SOURCES SOUGHT
70 -- DHS Personnel Accountability System
- Notice Date
- 10/26/2010
 
- Notice Type
- Sources Sought
 
- NAICS
- 541511
 — Custom Computer Programming Services
 
- Contracting Office
- Office of the Chief Procurement Officer, Washington, District of Columbia, 20528, United States
 
- ZIP Code
- 20528
 
- Solicitation Number
- RFI_OCHCOPAS2011
 
- Archive Date
- 11/26/2010
 
- Point of Contact
- Martha A. Booros, Phone: 2024470227, Michael E. Jones, Phone: 202-447-5587
 
- E-Mail Address
- 
Martha.Booros@dhs.gov, michael.e.jones@dhs.gov
 (Martha.Booros@dhs.gov, michael.e.jones@dhs.gov)
 
- Small Business Set-Aside
- N/A
 
- Description
- REQUEST FOR INFORMATION Department of Homeland Security, Office of the Chief Human Capital Officer Personnel Accountability System This exchange is being issued in accordance with Federal Acquisition Regulation (FAR) Subpart 15.201(e) as a Request for Information (RFI). The purpose of this RFI is for the Department of Homeland Security (DHS) to gain knowledge of all qualified and interested small and other than small business concerns with experience within the referenced requirement and is being issued solely for DHS' informational and planning purposes as it may relate to acquisition strategy, planning schedules, feasibility of the requirement, development of the requirement, etc. This exchange in no way represents a formal solicitation for proposals, quotations, or bids with the intent to form binding agreements based upon results. DHS may (or may not), at the agency's sole discretion, issue a formal solicitation for this requirement at a later time. Within that vein, any descriptive/requirements information provided by DHS in this exchange is subject to change and shall in no way be treated as final or binding. 1. Background: The DHS Office of the Chief Human Capital Officer (OCHCO) develops, implements, and evaluates Department-wide human capital policies and standards. OCHCO has primary responsibility for the human capital of DHS, including the disposition of the human capital resources of the organization for continuity of operation (COOP) purposes. In addition, OCHCO is responsible for implementing enterprise-wide human resources solutions. 2. Requirements: DHS/OCHCO is seeking information regarding the capabilities and qualifications of a responsible and qualified firm to perform the requirements of this RFI. DHS/OCHCO requires contractor support in developing and implementing the functional requirements for a DHS personnel accountability system that will provide a standardized method to account for and determine the status of DHS employees, detailees and contractor staff who may be affected by a catastrophic event or emergency situation. The purpose of developing or procuring a personnel accountability system is to ensure that DHS leadership can, with little or no scheduling or advance direction, request an accountability of the DHS workforce, its status and well being, and availability to report to work. The capability would be essential in the event of a large-scale disaster, e.g., Hurricane Katrina, and also for a localized emergency as minor as a power outage in a specific DHS building. On a departmental basis, at the moment, there is no standard methodology to collect accountability data, to assess in like terms the status of employees, or a template as to what information is required in any given situation. By resolving this challenge on a department-wide, enterprise basis, the result will be that Components are asking the same questions as to employee accountability and speaking the same language in reporting the data. This capability is an important part of accurate situational awareness reporting, and imperative for real time assessment of workforce status. Deployment of a pilot personnel accountability system is anticipated during summer 2011. The required tasks shall include, but not be limited to the following: 2.1 Functional Requirements • Employee notification, i.e., the call to personnel to account for themselves, must be initiated by an automated system that would contact employees nearly simultaneously using a sequence of various means, e.g., home phone, desk phone, Blackberry, pager and email, to ensure that personnel can be reached, even when some modes of communication have been compromised in an emergency. The notification system would transmit a recorded message to personnel regarding the emergent situation and issue the direction in which to report. • The system must be web-based to allow employees access to the system by other than government computer equipment, i.e., personal or public computers. • The system must allow for direct employee access to account themselves. • Alternate means of accounting in the event there is no or limited web access during an emergency, i.e., call center, Blackberry or other PDA, text, personal cell, email