The RFP Database
New business relationships start here

EMI Moodle Hosting


Maryland, United States
Government : Homeland Security
RFP
Go to the link
This document has expired, therefore the above link may no longer work.

This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued.


The solicitation is Combined Synopsis/Solicitation number 70FA2019Q00000028. Provisions and clauses in effect through Federal Acquisition Circular 2019-02 are incorporated. It is the contractor's responsibility to be familiar with the applicable clauses and provisions. The clauses may be accessed in full text at these addresses: https://www.acquisition.gov/ or http://farsite.hill.af.mil/. The NAICS code is 541512, with a small business size of $27.5 million. This acquisition is 100% set-aside for Small Business concerns. All qualified small business concerns are encouraged to submit a proposal.


The Federal Emergency Management Agency request proposals from qualified sources capable of providing a Moodle Hosting Services in a FedRAMP authorized environment. All terms, conditions, requirements, clauses and provision herein shall apply to this combined synopsis/solicitation.


All offerors shall submit a quote for all the following.

PRICE/COST SCHEDULE:

ITEM DESCRIPTION OF QTY UNIT UNIT AMOUNT
NO. SUPPLIES/SVCS PRICE

0001 1.00 LOT ____________ _______________


Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) - Base Period - 12 Months


0002 1.00 LOT ____________ _______________


Implementation Services (See attached Statement of Work (SOW)) - Base Period - 12 Months


1001 1.00 LOT ____________ _______________


Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) - Option Period 1 - 12 Months


1002 1.00 LOT ____________ _______________


Implementation Services (See attached Statement of Work (SOW)) - Option Period 1 - 12 Months


2001 1.00 LOT ____________ _______________


Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) - Option Period 2 - 12 Months


2002 1.00 LOT ____________ _______________


Implementation Services (See attached Statement of Work (SOW)) - Option Period 2 - 12 Months


3001 1.00 LOT ____________ _______________


Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) - Option Period 3 - 12 Months


3002 1.00 LOT ____________ _______________


Implementation Services (See attached Statement of Work (SOW)) - Option Period 3 - 12 Months


4001 1.00 LOT ____________ _______________


Hosting Service for Moodle in FedRAMP authorized environment (See attached Statement of Work (SOW)) - Option Period 3 - 12 Months


4002 1.00 LOT ____________ _______________


Implementation Services (See attached Statement of Work (SOW)) - Option Period 3 - 12 Months



If shipping cost is additional, please be sure to include any applicable shipping cost to the quote as delivered to Emmitsburg, MD (21727).


DELIVERY SCHEDULE:

ITEM NUMBER QUANTITY PERIOD OF PERFRMANCE
0001 1.00 12 Months from Effective Date
0002 1.00 12 Months from Effective Date
1001 1.00 12 Months
1002 1.00 12 Months
2001 1.00 12 Months
2002 1.00 12 Months
3001 1.00 12 Months
3002 1.00 12 Months
4001 1.00 12 Months
4002 1.00 12 Months


PLACE OF DELIVERY:


DHS/FEMA
Emergency Management Institute (EMI)
16825 South Seton Ave
Emmitsburg, MD 17325


All applicable manufacturer commercial warranties shall be valid for all products.


TYPE OF CONTRACT:

The Government contemplates award of a Firm Fixed Price contract resulting from this combined synopsis/solicitation.


PROVISIONS AND CLAUSES:


FAR 52.212-1, Instructions to Offerors---Commercial Items, apply to this acquisition with the exception of (d), (h), and (i) of the clause, which are RESERVED;
FAR 52.212-2 Evaluation-Commercial Items.
(a) The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers:


See EVALUATION FACTORS FOR AWARD below.


The acceptability of the work plan (Factor 1), management plan (Factor 2), key personnel (Factor 3), quality control (Factor 4), experience (Factor 5), and past performance (Factor 6) are all equal in value. The technical factors (combined) and price are of equal value.
(b) Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s).
(c) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award.
FAR 52.212-3, Offeror Representations and Certifications-Commercial Items;
FAR 52.212-4, Contract Terms and Conditions---Commercial Items;
FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items. In compliance with said clause, the following FAR clauses apply:
52.203-6, Restrictions on Subcontractor Sales to the Government;
52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards;
52.209-6, Protecting the Government's Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment;
52.219-6, Notice of Total Small Business Set-Aside;
52.219-8, Utilization of Small Business Concerns;
52.219-13, Notice of Set-Aside of Orders;
52.219-14, Limitations on Subcontracting;
52.219-28, Post Award Small Business Program Rerepresentation;
52.222-3, Convict Labor;
52.222-19, Child Labor-Cooperation with Authorities and Remedies;
52.222-21, Prohibition of Segregated Facilities;
52.222-26, Equal Opportunity;
52.222-35, Equal Opportunity for Veterans;
52.222-36, Affirmative Action for Handicapped Workers with disabilities;
52.222-37, Employment Reports on Veterans;
52.222-40, Notification of Employee Rights Under the National Labor Relations Act;
52.222-50, Combating Trafficking in Persons;
52.223-18, Encouraging Contractor Policies to Ban Text Messaging While Driving;
52.224-3, Privacy Training;
52.225-13, Restrictions on Certain Foreign Purchases;
52.232-33, Payment by Electronic Funds Transfer-System for Award Management.
FAR 52.225-25, Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran-Representation and Certifications;
HSAR 3052.212-70, Contract Terms and Conditions Applicable to DHS Acquisition of Commercial Items. In compliance with said clause, the following FAR clauses apply:
3052.204-70, Security Requirements for Unclassified Information Technology Resources;
3052.204-71, Contractor Employee Access;
3052.204-71 Alternate I, Contractor Employee Access;
3052.205-70, Advertisements, Publicizing Awards, and Releases;
3052.215-70, Key Personnel or Facilities:
(a) The personnel or facilities specified below are considered essential to the work being performed under this contract and may, with the consent of the contracting parties, be changed from time to time during the course of the contract by adding or deleting personnel or facilities, as appropriate.
(b) Before removing or replacing any of the specified individuals or facilities, the Contractor shall notify the Contracting Officer, in writing, before the change becomes effective. The Contractor shall submit sufficient information to support the proposed action and to enable the Contracting Officer to evaluate the potential impact of the change on this contract. The Contractor shall not remove or replace personnel or facilities until the Contracting Officer approves the change.
The Key Personnel or Facilities under this Contract:
Project Manager
(Any others proposed by offeror)
3052.242-72, Contracting Officer's Representative;
3052.247-72, F.o.B. Destination Only.
FAR 52.252-2, Clauses Incorporated By Reference
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
http://www.acquisition.gov/far/index.html
http://farsite.hill.af.mil/


