (ii) Employees assigned to the contract. For each employee assigned to the contract, the Contractor shall initiate verification within 90 calendar days after date of contract award or within 30 days after assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (3) If the Contractor is an institution of higher education (as defined at 20 U.S.C. 1001(a)); a State or local government or the government of a Federally recognized Indian tribe; or a surety performing under a takeover agreement entered into with a Federal agency pursuant to a performance bond, the Contractor may choose to verify only employees assigned to the contract, whether existing employees or new hires. The Contractor shall follow the applicable verification requirements at (b)(1) or (b)(2) respectively, except that any requirement for verification of new employees applies only to new employees assigned to the contract. (4) Option to verify employment eligibility of all employees. The Contractor may elect to verify all existing employees hired after November 6, 1986, rather than just those employees assigned to the contract. The Contractor shall initiate verification for each existing employee working in the United States who was hired after November 6, 1986, within 180 calendar days of- (i) Enrollment in the E-Verify program; or (ii) Notification to E-Verify Operations of the Contractor's decision to exercise this option, using the contact information provided in the E-Verify program Memorandum of Understanding (MOU). (5) The Contractor shall comply, for the period of performance of this contract, with the requirements of the E-Verify program MOU. (i) The Department of Homeland Security (DHS) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the E-Verify system in accordance with the terms of the MOU. In such case, the Contractor will be referred to a suspension or debarment official. (ii) During the period between termination of the MOU and a decision by the suspension or debarment official whether to suspend or debar, the Contractor is excused from its obligations under paragraph (b) of this clause. If the suspension or debarment official determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web site. Information on registration for and use of the E-Verify program can be obtained via the Internet at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals previously verified. The Contractor is not required by this clause to perform additional employment verification using E-Verify for any employee- (1) Whose employment eligibility was previously verified by the Contractor through the E-Verify program; (2) Who has been granted and holds an active U.S. Government security clearance for access to confidential, secret, or top secret information in accordance with the National Industrial Security Program Operating Manual; or (3) Who has undergone a completed background investigation and been issued credentials pursuant to Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors. (e) Subcontracts. The Contractor shall include the requirements of this clause, including this paragraph (e) (appropriately modified for identification of the parties), in each subcontract that- (1) Is for- (i) Commercial or noncommercial services (except for commercial services that are part of the purchase of a COTS item (or an item that would be a COTS item, but for minor modifications), performed by the COTS provider, and are normally provided for that COTS item); or (ii) Construction; (2) Has a value of more than $3,000; and (3) Includes work performed in the United States. (End of clause) PRIVACY ACT FAR 52.224-1 Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. FAR 52.224-2 Privacy Act (April 1984) (a) The Contractor agrees to- (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) "Operation of a system of records," as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) "Record," as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) "System of records on individuals," as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. FAR 52.245-1 Government Property(June 2007) If this RFP will result in the acquisition or use of Government Property provided by the contracting agency or if the Contracting Officer authorizes in the pre-award negotiation process, the acquisition of property (other than real property), this ARTICLE will include applicable provisions and incorporate the HHS publication entitled "Contractor's Guide for Control of Government Property," which can be found at:http://knownet.hhs.gov/log/AgencyPolicy/HHSLogPolicy/contractorsguide.htm. The following Provisions and Clauses apply and are included by reference: FAR Clause 52.249-4 Termination for Convenience of the Government (Services)(Short Form), (Apr 1984) FAR Clause 52.217-5 Evaluation of options (July 1990), FAR Clause 52.228-5 Insurance - Work on a Government Installation (Jan 1997), FAR Clause 52.237-2 Protection of Government Buildings, equipment and Vegetation (April 1984), HHSAR 352.270.5 Key Personnel (January 2006) The key personnel specified in this contract are considered essential to the work performance. At least 30 days prior to diverting any of the specified individuals to other programs or contracts(or as soon as possible if an individual must be replaced, for example, as a result of leaving the employ of the contractor), the Contractor shall notify the Contracting Officer and shall submit comprehensive justification for the diversion or replacement request (including proposed substitutions for the key personnel) to permit evaluation by the Government of the impact on performance under this contract. The Contractor shall not divert or otherwise replace any key individuals without the written consent of the Contracting Officer. The Government may modify the contract to add or delete key personnel at the request of the contractor or the Government. Additional Key Personnel Provisions During the first ninety (90) days of performance, the Contractor shall make no substitution of key personnel unless the substitution is necessitated by illness, death or termination of the employment. The Contractor shall notify the Contracting officer within fifteen (15) calendar days after the occurrence of any of these events and shall provide the information required by paragraph b below. After the initial ninety (90) day period, the Contractor shall submit the information provided in paragraph b. to the Contracting Officer at least fifteen (15) days prior to making any permanent substitutions. a. - The Contractor shall provide a detailed explanation of the circumstances necessitating the proposed substitutions, complete resumes for the proposed substitutes, and any additional information requested by the Contracting Officer. Proposed substitutes should have comparable qualifications to those of the persons being replaced. The Contracting officer will notify the Contractor within 15 calendar days after the receipt of all required information of the decision on substitutions; the contract will be modified to reflect any approved changes of key