response, etc. • Ability to compile standardized Component data for department-wide reporting. Standardized reporting and data compilation are required to ensure like data is received with uniform and aggregated reporting output. • Required data for employees, detailees and onsite contractors: • Name • Location (home address) • Phone Numbers (home, cell, desk, government-furnished cell) • Email address(s) • Duty Station, including building code, address and room • Organization • Series and Grade • Clearance Level • Essential Personnel Status • Job Hazard Analysis (risk status) • Capacity for personnel to keep their data current by logging in and accessing their profile. • Capability to provide real-time downloadable reports of personnel status at any given moment. Reports would be standardized taking into account the information the data users typically require with templates prepared in advance for the most likely emergency scenarios per the National Planning Scenarios (NPS). Ability to create a customized format relevant to a specific event (ad hoc) is also required, realizing that every possible scenario cannot be precisely planned for in advance. • Protection of Personal Identifiable Information (PII). Whatever system is procured or developed, the system must meet DHS requirements for Privacy Act compliance, protection of PII and all security concerns. • Scalable. The system must be scalable for department-wide deployment, to include onsite contractors. • Capacity for use during large-scale and concurrent disasters in multiple locations. • Capability of group selection to send notification based on selected criteria, e.g., location, building, organization, series, grade, risk status, clearance level, etc. • Capability of easily configuring a hierarchical organizational structure of personnel reporting or configuring a geographical organizational structure by location down to the building, floor and room number. • Capability to accept external data feeds. • Accounting and Reporting Granularity. The system must be able to account for and report on each personnel down to the specific building location and by geographic regions, state, county, city, zip code, and building. • Must be able to configure and use role-based security with hierarchical controls. • The application/system must be fully 508-compliant and any call services provided must be fully TDD/TDY capable. • Login In. The accountability system must have the capability for two types of login through the web interface--login using a traditional user name and password for non-government facility access offsite and the capability of using a government-issued CAC card for on government site access. • Capability of data archiving from past events. • Capability of retrieving data from past events (archived data) and producing downloadable reports based on user-defined criteria. • Capability to provide standardized downloadable reports of personnel status on demand in report format - Excel and PDF. • System capability for data mining using current COTS applications. 2.2 Data Requirements Although DHS has been responding to data requests relating to personnel reporting from numerous sources since the stand up of the Department, each new situation can bring a new set of data requirements. In general terms, the employee data required are the following: • Name • Location (home address) • Phone Numbers (home, cell, desk, government-furnished cell) • Email address(s) • Duty Station, including building code, address and room • Organization • Series and Grade • Clearance Level • Essential Personnel Status • Job Hazard Analysis (risk status) By using this data, the system would be able to report on personnel based on geographic location for both home and duty station. 2.3 Operational Requirements All solutions and services shall meet DHS Enterprise Security and Privacy policies, standards, and procedures. 2.3.1 Security and Privacy • Data collected and warehoused data protected under the Privacy Act of 1974 (e.g., Social Security Number) • Commercially-produced components must be Federal Information Processing Standards (FIPS) 140-2 certified or be in the FIPS 140-2 certification process. • System SHALL NOT escrow private or secret credentials in an unencrypted format. • All interfaces over which encrypted or unencrypted credentials are passed MUST operate over SSL/TLS encryption. • Commercial products purchased from foreign-owned corporations cannot be used. 2.3.2 Audit Trail The Contractor shall ensure that its IT systems used to store or process DHS-sensitive information maintain an audit trail sufficient to reconstruct security relevant events. Audit trails shall include the identity of each person and device accessing or attempting to access the system, the time and date of the access and the log-off time, activities that might modify, bypass, or negate security safeguards, and