NOTICE OF FILING REQUIREMENTS FOR AGENCY PROTESTS

A. Preface

Prior to submission of an agency protest, all parties must use their best efforts to resolve concerns raised by an interested party. FEMA offers, as an option for dispute resolution, Alternative Dispute Resolution (ADR). ADR in an informal, expeditious and inexpensive way to resolve contract issues and is designed to promote satisfying solutions and fair procedures. For more information on FEMA's ADR services, please contact FEMA's ADR office at the following address:

Federal Emergency Management Agency
Alternative Dispute Resolution Division
FEMA Office of Chief Counsel
400 Virginia Avenue, SW
Washington, DC 20472-3400


If concerns cannot be resolved, protesters may use these procedures when a resolution is requested from the agency.

These procedures have been designed to create an avenue for resolving third party grievances in connection with the acquisition process outside of formal processes through the Government Accountability Office (GAO) and the United States Court of Federal Claims (CFC). Filing an agency protest is not a prerequisite to filing at the GAO or CFC. If the protester files a protest through the GAO or CFC while their protest is pending at the agency level, FEMA may dismiss the agency protest.

Pursuing an agency protest does not extend the time for obtaining a stay at GAO.

These procedures are in addition to the existing protest procedures contained in FAR Subpart 33.103.

B. Definitions.

(1) "Agency protest," as used in this Synopsis/Solicitation, is one that may be filed with either the Contracting Officer or the officer responsible for the resolution of all agency protests filed at the level above the Contracting Officer.

(2) "Ombudsman," as used in this Synopsis/Solicitation, is the agency official above the level of the Contracting Officer designated by the Director of the Acquisition Management Division to handle and issue the formal agency decision resolving the protest. Protesters using these procedures may protest directly to the Ombudsman.

(3) "Day," as used in this Synopsis/Solicitation, is a calendar day. In computing a period of time for the purpose of these procedures, the day from which the period begins to run is not counted. When the last day of the period is a Saturday, Sunday or a Federal holiday, the period extends to the next day that is not a Saturday, Sunday or a Federal holiday. Similarly, when the Washington, DC offices of FEMA are closed for all or part of the last day, the period extends to the next day on which the Agency is open.

C. Submission Guidelines.

(1) Agency protests may be filed through the Contracting Officer or, at the level above the Contracting Officer, through the Ombudsman either by FAX transmission or by "Certified Mail" (Return Receipt Requested) as follows:

a. Protests filed through the Contracting Officer or the Ombudsman must be mailed or faxed to:

Gary P. Topper,
Department of Homeland Security/FEMA
Acquisition Preparedness Branch
Building D
16825 South Seton Avenue
Emmitsburg, MD 21727
FAX: 301-447-1092


-OR-

DHS/FEMA
David Orris, Ombudsman
16825 S. Seton Ave, D-123
Emmitsburg, MD 21727
FAX: 301-447-1092


b. The outside of the envelope or beginning of the FAX transmission must be marked "Agency Protest".

c. If the protester submits the protest directly through the Ombudsman, the protester must also, within one (1) day of submitting the protest to the Ombudsman, submit a copy of the protest to the responsible Contracting Officer either by FAX transmission or by "Certified Mail" (Return Receipt Requested).

(2) To be filed on a given day, protests and any subsequent appeals must be received by 4:30 PM, current-local time. Any protests received after that time will be considered to be filed on the next day.

(3) Protest submissions will not be considered filed until all of the following information is provided:

a. the protester's name, address, telephone number and fax number;

b. the solicitation or contract number;

c. a detailed statement of all factual and legal grounds for protests, to include an explanation of how the protester was prejudiced;

d. copies of relevant documents;

e. a request for ruling by the agency;

f. a statement detailing the form of relief requested;

g. all information establishing that the protester is an interested party for the purposes of filing a protest; and

h. all information establishing the timeliness of the protest.

(4) All protests must be signed by an authorized representative of the protester, and must be addressed to the Contracting Officer or the Ombudsman.

D. Timeliness/Resolution of Protests.

(1) Protests based upon alleged improprieties in a solicitation which are apparent prior to bid opening or the time set for receipt of initial proposals shall be filed prior to bid opening or the time set for receipt of initial proposals. In procurements where proposals are requested, alleged improprieties which do not exist in the initial solicitation but which are subsequently incorporated into the solicitation must be protested not later than the next closing time for receipt of proposals following the incorporation.

(2) Protests other than those covered by paragraph (1) of this section shall be filed not later than 10 days after the basis of protest is known or should have been known (whichever is earlier), with the exception of protests challenging a procurement conducted on the basis of competitive proposals under which a debriefing is requested and, when requested, is required. In such cases, with respect to any protest basis which is known or should have been known either before or as a result of the debriefing, the initial protest shall not be filed before the debriefing date offered to the protester, but shall be filed not later than 10 days after the date on which the debriefing is held.