personnel. HHSAR Clause 352.224-70 Confidentiality of Information (Jan 2006), HHSAR Clause 352.270-7 Paperwork Reduction Act (Jan 2006), HHSAR Clause 352.270-13 Tobacco-Free Facilities (Jan 2006) Contracting Officer's Technical Representative The following Contracting Officer Technical Representative (COTR) will represent the Government for the purpose of this contract: To be determined at the time of award. The COTR is responsible for: (1) monitoring the Contractor's technical progress, including the surveillance and assessment of performance and recommending to the Contracting Officer changes in requirements; (2) interpreting the statement of work and any other technical performance requirements; (3) performing technical evaluation as required; (4) performing technical inspections and acceptances required by this contract; and (5) assisting in the resolution of technical problems encountered during performance. The Contracting Officer is the only person with authority to act as agent of the Government under this contract. Only the Contracting Officer has authority to: (1) direct or negotiate any changes in the statement of work; (2) modify or extend the period of performance; (3) change the delivery schedule; (4) authorize reimbursement to the Contractor for any costs incurred during the performance of this contract; or (5) otherwise change any terms and conditions of this contract. The Government may unilaterally change its COTR designation. Post Award evaluation of Contractor Performance a) Contractor Performance Evaluations Interim and final evaluations of Contractor performance will be prepared on this contract in accordance with FAR 42.15. The final performance evaluation will be prepared at the time of completion of work. In addition to the final evaluation, interim evaluation(s) shall be submitted at the time of the annual evaluation. Interim and final evaluations will be provided to the Contractor as soon as practicable after completion of the evaluation. The Contractor will be permitted thirty days to review the document and to submit additional information or a rebutting statement. If agreement cannot be reached between the parties, the matter will be referred to an individual one level above the Contracting Officer, whose decision will be final. Copies of the evaluations Contractor responses and review comments, if any, will be retained as part of the contract file, and may be used to support future award decisions. b) Electronic Access to Contractor Performance evaluations Contractors that have internet capability may access evaluations through a secure Web site for review and comment by completing the registration form that can be obtained at the following address: hhtp://oamp.od.nih./OD/CPS/cps.asp. The registration process requires the Contractor to identify an individual that will serve as a primary point of contact and who will be authorized access to the evaluations for review and comment. In addition, the Contractor will be required to identify an alternate contact that will be responsible for notifying the cognizant contracting official in the event the primary contact is unavailable to process the evaluation within the required 30-day time frame. Reporting Matters Involving Fraud, Waste and Abuse Anyone who becomes aware of the existence or apparent fraud, waste and abuse in NIH funded programs is encouraged to report such matters to the HHS Inspector general's Office in writing or the Inspector general's hotline. The toll free number is 1-800-HHS-TIPS (1-800-447-8477). All telephone calls will be handled confidentially. The email address is Htips@os.dhhs.gov and the mailing address is: Office of the Inspector general Department of Health and Human Services TIPS HOTLINE PO Box 23489 Washington, DC 20026 Access to National Institutes of Health (NIH) Electronic Mail All Contractor staff that have access to and use of NIH electronic mail (e-mail) must identify themselves as contractors on all outgoing e-mail messages, including those that are sent in reply or are forwarded to another user. To best comply with this requirement, the Contractor staff shall set-up an e-mail signature (AutoSignature) or an electronic business card ("V Card") on each of the contractor employee's computer system and/or Personal Digital Assistant (PDA) that will automatically display "Contractor" in the signature area of all e-mails sent. NIH INFORMATION SECURITY THE FOLLOWING MATERIAL IS APPLICABLE TO DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) TASK ORDERS FOR WHICH CONTRACTOR/SUBCONTRACTOR PERSONNEL WILL (1) DEVELOP, (2) HAVE THE ABILITY TO ACCESS, OR (3) HOST AND/OR MAINTAIN A FEDERAL INFORMATION SYSTEM(S). For more information, see HHS Information Security Program Policy at: http://www.hhs.gov/ocio/policy/2004-0002.001.html#intro. IMPORTANT NOTE TO OFFERORS: The requirements in this section shall be addressed in a separate section of the Technical Proposal entitled, "INFORMATION SECURITY This Statement of Work (SOW) requires the Contractor to perform one or more of the following: (1) (1) Develop, (2) have the ability to access, or (3) host and/or maintain a Federal Information system(s). (2) Include when contractor/subcontractor personnel will have access to, or use of, Personally Identifiable Information (PII), including instances of remote access to or physical removal of such information beyond agency premises or control (3) Include when contractor/subcontractor personnel will have regular or prolonged physical access to a Federally-controlled facility. (4) IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) For more information see: • All IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) must be reviewed by the IC CIO or designee to insure that they conform to HHS, NIH, and Institute and Center (IC) standards before procurement approval is granted. NIH Initial Security Configuration Policy http://irm.cit.nih.gov/security/sec_policy.html#Acq Pursuant to Federal and HHS Information Security Program Policies the contractor and any subcontractor performing under this task order shall comply with the following requirements: a. Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf b. OMB Memorandum M-06-15, Safeguarding Personally Identifiable c. Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf d. OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): e. http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf f. OMB Memorandum M-06-19, Safeguarding Against and Responding to the Breach of Personally Identifiable Information: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf g. Guide for Identifying Sensitive Information, including Information in Identifiable Form, http://ocio.nih.gov/security/NIH_Sensitive_Info_Guide.doc h. OMB Memorandum M-07-16, Protection of Sensitive Agency Information. http://www.whitehouse.gov/omb/assets/omb/memoranda/fy2007/m07-16.pdf i. Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html j. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf k. Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf l. HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] A. INFORMATION TYPE [ ] Administrative, Management and Support Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems To Security Categories, APPENDIX C, Table 3, at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf must be inserted here. This information will be provided by the IC ISSO and/or Contracting officer technical representative) **** [X ] Mission Based Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide For Mapping Types Of Information and Information Systems To Security Categories, APPENDIX D, Table 5, at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf D.14.5 Health Care Research and Practitioner Education Information Type Health Care Research and Practitioner Education fosters advancement in health discovery and knowledge. This includes developing new strategies to handle diseases; promoting health knowledge advancement; identifying new means for delivery of services, methods, decision models and practices; making strides in quality improvement; managing clinical trials and research quality; and providing for practitioner education. B. SECURITY CATEGORIES AND LEVELS **** (NOTE: Based on information provided by the ISSO and Contracting officer technical representative, select the Security Level for each Security Category. Select the Overall Security Level which is the highest level of the three factors (Confidentiality, Integrity and Availability). NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, Appendices C and D contain suggested Security Levels for Each Information Type at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf For additional information and assistance for completion of this item, see Table 1, Security Categorization of Federal Information and Information Systems at: http://irm.cit.nih.gov/security/table1.htm )**** Confidentiality Level: [ x ] Low [ ] Moderate [ ] High Integrity Level: [ ] Low [ x ] Moderate [ ] High Availability Level: [ x ] Low [ ] Moderate [ ] High Overall Level: [ ] Low [ x] Moderate [ ] High C. POSITION SENSITIVITY DESIGNATIONS 1. The following position sensitivity designation(s) and associated suitability determination(s) and background investigation requirements apply to this acquisition. [ ] Level 6: Public Trust -High Risk (Requires Suitability Determination with a BI). Contractor/subcontractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ ] Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with NACIC, MBI or BI). Contractor/subcontractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a National Agency Check and Inquiry Investigation plus a Credit Check (NACIC), a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ x] Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor/subcontractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI). 2. The Contractor shall submit a roster by name, position, e-mail address, phone number and responsibility, of all staff (including subcontractor staff) working under this acquisition where the contractor will develop, have the ability to access, or host and/or maintain a federal information system(s). The roster shall be submitted to the Contracting officer technical representative, with a copy to the Contracting Officer, within 14 calendar days of the effective date of this acquisition. Any revisions to the roster as a result of staffing changes shall be submitted within 15 calendar days of the change. The Contracting Officer will notify the Contractor of the appropriate level of suitability investigation required for each staff member. An electronic template, "Roster of Employees Requiring Suitability Investigations," is available for contractor use at: http://ais.nci.nih.gov/forms/Suitability-roster.xls Upon receipt of the Government's notification of applicable, required Suitability Investigations, the Contractor shall complete and submit the required forms within 30 days of the notification. Contractor/subcontractor employees who have met investigative requirements within the past five years may only require an updated or upgraded investigation. 3. Contractor/subcontractor employees shall be required to comply with the HHS criteria for the assigned position sensitivity designations prior to performing any work under this acquisition. The following exceptions apply: Levels 5 and 1: Contractor/subcontractor employees may begin work under this acquisition after the contractor has submitted the name, position and responsibility of the employee to the Contracting officer technical representative, as described in subparagraph 2 above. Level 6: In special circumstances the Contracting officer technical representative may request a waiver of the pre-appointment investigation. If the waiver is granted, the Contracting officer technical representative will provide written authorization for the contractor/subcontractor employee to work under this acquisition. D. INFORMATION SECURITY and PRIVACY TRAINING HHS Policy requires contractors/subcontractors to receive security and privacy training commensurate with their responsibilities for performing work under the terms and conditions of their contractual agreements. The Contractor shall ensure that each contractor/subcontractor employee has completed the NIH Computer Security Awareness Training and the NIH Privacy Awareness course at: http://irtsectraining.nih.gov/ or an equivalent training course specified by NIH prior to performing any work under this acquisition, and thereafter completing the NIH-specified fiscal year refresher course during the period of performance of this acquisition. The Contractor shall maintain a list by name and title of each Contractor/Subcontractor employee working under this acquisition who has completed the NIH required training. The list (along with any subsequent updates to the list) shall be provided to the Contracting officer technical representative. Any additional security training completed by Contractor/Subcontractor staff shall be included on this list. [The list of completed training shall be included in the first technical progress report. (See Article C.2. Reporting Requirements). Any revisions to this list as a result of staffing changes shall be submitted with the next required technical progress report.] Additional security training requirements commensurate with the position may be required as defined in NIST Special Publication 800-16, Information Technology Security Training Requirements ( http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf ). This document provides information about information security training that may be useful to the Contractor. Contractor/subcontractor staff shall be required to complete the following additional training prior to performing any work under this acquisition: E. RULES OF BEHAVIOR The Contractor/subcontractor employees shall be required to comply with and sign the NIH Information Technology General Rules of Behavior at: http://irm.cit.nih.gov/security/nihitrob.html F. PERSONNEL SECURITY RESPONSIBILITIES The Contractor shall perform and document the following actions: Contractor Notification of New and Departing Employees Requiring Background Investigations (1) The Contractor shall notify the Contracting Officer, the Contracting officer technical representative, and the Security Investigation Reviewer within five working days before a new employee assumes a position that requires a suitability determination or when an employee with a security clearance stops working under the contract. The Government will initiate a background investigation on new employees requiring security clearances and will stop pending background investigations for employees that no longer work under the contract. (2) New employees: Provide the name, position title, e-mail address, and phone number of the new employee. Provide the name, position title and suitability level held by the former incumbent. If the employee is filling a new position, provide a description of the position and the Government will determine the appropriate security level. (3) Departing employees: • Provide the name, position title, and security clearance level held by or pending for the individual. • Perform and document the actions identified in the "Employee Separation Checklist" (http://ais.nci.nih.gov/forms/ITsecurity-seperation-checklist.rtf) when a Contractor/Subcontractor employee terminates work under this contract. All documentation shall be made available to the Contracting officer technical representative and/or Contracting Officer upon request. G. COMMITMENT TO PROTECT NON-PUBLIC DEPARTMENTAL INFORMATION SYSTEMS AND DATA 1. Contractor Agreement The Contractor and its subcontractors performing under this SOW shall not release, publish, or disclose non-public Departmental information to unauthorized personnel, and shall protect such information in accordance with provisions of the following laws and any other pertinent laws and regulations governing the confidentiality of such information: _18 U.S.C. 641 (Criminal Code: Public Money, Property or Records) _18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information) _Public Law 96-511 (Paperwork Reduction Act) 2. Contractor Employee Non-Disclosure Agreement Each Contractor/subcontractor employee who may have access to non-public Department information under this acquisition shall complete the Commitment to Protect Non-Public Information - Contractor Employee Agreement http://ocio/docs/public/Nondisclosure.pdf. A copy of each signed and witnessed Non-Disclosure agreement shall be submitted to the Contracting officer technical representative prior to performing any work under this acquisition. 3. System Interconnection Security Agreement (ISA) and Memorandum of Understanding (MOU) Systems that interconnect exchange or share sensitive information need to meet the OMB A-130 requirement that "written management authorization (often in the form of a Memorandum of Understanding or Agreement,) be obtained prior to connecting with other systems and/or sharing sensitive data/information. The written authorization shall detail the rules of behavior and controls that must be maintained by the interconnecting systems." To meet this requirement it is required a System Interconnection Security Agreement (ISA) and Memorandum of Understanding (MOU) focused on protecting the data exchanged. An MOU and/or ISA will be required for any remote vendor access the NIHnet in order to ensure adequate security and the protection of the NIHNet. NIH ISA Template NIH MOU Template H. NIST SP 800-53 ASSESSMENT Under the SOW, the Contractor shall (1) develop a Federal information system at the Contractor's/subcontractor's facility or (2) host or maintain a Federal information system at the Contractor's/subcontractor's facility. The contractor shall annually update and re-submit its Self-Assessment required by NIST SP 800-53, Recommended Security Controls for Federal Information Systems. (http://csrc.nist.gov/publications/ - under Special Publications). Subcontracts: The Contractor's annual update to its Self-Assessment Questionnaire shall include similar information for any subcontractor that performs under the SOW to (1) develop a Federal information system(s) at the Contractor's/Subcontractor's facility, or (2) host and/or maintain a Federal information system(s) at the Contractor's/Subcontractor's facility. The annual update shall be submitted to the Contracting officer technical representative, with a copy to the Contracting Officer [For option contracts: no later than the completion date of the period of performance/ for all other contracts: indicate due date as determined by the Contracting officer technical representative/Contracting Officer]. I. DRAFT INFORMATION SYSTEM SECURITY PLAN The SOW requires the Contractor to (1) develop a Federal information system at the Contractor's/subcontractor's facility or (2) host or maintain a Federal information system at the Contractor's/subcontractor's facility. The Contractor's draft ISSP submitted with its proposal shall be finalized in coordination with the Contracting officer technical representative no later than 90 calendar days after contract award. Following approval of its draft ISSP, the Contractor shall update and resubmit its ISSP to the Contracting officer technical representative every three years or when a major modification has been made to its internal system. The Contractor shall use the current ISSP template in Appendix A of NIST SP 800-18, Guide to Developing Security Plans for Federal Information Systems. (Located at http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf ). The details contained in the Contractor's ISSP shall be commensurate with the size and complexity of the requirements of the SOW based on the System Categorization determined above in subparagraph (b) Security Categories and Levels of this Article. Subcontracts: The Contractor shall include similar information for any subcontractor performing under the SOW with the Contractor whenever the submission of an ISSP is required. J. NIH PHYSICAL ACCESS SECURITY In accordance with OMB Memorandum M-05-24, background investigations must be completed for all contractor/subcontractor personnel who have (1) access to sensitive information, (2) access to Federal information systems, (3) regular or prolonged physical access to Federally-controlled facilities, or (4) any combination thereof. [Reference: Definition of "Federally-controlled facilities" at Federal Acquisition Regulation (FAR) Subpart 2.1, Definitions] The Statement of Work (SOW) requires the Contractor to have regular or prolonged physical access to a Federally-controlled facility, thereby requiring compliance with the following regulations/policies: Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook (02-01-05): http://www.knownet.hhs.gov/acquisition/pssh.pdf K. Personally Identifiable Information (PII) Security Plan 1) Security and Privacy Clause for Personally Identifiable Information Information security and privacy, including the protection of sensitive/confidential information whether in verbal, written or electronic form, are a high priority of the National