The RFP Database
New business relationships start here

This request for information/Sources Sought notice is for "RDM 17-2 TO12"


Ohio, United States
Government : Homeland Security
RFP
Go to the link
This document has expired, therefore the above link may no longer work.

STATEMENT OF WORK

DEPARTMENT OF VETERANS AFFAIRS
VETERANS HEALTH ADMINISTRATION
OFFICE OF INFORMATICS AND INFORMATION GOVERNANCE
STRATEGIC INVESTMENT MANAGEMENT
REQUIREMENTS DEVELOPMENT AND MANAGEMENT

REQUIREMENTS ANALYSIS COMPREHENSIVE SERVICES
TASK ORDER 12

Date:
PWS Version Number: 0.5
PWS TABLE OF CONTENTS:
1.0 Background 3
2.0 Applicable Documents 5
3.0 Scope of Work 6
3.1 Changes to the PWS 6
4.0 Peformance Details 6
4.1 Performance Period 7
4.2 Place of Performance 8
4.3 Travel 8
5.0 Tasks and Deliverables 9
5.1 Project Management of Contractor Activities 10
5.2 Level 1: Assessment and Validation of a Business Need or Opportunity 11
5.3 Level 2: Generation of BRD 12
5.5 Level 3: Generation of RED 12
5.6 Technical Writing 13
5.7 FDS 13
5.8 Tooling Support & Reporting 14
6.0 General Requirements 15
6.1 Contractor Personnel Security Requirements 15
6.2 Method and Distribution of Deliverables 18
6.3 Performance Meterics: 18
7.0 SCHEDULE FOR DELIVERABLES 18

BACKGROUND
Requirements Development and Management (RDM) Service, under Strategic Investment Management (SIM), Office of Informatics and Analytics (OIA) has a primary responsibility to gather, evaluate, analyze and document clinical and business requirements in support of VHA business users. RDM provides four (4) functional support roles to SIM, which are described in further detail below: Requirements Analysis, Requirements Elaboration, Field Developed Software, and Tooling Support & Reporting. Technical writing and technical writing reviews of documents, executive-level briefs and communications are also performed in support of these four (4) areas. The technical writing review process for business requirements documentation follows a scorecard methodology that utilizes a separate portion for each level of review. Once updates to the document have been accepted, it moves on to the next level of review.

RDM supports Veterans Health Administration (VHA) Program Offices and Veterans Affairs (VA) Offices in the development of business requirements for IT solutions and the management of their requirements. RDM works collaboratively with other Office of Informatics and Analytics (OIA) offices, including Applied Informatics Management (AIM) staff, AIM acts as an advocate, liaison and facilitator organization that represents VHA in the identification and acquisition of technology enhancements to improve Veteran services. AIM consists of functional groups that work together to organize current and future business knowledge and provide facilitation/oversight for business users throughout the Information Technology (IT) system s lifecycle.

A high-level description of the processes and outputs for each of the four (4) functional support areas is described below:

Requirements Analysis Elicits and guides VHA stakeholders in the definition and documentation of high-level business requirements. Requests for software or software enhancements are received through the RDM New Service Request (NSR) website portal and are reviewed for completeness by RDM. The request is then assigned to a Business Analyst, who schedules conference calls with the requester for the purpose of understanding the business needs, and associated risks of not addressing those needs through an IT solution. All information obtained through requester interviews are documented within the New Service Request Database (NSRD). The NSRD is a tool used by VHA Program Offices and field staff to enter enhancement requests for current and future IT systems and to obtain up to date status information for requests previously submitted. This information is then shared with SIM, OIA and Program Office staff, so that they may determine the validity and priority of the request as it relates to VHA and VA Operating Plans, Patient Safety and/or support of core application processes. The database also includes linkages to databases maintained and supported outside of RDM, such as Business Architecture Repositories. Business needs are then documented within the requirements repository, IBM Rational Requirements Composer (RRC), and attributes are assigned to each business need, including the level of Program Office support and associated Operating Plans (Level 1). RRC is a tool that allows analysts to document and track IT business requirements in support of software development. The tool provides an Enterprise-wide view, strategic traceability, visibility into reuse of existing requirements and dependencies of VHA IT requirements. Periodically, the AIM Portfolio Managers will work with the Program Offices to evaluate the business needs in the requirements repository RRC, and a decision will be made to further the analysis for a set of business needs. In those instances, the selected business needs will be refined into owner requirements through a series of stakeholder meetings. Likewise, owner requirements are populated into the requirements repository (RRC) and are associated to the business need to allow for traceability of requirements. RDM staff aggregate the business and owner requirements into a Business Requirements Document (BRD). BRDs are used to guide and support business decisions to fund IT projects (Level 2). SIM is currently offering Business Case Analysis (BCA) services to support VHA Program Offices as they perform their analysis and documentation of potential investments related to VHA IT systems and portfolios. RDM Business Case Analyses do not contemplate the cost of the work effort, but more the potential benefit to the Government should the decision be made by VA to fund the solution. Therefore, the RDM BCA template follows industry standards, but will require specialized tailoring in terms of cost.

