SSA Electronic Remittance System Total Solution
Background:
The purpose of this Request for Information (RFI) from the Social Security Administration (SSA) is to identify responsible vendors who can provide support for the Social Security Electronic Remittance System (SERS). SERS provides over 1200 field offices with an automated solution to collect, track, record, and report on fees collected for providing various non-programmatic services and remittances collected for programmatic debt. A key part of SERS is an E-Commerce software solution implemented in Oracle iStore, which has been configured to allow SSA employees via SSA Intranet to utilize it as a point-of-sale user interface. This software is integrated with SSA's accounting system, the Social Security Online Accounting and Reporting System (SSOARS), which is based on Oracle's Federal Financials E-Business Suite (EBS) Software. The accepted methods of payment for SERS remittances are check, money order, credit card and debit card. The SERS solution complies with Payment Card Industry Data Security Standard (PCI DSS). SSA employees login via single sign-on, and users are setup in SERS via a user provisioning utility that uses EBS application programming interfaces to create users based on a daily feed from a user source of truth.
SERS uses the following Oracle technologies: Oracle iStore, Oracle Order Management, Oracle Inventory Management, Oracle Business Intelligence Suite Enterprise Edition Plus (OBIEE), Oracle Identity Manager Connector - Oracle E-Business, Oracle Identity and Access Management Suite Plus, Oracle SOA Suite, Oracle Application Express, Oracle Configurator, and Oracle Advanced Security Transparent Data Encryption.
Additionally, a gateway services vendor, CardConnect LLC (CardConnect), provides support for plastic card authorization/verification purposes. Using the latest in encryption technology, SERS and CardConnect utilize Point-to-Point Encryption (P2PE) to tokenize the card holder data. CardConnect accesses the Department of the Treasury's (Treasury) designated payment processor, Vantiv LLC (Vantiv), which handles immediate authorization processing and sends approval information back to SERS to complete the order. No cardholder information is stored in SERS or in the SSOARS database beyond card token.
SERS utilizes leased Ingenico iPP320 EMV card reader devices, provided by CardConnect, preloaded with encryption keys and other firmware required to enable P2PE. SERS also uses SSA owned RDM EC7000i check readers. SERS contains a number of interfaces to enable all of the features described above, as well as assist with other SSA business processes: web service interface with Treasury's Over the Counter Channel (OTCnet) batch check upload and deposit ticket number download, outbound flat file batch interface with SSA Earnings Modernization for Itemized Statement of Earnings Request (EMISER) system, outbound flat file batch interface with SSA Debt Management System (DMS), and web service interface with SSA Debt Web Service.
Objective:
SSA seeks information in the form of clear and definitive written documentation describing a vendor's capabilities to provide the support for the existing SERS solution including the mandatory requirements listed below. Responses must address each of the requirements listed below in sufficient detail to enable SSA to determine current market capabilities. Support services from the vendor for maintenance of SERS and enhancements to the system implementation and integration of the entire SERS solution will be required.
Mandatory Requirements:
Your response must address the following requirements:
The contractor's solution shall:
1) Provide maintenance of the current SERS solution as described above, specifically in the following areas:
a) Maintain, troubleshoot, bug fix and customize/extend Federal Oracle E-Business Suite implementation in the Account Receivable and iStore modules. This includes work on both underlying functionality as well as forms.
b) Maintain, troubleshoot, bug fix and enhance existing check scanning functionality using already acquired software and check scanner devices. This will include interaction with replacement check scanner devices, but purchase of these replacements has not been completed and would be sought separate from this project.
c) Maintain, troubleshoot, bug fix and enhance existing interfaces with Treasury's OTCNet system for offline interface of business checks, personal checks, and money orders (which submit checks to Treasury as well as receive back deposit ticket information from Treasury); interface with CardConnect for card tokenization, authorization, and settlement; interface with SSA Debt Web Service; and flat-file generation for batch interfaces with EMISER and DMS.
d) Maintain, troubleshoot, bug fix and enhance existing multiple dashboards of remittance information in OBIEE.
e) Maintain, troubleshoot, bug fix and enhance existing Oracle Application Express (APEX) forms for processing refund requests and querying booked orders.
f) Maintain, troubleshoot, bug fix and enhance existing single sign on and user provisioning. The feed of users from SSA source of truth is out of scope. The feed updates a custom table in EBS Oracle database. In scope is the processing of records from this daily feed to add, drop, and change user records as appropriate.
2) Conduct planning and analysis, and eventually develop, new iStore screens in SERS to expand the use of SERS to process other collection types at the agency, including but not limited to: processing credit card payments from the SSA Program Centers and creating the capability to book recurring orders in SERS with recurring credit/debit card changes.
3) Establish and maintain a subcontracting relationship with the existing gateway service vendor, CardConnect, to continue to provide gateway services, tokenization services, and maintain our current card swipe device leases. This must include the continued use of existing card swipe hardware currently leased to SSA, and should include up to one replacement of the card swipe devices over the life of the contract if a hardware upgrade is required to maintain compliance with PCI DSS and/or P2PE.
4) Maintain PCI DSS and P2PE compliance in the overall SERS solution. With respect to all cardholder information used to process transactions in SERS, the SERS solution must keep all non-SERS hardware out of PCI DSS scope.
5) Provide training to core SERS subject matter experts (SMEs) for any new features or functionality developed.
6) Create new training materials and update existing training materials for end users for any new features or functionality developed.
7) Create new system documentation materials and update existing system documentation materials for application administrators and SMEs for any new features or functionality developed
8) Update and maintain an application-level baseline configuration document in BR-100 format. SSA would consider an alternative format for baseline configuration documentation, but only if it enhanced the ability to perform validation of the baseline configuration for audit purposes.
Summary:
This is a sources sought announcement, and is a market survey for written documentation only. This is not a solicitation announcement for proposals and no contract will be awarded resulting directly from this announcement. No reimbursement will be made for any costs associated with providing information in response to this announcement or any follow-up information requests. No telephone calls will be accepted requesting a bid package or solicitation. There is no bid package or solicitation.
This synopsis is for planning purposes only and is NOT to be construed as a commitment by the Government. Responses to this sources sought/market research notice will be used by the Government to make appropriate acquisition decisions. All interested sources must respond to future solicitation announcements separately from responses to this market survey.
Interested sources that believe they have the ability to provide the items and perform the services listed above should submit a detailed statement of their capabilities in writing to Monica M. Yankle, Contract Specialist. Responses must be sent electronically via email to Katherine.Medeiros@ssa.gov. Include "DCS-18-377B0" in the e-mail subject line. No telephone responses will be accepted. Responses must be received by 1:00 p.m. EDT on November 22, 2017.
Contract Specialist
Katherine.Medeiros@ssa.gov
No Phone Calls
Katherine B. Medeiros, Phone 4109651067, Email katherine.medeiros@ssa.gov