(3) Protests filed through the Contracting Officer.

a. Within twenty (20) days after the protest is filed through the Contracting Officer, the Contracting Officer will send a written ruling and a summary of the reasons supporting the ruling to the protester by "Certified Mail (Return Receipt Requested)".

b. Appeals

i. Protesters who filed protests through the Contracting Officer may, within five (5) days of receipt of the Contracting Officer's written ruling, appeal to the Ombudsman.

ii. Requests for Appellate Review must be submitted to the Ombudsman by FAX transmission or by "Certified Mail" (Return Receipt Requested).

iii. The Ombudsman will send a written ruling and a summary of the reasons supporting the ruling to the protester by "Certified Mail (Mail Receipt Requested)" within ten (10) days of receipt of the request for appellate review of the Contracting Officer's decision.

iv. In accordance with FAR 33.103(d)(4) and 4 C.F.R 21.2(a)(3), if there is an agency appellate review of the Contracting Officer's decision on the protest, it will not extend GAO'S timeliness requirements. Therefore, any subsequent protest to the GAO must be filed within ten (10) days of knowledge of initial adverse agency action.

(4) Protests filed through the Ombudsman:

a. If the protester protests directly through the Ombudsman, the Ombudsman will send a written ruling and a summary of the reasons supporting the ruling to the protester by "Certified Mail (Mail Receipt Requested)" within thirty-five (35) days after the protest was filed.

b. Protests filed directly through the Ombudsman cannot be appealed within the agency.

E. Dismissal of Protests.

The agency may dismiss protests when protesters file protests through the GAO or CFC while their protests are pending at the agency level; and for failure to comply with any of the requirements of these agency protest procedures. For example, the agency may dismiss protests that are procedurally or substantively defective (e.g., the protest is untimely or the protest fails to clearly state legally sufficient grounds of protest).



CONFIDENTIALITY OF INFORMATION

(a) To the extent that the work under this contract requires that the Contractor be given access to sensitive or proprietary business, technical, or financial information belonging to the Government or other companies, the Contractor shall, after receipt thereof, treat such information as confidential and not appropriate such information to its own use or disclose such information to third parties unless specifically authorized by the Contracting Officer in writing. The foregoing obligations, however, shall not apply to information that--

(1) At the time of receipt by the Contractor, is in the public domain

(2) Is published by others after receipt thereof by the Contractor or otherwise becomes part of the public domain through no fault of the Contractor

(3) The Contractor can demonstrate was already in its possession at the time of receipt thereof and was not acquired directly or indirectly from the Government or other companies

(4) The Contractor can demonstrate was received by it from a third party that did not require the Contractor to hold it in confidence.

(b) The Contractor shall obtain from each employee permitted access a written agreement, in a form satisfactory to the Contracting Officer, that he/she will not discuss, divulge or disclose any such information or data to any person or entity except those persons within the Contractor's organization or the Government directly concerned with the performance of the contract.


NARA RECORDS MANAGEMENT LANGUAGE FOR CONTRACTS

The following standard items relate to records generated in executing the contract and should be included in a typical Electronic Information Systems (EIS) procurement contract:

1. Citations to pertinent laws, codes and regulations such as 44 U.S.C chapters 21, 29, 31 and 33; Freedom of Information Act (5 U.S.C. 552); Privacy Act (5 U.S.C. 552a); 36 CFR Part 1222 and Part 1228.

2. Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest.

3. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government IT equipment and/or Government records.

4. Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected by the Freedom of Information Act.

5. Contractor shall not create or maintain any records containing any Government Agency records that are not specifically tied to or authorized by the contract.

6. The Government Agency owns the rights to all data/records produced as part of this contract.

7. The Government Agency owns the rights to all electronic information (electronic data, electronic information systems, electronic databases, etc.) and all supporting documentation created as part of this contract. Contractor must deliver sufficient technical documentation with all data deliverables to permit the agency to use the data.

8. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of format (paper, electronic, etc.) or mode of transmission (e-mail, fax, etc.) or state of completion (draft, final, etc.).

9. No disposition of documents will be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records may not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules.

10. Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. Offerors are reminded to include a completed copy of 52.212-3 with RFP response, or provide an affirmative response that the offeror is registered in ORCA and all information in ORCA is current and complete. All clauses shall be incorporated by reference or full text in the purchase order.


SAFEGUARDING OF SENSITIVE INFORMATION (MAR 2015)

(a) Applicability. This clause applies to the Contractor, its subcontractors, and Contractor employees (hereafter referred to collectively as "Contractor"). The Contractor shall insert the substance of this clause in all subcontracts.


(b) Definitions. As used in this clause-
"Personally Identifiable Information (PII)" means information that can be used to distinguish or trace an individual's identity, such as name, social security number, or biometric records, either alone, or when combined with other personal or identifying information that is linked or linkable to a specific individual, such as date and place of birth, or mother's maiden name. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-personally identifiable information can become personally identifiable information whenever additional information is made publicly available-in any medium and from any source-that, combined with other available information, could be used to identify an individual.


PII is a subset of sensitive information. Examples of PII include, but are not limited to: name, date of birth, mailing address, telephone number, Social Security number (SSN), email address, zip code, account numbers, certificate/license numbers, vehicle identifiers including license plates, uniform resource locators (URLs), static Internet protocol addresses, biometric identifiers such as fingerprint, voiceprint, iris scan, photographic facial images, or any other unique identifying number or characteristic, and any information where it is reasonably foreseeable that the information will be linked with other information to identify the individual.
"Sensitive Information" is defined in HSAR clause 3052.204-71, Contractor Employee Access, as any information, which if lost, misused, disclosed, or, without authorization is accessed, or modified, could adversely affect the national or homeland security interest, the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of Title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense, homeland security or foreign policy. This definition includes the following categories of information:

(1) Protected Critical Infrastructure Information (PCII) as set out in the Critical Infrastructure Information Act of 2002 (Title II, Subtitle B, of the Homeland Security Act, Public Law 107¬296, 196 Stat. 2135), as amended, the implementing regulations thereto (Title 6, Code of Federal Regulations, Part 29) as amended, the applicable PCII Procedures Manual, as amended, and any supplementary guidance officially communicated by an authorized official of the Department of Homeland Security (including the PCII Program Manager or his/her designee);

(2) Sensitive Security Information (SSI), as defined in Title 49, Code of Federal
Regulations, Part 1520, as amended, "Policies and Procedures of Safeguarding and Control of SSI," as amended, and any supplementary guidance officially communicated by an authorized official of the Department of Homeland Security (including the Assistant Secretary for the Transportation Security Administration or his/her designee);


(3) Information designated as "For Official Use Only," which is unclassified information of a sensitive nature and the unauthorized disclosure of which could adversely impact a person's privacy or welfare, the conduct of Federal programs, or other programs or operations essential to the national or homeland security interest; and


(4) Any information that is designated "sensitive" or subject to other controls, safeguards or protections in accordance with subsequently adopted homeland security information handling procedures.