security-relevant actions associated with processing. The Contractor shall periodically review audit logs and ensure that audit trails are protected from modification, authorized access, or destruction and are retained and regularly backed up. The Contractor shall allow DHS/OCHCO daily access to inspect all audit logs. • The accountability system shall not permit audit records to be physically deleted or altered, except as part of a system administration archival process. • The system shall provide audit-tracking reports for user access, usage logs, and key accountability data structures. • The accountability system shall provide audit set-up capabilities for the system administrator. • The accountability system shall provide the capability to archive and restore audit logs. • The system shall be able to create, maintain, and protect from modification or unauthorized access or destruction of an audit trail of accesses to the objects it protects. The audit data shall be protected to ensure read access to it is limited to those who are authorized. The Contractor shall also provide an Incident Handling and Reporting Plan and perform incident reporting and handling as required. The Contractor shall notify DHS/OCHCO of any security incident. 2.3.3 Data Currency The data must be no less than one pay period old and must be updated at the end of each pay period to accommodate accessions, transfers, reassignments and separations of personnel. Historical event data must be maintained and available for reporting purposes for a minimum of five years. 2.3.4 Reliability and Availability Reliability is the probability that the system will be able to process work correctly and completely without being aborted. Required reliability and availability: • The system shall remain accessible by all users 24 hours a day, 7 days a week consistently with minimal downtime for system maintenance and upgrades. • Maintenance shall be expected to be performed on a scheduled basis such as weekly or monthly with prior notification of the system not being accessible. Regular maintenance is not to exceed three (3) hours for routine maintenance. • System upgrades shall be scheduled during off peak hours, not during an event, and downtime shall not exceed four (4) hours. 2.3.5 Recoverability Recoverability is the ability to restore function and data in the event of a failure. • A complete system backup shall be performed on a nightly basis, seven (7) days a week. • In the event the system is unavailable due to failure of hardware or software, a backup system shall be deployed if the failure exceeds four (4) hours to correct and restore usability. • In the event the database is corrupted, a backup system must be deployed if the failure exceeds four (4) hours to correct and restore usability; and the data shall be no older than three (3) days old (recovery point objective). The system shall be recovered/reconstituted during catastrophic event in accordance with the Recovery Time Objectives and Recovery Point Objectives (RTO and RPO) agreed to for the system. The Contractor shall notify DHS/OCHCO of the event and coordinate/apprise DHS/OCHCO of recovery/reconstitution activities. • The System Owner has the responsibility to test the IT Contingency Plan annually, and DHS has the responsibility to periodically review C&A artifacts. • Contractor must be able to produce a continuity plan documenting the recovery procedures for the DHS system. 2.3.6 Performance The expected performance shall be as follows: • Response time for queries and updates must average between 0.009 seconds to 0.104 seconds for 800 plus concurrent users. • The expected volume of data should be relatively low during non-event times but may peak to 500,000+ concurrent users in the event there is a situation in which department-wide personnel are directed to account. An example of when this might be required would be during a world-wide pandemic influenza outbreak. DHS is a large department and has personnel in most areas of the U.S. as well as abroad. The system must be able to sustain excellent performance in the event a disaster occurs in an area with a large concentration of employees such as Washington, DC. 2.3.7 Capacity The application and hardware must have the capacity to store at least 500,000+ personnel records, historical event data and event reports for at least five years with no system degradation. 2.3.8 Data Retention Inactive employee records must be available for one (1) year and historical event data and event reports must be available for viewing and reporting on for a minimum of five (5) years. 