Requirements Elaboration Develops detailed business requirements for approved/funded IT solutions. During Requirements Elaboration, the Business Analysts (typically a facilitator and note taker) conduct a series of meetings with the stakeholders defined within the BRD, as well as other Subject Matter Experts (SMEs) that the stakeholders may identify. Through these stakeholder meetings, the Business Analysts begin the process of refining the business needs and owner requirements identified within the BRD. The Business Analysts develop Business Use Cases and detailed business requirements ( System Shall statements/capabilities) and work collaboratively with the VHA OIA SIM Business Architecture Analysts who provide oversight and support for associated architectural modeling.

Once the Business Analysts have stakeholder approval of the Business Use Cases, all system shall statements/capabilities are documented in the requirements repository (currently RRC) and are associated with the higher-level owner requirements to allow for continued traceability (Level 3). A Requirements Elaboration Document (RED) is created in Rational ClearCase by the Business Analyst that contains the detailed business requirements, Business Use Cases, architectural models and the traceability matrix.

RDM is also supporting the requirements development efforts for the VistA Evolution (VE) project. The requirements for these efforts are being captured in an integrated Business Requirements Document (iBRD), which includes high level and detailed business requirements.

Field Developed Software (FDS) Supports business assessments of VHA innovation efforts by enabling the field to promote locally developed, innovative, value-add products for national use which has made the Veterans Health Information System and Technology Architecture (VistA) so successful.

VHA innovation efforts in the field have resulted in the development of locally developed and deployed software products, herein called Class III. Often the benefit of the local solution is one that is desired on a more global basis. Previously, local Medical Centers have had the ability to directly export their products to other facilities. Recently, the process for sharing Class III products has become more restrictive in order to ensure the integrity and reliability of the VistA databases. Therefore, when a Class III product is desired to be released and supported on a national basis (herein referred to as Class I), the product must be evaluated and certified through an open source certifying agent that it will do no harm. The FDS Business Analyst is responsible for the business assessment of the product that will aid the Program Office and business owners in determining the value of the Class III product for national deployment. A BRD is completed as an output of the analysis. An inventory of Class III products has been developed to store information on the multiple products maintained in the field and is updated by the FDS team members.

Tooling Support & Reporting Supports the NSRD (and RRC) tool.
The NSRD is a series of interconnected web forms that allow the Business Analysts to enter data that supports the processing of requests entered through the NSR webportal. The NSRD provides reports to SIM and AIM on each of the requests submitted and provides the customer-base with a single portal to review past requests and obtain information about the status of open requests. The database also includes linkages to databases maintained and supported outside of RDM, such as Business Architecture Repositories.

APPLICABLE DOCUMENTS
Documents referenced or germane to this Performance Work Statement (PWS) are listed below. The Contractor shall be guided by the information contained in the documents in performance of this PWS.
Office of Management and Budget (OMB) Circular A-123
Federal Information Security Management Act (FISMA) of 2002
Federal Information Processing Standards (FIPS) Pub 201, Personal Identity Verification for Federal Employees and Contractors, February 25, 2005
Privacy Act of 1974
Title VI of the Civil Rights Act of 1964
VA Directive 0710 dated September 10, 2004
VA Directive 6500VA Handbook 6102, Internet/Intranet Services
Health Insurance Portability and Accountability Act (HIPAA); 45 Code of Federal Records (CFR) Part 160, 162, and 164; Health Insurance Reform: Security Standards; Final Rule dated February 20, 2003
Electronic and IT Accessibility Standards (36 CFR 1194)
OMB Circular A-130
United States Code (U.S.C.) B' 552a, as amended
32 CFR 199
An Introductory Resource Guide for Implementing the HIPAA Security Rule, March 2005
Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. B' 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998
Homeland Security Presidential Directive 12 (HSPD-12): Policies for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004.
VA Handbook 6500, Information Security Program
National Bureau of Standards and Technology (NBST) SP500-153, Guide to Auditing for Controls and Security: A System Development Life-Cycle Approach, April 1988
Federal Travel Regulation (FTR) (www.gsa.gov/federaltravelregulation)
National Institute of Standards and Technology (NIST) Special Publications
Guiding Principles for RDM and Business Architecture Process Modeling
SCOPE OF WORK
The contractor shall provide business requirements analysis services for the VHA, OIA SIM RDM Service to VHA stakeholders for Health Care IT systems. Tasks involve eliciting and documenting stakeholder business requirements, which are utilized by VHA to support funding determinations and as a source for development activities. Essential to this work is maintaining accurate and reliable records of the requirements in a requirements repository (currently RRC) maintained by RDM. The scope of the work and the work products are inclusive of requirements management planning activities that support governance processes, as well as detailed requirements elicitation that are the foundation of the design and development phases for funded projects. The specific tasks and deliverables are discussed in the following sections of this Performance Work Statement (PWS):
FUNCTIONAL AREAS
SOW SECTION
Project Management of Contractor Activities
5.1
Level 3: Generation of RED
5.5
Technical Writing
5.6
FDS
5.7
Tooling Support and Reporting
5.8
CHANGES TO THE PWS
Any changes to this PWS shall be authorized and approved only through written correspondence from the Contracting Officer (CO). A copy of each change will be kept in a project folder along with all other products of the project. Costs incurred by the Contractor through the actions or authorizations of parties other than the CO shall be borne by the Contractor.
PEFORMANCE DETAILS
The following describes the performance details associated with this Performance Work Statement (PWS) and RDM Blanket Purchase Agreement (BPA) PWS is hereby incorporated by reference.
PERFORMANCE PERIOD
The performance period for this task order is four (4) months after receipt of security clearance application of personnel. Security Applications shall be completed and submitted within 10 business days after award of this task order. The RDM BPA Performance Work Statement in hereby incorporated by reference. Paragraphs 5.1, 5,5, 5.6, 5.7, and 5.8 referenced below describe the tasks which result in the above deliverables.
The following information is solely an estimate to provide guidance on workload levels during the period of performance. The programs identified are subject to change.
5.1 Project Management Plan (PMP) in accordance with RDM BPA PWS paragraph 5.1.A.
5.5.A Low Complexity RED in accordance with RDM BPA PWS paragraph 5.5.A, deliverable is due Ninety (90) calendar days days after assignment. The programs identified for Low Complexity RED s are as follows: Six (6) work efforts yet to be determined.
5.6.A Technical Review Monthly Report in accordance with RDM BPA PWS paragraphs 5.6.A.
5.7 Class III Quarterly Status Report in accordance with RDM BPA PWS paragraph 5.7.A.
The specific focus of this task is for software waiver requests received by the Open Source office within Strategic Investment Management. These waiver requests are entered by VistA sites for Class III software changes to basic VistA code. The waiver request is to allow the sites to continue using the Class III code after VistA Standardization is executed at the site. The work will require assessment and analysis of the requests to provide information necessary for the software waiver review board to determine the need for the waiver. There is a remaining backlog of 300 waiver requests that need to be processed as quickly as possible, as VHA tries to complete VistA Standardization. Our goal is to complete these by the end of the fiscal year, and in order to do so, we need to assign more than one task within the period of performance. Due to these circumstances, the FDS task for Task Order 12 will be dedicated solely to the processing of waivers.
5.8.C/5.8.D Tool CM Implementation, and Tool CM Maintenance and Minor Enhancements in accordance with RDM BPA PWS paragraphs 5.8.C, and 5.8.D.
PLACE OF PERFORMANCE
The Contractor shall support this effort at Contractor facilities. The Contractor shall provide all equipment needed. On occasion, the Contractor shall be required to work on-site to attend meetings, conduct interviews, etc.; this will be specified in each TO.
The Contractor shall provide all facilities required to support staff assigned to this contract including network connectivity, office space, furniture, personnel support accommodations, etc. The Contractor shall provide contract staff with end user computing equipment including common desktop computing software and hardware to perform the required services. B The VA shall provide VA-specific software such as Virtual Private Network (VPN) and SharePoint access.B B
TRAVEL
There is no travel is expected during the course of performance of this TO.

4.4 TYPE OF ORDER
This is a Firm Fixed Price (FFP) Task Order.
TASKS AND DELIVERABLES
The Contractor shall provide all Tasks and Deliverables described within this document. All deliverables shall be submitted to the COR with a copy to the Post Award CO in accordance with this task order. Unless otherwise stipulated, written deliverables shall be phrased in layperson language. Statistical and other technical terminology shall not be used without providing a glossary of terms. The Contractor shall be responsible for providing the number of copies in the media required by the COTR for each deliverable. Written deliverables shall be submitted in soft copy using Microsoft Office products.

If for any reason, any deliverable cannot be submitted on time, the Contractor shall provide a written explanation to the CO and COR as soon as is known but no later than three (3) business days prior to the deliverable due date. This written transmittal shall include a firm commitment of when the work shall be completed. This transmittal to the CO and COR shall cite the reasons for the delay and the impact on the overall project. Submittal of the impact statement as such does not alleviate the contractor of their responsibility to provide the deliverable on time, nor does submitting the statement constitute an excusable delay. The Contractor shall be responsible for adhering to all pertinent VA standards including, but not limited to, ensuring that all documentation and deliverables are stored on appropriate VA servers within one (1) week of their completion. The Contractor shall use the VA Nationwide Teleconferencing System for all pertinent conference calls, and the VA Exchange server for all pertinent email. Upon assignment of VA email accounts, use of external email accounts for the purpose of VA communications and business shall be limited to emergent use only. The Contractor shall be responsible for adhering to all pertinent VA policies and procedures.