"Sensitive Information Incident" is an incident that includes the known, potential, or suspected exposure, loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or unauthorized access or attempted access of any Government system, Contractor system, or sensitive information.


"Sensitive Personally Identifiable Information (SPII)" is a subset of PII, which if lost, compromised or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some forms of PII are sensitive as stand-alone elements. Examples of such PII include: Social Security numbers (SSN), driver's license or state identification number, Alien Registration Numbers (A-number), financial account number, and biometric identifiers such as fingerprint, voiceprint, or iris scan. Additional examples include any groupings of information that contain an individual's name or other unique identifier plus one or more of the following elements:


(1) Truncated SSN (such as last 4 digits)
(2) Date of birth (month, day, and year)
(3) Citizenship or immigration status
(4) Ethnic or religious affiliation
(5) Sexual orientation
(6) Criminal History
(7) Medical Information
(8) System authentication information such as mother's maiden name, account passwords or personal identification numbers (PIN)


Other PII may be "sensitive" depending on its context, such as a list of employees and their performance ratings or an unlisted home address or phone number. In contrast, a business card or public telephone directory of agency employees contains PII but is not sensitive.


(c) Authorities. The Contractor shall follow all current versions of Government policies and guidance accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors, or available upon request from the Contracting Officer, including but not limited to:

(1) DHS Management Directive 11042.1 Safeguarding Sensitive But Unclassified (for Official Use Only) Information
(2) DHS Sensitive Systems Policy Directive 4300A
(3) DHS 4300A Sensitive Systems Handbook and Attachments
(4) DHS Security Authorization Process Guide
(5) DHS Handbook for Safeguarding Sensitive Personally Identifiable Information
(6) DHS Instruction Handbook 121-01-007 Department of Homeland Security Personnel Suitability and Security Program
(7) DHS Information Security Performance Plan (current fiscal year)
(8) DHS Privacy Incident Handling Guidance
(9) Federal Information Processing Standard (FIPS) 140-2 Security Requirements for Cryptographic Modules accessible at http://csrc.nist.gov/groups/STM/cmvp/standards.html
(10) National Institute of Standards and Technology (NIST) Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations accessible at http://csrc.nist.gov/publications/PubsSPs.html
(11) NIST Special Publication 800-88 Guidelines for Media Sanitization accessible at http://csrc.nist.gov/publications/PubsSPs.html


(d) Handling of Sensitive Information. Contractor compliance with this clause, as well as the policies and procedures described below, is required.


(1) Department of Homeland Security (DHS) policies and procedures on Contractor personnel security requirements are set forth in various Management Directives (MDs), Directives, and Instructions. MD 11042.1, Safeguarding Sensitive But Unclassified (For Official Use Only) Information describes how Contractors must handle sensitive but unclassified information. DHS uses the term "FOR OFFICIAL USE ONLY" to identify sensitive but unclassified information that is not otherwise categorized by statute or regulation. Examples of sensitive information that are categorized by statute or regulation are PCII, SSI, etc. The DHS Sensitive Systems Policy Directive 4300A and the DHS 4300A Sensitive Systems Handbook provide the policies and procedures on security for Information Technology (IT) resources. The DHS Handbook for Safeguarding Sensitive Personally Identifiable Information provides guidelines to help safeguard SPII in both paper and electronic form. DHS Instruction Handbook 121-01-007 Department of Homeland Security Personnel Suitability and Security Program establishes procedures, program responsibilities, minimum standards, and reporting protocols for the DHS Personnel Suitability and Security Program.


(2) The Contractor shall not use or redistribute any sensitive information processed, stored, and/or transmitted by the Contractor except as specified in the contract.


(3) All Contractor employees with access to sensitive information shall execute DHS Form 11000-6, Department of Homeland Security Non-Disclosure Agreement (NDA), as a condition of access to such information. The Contractor shall maintain signed copies of the NDA for all employees as a record of compliance. The Contractor shall provide copies of the signed NDA to the Contracting Officer's Representative (COR) no later than two (2) days after execution of the form.


(4) The Contractor's invoicing, billing, and other recordkeeping systems maintained to support financial or other administrative functions shall not maintain SPII. It is acceptable to maintain in these systems the names, titles and contact information for the COR or other Government personnel associated with the administration of the contract, as needed.


(e) Authority to Operate. The Contractor shall not input, store, process, output, and/or transmit sensitive information within a Contractor IT system without an Authority to Operate (ATO) signed by the Headquarters or Component CIO, or designee, in consultation with the Headquarters or Component Privacy Officer. Unless otherwise specified in the ATO letter, the ATO is valid for three (3) years. The Contractor shall adhere to current Government policies, procedures, and guidance for the Security Authorization (SA) process as defined below.


(1) Complete the Security Authorization process. The SA process shall proceed according to the DHS Sensitive Systems Policy Directive 4300A (Version 11.0, April 30, 2014), or any successor publication, DHS 4300A Sensitive Systems Handbook (Version 9.1, July 24, 2012), or any successor publication, and the Security Authorization Process Guide including templates.


(i) Security Authorization Process Documentation. SA documentation shall be developed using the Government provided Requirements Traceability Matrix and Government security documentation templates. SA documentation consists of the following: Security Plan, Contingency Plan, Contingency Plan Test Results, Configuration Management Plan, Security Assessment Plan, Security Assessment Report, and Authorization to Operate Letter. Additional documents that may be required include a Plan(s) of Action and Milestones and Interconnection Security Agreement(s). During the development of SA documentation, the Contractor shall submit a signed SA package, validated by an independent third party, to the COR for acceptance by the Headquarters or Component CIO, or designee, at least thirty (30) days prior to the date of operation of the IT system. The Government is the final authority on the compliance of the SA package and may limit the number of resubmissions of a modified SA package. Once the ATO has been accepted by the Headquarters or Component CIO, or designee, the Contracting Officer shall incorporate the ATO into the contract as a compliance document. The Government's acceptance of the ATO does not alleviate the Contractor's responsibility to ensure the IT system controls are implemented and operating effectively.

(ii) Independent Assessment. Contractors shall have an independent third party validate the security and privacy controls in place for the system(s). The independent third party shall review and analyze the SA package, and report on technical, operational, and management level deficiencies as outlined in NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations. The Contractor shall address all deficiencies before submitting the SA package to the Government for acceptance.


(iii) Support the completion of the Privacy Threshold Analysis (PTA) as needed. As part of the SA process, the Contractor may be required to support the Government in the completion of the PTA. The requirement to complete a PTA is triggered by the creation, use, modification, upgrade, or disposition of a Contractor IT system that will store, maintain and use PII, and must be renewed at least every three (3) years. Upon review of the PTA, the DHS Privacy Office determines whether a Privacy Impact Assessment (PIA) and/or Privacy Act System of Records Notice (SORN), or modifications thereto, are required. The Contractor shall provide all support necessary to assist the Department in completing the PIA in a timely manner and shall ensure that project management plans and schedules include time for the completion of the PTA, PIA, and SORN (to the extent required) as milestones. Support in this context includes responding timely to requests for information from the Government about the use, access, storage, and maintenance of PII on the Contractor's system, and providing timely review of relevant compliance documents for factual accuracy. Information on the DHS privacy compliance process, including PTAs, PIAs, and SORNs, is accessible at http://www.dhs.gov/privacy-compliance.

(2) Renewal of ATO. Unless otherwise specified in the ATO letter, the ATO shall be renewed every three (3) years. The Contractor is required to update its SA package as part of the ATO renewal process. The Contractor shall update its SA package by one of the following methods:

(1) Updating the SA documentation in the DHS automated information assurance tool for acceptance by the Headquarters or Component CIO, or designee, at least 90 days before the ATO expiration date for review and verification of security controls; or (2) Submitting an updated SA package directly to the COR for approval by the Headquarters or Component CIO, or designee, at least 90 days before the ATO expiration date for review and verification of security controls. The 90 day review process is independent of the system production date and therefore it is important that the Contractor build the review into project schedules. The reviews may include onsite visits that involve physical or logical inspection of the Contractor environment to ensure controls are in place.


(3) Security Review. The Government may elect to conduct random periodic reviews to ensure that the security requirements contained in this contract are being implemented and enforced. The Contractor shall afford DHS, the Office of the Inspector General, and other Government organizations access to the Contractor's facilities, installations, operations, documentation, databases and personnel used in the performance of this contract. The Contractor shall, through the Contracting Officer and COR, contact the Headquarters or Component CIO, or designee, to coordinate and participate in review and inspection activity by Government organizations external to the DHS. Access shall be provided, to the extent necessary as determined by the Government, for the Government to carry out a program of inspection, investigation, and audit to safeguard against threats and hazards to the integrity, availability and confidentiality of Government data or the function of computer systems used in performance of this contract and to preserve evidence of computer crime.


(4) Continuous Monitoring. All Contractor-operated systems that input, store, process, output, and/or transmit sensitive information shall meet or exceed the continuous monitoring requirements identified in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The plan is updated on an annual basis. The Contractor shall also store monthly continuous monitoring data at its location for a period not less than one year from the date the data is created. The data shall be encrypted in accordance with FIPS 140-2 Security Requirements for Cryptographic Modules and shall not be stored on systems that are shared with other commercial or Government entities. The Government may elect to perform continuous monitoring and IT security scanning of Contractor systems from Government tools and infrastructure.


(5) Revocation of ATO. In the event of a sensitive information incident, the Government may suspend or revoke an existing ATO (either in part or in whole). If an ATO is suspended or revoked in accordance with this provision, the Contracting Officer may direct the Contractor to take additional security measures to secure sensitive information. These measures may include restricting access to sensitive information on the Contractor IT system under this contract. Restricting access may include disconnecting the system processing, storing, or transmitting the sensitive information from the Internet or other networks or applying additional security controls.

(6) Federal Reporting Requirements. Contractors operating information systems on behalf of the Government or operating systems containing sensitive information shall comply with Federal reporting requirements. Annual and quarterly data collection will be coordinated by the Government. Contractors shall provide the COR with requested information within three (3) business days of receipt of the request. Reporting requirements are determined by the Government and are defined in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The Contractor shall provide the Government with all information to fully satisfy Federal reporting requirements for Contractor systems.

(f) Sensitive Information Incident Reporting Requirements.

(1) All known or suspected sensitive information incidents shall be reported to the Headquarters or Component Security Operations Center (SOC) within one hour of discovery in accordance with 4300A Sensitive Systems Handbook Incident Response and Reporting requirements. When notifying the Headquarters or Component SOC, the Contractor shall also notify the Contracting Officer, COR, Headquarters or Component Privacy Officer, and US-CERT using the contact information identified in the contract. If the incident is reported by phone or the Contracting Officer's email address is not immediately available, the Contractor shall contact the Contracting Officer immediately after reporting the incident to the Headquarters or Component SOC. The Contractor shall not include any sensitive information in the subject or body of any e-mail. To transmit sensitive information, the Contractor shall use FIPS 140-2 Security Requirements for Cryptographic Modules compliant encryption methods to protect sensitive information in attachments to email. Passwords shall not be communicated in the same email as the attachment. A sensitive information incident shall not, by itself, be interpreted as evidence that the Contractor has failed to provide adequate information security safeguards for sensitive information, or has otherwise failed to meet the requirements of the contract.