3. Questions In addition to demonstrating the necessary qualifications to perform the above identified requirements (see Section 4 below), all prospective vendors shall respond to the following questions: 1. What is the contractor's knowledge base of the following policies and procedures, which are critical to performing this requirement? • Federal Continuity Directive 1 • National Planning Scenarios • Privacy Act of 1974 • Federal Information Processing Standards (FIPS) 140-2 and FIPS 199 • DHS Management Directive (MD) 11042.1 • DHS MD 4300.1 and DHS MD 4300A • NIST Special Publications • Section 508 of the Rehabilitation Act (as amended by the Workforce Investment Act of 1998) (P.L. 105-220) 2. What is the contractor's experience in developing an enterprise personnel accountability system for catastrophic and emergency situations and disaster exercises similar in size and scope to DHS (scalable to over 500,000 personnel)? Provide specific examples. 3. What is the contractor's experience in developing an enterprise personnel accountability system accommodating multiple and concurrent catastrophic and emergency events in size and scope to DHS? Provide specific examples. 4. What is the contractor's experience in developing a secured web interface to allow personnel to log into the application to provide response information? Provide specific examples. 5. What is the contractor's experience in maintaining different personnel roles in an accountability system such as employee, supervisor, call center personnel, administrators, and incident coordinators? Automated loading of personnel profile information? Ability of supervisors to input status for employees who are unable to provide system input themselves? Provide specific examples. 6. What is the contractor's experience in collecting and compiling accountability data in a standard format at a federal agency/department similar in size and scope to DHS? 7. What is the contractor's experience in providing real-time standardized status reporting and data collection (geographical location (building, city, state, country); organizational groups (unit, office, organizational code) from personnel affected by an incident in size and scope to DHS? What was the measure of time? Provide specific examples. 8. How would the contractor account for contractor personnel in the event of a catastrophe or emergency as part of the accountability system? 9. What is the capability of the contractor to notify affected personnel during a catastrophe or emergency through multiple methods, such as email, cell phone, home phone, pager, PDA)? Provide specific examples. 10. What is the contractor's experience in developing a Section 508 compliant personnel accountability system? Provide specific examples. 11. Has the contractor conducted a certification and accreditation for another agency/department on the scale of DHS security requirements? Provide specific examples. 4. Description of Information Requested: DHS is requesting all interested firms respond to this RFI with the following information: 1. Name and Address 2. Phone and Fax No. 3. Website Address 4. Business Size and Type of Ownership (i.e., Other than Small, Small, Small Disadvantaged, Woman-owned, HUBZone, Service Disabled Veteran, etc.) 5. Years in business 6. Description of the client base, include all Federal Customers 7. Capability Statement to include how the firm's solution meets the DHS/OCHCO requirements. The capability statement must include: a. A description of the contractor's qualifications and capabilities which address all of the requirements identified in Section 2 b. Documented knowledge and experience with performing these requirements with Federal Agencies/Departments similar in size and scope to DHS. c. Responses to Questions 1-11 identified in Section 3. 5. Response Instructions: Capability Statements shall not exceed ten (10) to twenty (20) pages which include the responses to the questions identified in Section 3. Please submit all responses to this notice, via e-mail, to Mr. Michael Jones at michael.e.jones@dhs.gov 3:00 PM, Eastern Standard Time, November 4, 2010. All e-mail responses MUST include the subject header of "DHS/OCHCO Personnel Accountability System" in responding to this RFI. As stated prior, this RFI is being issued solely for DHS' informational and planning purposes. Respondents will not be notified of any results derived from a review of the information provided. Responses to this RFI will not be returned. Respondents are solely responsible for all expenses associated with the responding to this RFI. Respondents needing confidential treatment for any proprietary information furnished in response to this RFI must mark the documentation accordingly.
 
- Web Link
- 
FBO.gov Permalink
 (https://www.fbo.gov/spg/DHS/OCPO/DHS-OCPO/RFI_OCHCOPAS2011/listing.html)
 
- Place of Performance
- Address: 300 7th and D Street SW, Washington, District of Columbia, 20528, United States
- Zip Code: 20528
 
- Zip Code: 20528
- Record
- SN02316888-W 20101028/101026233906-f56ec1b6037374e73338de3d6e1eaea0 (fbodaily.com)
 
- Source
- 
FedBizOpps Link to This Notice
 (may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |
