Www.vendorportal.ecms.va.gov



STATEMENT OF WORK (SOW)Charlie Norwood VA Medical Center (CNVAMC)Augusta, GeorgiaON-SITE SHREDDING/DOCUMENT DESTRUCTION SERVICESGENERAL:The contractor shall provide all labor, supervision; secure collection containers, equipment, and transportation necessary to perform on-site document destruction and disposal of confidential documents at the Department of Veteran’s Affairs (VA) locations listed in paragraph 2 below and in accordance with performance requirements in paragraph 5 below and VA Directive 6371, Destruction of Temporary Paper Records. Contractor shall also destroy PC hard drives and e-media material by shredding onsite in accordance with VA Handbook 6500.1, Electronic Media Sanitization. Contractor shall have a strong understanding of the obligations and responsibilities associated with handling of Personally Identifiable Information (PII) and sensitive data stored on hard drives to be destroyed.PLACES OF PERFORMANCE: Services shall be performed at Augusta VA Medical Center and locations submitted below. ACharlie Norwood VA Medical Center (CNVAMC), (Uptown Division)1 Freedom Way, Augusta, Georgia 30904BCharlie Norwood VA Medical Center (Downtown Division)800 Bailie Dr., Augusta, GA 30901CAthens Community-Based Outpatient Clinic (CBOC)9249 Hwy 29S Suite A Athens, Georgia 30601DAiken Community-Based Outpatient Clinic (CBOC) 951 Millbrook Ave., Aiken, South Carolina 29803EVA Southeast Network Central Accounting Office VISN7-CAO3154 Perimeter Parkway Suite 200 Augusta, Georgia 30904FVISN7 – Hatcher Building, 500 Greene Street, Augusta, GA 30901G. Statesboro Community Base Outpatient Clinic (CBOC)412 Northside Drive East, Suite 400 Statesboro, GA 30458-4804HVet Center 2050 Walton Way #100 Augusta, GA 30904The government reserves the right to modify the contract as needed to add or delete VA Locations. ACRONYMS & Definitions: BAA – Business Associate Agreement CBOC – Community Based Outpatient Clinic CD – Compact Disc CD-R – Compact Disc – Recordable CD-ROM – Compact Disc – Read Only Memory CD-RW – Compact Disc –ReWritable CFR – Code of Federal Regulations CNVAMC - Charlie Norwood Veterans Affairs Medical Center COR – Contracting Officer’s RepresentativeDVD – Digital Versatile DiscFAX – FacsimileFIPS PUB – Federal Information Processing Standards PublicationFISMA – Federal Information Security Management ActFSC – Financial Services CenterHIPAA – Health Insurance Portability and Accountability Act ID – Identification ISO – Information Security OfficerLMS – Learning Management SystemMO – Magneto-OpticalNACI – National Agency Check and Inquiries NAID – National Association for Information Destruction NIST – National Institute of Standards and TechnologyOI&T – Office of Information & TechnologyOMB – Office of Management and BudgetOPM – Office of Personnel ManagementPC – Personal ComputerPII – Personally Identifiable InformationSOW – Statement of WorkSPI – Sensitive Personal InformationU.S.C. – United States CodeVA – Veteran AffairsVHA – Veterans Health AdministrationVISN7 – Veterans Integrated Service Network 7VISN7-CAO – Veterans Integrated Service Network 7 – Centralized Accounting OfficePublications and Forms:PublicationsFederal Information Processing standards Publication (FIPS PUB) Number 201Federal Investigations Notices (FIN 01-01)Health Insurance Portability and Accountability Act of 1996Homeland Security Presidential Directive-12 (HSPD-12)NIST 800-16 Information Technology Security Training RequirementsNIST 800-53 Security and Privacy Controls for Federal Information Systems and OrganizationsOffice of Management and Budget (OMB) guidance M-05-24VA Directive 6300, Records and Information ManagementVA Directive 6371, Destruction of Temporary Paper RecordsVA Directive and Handbook 0710 Personnel Suitability and Security ProgramVA Handbook 6300, Records and Information Management. (An electronic version will be provided to the Contractor by the Contracting Officer at time of award.)VA Handbook 6500.1, Electronic Media SanitizationVA Handbook 6500.2, Management of Security and Privacy IncidentsFormsFD 258, U.S. Department of Justice Fingerprint Application ChartOptional Form 306, Declaration for Federal EmploymentOptional Form 612, Optional Application for Federal Employment.Standard Form 85P, Questionnaire for Public Trust PositionsStandard Form 85P-S, Supplemental Questionnaire for Selected Positions.VA Form 0710, Authority for Release of Information FormVA Form 0751 Information Technology Equipment Sanitizing CertificateVA Form 0752 Confidentiality of Sensitive Information Non-Disclosure AgreementBACKGROUND:The Charlie Norwood VA Medical Center is a two division multi-bed facility, encompassing acute medical, surgical, psychiatric, and long-term care. The hospital is located in Augusta, Georgia and provides primary, secondary, and some tertiary care. Annually, the medical center serves thousands of patients. Satellite Community Based Outpatient Clinics (CBOC’s) are located in Athens, GA and Aiken, SC. Additionally the VISN7 Procurement and Accounting functional areas and the Seamless Transition Center are serviced by CNVAMC. PERSONNEL:Qualification: Contractor shall have a current National Association Information Destruction Certificate (NAID). Contractor’s personnel, whose tasks involve operation of any vehicles, shall possess a valid U.S. state driver’s license, certificates and permits, applicable for the type and class of vehicle being operated.Contractor shall be a legally registered business in the state of South Carolina and Georgia. Contractor Vehicles: All vehicles used in the performance of this contract for the destruction of documents shall have the applicable government licensing and inspections for road worthiness on file. 6.3. Key Personnel:NamePositionWage Determination Skill No.Percentage of Work Under ContractDAYS AND HOURS OF OPERATION:Monday – Friday, 8:00 a.m. to 4:30 p.m. excluding Federal Holidays.Federal HolidaysNew Year’s DayJanuary 1st Martin Luther King’s Birthday3rd Monday in JanuaryPresident’s Day3rd Monday in FebruaryMemorial DayLast Monday in MayIndependence DayJuly 4thLabor Day1st Monday in SeptemberColumbus Day2nd Monday in OctoberVeteran’s DayNovember 11thThanksgiving DayLast Thursday in NovemberChristmas DayDecember 25thThe contractor shall provide a written schedule of the days and times service shall be performed at each facility. The contractor shall perform services on day agreed upon by both VA facility point of contact (POC) and the Contractor. Strict adherence to the schedule is expected. Any changes to the schedule shall be approved in advance by the Contracting Officer’s Representative (COR). The contractor shall provide a contingency plan for instances where (1) equipment malfunction occurs during the shredding process and (2) when a Mobile Shredding Vehicle breaks down en-route to a VA Location for scheduled services or en-route to a pulping and recycling site. Upon arrival at each facility, the contractor shall report to the meeting location designated by the COR prior to the performance of scheduled pick-up/shredding service. PERIOD OF PERFORMANCE: Base year plus four (4) option years.Base Year: 24 April 2017 – 23 April 20181st Option Period24 April 2018 – 23 April 20192nd Option Period24 April 2019 – 23 April 20203rd Option Period24 April 2020 – 23 April 20214th Option Period 24 April 2021 – 23 April 2022Contractor ResponsibilityThe contractor shall bear the expense of obtaining background investigations. The web site which provides information on the cost of the security investigation is: – Select Federal Investigations Notices (FIN 01-01)The Office of Security and Law Enforcement adds an administrative fee. Sherri Jennings, 202-273-5555 can be contacted to obtain information on the current amount of the fee.The contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship and are able to read, write, speak, and understand the English language. The contractor shall provide the screening results to the VA Contracting Officer prior to award and anytime new employees are hired.The contractor shall provide to the Contracting Officer prior to award the following: (1) List of names of contract personnel. (2) Social security numbers of contractor personnel. (3) Home address of contractor personnel or the contractor address.The contractor shall submit or have their employees submit the following required forms to the VA Office of Security and Law Enforcement within 30 days of receipt: (i) Standard From 85P, Questionnaire for Public Trust Positions (ii) Standard Form 85P-S, Supplemental Questionnaire for Selected Positions (iii) FD 258, U.S. Department of Justice Fingerprint Applicant Chart (iv) VA Form 0710, Authority for Release of Information FormThe contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract.Failure to comply with the contractor personnel security requirements may result in termination of the contract for default.Specific Task:Paper Destruction:The contractor shall provide secured lockable collection containers in a variety of sizes and quantities specific to each designated location throughout the hospital, clinic, or facility for collection and storage of confidential documents until such time the shredding takes place.Container sizes shall be 32 gallon or less for Healthcare Unit Areas and average 64-96 gallon for all other areas as shown on Attachment 1 where estimated quantities and sizes are specified per location.Containers shall have locking mechanisms that are keyed alike with a master key that shall open all containers. A set of keys shall be provided to the Contracting Officer’s Representative (COR) and the Privacy Officer.The contractor shall provide sufficient labor and equipment necessary to transport collection containers from the indoor designated location to an outdoor designated location where shredding shall take place. A replacement container shall be placed at each designated location before the containers are removed for shredding.The contractor shall ensure each locked container remains locked until it arrives at the on-site shredding location. The containers shall not be unlocked to transfer confidential documents into another container for transport purposes. The contractor shall ensure confidential documents are protected from loss by gusts of wind or other atmospheric conditions.The contractor shall provide sufficient labor and sufficient state-of-the art mobile shredding vehicles capable of performing on-site shredding and destruction of approximately 565,620 pounds of confidential documents per year utilizing mobile shredding vehicles at government facilities where the confidential documents are collected.The contractor shall ensure the task of document destruction for all containers is conducted from start to finish on-site at each facility on the scheduled service day. A sample pick-up log is shown at Attachment 2.The contractor shall provide equipment that has the capability of shredding large volumes of documents per hour to reduce the time the contractor’s equipment utilizes government facilities limited parking spaces.The contractor shall provide equipment that is capable of shredding large volumes of documents per hour that shall produce cross cut shred articles within a 1x 5 millimeter, pulped for recycling and prepare a certificate of destruction per the National Association for Information Destruction (NAID) standards for mobile units. A sample of the Certificate of Destruction is shown at Attachment 3.The contractor shall provide sufficient labor, equipment, and transportation necessary to transport the shredded materials in locked vehicles to paper mills for pulping and recycling.All shredding shall be witnessed by a VA government employee authorized to witness destruction of confidential documents. The contractor shall complete a Certificate of Destruction in the presence of the employee authorized at each facility authorized to witness destruction upon completion of each shredding service. All shredding shall be performed in accordance with Department of Veteran’s Affairs Handbook 6300, Records and Information Management, referenced in paragraph 7 below.Upon arrival at each facility, the contractor shall report to the meeting location designated by the COR prior to the performance of scheduled pick-up/shredding service. NOTE: Types of paper that can be expected are office paper and computer paper of a variety of color or type. Limited quantities of incidentals such as paper clips, staples, rubber bands, patient plastic armbands and other similar items can be expected.The quantities listed are estimated poundage based on past performance. There is no minimum or maximum guarantee of poundage due to fluctuating requirements.Hard Drive and Electronic Media Destruction:Destruction of material: All PII, sensitive data, PC hard drives and electronic-media material collected shall be destroyed by shredding of records to a degree that they cannot be read or reconstructed without extraordinary efforts and shall allow for secure transport of records until such time as their final destruction by pulverization. Since final destruction is to be carried out off station, a VA representative shall be allowed to inspect, upon request the contractor’s facilities where the records are processed and where the final destruction takes place. PC hard drives as well as all other electronic media shall be shredded beyond use. Optical mass storage media, including compact disks (CD, CD_R, CD-RW, and CD-ROM), DVDs, and magneto-optic (MO) disks shall be destroyed by pulverizing, crosscut shredding or burning. When material is disintegrated or shredded, all residues shall be reduced to nominal edge dimensions of five millimeters (5 mm) and surface area of twenty-five square millimeters (25 mm2). The shredding of hard drives shall be witnessed by the Information Security Officer as well as OI&T’s hardware custodian. Upon completion of destruction of PII and hard drives the contractor shall provide a Certificate of Destruction which identifies the means of destruction. Contractor certificate is also to include shredding location, date, time, quantity/cost and the names of personnel responsible for shredding the contents. Contractor shall have adequate equipment and personnel to collect, shred and dispose of shredded material. Special Contract Requirements:Background Investigations: Upon contract the successful offeror shall be required to accomplish the following background investigation task. All contractor employees who require access to PII and sensitive data shall be the subject of a background investigation and shall receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. The requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the contractor shall be responsible for the actions of those individuals they provide to perform work for VA.Position Sensitivity — the position sensitivity has been designed as high risk.Background investigation — the level of background investigation commensurate with the required level of access National Agency Check with Written inquiries.The contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel management (OPM), the contractor shall reimburse VA within 30 days.The contractor shall prescreen all personnel requiring access to sensitive data to ensure they maintain a U.S. citizenship and are able to read, write, speak and understand the English language.The contractor