(2) If a sensitive information incident involves PII or SPII, in addition to the reporting requirements in 4300A Sensitive Systems Handbook Incident Response and Reporting, Contractors shall also provide as many of the following data elements that are available at the time the incident is reported, with any remaining data elements provided within 24 hours of submission of the initial incident report:


(i) Data Universal Numbering System (DUNS);
(ii) Contract numbers affected unless all contracts by the company are affected;
(iii) Facility CAGE code if the location of the event is different than the prime contractor location;
(iv) Point of contact (POC) if different than the POC recorded in the System for Award Management (address, position, telephone, email);
(v) Contracting Officer POC (address, telephone, email);
(vi) Contract clearance level;
(vii) Name of subcontractor and CAGE code if this was an incident on a subcontractor network;
(viii) Government programs, platforms or systems involved;
(ix) Location(s) of incident;
(x) Date and time the incident was discovered;
(xi) Server names where sensitive information resided at the time of the incident, both at the Contractor and subcontractor level;
(xii) Description of the Government PII and/or SPII contained within the system;
(xiii) Number of people potentially affected and the estimate or actual number of records exposed and/or contained within the system; and
(xiv) Any additional information relevant to the incident.

(g) Sensitive Information Incident Response Requirements.

(1) All determinations related to sensitive information incidents, including response activities, notifications to affected individuals and/or Federal agencies, and related services (e.g., credit monitoring) will be made in writing by the Contracting Officer in consultation with the Headquarters or Component CIO and Headquarters or Component Privacy Officer.

(2) The Contractor shall provide full access and cooperation for all activities determined by the Government to be required to ensure an effective incident response, including providing all requested images, log files, and event information to facilitate rapid resolution of sensitive information incidents.


(3) Incident response activities determined to be required by the Government may include, but are not limited to, the following:


(i) Inspections,
(ii) Investigations,
(iii) Forensic reviews, and
(iv) Data analyses and processing.


(4) The Government, at its sole discretion, may obtain the assistance from other Federal agencies and/or third-party firms to aid in incident response activities.

(h) Additional PII and/or SPII Notification Requirements.

(1) The Contractor shall have in place procedures and the capability to notify any individual whose PII resided in the Contractor IT system at the time of the sensitive information incident not later than 5 business days after being directed to notify individuals, unless otherwise approved by the Contracting Officer. The method and content of any notification by the Contractor shall be coordinated with, and subject to prior written approval by the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, utilizing the DHS Privacy Incident Handling Guidance. The Contractor shall not proceed with notification unless the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, has determined in writing that notification is appropriate.

(2) Subject to Government analysis of the incident and the terms of its instructions to the Contractor regarding any resulting notification, the notification method may consist of letters to affected individuals sent by first class mail, electronic means, or general public notice, as approved by the Government. Notification may require the Contractor's use of address verification and/or address location services. At a minimum, the notification shall include:


(i) A brief description of the incident;
(ii) A description of the types of PII and SPII involved;
(iii) A statement as to whether the PII or SPII was encrypted or protected by other means;
(iv) Steps individuals may take to protect themselves;
(v) What the Contractor and/or the Government are doing to investigate the incident, to mitigate the incident, and to protect against any future incidents; and
(vi) Information identifying who individuals may contact for additional information.


(i) Credit Monitoring Requirements. In the event that a sensitive information incident involves PII or SPII, the Contractor may be required to, as directed by the Contracting Officer:

(1) Provide notification to affected individuals as described above; and/or


(2) Provide credit monitoring services to individuals whose data was under the control of the Contractor or resided in the Contractor IT system at the time of the sensitive information incident for a period beginning the date of the incident and extending not less than 18 months from the date the individual is notified. Credit monitoring services shall be provided from a company with which the Contractor has no affiliation. At a minimum, credit monitoring services shall include:


(i) Triple credit bureau monitoring;
(ii) Daily customer service;
(iii) Alerts provided to the individual for changes and fraud; and
(iv) Assistance to the individual with enrollment in the services and the use of fraud alerts; and/or


(3) Establish a dedicated call center. Call center services shall include:


(i) A dedicated telephone number to contact customer service within a fixed period;
(ii) Information necessary for registrants/enrollees to access credit reports and credit scores;
(iii) Weekly reports on call center volume, issue escalation (i.e., those calls that cannot be handled by call center staff and must be resolved by call center management or DHS, as appropriate), and other key metrics;
(iv) Escalation of calls that cannot be handled by call center staff to call center management or DHS, as appropriate;
(v) Customized FAQs, approved in writing by the Contracting Officer in coordination with the Headquarters or Component Chief Privacy Officer; and
(vi) Information for registrants to contact customer service representatives and fraud resolution representatives for credit monitoring assistance.
(j) Certification of Sanitization of Government and Government-Activity-Related Files and Information. As part of contract closeout, the Contractor shall submit the certification to the COR and the Contracting Officer following the template provided in NIST Special Publication 800-88 Guidelines for Media Sanitization.

INFORMATION TECHNOLOGY SECURITY AND PRIVACY TRAINING (MAR 2015)


(a) Applicability. This clause applies to the Contractor, its subcontractors, and Contractor employees (hereafter referred to collectively as "Contractor"). The Contractor shall insert the substance of this clause in all subcontracts.


(b) Security Training Requirements.


(1) All users of Federal information systems are required by Title 5, Code of Federal Regulations, Part 930.301, Subpart C, as amended, to be exposed to security awareness materials annually or whenever system security changes occur, or when the user's responsibilities change. The Department of Homeland Security (DHS) requires that Contractor employees take an annual Information Technology Security Awareness Training course before accessing sensitive information under the contract. Unless otherwise specified, the training shall be completed within thirty (30) days of contract award and be completed on an annual basis thereafter not later than October 31st of each year. Any new Contractor employees assigned to the contract shall complete the training before accessing sensitive information under the contract. The training is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors. The Contractor shall maintain copies of training certificates for all Contractor and subcontractor employees as a record of compliance. Unless otherwise specified, initial training certificates for each Contractor and subcontractor employee shall be provided to the Contracting Officer's Representative (COR) not later than thirty (30) days after contract award. Subsequent training certificates to satisfy the annual training requirement shall be submitted to the COR via e-mail notification not later than October 31st of each year. The e-mail notification shall state the required training has been completed for all Contractor and subcontractor employees.