Institutes of Health (NIH). Therefore, all contractors and the subcontractors, who may have access to any personally identifiable information, are subject to the rules, regulations and procedures established by the Privacy Act of 1974 (PA) and implementing regulations, as well as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As such, all contractors and subcontractors shall only collect, maintain and use sensitive/confidential, personally identifiable information as necessary within the scope of the services to be provided to the NIH. In addition, all contractor staff shall use sensitive/confidential information only in the performance of their assigned duties as related to the delivery of those services. Information provided by the NIH may not be shared with any third-party without the express written permission of the Project and Contract Officers and may not be used for any purpose other than for the delivery of specific services to be provided to the NIH. The unauthorized disclosure of any information protected by the PA or HIPAA may be punishable by administrative sanction or by fine and purposeful disclosure may result in criminal charges. The contractor and subcontractors are required to submit a company security/confidentiality policy and related procedures, which are to include the requirement for a signed employee confidentiality agreement. Link to the NIH NDA http://irm.cit.nih.gov/docs/public/Nondisclosure.pdf The Offeror shall submit a PII Security Plan with its technical proposal that addresses each of the following items: 1. Verify the information categorization to ensure the identification of the PII requiring protection. 2. Verify the existing risk assessment. 3. Identify the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. 4. Verify the adequacy of the Contractor's existing internal corporate policy that addresses the information protection requirements of the SOW. 5. Identify any revisions, or development, of an internal corporate policy to adequately address the information protection requirements of the SOW. 6. For PII to be physically transported to or stored at a remote site, verify that the security controls of NIST Special Publication 800-53 involving the encryption of transported information will be implemented. [http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf] 7. When applicable, verify how the NIST Special Publication 800-53 security controls requiring authentication, virtual private network (VPN) connections will be implemented. 8. When applicable, verify how the NIST Special Publication 800-53 security controls enforcing allowed downloading of PII will be implemented. 9. Identify measures to ensure subcontractor compliance with safeguarding PII. The details contained in the Offerors PII Security Plan must be commensurate with the size and complexity of the contract requirements based on the System Categorization specified above in the subparagraph entitled Security Categories and Levels. The Offerors PII Security Plan will be evaluated by the Government for appropriateness and adequacy. L. LOSS AND/OR DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION (PII) - NOTIFICATION OF DATA BREACH The Contractor shall be responsible for reporting all incidents involving the loss and/or disclosure of PII in electronic or physical form. Notification shall be made to the NIH Incident Response Team IRT@mail.nih.gov via email within one hour of discovering the incident. The contractor shall follow-up with the IRT by completing and submitting one of the following two forms: NIH PII Spillage Report [ http://irm.cit.nih.gov/security/PII_Spillage_Report.doc ] NIH Lost or Stolen Assets Report [ http://irm.cit.nih.gov/security/Lost_or_Stolen.doc] The notification requirements do not distinguish between suspected and confirmed breaches. NIH Breach Notification Remote storage of CC data is applicable to this acquisition. In accordance with the Interim final rule about Breach Notification for Unsecured Protected Health Information in Section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, published in the Federal Register on or about August 13, 2009. 1) The Clinical Center requires that all contractors/subcontractors with access to unsecured protected health information from CC Information Systems provide notice of a breach to the Clinical Center without unreasonable delay and in no case later than 60 days following the discovery of a breach. 2) In the event of a breach, the Clinical Center requires that all contractors/subcontractors to the extent possible, provide the Clinical Center with the identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been breached and any other information related to the breach. The required information must be provided when available but without unreasonable delay and within 60 days in order for the Government to provide notice to affected individuals. M. DATA ENCRYPTION The following applies to all Contractor/subcontractor laptop computers containing HHS data at rest and/or HHS data in transit. (1) All laptop computers used on behalf of the government shall be secured using a Federal Information ProcessingStandard (FIPS) 140-2 compliant whole-disk encryption solution. The cryptographic module used by an encryption or other cryptographic product must be tested and validated under the Cryptographic Module Validation Program to confirm compliance with the requirements of FIPS PUB 140-2 (as amended). For additional information, refer to http://csrc.nist.gov/cryptval. (2) All mobile devices, including non-HHS laptops and portable media, that contain sensitive HHS information shall be encrypted using a FIPS 140-2 compliant product. Data at rest includes all HHS data regardless of where it is stored. (3) A FIPS 140-2 compliant key recovery mechanism shall be used so that encrypted information can be decrypted and accessed by authorized personnel. Use of encryption keys which are not recoverable by authorized personnel is prohibited. Key recovery is required by "OMB Guidance to Federal Agencies on Data Availability and Encryption", November 26, 2001, http://csrc.nist.gov/drivers/documents/ombencryption-guidance.pdf Encryption key management shall comply with all HHS and NIH policies and shall provide adequate protection to prevent unauthorized decryption of the information. All media used to store information shall be encrypted until it is sanitized or destroyed in accordance with HHS policy and NIH procedures. N. VULNERABILITY SCANNING REQUIREMENTS This SOW requires the Contractor/subcontractor to host an NIH webpage or database. The Contractor/subcontractor shall conduct periodic and special vulnerability scans, and install software/hardware patches and upgrades to protect automated federal information assets. The minimum requirement shall be to protect against vulnerabilities identified on the SANS Top-20 Internet Security Attack Targets list ( http://www.sans.org/top20/?ref=3706#w1 ). The Contractor shall provide the results of these scans to the Government on a monthly basis. O. Using Secure Computers to Access Federal Information 1. The Contractor shall use an FDCC compliant computer when accessing information on behalf of the Federal government. 