Task
Task Description
PROJECT MANAGEMENT OF CONTRACTOR ACTIVITIES
The Contractor shall assign a PM to provide oversight of all contracted efforts. The PM shall be responsible for ensuring project success, minimizing risk, managing cost and schedule to ensure goals are met throughout the lifecycle of the project and adhering to all Government standards. The PM shall communicate with the COTR on all issues related to project outcomes. Upon issuance of each TO, the Contractor shall present their plan for completing each TO via a Post Award Orientation conference call and webinar including the project approach, schedule, milestones and points of contact. The Post Award Orientation conference call shall be held within five (5) business days after task order award.
The Contractor shall submit one (1) Monthly Progress Report addressing the status of all active TOs. This report shall include, but not be limited to, the following:
Status Summary
Risks, Issues and Action Status (new, open, closed since last report)
Deliverables Schedule status
Contractor staff roster (providing updates as they occur, including personnel and security requirements)
Status of required background investigations
Deliverable
Deliverable Description
Quantity
A
Monthly Progress Report
Monthly Progress Report and updates to PMP
4 each
Task
Task Description
5.5 LEVEL 3: GENERATION OF RED
In support of innovation and continued process quality improvement, the Contractor shall provide elective methodologies and approaches such as requirements visualization and model-driven requirements. Elective approaches should focus on process efficiency, reduced timelines and seek to improve the customer experience.
The Contractor shall elicit detailed business requirements for assigned work efforts. Through facilitated sessions, the Contractor shall elicit and document detailed business requirements. The elicitation process includes identification of detailed business needs, development of business use cases, and documentation of architectural models. Architectural models shall include at least three levels of decomposition for as-is and to-be processes, and Logical-level information models for related information and data. All information gathered through the elicitation process shall be documented within the appropriate SIM repository. In accordance with established guidelines and procedures, the Contractor shall generate a RED or iBRD and use that document to refine requirements and obtain stakeholder concurrence. The Contractor shall provide a final version of the RED or iBRD for review, validation, and approval by AIM and Program Office leadership.
Deliverable
Deliverable Description
Quantity
A
RED for Low Complexity Work Effort
The Contractor shall provide a signed RED including all architectural models for low complexity work efforts. The RED shall be generated using export utilities from within the requirements repository (ReqPro) when the capability exists. If the capability does not yet exist within the requirements repository (RRC), the Contractor shall build the RED using the current RDM-supplied template only after all requirements have been entered into the requirements repository (RRC).
6 each
5.6 TECHNICAL WRITING
The Contractor shall provide technical writing expertise to ensure that all Government initiated requirements documents conform with standard template formats (Attachments 2 &5), are grammatically correct and support a standard level of quality between analysts. The Contractor shall resolve all minor issues and return actionable items to the author by utilizing Track Changes. The Contractor shall complete the technical writing portion of the RDM Scorecard (Attachment 2H) for each document reviewed. The Contractor shall also utilize their expertise in developing Executive-Level Communcations using tools, such as PowerPoint and Microsoft Word, after receiving content from RDM staff.
Deliverable
Deliverable Description
Quantity
A
Technical Review Monthly Status Report
The Contractor shall deliver a monthly status report to include all listing of all documents reviewed with requestor for the month and any issues related to the review process with recommendations for improvements.
4 each
FDS
The specific focus of this task is for software waiver requests received by the Open Source office within Strategic Investment Management. These waiver requests are entered by VistA sites for Class III software changes to basic VistA code. The waiver request is to allow the sites to continue using the Class III code after VistA Standardization is executed at the site. The work will require assessment and analysis of the requests to provide information necessary for the software waiver review board to determine the need for the waiver. There is a remaining backlog of 300 waiver requests that need to be processed as quickly as possible, as VHA tries to complete VistA Standardization. Our goal is to complete these by the end of the fiscal year, and in order to do so, we need to assign more than one task within the period of performance. Due to these circumstances, the FDS task for Task Order 12 will be dedicated solely to the processing of waivers.
Deliverable
Deliverable Description
Quantity
A
Class III Quarterly Status Report
The Contractor shall deliver a Class III NSR quarterly status report to include progress, current status, and any open issues.
3 each
TOOLING SUPPORT & REPORTING
The Contractor shall provide RDM maintenance support of the NSRD (Microsoft SQL Server database, active server pages (ASP), Micrsoft FrontPage or SP Designer), which facilitates tracking of the requests management process.
The Contractor shall complete a comprehensive report of the activities completed in the preceding month including, but not limited to: troubleshooting access/connectivity issues; solutions implemented to address identified bugs; granting access privileges and modifying the web pages to permit access as appropriate; adding or subtracting data fields to forms and reports to support business process changes based on senior management feedback; modifying the customer Submission Form; promoting the database platforms as dictated by VA Web Operations; maintaining current registry integrations with the other linked databases; identifying future risks to the integrity and/or stability of the database and web site functions.
The Contractor shall extract and coordinate data from various tools for the purpose of providing consolidated views of information for RDM to make decisions. The types of tools accessed to develop reports include, but are not limited to, time reporting and tracking, requirements management, project tracking, request tracking, etc. Activities involve running predefined reports as well as creating new reports to support RDM needs.
The Contractor shall use engineering processes and procedures to implement formal Tool Configuration Management (CM) for IBM Rational Jazz Suite to include reports, schemas, and custom utility capabilities and perform tasks associated with supporting CM activities. The implementation phase includes routine maintenance.B The Contractor shall work in accordance with the established Change Management process and provide Tier One support to users of Rational Jazz Suite tools (RRC and Team Concert).B The Contractor shall coordinate activities associated with Change Control Boards, facilitate negotiation of scope changes and determine how each change request/order and action item should be handled.B The Contractor shall author, perform and instruct others on CM activities for change control, configuration identification and configuration status accounting, and appropriate management and support of the system repositories. Post-implementation, the Contractor shall provide CM maintenance and minor enhancements.
Deliverable
Deliverable Description
Quantity
C
Tool CM Implementation
The Contractor shall deliver a comprehensive monthly report describing all activities completed.
4 each
D
Tool CM Maintenance and Minor Enhancements
The Contractor shall deliver a comprehensive monthly report illustrating all activities completed.
4 each

GENERAL REQUIREMENTS

CONTRACTOR PERSONNEL SECURITY REQUIREMENTS
The following security requirements must be addressed regarding Contractor supplied equipment: Contractor supplied equipment, PCs of all types, equipment with hard drives, and so forth for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE).B Security Requirements include:B a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within the VA; Bluetooth must be permanently disabled or removed from the device, and c) Equipment must meet all sanitization requirements and procedures before disposal.B The COTR, CO, PM and the Information Security Officer (ISO) must be notified and verify all security requirements have been adhered to.
Information made available to the Contractor/Sub-Contractor by VA for the performance or administration of this TO or information developed by the Contractor/Sub-Contractor in performance or administration of the TO shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Contractor/Sub-Contractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1).
VA information should not be co-mingled, if possible, with any other data on the Contractors/Sub-Contractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on-site inspections of Contractor and Sub-Contractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements.
Prior to termination or completion of this TO, the Contractor/Sub-Contractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this TO without prior written approval by the VA. Any data destruction done on behalf of VA by a Contractor/Sub-Contractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and the VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA CO within 30 days of termination of the TO.
The Contractor/Sub-Contractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the TO and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the TO, or if NIST issues or updates applicable FIPS or Special Publications after execution of this TO, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this TO.
The Contractor/Sub-Contractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/Sub-Contractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/Sub-Contractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed.
If VA determines that the Contractor has violated any of the information confidentiality, privacy and security provisions of the TO, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party terminate the TO for default or terminate for cause under FAR part 12.
The Contractor/Sub-Contractor must store, transport or transmit VA sensitive information in an encrypted form using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated.
The Contractor/Sub-Contractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request.
Except for uses and disclosures of VA information authorized by this TO for performance of the TO, the Contractor/Sub-Contractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The Contractor/Sub-Contractor must refer all requests for, demands for production of, or inquiries about VA information and information systems to the VA CO for response.
Notwithstanding the provision above, the Contractor/Sub-Contractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the Contractor/Sub-Contractor is in receipt of a court order or other requests for the above mentioned information, that Contractor/Sub-Contractor shall immediately refer such court orders or other requests to the VA CO for response.
For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require Certification and Accreditation (C&A) or a Memorandum of Understanding-Interconnection Service Agreement (MOU-ISA) for system interconnection, the Contractor/Sub-Contractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR.
Position Sensitivity and Background Investigation - The position sensitivity and the level of background investigation commensurate with the required level of access is:
Low/National Agency Check with Written Inquiries (NACI)
Moderate/Minimum Background Investigation (MBI)
High/Background Investigation
Position Sensitivity
Background Investigation (in accordance with 7010 Handbook Appendix A)
Low
A NACI is conducted by the Office of Personnel Management (OPM) and covers a five-year period. It consists of a review of records contained in the OPM Security Investigations Index (SII) and the Department of Defense (DOD) Defense Central Investigations Index (DCII), Federal Bureau of Investigation (FBI) name check, FBI fingerprint check, and written inquiries to previous employers and references listed on the application for employment. In VA it is used for non-sensitive or Low Risk positions.
Moderate
A MBI is conducted by OPM and covers a five-year period. It consists of a review of National Agency Check records [OPM (SII), DOD DCII, FBI name check, and a FBI fingerprint check], a credit report covering a period of five years; written inquiries to previous employers, references listed on the application for employment; an interview with the subject, spouse, neighbors, supervisor, and co-workers; and a verification of the educational degree.
High
Background Investigation. A background investigation is conducted by OPM and covers a 10 year period. It consists of a review of National Agency Check records [OPM SII, DOD DCII, FBI name check, and a FBI fingerprint check report], a credit report covering a period of 10 years, written inquiries to previous employers and references listed on the application for employment; an interview with the subject, spouse, neighbors, supervisor, and co-workers; and a verification of the educational degree.