shall submit or have their employees submit the following require forms to the VA Office of Security and Law Enforcement. These forms can be obtained by contacting, 2200 Fort Roots Blvd, Bldg. 104, North Little Rock, AR 72114. Contractor shall provide verification of document submission. Background investigation documents shall be submitted within 30 days of receipt of documents from the VA Office of Security and Law Enforcement:Standard Form 85P, Questionnaire for Public Trust PositionsStandard Form 85P-S, Supplemental Questionnaire for Selected Positions.FD 258, U.S. Department of Justice Fingerprint Application ChartVA Form 0710, Authority for Release of Information FormOptional Form 306, Declaration for Federal EmploymentOptional Form 612, Optional Application for Federal EmploymentA contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order.All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors shall be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures.VA Form 0752 Confidentiality of Sensitive Information Non-Disclosure Agreement (a copy should be sent to the Accountable Officer and the ISO of the facility maintains the original)The contractor shall employ the sanitization methodologies and procedures outlined in the Statement of Work (SOW) this includes completion of VA Form 0751. The certificate shall be completed by the contractor and provided to the Facility Accountable Officer and Contracting Officer at the end of the sanitization process (each time). The ISO shall be provided a copy for their records.VA Form 0751 Information Technology Equipment Sanitizing CertificateThe contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract.The contractor is responsible to insure that their employee is to comply with Augusta VA Medical Security ID badge requirement. Their employees are to report to the Security Police to get an ID Badge every time they are on the Augusta VA Medical Center site, with a picture ID Card.Failure to comply with the contractor personnel security requirements may result in termination of the contract for default.Offeror shall provide the name and phone number of the company’s point of contact for background investigations.Safety Briefing and Privacy Training: Contractor shall receive a safety briefing and privacy training on the first day of work by the Information Security Officer, Privacy Officer and Security Police. Contact information will be provided upon award of contract. INVOICE:Invoices shall be submitted electronically in arrears to the address indicated VA FSC P.O. Box 149971 Austin Texas 78714. Please reference the Purchase Order Number (i.e. 509-A0000 or 509-C75…)Payment will be made upon receipt of a properly prepared, itemized invoice, validated by the COR, and submitted electronically.A properly prepared invoice will contain:Invoice Number and DateContractor’s Name and AddressAccurate Purchase Order NumberItemization of pounds shredded and disposedPrice per poundDates service performedLocation of service performedTotal amount dueA separate invoice shall be prepared for each ernment ResponsibilityOversight of service/ Performance MonitoringAn initial orientation of the facilities will be conducted by the COR at the start of the contract. The contractor shall be responsible for conducting orientation for new employees thereafter. Safety Briefing and Privacy TrainingContractor shall receive a safety briefing and privacy training on the first day of work by the Information Security Officer, Privacy Officer and Security Police. Contact information will be provided upon award of contract.ADMINISTRATIONAccident ReportingIn the event an accident occurs on the Department of Veterans Affairs property or involving Government personnel or property, the contractor shall contact the VA Police immediately. A report shall be provided to the Contracting Officer and COR in writing that shall include the following: (1) the time and date of occurrence; (2) the place of occurrence; (3) a list of personnel directly involved; and (4) a narrative or description of the accident to include chronological order of the accident and circumstances; (5) corrective action to prevent future occurrences.TrainingAll contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems:Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems;Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training;Successfully complete the appropriate VA privacy training and annually complete required privacy training; andSuccessfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document – e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.]The contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.Quality Assurance Surveillance Plan:Performance Based MatrixPERFORMANCE BASED TASKINDICATORSTANDARDQUALITY ASSURANCEINCENTIVESContractor shall provide services for the destruction of hard drives and compact disks to include CD's, CD-R, DVD's, and magneto-optic disks on-site at the Charlie Norwood VA Medical Center, Augusta, GA. (Para. #10.1 and 10.2)100% Compliance100%Surveillance will include observation by authorized individuals. Positive - Exercise of option years(s)Contractor shall maintain National Association Information Destruction Certification (NAID). (Para. #10.1.7)100% Compliance100%A copy of the certification must be provided to the CORPositive - Exercise of option year(s). Negative response i.e. non-certification will cause for termination of the contract. Liquidated Damages for Data Breach:The term “security incident” means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access.To the extent known by the contractor/subcontractor, the contractor/subcontractor’s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant.With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement.In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident.Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract.The contractor/subcontractor shall provide notice to VA of a “security incident” as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination.Each risk analysis shall address all relevant information concerning the data breach, including the following:Nature of the event (loss, theft, unauthorized access);Description of the event, including:date of occurrence; data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code;Number of individuals affected or potentially affected; Names of individuals or groups affected or potentially affected;Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text;Amount of time the data has been out of VA control;The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons);Known misuses of data containing sensitive personal information, if any;Assessment of the potential harm to the affected individualsData breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; andWhether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised.Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $______ per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following:Notification;One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports;Data breach analysis;Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution;One year of identity theft insurance with $20,000.00 coverage at $0 deductible; andNecessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.Contractor Personnel Security Requirements:Contractor employees shall be pre-authorized to witness destruction of confidential documents, i.e., Low Level Background Investigations.Contractor employees found reading any of the VA materials shall be promptly removed from the premises where the document destruction is being performed and the person(s) involved shall not be allowed to return for any future document destruction services.The contractor shall adhere to the VA policies applicable to all record destruction as outlined in VA Handbook 6300. These guidelines are designed to protect sensitive and private information from being disclosed to unauthorized parties and adhere to the Privacy Act and the HIPAA Privacy Rules and regulations. Examples of sensitive information include but are not limited to: Individually identifiable medical, benefits, and personnel information; financial, budgetary, research, quality assurance, confidential commercial, critical infrastructure, investigatory, and law enforcement information.Subject to criminal prosecution, contractor employees shall comply with all manner of confidentiality when engaging in the destruction of any and all Department of Veterans Affairs records.Contractor employees shall wear a uniform with the company name and logo and wear a badge in plain view above the waist bearing the company name, logo and employees name. The contractor shall maintain a current listing of employees performing services under this contract. The list shall include the employee’s name, address, phone number, social security number, level of security and position. The list shall be validated and signed by the company Facility Security Officer and provided to the Contracting Office and Contracting Officer’s Representative (COR). An updated listing shall be provided when an employee’s status or information changes. The Contractor has 24 hours to inform the Contracting Office and COR that an employee’s status has changed unless it is a pick up day. On pick up days the contractor shall immediately inform the Contracting Office by FAX at 706-731-7172 or the COR by email:_____________________________. The contractor and employees shall comply with Homeland Security Presidential Directive-12 (HSPD-12), NIST 800-53, Office of Management and Budget (OMB) guidance M-05-24, as amended, and Federal Information Processing standards Publication (FIPS PUB) Number 201, as amended. Contractor and Staff shall comply with the Privacy Act, VA Security requirements and HIPAA.The contractor shall report to the Contracting Officer and the COR any information or circumstances which they are aware of that may pose a threat to the security of the Department of Veterans Affairs personnel, contractor employees, resources and classified and unclassified information.Contractor employees are prohibited from possessing weapons, firearms, or ammunition, on themselves or their contractor-owned or privately owned vehicle while on the property of the designated VA