2. The Contractor shall install computer virus detection software on all computers used to access information on behalf of the Federal government. Virus detection software and virus detection signatures shall be kept current. P. IMPLEMENTATION OF COMMONLY ACCEPTED SECURITY CONFIGURATIONS FOR WINDOWS OPERATING SYSTEMS OMB Memorandum M-07-18, Ensuring New Acquisitions Include Common Security Configurations http://www.whitehouse.gov/omb/assets/omb/memoranda/fy2007/m07-18.pdf (1) For all Information Technology provided under this acquisition, the Contractor shall certify that installed applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC). This includes Internet Explorer 7 configured to operate on Windows XP and Vista (in Protected Mode on Vista). For Windows XP settings, see: http://csrc.nist.gov/itsec/guidance_WinXP.html, and for Windows Vista settings, see: http://csrc.nist.gov/itsec/guidance_vista.html. (2) The standard installation, operation, maintenance, updates, and/or patching of software shall not alter the configuration settings from the approved FDCC configuration. For software operating in a Microsoft Windows environment, information technology shall also use the Windows Installer Service for installation to the default "program files" directory and shall be able to silently install and uninstall. (3) Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. Q. SPECIAL INFORMATION SECURITY REQUIREMENTS FOR FOREIGN CONTRACTORS/SUBCONTRACTORS When foreign contractors/subcontractors perform work under this acquisition at non-US Federal Government facilities, provisions of HSPD-12 do NOT apply. R. REFERENCES: INFORMATION SECURITY INCLUDING PERSONALLY IDENTIFIABLE INFORMATION (1) Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf (2) DHHS Personnel Security/Suitability Handbook: http://www.knownet.hhs.gov/acquisition/pssh.pdf (3) NIH Computer Security Awareness Course: http://irtsectraining.nih.gov/ (4) NIST Special Publication 800-16, Information Technology Security Training Requirements: http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf Appendix A-D: http://csrc.nist.gov/publications/nistpubs/800-16/AppendixA-D.pdf (5) NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems: http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf (6) NIST SP 800-53, Revision 1, Recommended Security Controls for Federal Information Systems: http://www.csrc.nist.gov/publications/drafts/800-53-rev1-ipd-clean.pdf (7) NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, Volume I: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V1-final.pdf; Volume II, Appendices to Guide For Mapping Types of Information and Information Systems To Security Categories, Appendix C at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf and Appendix D at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf. (8) NIST SP 800-64, Security Considerations in the Information System Development Life Cycle: http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf (9) FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf (10) FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf (11) OMB Memorandum M-06-15, Safeguarding Personally Identifiable Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf (12) OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf (13) OMB Memorandum M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (07-12-06) http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf (14) OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notification (09-20-06) http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf (15) OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (05-22-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf (16) OMB Memorandum M-07-18, Ensuring New Acquisitions Include Common Security Configurations (06-01-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-18.pdf (17) Guide for Identifying Sensitive Information, including Information in Identifiable Form, at the NIH ( 04-18-2008) (http://irm.cit.nih.gov/security/NIH_Sensitive_Info_Guide.doc (18) HHS OCIO Policies http://www.hhs.gov/ocio/policy/index.html#Security (19) NIH Privacy Awareness Course: http://irtsectraining.nih.gov/ S. REFERENCES: PHYSICAL ACCESS SECURITY (1) HHS Information Security Program Policy: http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.pdf (2) Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html (3) OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf (4) OMB Memorandum M-07-06, Validating and Monitoring Agency Issuance of Personal Identity Verification Credentials (01-11-07): http://www.whitehouse.gov/omb/memoranda/fy2007/m07-06.pdf (5) Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf (6) HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] http://www.hhs.gov/oamp/policies/hspd12contractguide.doc (7) HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook (02-01-05): http://www.hhs.gov/oamp/policies/personnel_security_suitability_handbook.html (8) HHSAR 307.7106, Statement of Work (SOW); HHSAR 307.7108 in new coverage as of 02-01-07: http://knownet.hhs.gov/acquisition/hhsar/Default.htm (9) Federal Acquisition Regulation (FAR) 37.602, Performance Work Statement (PWS): http://acquisition.gov/far/current/html/Subpart%2037_6.html#wp1074648 (10) FAR Subpart 4.13, Personal Identity Verification of Contractor Personnel: http://acquisition.gov/far/current/html/Subpart%204_13.html#wp1074125 (11) FAR 52.204-9, Personal Identity Verification of Contractor Personnel [clause]: http://acquisition.gov/far/current/html/52_200_206.html#wp1139617 T. System Configuration Security If the services required include configuration of any systems or applications for which there exist Agency Configuration Standards or NIST Security Checklist Standards, then the SOW must require that these configurations conform to the Agency or NIST standard. U. Federal Desktop Core Configuration (FDCC) and Federal Information Processing 201 Security Requirements • The Contractor shall ensure new systems are configured with the applicable Federal Desktop Core Configuration (FDCC) (http://nvd.nist.gov/fdcc/download_fdcc.cfm)[1][1] and applicable configurations from http://checklists.nist.gov, as jointly identified by the OPDIV/STAFFDIV Contracting Officer's Technical Representative (COTR) and the CISO. • The Contractor shall ensure hardware and software installation, operation, maintenance, update, and/or patching will not alter the configuration settings specified in: (a) the FDCC (http://nvd.nist.gov/fdcc/index.cfm); and (b) other applicable configuration checklists as referenced above. • The Contractor shall ensure applications are fully functional and operate correctly on systems configured in accordance with the above configuration requirements. • The Contractor shall ensure applications designed for end users run in the standard user context without requiring elevated administrative privileges. • FIPS 