Contractor Responsibilities:
The Contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain the appropriate Background Investigation, and are able to read, write, speak and understand the English language. The Contractor shall provide the name, address, date of birth, Social Security Number and any other pertinent and relevant information of the Contractor personnel assigned to this project to the COTR and CO prior to Project Kickoff Meeting.
The Contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the OPM, the Contractor shall reimburse VA within 30 calendar days.
The Contractor shall submit or have their personnel submit the required forms (Standard Form (SF) 85P - Questionnaire for Public Trust Positions, SF 85P-S Supplemental Questionnaire for Selected Positions, FD 258, U.S. Department of Justice Fingerprint Applicant Chart, VA Form 0710, Authority for Release of Information Form, Optional Form 306, Declaration for Federal Employment, and Optional Form 612, Optional Application for Federal Employment) to the VA Office of Security and Law Enforcement (OSLE) within 30 calendar days of receipt.
All costs associated with obtaining clearances for Contractor provided personnel shall be the responsibility of the Contractor. Further, the Contractor shall be responsible for the actions of all individuals provided to work for VA under this TO. In the event that damages arise from work performed by Contractor provided personnel, under the auspices of this TO, the Contractor shall be responsible for all resources necessary to remedy the incident.
The Contractor(s) and Contractor Point of Contact (POC) will receive an email notification from the Security and Investigation Center (SIC) identifying the website link that includes detailed instructions regarding completion of the background clearance application process and what level of background clearance was requested. Reminder notifications will be sent if the complete package is not submitted by the due date.
If the security clearance investigation is not completed prior to the start date of the TO, the contract employee may work on the TO with an initiated status while the security clearance is being processed. However, the Contractor shall be responsible for the actions of the Contractor personnel they provide to perform work for the VA. In the event damage arises from work performed by Contractor personnel, under the auspices of the TO, the Contractor shall be responsible for resources necessary to remedy the incident.
The investigative history for Contractor personnel working under this TO must be maintained in the databases of either the OPM or the Defense Industrial Security Clearance Organization.
The Contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration in working under the TO.
Failure to comply with the Contractor personnel security requirements may result in termination of the TO for default.
METHOD AND DISTRIBUTION OF DELIVERABLES
The Contractor shall deliver documentation in electronic format, unless otherwise directed in Section B of the solicitation/TO. Acceptable electronic media include: MS Word 2000/2003/2007, MS Excel 2000/2003/2007, MS PowerPoint 2000/2003/2007, MS Project 2000/2003/2007, MS Access 2000/2003/2007, MS Visio 2000/2002/2003/2007, CAD 2002, and Adobe Postscript Data Format (PDF).
PERFORMANCE METRICS:
The Government will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of each order to ensure that the Contractor is performing the services required by the PWS in an acceptable manner. The government reserves the right to alter or change the QASP at its own discretion. A Performance Based Service Assessment Survey will be used in combination with the QASP to assist the government in determining acceptable performance levels. See attachment titled ATTACHMENT B: RDM 1 Task Order 1 QASP , pages 1- 11 of 11.