Locations listed in paragraph 2.If the Contracting Officer finds it in the best interest of the Government he/she may at any time during the performance of this contract order the Contractor to remove any of his/her personnel from further performance under this contract for reasons of their moral character, unethical conduct, security reasons and violation of on-site building rules. In the event it is necessary to replace any contractor employee for any of the above reasons, all costs, including the costs of removal and replacement of the employee shall be borne by the contractor.The contractor shall not hold any discussions or release any information relating to the contents of this contract to anyone not having a direct interest in performance of this contract, without written consent of the Contracting Officer. All inquiries shall be directed to the Public Affairs Officer.The contractor shall not advertise information about projects performed for this contract without Government review and approval. Advertisement is considered but not limited to promotional brochures, posters, tradeshow handouts, world-wide-web-pages, magazines, newspapers and similar promotions. The contractor shall ensure the electronic access badge provided under this contract for building access is kept securely so as not to compromise building access. The contractor shall immediately report to the Contracting Officer and the COR if the badge is lost.The contractor is required to comply with all security and personnel identification procedures at each facility.Special Requirements:HIPAA Responsibility: Contractor agrees to comply with the requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Notwithstanding anything to the contrary in this contract, all individually identifiable health information shall be treated as confidential by the parties in accordance with all applicable federal, state, or local laws and regulations governing the confidentiality and privacy of individually identifiable health information, including but without limitation, HIPAA and any regulations and official guidance promulgated there under, and the parties agree to take such additional steps and/or to negotiate such amendments to this contract as may be required to ensure that the parties are and remain in compliance with the HIPAA regulations and official guidance.HIPAA Compliance - Health Insurance Portability and Accountability Act of 1996:The successful Contractor shall be required to be in compliance with HIPAA requirements and shall be required to sign a Business Associate Agreement with the VA. A copy will be maintained in the contract file and with the Privacy Officer.Security Requirements. The contractor and their personnel shall be subject to the same Federal laws, regulations, standards and VA policies as VA personnel, regarding information and information system security. These include, but are not limited to Federal Information Security Management Act (FISMA), Appendix III of OMB Circular A-130, and guidance and standards, available from the Department of Commerce’s National Institute of Standards and Technology (NIST). This also includes the use of common security configurations available from NIST’s Web site at: To ensure that appropriate security controls are in place, Contractors must follow the procedures set forth in “VA Information and Information System Security/Privacy Requirements for IT Contracts” located at the following Web site: Employee Security and HIPAA Training: Contractor must certify that all employees working on this contract have received VA Information Security Awareness and VHA Privacy Policy Training. This training can be accessed on line through the VA External Education System found at . Proof of training is required via printed certification of completion and must be provided to the CO/COTR. The Contracting Officer or COTR will provide the details required for obtaining the VHA Privacy Policy Training.In accordance to VHA Directive 6500, Appendix G, Department of Veteran’s Affairs (VA) National Rules of Behavior, each contractor must read and sign the VA National Rules of Behavior prior to gaining any access to VA information and/or information systems. Contractors must initial and date each page of the copy of the VA National Rules of Behavior; they must also provide the information requested on the last page, sign and date it.These requirements will be maintained in a contractor employee file by the CO/COR for each contractor employee working on the contract.Contractor Personnel Security Requirements: All contractor employees who require access to the Department of Veterans Affairs’ computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract the contractor will be responsible for the actions of those individuals that provide or perform work for the VA.Position Sensitivity – The position sensitivity has been designated as low risk.Background Investigation – The level of background investigation commensurate with the required level of access is National Agency Check and Inquiries (NACI) with written inquiries.Records Management Clause:Citations to pertinent laws, codes and regulations such as 44 U.S.C Chapter 21, 29, 31 and 33; Freedom of Information Act (5 U.S.C. 552); Privacy Act (5 U.S.C. 552a); 36 CFR Part 1222 and Part 1228. Contractor shall treat all deliverables under the contract as the property of the U.S. Government for which the Government Agency shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Contractor shall not create or maintain any records that are not specifically tied to or authorized by the contract using Government ‘IT’ equipment and/or Government records. Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected by the Freedom of Information Act.Contractor shall not create or maintain any records containing any Government Agency records that are not specifically tied to or authorized by the contract. The Government Agency owns the rights to all data/records produced as part of this contract. The Government Agency owns the rights to all electronic information (electronic data, electronic information systems, electronic databases, etc.) and all supporting documentation created as part of this contract. Contractor shall deliver sufficient technical documentation with all data deliverables to permit the agency to use the data. Contractor agrees to comply with Federal and Agency records management policies, including those policies associated with the safeguarding of records covered by the Privacy Act of 1974. These policies include the preservation of all records created or received regardless of formal [paper, electronic, etc.] or mode of transmission [e-mail, fax, etc.] or state of completion [draft, final, etc.] No disposition of documents shall be allowed without the prior written consent of the Contracting Officer. The Agency and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. Records shall not be removed from the legal custody of the Agency or destroyed without regard to the provisions of the agency records schedules.Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under or relating to this contract. The Contractor (and any sub-contractor) is required to abide by Government and Agency guidance for protecting sensitive and proprietary information. ATTACHMENT 3Attachment 1 – Bin Locations (3 pages)DOWNTOWN - AUGUSTA VA HOSPITALRoomTitleBinRoomTitleBin1B102Spinal Cord327C138HR Recruit & Plmnt (CARBON)321B105Spinal Cord Rehab327C138HR Recruit & Plmnt321B173Facility Mngt Ex Ofc327C138HR Recruit & Plmnt321B189Dietetics Ofc327C133Executive Office321B209Prosthetic327C133Executive Office321C103Pharmacy (Use double doors)327C107Ofc across from HR321C103Pharmacy (when servicing )327C107Ofc across from HR321C104Pharmacy (Pharmacy on )327A106Quality Management321C104Pharmacy (Fridays.)327A163Employee Labor Relations321C114Pharmacy327A144Dental Clinic321C114Pharmacy327A109Health Info Rev Admin321C116Medical Records326C110Endocrin / Infec Dis / Nephro321D110Chaplain Svc326C158PULMON/CRITCARE321D114Chief Amb Care & P326C137Secretary Hem / Onc / Pulmonary321D142Audiology Clinic326A155Nurses Workroom321D152Ent / Audiology / Speech326A155Nurses Workroom321D187ATriage / ER Check in326A128Doctors Workroom321D189Nourishment Kit (in triage)325D105Nurses Station Wkrm321D203Evaluation Area325D118Nurses Station Wkrm321D209VA Police325DNurses Station321D224Compensation and Pension325D132Cardiology Res Ofc321D224Compensation and Pension325D132Cardiology Res Ofc321D270Agent Cashier325C149Hallway Desk321D279Agent Orange325C147Copy Room321D284Fec Basics / NVCV325C140Copy Room321E115Dr's Office325B144Research Serv Admin Off321E134325A148Nurses Break Rm321E139SCI Cystology (in F hallway)325A148Nurses Break Rm321F123SCI homecare(in bathroom325A106Neurosciences Ofc321F104SCI Clinic325A106Neurosciences Ofc321G108NCC324D153Specialty Care Svc Line321G122Nurses Com Center324D1184D Clinic321HNurses Station324C143Nurses Station322A141Physicians Assist Ofc324C131Ofc322A114Eye Clinic Nurses Station324C125Surgery Svc Line322B122Vascular Access324A116Workroom322B124Physical Therapy324A116Workroom322C100PVA324A112Plastic Surgery Res Ofc322D101Lab Central Receiving323D142Recovery Room322D101Lab Central Receiving323D142Recovery Room322D106Library323D110 ICoordinating Officer322D106Library323D110Ambulatory Surgery Ctr.322D140Lab Administration323D103Pre-Screening / OP322D179X-ray File Rm323C156Computer Room322D179X-ray File Rm323A108OR Suite322D201Transcription323BCrital Car (Nurse Station)322D201Transcription323BCritical Care (Nurse Station)322D229X-ray Reading Rm32TotalsBldg 803Coding Rec Trl Bldg 80395 Gal32 Gal9564 Gal0Whse on loading dock (Spare)6495 Gal1Whse on loading dock (Spare)64Total96Whse on loading dock (Spare)95Attachment 1 – Bin Locations (cont)UPTOWN - AUGUSTA VA HOSPITALRoomTitleBinRoomTitleBin2A189Copy Room - Hallway95gal4D131Conf/Training Room95gal2A116Pharmacy324E126Mailroom95GAL2A161Audiology & Speech324E135Pre-Registration322A195Dental Clinic (2A2210)324E135Pre-Registration322B119ANurses Station324D153First hall on left on E wing322A103Primary Care Exec - By C entrance323E140Copy Room322C139Domicillary323E140Copy Room323B128Education323F114BNurses Communication Center323B156Chaplain Svc - Located on C wing, first hallway on left323F125Mental