(2) The DHS Rules of Behavior apply to every DHS employee, Contractor and subcontractor that will have access to DHS systems and sensitive information. The DHS Rules of Behavior shall be signed before accessing DHS systems and sensitive information. The DHS Rules of Behavior is a document that informs users of their responsibilities when accessing DHS systems and holds users accountable for actions taken while accessing DHS systems and using DHS Information Technology resources capable of inputting, storing, processing, outputting, and/or transmitting sensitive information. The DHS Rules of Behavior is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors. Unless otherwise specified, the DHS Rules of Behavior shall be signed within thirty (30) days of contract award. Any new Contractor employees assigned to the contract shall also sign the DHS Rules of Behavior before accessing DHS systems and sensitive information. The Contractor shall maintain signed copies of the DHS Rules of Behavior for all Contractor and subcontractor employees as a record of compliance. Unless otherwise specified, the Contractor shall e-mail copies of the signed DHS Rules of Behavior to the COR not later than thirty (30) days after contract award for each employee. The DHS Rules of Behavior will be reviewed annually and the COR will provide notification when a review is required. (c) Privacy Training Requirements. All Contractor and subcontractor employees that will have access to Personally Identifiable Information (PII) and/or Sensitive PII (SPII) are required to take Privacy at DHS: Protecting Personal Information before accessing PII and/or SPII. The training is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors.


Training shall be completed within thirty (30) days of contract award and be completed on an annual basis thereafter not later than October 31st of each year. Any new Contractor employees assigned to the contract shall also complete the training before accessing PII and/or SPII. The Contractor shall maintain copies of training certificates for all Contractor and subcontractor employees as a record of compliance. Initial training certificates for each Contractor and subcontractor employee shall be provided to the COR not later than thirty (30) days after contract award. Subsequent training certificates to satisfy the annual training requirement shall be submitted to the COR via e-mail notification not later than October 31st of each year. The email notification shall state the required training has been completed for all Contractor and subcontractor employees.


Additional contract terms and conditions applicable to this procurement are:

IDENTIFICATION OF GOVERNMENT OFFICIALS:

The Government Officials assigned to this contract are as follows:

Administrative Contracting Officer:

Name: Gary P. Topper

Phone: 301-447-7280

Email: gary.topper@fema.dhs.gov

Administrative Contract Specialist:

Name: James Suerdieck

Phone: 301-447-7244

Email: james.suerdieck@fema.dhs.gov

Technical Point of Contact hereby delegated authority to accept goods and services and review and approve invoices for this contract:

Name: TBD

Phone: TBD

Email: TBD



TECHNICAL DIRECTION AND SURVEILLANCE

(a) Performance of the work under this contract shall be subject to the surveillance and written technical direction of the Contracting Officer's Representative (COR), who shall be specifically appointed by the Contracting Officer in writing. Technical direction is defined as a directive to the Contractor which approves approaches, solutions, designs, or refinements; fills in details or otherwise completes the general description of work of documentation items; shifts emphasis among work areas or tasks; or otherwise furnishes guidance to the Contractor. Technical direction includes the process of conducting inquiries, requesting studies, or transmitting information or advice by the COR, regarding matters within the general tasks and requirements in this contract.

(b) The COR does not have the authority to, and shall not, issue any technical direction which:

(1) Constitutes an assignment of additional work outside the Performance Work Statement;

(2) Constitutes a change as defined in the contract clause entitled "Changes";

(3) In any manner causes an increase or decrease in the total fixed price or the time required for contract performance;

(4) Changes any of the expressed terms, conditions, or specifications of the contract; or

(5) Interferes with the Contractor's right to perform the specifications of the contract.

(c) All technical directions shall be issued in writing by the COR.

(d) The Contractor shall proceed promptly with the performance of technical directions duly issued by the COR in the manner prescribed by this clause and within his/her authority under the provisions of this clause. Any instruction or direction by the COR which falls within one, or more, of the categories defined in (b)(1) through (5) above, shall cause the Contractor to notify the Contracting Officer in writing within five (5) working days after receipt of any such instruction or direction and shall request the Contracting Officer to modify the contract accordingly. Upon receiving the notification from the Contractor, the Contracting Officer shall either issue an appropriate contract modification within a reasonable time or advise the Contractor in writing within thirty (30) days after receipt of the Contractor's Letter that:

(1) the technical direction is rescinded in its entirety

(2) the technical direction is within the scope of the contract, does not constitute a change under the "Changes" clause of the contract and that the Contractor should continue with the performance of the technical direction.

(e) A failure of the Contractor and Contracting Officer to agree that the technical direction is within scope of the contract, or a failure to agree upon the contract action to be taken with respect thereto shall be subject to the provisions of the "Disputes" clause of this contract.

(f) Any action(s) taken by the Contractor in response to any direction given by any person other than the Contracting Officer or the COR whom the Contracting Officer shall appoint shall be at the Contractor's risk.


(g) Performance of the work under this contract shall also be subject to the surveillance of Technical Monitors, as directed by the COR.



BILLING INSTRUCTIONS (JUN 2014)

Contractors will use Standard Form 1034 (Public Voucher for Purchases and Services Other Than Personal) located at http://www.gsa.gov/portal/forms/type/SF when submitting a payment request. A payment request means any invoice or request for contract financing payment requesting reimbursement for supplies or services rendered. The Contractor shall not be paid more frequently than on a twice monthly basis.

Contractors must submit vouchers electronically in pdf format to the FEMA Finance Center at:


FEMA-Finance-Vendor-Payments@fema.dhs.gov.