SCHEDULE FOR DELIVERABLES
Task
ID
Deliverable Description
Due Date
5.1
A
Monthly Progress Report
5th calendar day of the month after task order award
5.5
A
RED for Low Complexity Work Effort
Ninety (90) calendar days after assignment
5.6
A
Technical Writing Monthly Status Report
5th calendar day of the month after task order award
5.7
A
Class III Quarterly Status Report
Quarterly, beginning ninety (90) calendar days after task order award
5.8
C
Tool CM Implementation
5th calendar day of the month after task order award

D
Tool CM Maintenance and Minor Enhancements
5th calendar day of the month after task order award
Acronyms
Acronym
Definition
AIM
Applied Informatics Management
BAA
Business Associate Agreements
BCA
Business Case Analysis
BPA
Blanket Purchase Agreement
BRD
Business Requirements Document
C&A
Certification and Accreditation
CFR
Code of Federal Records
CO
Contracting Officer
COTR
Contracting Officer s Technical Representative
CSCA
Contractor Security Control Assessment
DCII
Defense Central Investigations Index
DoD
Department of Defense
EA
Enterprise Architecture
EIT
Electronic and Information Technology
EPHI
Electronic Protected Health Information
ESM
Enterprise Systems Management
FAR
Federal Acquisition Regulation
FBI
Federal Bureau of Investigation
FDCC
Federal Desktop Core Configuration
FDS
Field Developed Software
FIPS
Federal Information Processing Standards
FISMA
Federal Information Security Management Act
FTR
Federal Travel Regulation
GFE
Government Furnished Equipment
GOE
Government Owned Equipment
HI
Health Informatics
HIPAA
Health Insurance Portability and Accountability Act
HSPD
Homeland Security Presidential Directive
ISO
Information Security Officer
IT
Information Technology
LAN
Local Area Network
LMS
Learning Management System
MBI
Minimum Background Investigation
MOU-ISA
Memorandum of Understanding Interconnection Service Agreement
NACI
National Agency Check with Inquiries
NARA
National Archives and Records Administration
NBST
National Bureau of Standards and Technology
NIST
National Institute of Standards and Technology
NSR
New Service Request
NSRT
New Service Request Database
OCS
Office of Citizen Services
OGC
Office of General Counsel
OIA
Office of Informatics and Analytics
OI&T
Office of Information and Technology
OIG
Office of the Inspector General
OMB
Office of Management and Budget
One-VA TRM
OI&T Technical Reference Model
OPM
Office of Personnel Management
OSLE
Office of Security and Law Enforcement
PHI
Protected Health Information
PIA
Privacy Impact Assessment
PII
Personally Identifiable Information
PM
Program Manager
PMAS
Program Management Accountability System
PMP
Project Management Plan
PO
Privacy Officer
POA&M
Plan of Action and Milestones
POC
Point of Contact
PSF
Product Summary Form
QC
Quality Control
QMP
Quality Management Plan
RDM
Requirements Analysis and Engineering Management
RDM
Requirements Development and Management (formerly RDM)
RRC
Rational Requirements Composer
ReqPro
Requisite Pro
RED
Requirements Elaboration Document
SF
Standard Form
SIC
Security Investigation Center
SII
Security Investigations Index
SIM
Strategic Investment Management
SMART
Security Management and Reporting Tool
SOR
System of Records
SOW
Statement of Work
SPI
Sensitive Personal Information
SSP
System Security Plan
TO
Task Order
U.S.
United States
U.S.C
United States Code
VA
Department of Veterans Affairs
VAAR
Veterans Affairs Acquisition Regulation
VHA
Veterans Health Administration
VistA
Veterans Health Information System and Technology Architecture
VPN
Virtual Private Network



Task Order 10

Task
Deliverable Ref
Description
QTY
Unit
Unit Price
Amount
B 1
B Project Management of Contractor ActivitiesB

5.1.A
Monthly Progress Report
4
B EA
B
B
5
Level 3: Generation of RED

5.5.A
RED for Low Complexity Work Effort
6
EA


6
Scorecard for Technical Review of Business Requirements Artifacts

5.6.A
Technical Review Monthly Status Report
4
EA


7
Field Developed Software (FDS)

5.7.A
Class III Quarterly Status Report
3
EA


B 8
B B Tooling Support & Reporting

5.8.C
Tool CM Implementation
4
EA



5.8.D
Tool CM Maintenance and Minor Enhancements
4
EA




Total

Bernadette.Bodzenta@va.gov and
Andrea.Fink@va.gov

bernadette.bodzenta@va.gov

    1. Home
    2. Articles
    3. Login or Register

    4. Search

    5. Add/Announce your RFP