Health Medical323C140Nursing Home Care - Wrk Rm323GNurses Station323A133Library323DActive Duty Rehab32GA121Across from DAV Svc Ofc323DActive Duty Rehab32GA116Health Information Mngt322E106Payroll32GA104Medical Records File Room95gal2E111HR - Carbon Box32GA104Medical Records File Room95gal2E139In Hallway32GB110Executive Suite (By I.T.)64gal2E139In Hallway32GB133IT Infor322E116Quality Management32GB158Blood Lab322FPsychiatry Nurses Station32GC151Health Administration322GNurses Station32GC125Nurses Communication Center322D102Voc Rehab32GC125Nurses Communication Center322D117NursesWorkroom321B110Work Room64gal1F114Pt Ed Room321B118ABlind Rehab Nurse Stn321F114Pt Ed Room321B118ABlind Rehab Nurse Stn321F177Hallway321A237Pharmacy-double door in main hallway321F177Hallway321A237Pharmacy-double door in main hallway321F147Out Pt Psy321A238Diabetics321E127Utility Room-key at desk321A212Radiology (locked)321D115Work room hallway321A212Radiology (locked)321G123RM &RS Office321A256Police and Security - by main entrance321G126AProsthetics321A105Agent Cashier Carbon32GF101Call Center- door in west elevator foyer321A105Agent Cashier32GF101Call Center- door in west elevator foyer321A111Health Administrator321C144Nursing Home Care Unit - Between east and west wings.321A120Triage Nurse Station -Uptown Triage Center - must knock32Totals1A101AHAS Team A3232 Gal631A144APCTD Hall3264 Gal71A209Check-in Team D3295 Gal81A173FMail Room - 1st hallway by loading dock.95galTotal78Bldg 82Dietetics Office 1A13064GALBldg 111Warehouse-Floor95galBldg 111Warehouse-Floor64galBldg 111Warehouse-office copy room64galBldg 111Spares64Bldg 111Spares64Bldg 111Spares95Attachment 1 – Bin Locations (cont.)All Other LocationsLocation32 Gal64 GalAiken CBOC1Athens CBOC31Statesboro CBOC4Vet Center1Network Contracting - Hatcher Building41Network Accounting - Phoenix Building41Total173ATTACHMENT 2 -Pick-Up LogRoomTitleBin Size in GallonsNumber of BinsPick up per week ?Pharmacy Back Door32 Gal221B102Spinal Cord32 Gal121B105Spinal Cord Rehab32 Gal121B173Facility Mngt Ex Ofc32 Gal121B189Dietetics Ofc32 Gal121B209Prosthetic32 Gal121C103Pharmacy 32 Gal221C114Pharmacy32 Gal221C116Medical Records32 Gal121D110Chaplain Svc32 Gal121D114Chief Amb Care & P32 Gal121D142Audiology Clinic32 Gal121D152Ent / Audiology / Speech32 Gal121D187ATriage32 Gal121D189Nourishment Kit (in triage)32 Gal121D203Evaluation Area32 Gal121D209VA Police32 Gal121D224Compensation and Pension32 Gal321D270Agent Cashier32 Gal121D279Agent Orange32 Gal121D284Fec Basics / NVCV32 Gal121E115?32 Gal121E139SCI Cystology32 Gal121F123?32 Gal121F104SCI Clinic32 Gal121G108 NCC32 Gal121G122Nurses Com Center32 Gal121HNurses Station32 Gal122A141Physicians Assist Ofc32 Gal122A114Eye Clinic Nurses Station32 Gal122B122Vascular Access32 Gal122B124Physical Therapy32 Gal122C100PVA32 Gal122D101Lab Central Receiving32 Gal322D106Library32 Gal322D140Lab Administration32 Gal122D179X-ray File Rm32 Gal322D201Transcription32 Gal222D229X-ray Reading Rm32 Gal12Bldg 803Coding Rec Trl Bldg 80332 Gal327C138HR Recruit & Plmnt (CARBON)32 Gal127C138HR Recruit & Plmnt32 Gal327C133Executive Office32 Gal227C107Ofc across from HR32 Gal227C104Systems Redesign32 Gal227A106Quality Management32 Gal127A163Employee Labor Relations32 Gal127A144Dental Clinic32 Gal127A109Health Info Rev Admin32 Gal126D105Endocrin / Infec Dis / Nephro32 Gal126C158PULMON/CRITCARE32 Gal126C137Secretary Hem / Onc / Pulmonary32 Gal126A155Nurses Workroom32 Gal326A128Doctors Workroom32 Gal125D 118Nurses Station Wkrm32 Gal325DNurses Station 32 Gal225D132Cardiology Res Ofc32 Gal125C149Mail Room32 Gal125B144Research Serv Admin Off32 Gal125A148Nurses Break Rm32 Gal225A106Neurosciences Ofc32 Gal224D153Specialty Care Svc Line32 Gal124D1184D Clinic32 Gal124C143Nurses Station32 Gal124C131Ofc 32 Gal124C125Surgery Svc Line32 Gal124A150Workroom32 Gal324A112Plastic Surgery Res Ofc32 Gal123D142Recovery Room32 Gal323D110 ICoordinating Officer32 Gal123D110Ambulatory Surgery Ctr.32 Gal123D103Pre-Screening / OP32 Gal123C156Computer Room32 Gal123A108OR Suite32 Gal123BCritical Care Unit32 Gal123BCritical Care Unit32 Gal12ATTACHMENT 3CERTIFICATE OF DESTRUCTIONCompany Name: _____________________________________________Location: ___________________________________________________ All paper materials are recycledType of Service: Scheduled ________ Unscheduled ______Boxes__________No. of Containers: Cabinets _______ Gallon bins ____ Gallon bins _______Time In: _____ Time Out: _______Total Recyclable Shred Weight: ___________________________________Comments: ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________Time In: _____ Time Out: _______Total Recyclable Shred Weight: ___________________________________Comments: ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________This Certificate of Destruction should be retained for future reference as documentation that all materials submitted to _____________________ were destroyed according to local, state and federal laws.Rep: __________________________________ Date: ____________________Customer Signature: _____________________ Print: _____________ ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download