A copy of the voucher must be submitted electronically to the contracting officer identified within this contract. The submission of vouchers electronically will reduce correspondence and other causes for delay to a minimum and will facilitate prompt payment to the Contractor. Paper vouchers mailed to the finance center will not be processed for payment. If the Contractor is unable to submit a payment request in electronic form, the contractor shall submit the payment request using a method mutually agreed to by the Contractor, the Contracting Officer, and the payment office.


DEFECTIVE OR IMPROPER INVOICES (JUN 2014)

Name, title, phone number, and email of officials of the business concern who are to be notified when the Government receives an improper invoice.


__To be provided by contractor__________________
___________________________________________
___________________________________________



INVOICE APPROVAL (JUN 2014)

The following FEMA individual (in addition to the Contracting Officer) is hereby delegated authority to accept goods and services and to review and approve invoices for this contract:

Authorized Invoice Approver

Name: TBD
Title: TBD
Phone: TBD
Email: TBD


INVOICE INSTRUCTIONS (JUN 2014)

Invoices shall be submitted as follows:

Contractors will use Standard Form 1034 (Public Voucher for Purchases and Services Other Than Personal) and SF 1035 Continuation sheet when requesting payment for supplies or services rendered. The voucher must provide a description of the supplies or services, by line item (if applicable), quantity, unit price, and total amount. The item description, unit of measure, and unit price must match those specified in the contract. Invoices that do not match the line item pricing in the contract will be considered improper and will be returned to the Contractor.

SF 1034 and 1035 instructions:

SF 1034--Fixed Price

The information which a contractor is required to submit in its Standard Form 1034 is set forth as follows:

(1) U.S. Department, Bureau, or establishment and location insert the names and address of the servicing finance office unless the contract specifically provides otherwise.

(2) Date Voucher Prepared - insert date on which the public voucher is prepared and submitted.

(3) Contract/Delivery Order Number and Date - insert the number and date of the contract and delivery order, if applicable, under which reimbursement is claimed.

(4) Requisition Number and Date - leave blank.

(5) Voucher Number - insert the appropriate serial number of the voucher. A separate series of consecutive numbers, beginning with Number 1, shall be used by the contractor for each new contract. When an original voucher was submitted, but not paid in full because of suspended costs, resubmission vouchers should be submitted in a separate invoice showing the original voucher number and designated with the letter "R" as the last character of the number. If there is more than one resubmission, use the appropriate suffix (R2, R3, etc.) The last voucher of every contract or task order should be marked with the next sequential number, with the words "FINAL" (e.g. Invoice No. 1234-FINAL).

(6) Schedule Number; Paid By; Date Invoice Received - leave blank.

(7) Discount Terms - enter terms of discount, if applicable.

(8) Payee's Account Number - this space may be used by the contractor to record the account or job number(s) assigned to the contract or may be left blank.

(9) Payee's Name and Address - show the name of the contractor exactly as it appears in the contract and its correct address, except when an assignment has been made by the contractor, or the right to receive payment has been restricted, as in the case of an advance account. When the right to receive payment is restricted, the type of information to be shown in this space shall be furnished by the Contracting Officer.

(10) Shipped From; To; Weight Government B/L Number - insert for supply contracts.

(11) Date of Delivery or Service - show the month, day and year, beginning and ending dates of supplies or services delivered.

(12) Articles and Services - insert the following: "For detail, see Standard Form 1035 total amount claimed transferred from Page ___ of Standard Form 1035." Type the following certification, signed by an authorized official, on the face of the Standard Form 1034.

"I certify that all payments requested are for
appropriate purposes and in accordance with the
agreements set forth in the contract."

_______________________ _________
(Name of Official) (Title)

(13) Quantity; Unit Price - insert for supply contracts.

(14) Amount - insert the amount claimed for the period indicated in (11) above. This amount should be transferred from the total per the SF 1035 Continuation Sheet.

INVOICE PREPARATION INSTRUCTIONS SF 1035

The SF 1035 will be used to identify the specific item description, quantities, unit of measure, and prices for each category of deliverable item or service. Suitable self-designed forms may be submitted instead of the SF 1035 as long as they contain the information required.

The information which a contractor is required to submit in its Standard Form 1035 is set forth as follows:

U.S. Department, Bureau, or Establishment - insert the name and address of the servicing finance office.

Voucher Number - insert the voucher number as shown on the Standard Form 1034.

Schedule Number - leave blank.

Sheet Number - insert the sheet number if more than one sheet is used in numerical sequence. Use as many sheets as necessary to show the information required.

Number and Date of Order - insert payee's name and address as in the Standard Form 1034.

Articles or Services - insert the contract number as in the Standard Form 1034.

Amount - insert the total quantities contract value, and amount and type of fee payable (as applicable).

A summary of claimed current and cumulative goods and services delivered and accepted to date. - Invoices shall include an itemization of all goods and services delivered and accepted for the period by item and by CLIN. Each invoice shall include sufficient detail to identify goods and services as compared to and in accordance with contract terms and conditions. Invoices that do not match the line item pricing in the contract will be considered improper and returned to the contractor. In addition, each invoice shall detail the total charges by showing current and cumulative goods and services both currently invoiced and cumulative to date.


ATTACHMENTS:


Attachment 1 - Statement of Work (SOW)


PROPOSAL PREPARATION INSTRUCTIONS:


A. GENERAL INSTRUCTIONS

1. Any resultant contract shall include the general provisions applicable to the selected offeror's organization and type of contract awarded. Any additional clauses required by public law, executive order, or acquisition regulations, in effect at the time of execution of the proposed contract, shall be included.

2. The proposal shall be prepared in two (2) parts: a "Technical Proposal" and "Business Proposal". Each of the parts shall be separate and complete in itself so that evaluation of one may be accomplished independently from evaluation of the other. The technical proposal (Volume 1) must not

    1. Home
    2. Articles
    3. Login or Register

    4. Search

    5. Add/Announce your RFP