201-compliant, Homeland Security Presidential Directive 12 (HSPD-12) card readers shall: (a) be included with the purchase of servers, desktops, and laptops; and (b) comply with FAR Subpart 4.13, Personal Identity Verification. In accordance with HHS-OCIO-2008-0004.001S "Standard Security Language Configuration in HHS Contracts", all NIH purchases of servers, desktops, and laptops shall include a Federal Information Processing Standard 201 (FIPS-201)-compliant smartcard reader. A list of approved FIPS-201 compliant devices may be found at http://www.idmanagement.gov/drilldown.cfm?action=gov_app_products. As standards-compliant smartcard readers may not be available from all sources, or may be more cheaply acquired and provisioned separately, IC information technology staff must review the status of emerging NIH standards for compliant peripheral devices, keyboards, card readers, etc. before making purchases. By 01/01/2011, all systems joined to the NIH network or otherwise brought into production use must be provisioned with a FIPS-201 compliant PIV card reader. • The Contractor shall ensure that all of its subcontractors (at all tiers) comply with the above requirements V. Data and System Interoperability Compliance Standards Executive Order 13410 - Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs http://www.whitehouse.gov/news/releases/2006/08/20060822.html requires that any system that is used in patient care or that are used in the patient care setting must comply with the CCHIT certification and that those standards are located at http://www.cchit.org. W. ELECTRONIC AND INFORMATION TECHNOLOGY ACCESSIBILITY (January2008) Pursuant to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998, all electronic and information technology (EIT) products and services developed, acquired, maintained, and/or used under this contract/order must comply with the "Electronic and Information Technology Accessibility Provisions" set forth by the Architectural and Transportation Barriers Compliance Board (also referred to as the "Access Board") in 36 CFR part 1194. Information about Section 508 provisions is available at http://www.section508.gov/. The complete text of Section 508 Final provisions can be accessed at http://www.accessboard.gov/sec508/provisions.htm. The Section 508 standards applicable to this contract/order are identified in the Statement of Work. The contractor must provide a written Section 508 conformance certification due at the end of each order/contract exceeding $100,000 when the order/contract duration is one year or less. If it is determined By the Government that EIT products and services provided by the Contractor do not conform to the described accessibility in the Product Assessment Template, remediation of the products and/or services to the level of conformance specified in the vendor's Product Assessment Template will be the responsibility of the Contractor at its own expense. In the event of a modification(s) to the contract/order, which adds new EIT products and services or revised the type of, or specifications for, products and services the Contractor is to provide, including EIT deliverables such as electronic documents and reports, the Contracting Officer may require that the contractor submit a completed HHS Section 508 Product Assessment Template to assist the Government in determining that the EIT products and services support Section 508 accessibility requirements. Instructions for documenting accessibility via the HHS Section 508 Product Assessment Template may be found at http://508.hhs.gov. [(End of HHSAR 352.270-19(b)] Prior to the Contracting Officer exercising an option for a subsequent performance period/additional quantity or adding increment funding for a subsequent performance period under this contract, as applicable, the Contractor must provide a Section 508 Annual Report to the Contracting Officer and Contracting Officer's Technical Representative (also known as Contracting officer technical representative or Contracting Officer's Representative). Unless otherwise directed by the Contracting Officer in writing, the Contractor shall provide the cited report in accordance with the following schedule. Instructions for completing the report are available at: http://508.hhs.gov/ under the heading Vendor Information and Documents. The Contractor's failure to submit a timely and properly completed report may jeopardize the Contracting Officer's exercising an option or adding incremental funding, as applicable. Schedule for Contractor Submission of Section 508 Annual Report: [End of HHSAR 352.270-19(c)] 2) PRIVACY ACT- FAR 52.224-1 Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. FAR 52.224-2 Privacy Act (April 1984) (a) The Contractor agrees to- (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) "Operation of a system of records," as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) "Record," as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) "System of records on individuals," as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. 3) Personal Identity Verification of Contractor Personnel FAR 52.204-9 (SEPT 2007) (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24 and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federally-controlled facility and/or routine access to a Federally-controlled information system. 4) EMPLOYMENT ELIGIBILITY VERIFICATION FAR 52.222-54 (JAN 2009) (a) Definitions. As used in this clause- "Commercially available off-the-shelf (COTS) item"- (1) Means any item of supply that is- (i) A commercial item (as defined in paragraph (1) of the definition at 2.101); (ii) Sold in substantial quantities in the commercial marketplace; and (iii) Offered to the Government, without modification, in the same form in which it is sold in the commercial marketplace; and (2) Does not include bulk cargo, as defined in section 3 of the Shipping Act of 1984 (46 U.S.C. App. 1702), such as agricultural products and petroleum products. Per 46 CFR 525.1 (c)(2), "bulk cargo" means cargo that is loaded and carried in bulk onboard ship without mark or count, in a loose unpackaged form, having homogenous characteristics. Bulk cargo loaded into intermodal equipment, except LASH or Seabee barges, is subject to mark and count and, therefore, ceases to be bulk cargo. "Employee assigned to the contract" means an employee who was hired after November 6, 1986, who is directly performing work, in the United States, under a contract that is required to include the clause prescribed at 22.1803. An employee is not considered to be directly performing work under a contract if the employee- (1) Normally performs support work, such as indirect or overhead functions; and (2) Does not perform any substantial duties applicable to the contract. "Subcontract" means any contract, as defined in 2.101, entered into by a subcontractor to furnish supplies or services for performance of a prime contractor a subcontract. It includes but is not limited to purchase orders, and changes and modifications to purchase orders. "Subcontractor" means any supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime Contractor or another subcontractor. "United States", as defined in 8 U.S.C. 1101(a)(38), means the 50 States, the District of Columbia, Puerto Rico, Guam, and the U.S. Virgin Islands. (b) Enrollment and verification requirements. (1) If the Contractor is not enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall- (i) Enroll. Enroll as a Federal Contractor in the E-Verify program within 30 calendar days of contract award; (ii) Verify all new employees. Within 90 calendar days of enrollment in the E-Verify program, begin to use E-Verify to initiate verification of employment eligibility of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); and (iii) Verify employees assigned to the contract. For each employee assigned to the contract, initiate verification within 90 calendar days after date of enrollment or within 30 calendar days of the employee's assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (2) If the Contractor is enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall use E-Verify to initiate verification of employment eligibility of- (i) All new employees. (A) Enrolled 90 calendar days or more. The Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (B) Enrolled less than 90 calendar days. Within 90 calendar days after enrollment as a Federal Contractor in E-Verify, the Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (ii) Employees assigned to the contract. For each employee assigned to the contract, the Contractor shall initiate verification within 90 calendar days after date of contract award or within 30 days after assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (3) If the Contractor is an institution of higher education (as defined at 20 U.S.C. 1001(a)); a State or local government or the government of a Federally recognized Indian tribe; or a surety performing under a takeover agreement entered into with a Federal agency pursuant to a performance bond, the Contractor may choose to verify only employees assigned to the contract, whether existing employees or new hires. The Contractor shall follow the applicable verification requirements at (b)(1) or (b)(2) respectively, except that any requirement for verification of new employees applies only to new employees assigned to the contract. (4) Option to verify employment eligibility of all employees. The Contractor may elect to verify all existing employees hired after November 6, 1986, rather than just those employees assigned to the contract. The Contractor shall initiate verification for each existing employee working in the United States who was hired after November 6, 1986, within 180 calendar days of- (i) Enrollment in the E-Verify program; or (ii) Notification to E-Verify Operations of the Contractor's decision to exercise this option, using the contact information provided in the E-Verify program Memorandum of Understanding (MOU). (5) The Contractor shall comply, for the period of performance of this contract, with the requirements of the E-Verify program MOU. (i) The Department of Homeland Security (DHS) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the E-Verify system in accordance with the terms of the MOU. In such case, the Contractor will be referred to a suspension or debarment official. (ii) During the period between termination of the MOU and a decision by the suspension or debarment official whether to suspend or debar, the Contractor is excused from its obligations under paragraph (b) of this clause. If the suspension or debarment official determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web site. Information on registration for and use of the E-Verify program can be obtained via the Internet at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals previously verified. The Contractor is not required by this clause to perform additional employment verification using E-Verify for any employee- (1) Whose employment eligibility was previously verified by the Contractor through the E-Verify program; (2) Who has been granted and holds an active U.S. Government security clearance for access to confidential, secret, or top secret information in accordance with the National Industrial Security Program Operating Manual; or (3) Who has undergone a completed background investigation and been issued credentials pursuant to Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors. (e) Subcontracts. The Contractor shall include the requirements of this clause, including this paragraph (e) (appropriately modified for identification of the parties), in each subcontract that- (1) Is for- (i) Commercial or noncommercial services (except for commercial services that are part of the purchase of a COTS item (or an item that would be a COTS item, but for minor modifications), performed by the COTS provider, and are normally provided for that COTS item); or (ii) Construction; (2) Has a value of more than $3,000; and (3) Includes work performed in the United States. Data and System Interoperability Compliance Standards Executive Order 13410 - Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs http://www.whitehouse.gov/news/releases/2006/08/20060822.html requires that any system that is used in patient care or that are used in the patient care setting must comply with the CCHIT certification and that those standards are located at http://www.cchit.org. Full text copies of the representations and certifications for the other cited provisions and clauses may be obtained online at the NCI website at http://amb.nci.nih.gov or from Brian Lind Contract Specialist at LindBJ@cc.nih.gov. Offers must be submitted on a SF 1449 that is signed by an authorized representative of the offeror and include a completed Schedule of Offered Supplies/Services. ADDITIONAL PROPOSAL INSTRUCTIONS: Detailed proposal preparation instructions are delineated in Attachment No. 2 to this combined synopsis/solicitation. Please note that Offerors must also complete FAR 52.212-3, Offerors Representation and Certifications - Commercial Items (Aug 2009) and provide a copy of the valid certifications registrations of the Offerors Central Contractor Registrations (CCR) and Online Representation and Certifications Applications (ORCA) with their technical/business proposal submission. Questions regarding this combined synopsis/solicitation must be received in this office by October 14, 2010. Offers must be received by 3:30 p.m. local time on October 19,, 2010. Facsimile submissions are not authorized and collect calls will not be accepted. Submit offers to Mr. Brian Lind at the address listed in this solicitation. Please reference the solicitation number P169345L on your offer.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/CCOPC/P169345L/listing.html)
 
Place of Performance
Address: National Institutes of Health, 10 Center Drive, Building 10 Room 1C290, Bethesda, Maryland, 20892, United States
Zip Code: 20892
 
Record
SN02305841-W 20101007/101005234115-504e6fe563e0fb85dc46b0958287bcec (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.